From afb632d2028fdc4a37e10e41e1929264ff59f52e Mon Sep 17 00:00:00 2001 From: Hans Bolinder Date: Thu, 14 Mar 2013 09:53:33 +0100 Subject: Convert XML files to UTF-8, where needed --- lib/ssh/doc/src/notes.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index f65b66a7c5..3505b8087f 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -1,4 +1,4 @@ - + @@ -86,7 +86,7 @@

Fix link to documentation for ssh:connect/3,4. Thanks to - Martin Hässler.

+ Martin Hässler.

Own Id: OTP-10862

 -- cgit v1.2.3 From e5875001247e6a6ac4f474157a51a8c54f94ae49 Mon Sep 17 00:00:00 2001 From: Hans Bolinder Date: Thu, 14 Mar 2013 16:01:25 +0100 Subject: Convert XML files to UTF-8 --- lib/ssh/doc/src/book.xml | 4 ++-- lib/ssh/doc/src/fascicules.xml | 2 +- lib/ssh/doc/src/introduction.xml | 2 +- lib/ssh/doc/src/part_notes.xml | 4 ++-- lib/ssh/doc/src/ref_man.xml | 4 ++-- lib/ssh/doc/src/ssh.xml | 2 +- lib/ssh/doc/src/ssh_app.xml | 4 ++-- lib/ssh/doc/src/ssh_channel.xml | 2 +- lib/ssh/doc/src/ssh_client_key_api.xml | 2 +- lib/ssh/doc/src/ssh_connection.xml | 2 +- lib/ssh/doc/src/ssh_protocol.xml | 4 ++-- lib/ssh/doc/src/ssh_server_key_api.xml | 2 +- lib/ssh/doc/src/ssh_sftp.xml | 4 ++-- lib/ssh/doc/src/ssh_sftpd.xml | 2 +- lib/ssh/doc/src/usersguide.xml | 4 ++-- lib/ssh/doc/src/using_ssh.xml | 2 +- 16 files changed, 23 insertions(+), 23 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/book.xml b/lib/ssh/doc/src/book.xml index 3c2375f96d..c031d872d7 100644 --- a/lib/ssh/doc/src/book.xml +++ b/lib/ssh/doc/src/book.xml @@ -1,10 +1,10 @@ - +
- 20052012 + 20052013 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/fascicules.xml b/lib/ssh/doc/src/fascicules.xml index 069d9002e0..7e99398c16 100644 --- a/lib/ssh/doc/src/fascicules.xml +++ b/lib/ssh/doc/src/fascicules.xml @@ -1,4 +1,4 @@ - + diff --git a/lib/ssh/doc/src/introduction.xml b/lib/ssh/doc/src/introduction.xml index e76aa20d64..b42910cb34 100644 --- a/lib/ssh/doc/src/introduction.xml +++ b/lib/ssh/doc/src/introduction.xml @@ -1,4 +1,4 @@ - + diff --git a/lib/ssh/doc/src/part_notes.xml b/lib/ssh/doc/src/part_notes.xml index 1b47a12021..c5cc163717 100644 --- a/lib/ssh/doc/src/part_notes.xml +++ b/lib/ssh/doc/src/part_notes.xml @@ -1,10 +1,10 @@ - +
- 20042010 + 20042013 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/ref_man.xml b/lib/ssh/doc/src/ref_man.xml index 88203b5034..55339298e8 100644 --- a/lib/ssh/doc/src/ref_man.xml +++ b/lib/ssh/doc/src/ref_man.xml @@ -1,10 +1,10 @@ - +
- 20042012 + 20042013 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index bd0d3d49dd..e3850f4059 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -1,4 +1,4 @@ - + diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index c01f44936a..a1d2402790 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -1,10 +1,10 @@ - +
- 2012 + 20122013 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/ssh_channel.xml b/lib/ssh/doc/src/ssh_channel.xml index 66b3b8b656..a52a6a115e 100644 --- a/lib/ssh/doc/src/ssh_channel.xml +++ b/lib/ssh/doc/src/ssh_channel.xml @@ -1,4 +1,4 @@ - + diff --git a/lib/ssh/doc/src/ssh_client_key_api.xml b/lib/ssh/doc/src/ssh_client_key_api.xml index b9b1ec4efa..03e38d1dca 100644 --- a/lib/ssh/doc/src/ssh_client_key_api.xml +++ b/lib/ssh/doc/src/ssh_client_key_api.xml @@ -1,4 +1,4 @@ - + diff --git a/lib/ssh/doc/src/ssh_connection.xml b/lib/ssh/doc/src/ssh_connection.xml index efd4865a6f..72e7252536 100644 --- a/lib/ssh/doc/src/ssh_connection.xml +++ b/lib/ssh/doc/src/ssh_connection.xml @@ -1,4 +1,4 @@ - + diff --git a/lib/ssh/doc/src/ssh_protocol.xml b/lib/ssh/doc/src/ssh_protocol.xml index 28f42f5707..7288266cf7 100644 --- a/lib/ssh/doc/src/ssh_protocol.xml +++ b/lib/ssh/doc/src/ssh_protocol.xml @@ -1,10 +1,10 @@ - +
- 2013 + 20132013 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/ssh_server_key_api.xml b/lib/ssh/doc/src/ssh_server_key_api.xml index c4562e1211..59886a8596 100644 --- a/lib/ssh/doc/src/ssh_server_key_api.xml +++ b/lib/ssh/doc/src/ssh_server_key_api.xml @@ -1,4 +1,4 @@ - + diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index 0d61e57edb..e55d092fe2 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -1,10 +1,10 @@ - +
- 20052012 + 20052013 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/ssh_sftpd.xml b/lib/ssh/doc/src/ssh_sftpd.xml index a73d6e52d4..81c2acc575 100644 --- a/lib/ssh/doc/src/ssh_sftpd.xml +++ b/lib/ssh/doc/src/ssh_sftpd.xml @@ -1,4 +1,4 @@ - + diff --git a/lib/ssh/doc/src/usersguide.xml b/lib/ssh/doc/src/usersguide.xml index c818003090..8ab14c2945 100644 --- a/lib/ssh/doc/src/usersguide.xml +++ b/lib/ssh/doc/src/usersguide.xml @@ -1,10 +1,10 @@ - +
- 2012 + 20122013 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index c994c1c56c..4d73366f5e 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -1,4 +1,4 @@ - + -- cgit v1.2.3 From 59053f84228b27ecf28f2de31b4a45074b2d04c9 Mon Sep 17 00:00:00 2001 From: Stefan Zegenhagen Date: Mon, 6 May 2013 14:33:46 +0200 Subject: Make ssh_cli.erl handle +C Dear all, I've found that ssh_cli.erl does not scan the input received from the remote for occurrences of +C to signal the user's interrupt requests to the group_leader of the CLI session. The patch attached to this e-mail fixes the issue. Kind regards, -- Dr. Stefan Zegenhagen arcutronix GmbH Garbsener Landstr. 10 30419 Hannover Germany Tel: +49 511 277-2734 Fax: +49 511 277-2709 Email: stefan.zegenhagen@arcutronix.com Web: www.arcutronix.com *Synchronize the Ethernet* General Managers: Dipl. Ing. Juergen Schroeder, Dr. Josef Gfrerer - Legal Form: GmbH, Registered office: Hannover, HRB 202442, Amtsgericht Hannover; Ust-Id: DE257551767. Please consider the environment before printing this message. >From f1d056ed1bf419677098cdc57bc7ce8a327e6b43 Mon Sep 17 00:00:00 2001 From: Stefan Zegenhagen Date: Mon, 6 May 2013 14:29:45 +0200 Subject: [PATCH] [SSH-CLI] properly handle +C as shell interrupt In ssh_cli.erl, check for the presence of +C in data received from the remote. If detected, use the established mechanism (send an 'interrupt' exit signal to the group_leader) to signal an interrupt to the shell. --- lib/ssh/src/ssh_cli.erl | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl index 69b1ab186f..54911e757c 100644 --- a/lib/ssh/src/ssh_cli.erl +++ b/lib/ssh/src/ssh_cli.erl @@ -68,7 +68,8 @@ init([Shell]) -> handle_ssh_msg({ssh_cm, _ConnectionManager, {data, _ChannelId, _Type, Data}}, #state{group = Group} = State) -> - Group ! {self(), {data, binary_to_list(Data)}}, + List = binary_to_list(Data), + to_group(List, Group), {ok, State}; handle_ssh_msg({ssh_cm, ConnectionManager, @@ -188,6 +189,22 @@ terminate(_Reason, _State) -> %%% Internal functions %%-------------------------------------------------------------------- +to_group([], _Group) -> + ok; +to_group([$\^C | Tail], Group) -> + exit(Group, interrupt), + to_group(Tail, Group); +to_group(Data, Group) -> + Func = fun(C) -> C /= $\^C end, + Tail = case lists:splitwith(Func, Data) of + {[], Right} -> + Right; + {Left, Right} -> + Group ! {self(), {data, Left}}, + Right + end, + to_group(Tail, Group). + exec(Cmd) -> case eval(parse(scan(Cmd))) of {error, _} -> -- cgit v1.2.3 From ff493411aaf7c7b2cbf1006e0595596528f45da7 Mon Sep 17 00:00:00 2001 From: Fredrik Gustafsson Date: Mon, 17 Jun 2013 11:44:21 +0200 Subject: ssh: Not run chmod every lookup --- lib/ssh/src/ssh_file.erl | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl index f115a32710..21cdedc156 100644 --- a/lib/ssh/src/ssh_file.erl +++ b/lib/ssh/src/ssh_file.erl @@ -315,5 +315,12 @@ default_user_dir()-> {ok,[[Home|_]]} = init:get_argument(home), UserDir = filename:join(Home, ".ssh"), ok = filelib:ensure_dir(filename:join(UserDir, "dummy")), - ok = file:change_mode(UserDir, ?PERM_700), + {ok,Info} = file:read_file_info(UserDir), + #file_info{mode=Mode} = Info, + case (Mode band 8#777) of + ?PERM_700 -> + ok; + _Other -> + ok = file:change_mode(UserDir, ?PERM_700) + end, UserDir. -- cgit v1.2.3 From b22a68377d3026572e7859f712674b319767eb7e Mon Sep 17 00:00:00 2001 From: Louis-Philippe Gauthier Date: Thu, 20 Jun 2013 01:48:31 -0400 Subject: Add openssh_zlib compression type to ssh_transport http://www.openssh.org/txt/draft-miller-secsh-compression-delayed-00.txt --- lib/ssh/src/ssh.hrl | 3 ++- lib/ssh/src/ssh_connection_handler.erl | 4 ++-- lib/ssh/src/ssh_transport.erl | 37 ++++++++++++++++++++++++++++++---- 3 files changed, 37 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index da5750b6c3..4fd347ba8f 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -127,7 +127,8 @@ userauth_supported_methods , % userauth_methods, userauth_preference, - available_host_keys + available_host_keys, + authenticated = false }). -record(alg, diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 1c4477aeb3..d2792727db 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -426,10 +426,10 @@ userauth(#ssh_msg_userauth_info_response{} = Msg, language = "en"}, State) end; -userauth(#ssh_msg_userauth_success{}, #state{ssh_params = #ssh{role = client}, +userauth(#ssh_msg_userauth_success{}, #state{ssh_params = #ssh{role = client} = Ssh, manager = Pid} = State) -> Pid ! ssh_connected, - {next_state, connected, next_packet(State)}; + {next_state, connected, next_packet(State#state{ssh_params = Ssh#ssh{authenticated = true}})}; userauth(#ssh_msg_userauth_failure{}, #state{ssh_params = #ssh{role = client, diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index beaffdc025..682d766d99 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -206,6 +206,7 @@ key_exchange_init_msg(Ssh0) -> kex_init(#ssh{role = Role, opts = Opts, available_host_keys = HostKeyAlgs}) -> Random = ssh_bits:random(16), Compression = case proplists:get_value(compression, Opts, none) of + openssh_zlib -> ["zlib@openssh.com", "none"]; zlib -> ["zlib", "none"]; none -> ["none", "zlib"] end, @@ -855,33 +856,47 @@ decrypt(#ssh{decrypt = 'aes128-cbc', decrypt_keys = Key, IV = crypto:next_iv(aes_cbc, Data), {Ssh#ssh{decrypt_ctx = IV}, Dec}. - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% Compression %% -%% none REQUIRED no compression -%% zlib OPTIONAL ZLIB (LZ77) compression +%% none REQUIRED no compression +%% zlib OPTIONAL ZLIB (LZ77) compression +%% openssh_zlib OPTIONAL ZLIB (LZ77) compression %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + compress_init(SSH) -> compress_init(SSH, 1). compress_init(#ssh{compress = none} = Ssh, _) -> {ok, Ssh}; compress_init(#ssh{compress = zlib} = Ssh, Level) -> + Zlib = zlib:open(), + ok = zlib:deflateInit(Zlib, Level), + {ok, Ssh#ssh{compress_ctx = Zlib}}; +compress_init(#ssh{compress = 'zlib@openssh.com'} = Ssh, Level) -> Zlib = zlib:open(), ok = zlib:deflateInit(Zlib, Level), {ok, Ssh#ssh{compress_ctx = Zlib}}. - compress_final(#ssh{compress = none} = Ssh) -> {ok, Ssh}; compress_final(#ssh{compress = zlib, compress_ctx = Context} = Ssh) -> + zlib:close(Context), + {ok, Ssh#ssh{compress = none, compress_ctx = undefined}}; +compress_final(#ssh{compress = 'zlib@openssh.com', authenticated = false} = Ssh) -> + {ok, Ssh}; +compress_final(#ssh{compress = 'zlib@openssh.com', compress_ctx = Context, authenticated = true} = Ssh) -> zlib:close(Context), {ok, Ssh#ssh{compress = none, compress_ctx = undefined}}. compress(#ssh{compress = none} = Ssh, Data) -> {Ssh, Data}; compress(#ssh{compress = zlib, compress_ctx = Context} = Ssh, Data) -> + Compressed = zlib:deflate(Context, Data, sync), + {Ssh, list_to_binary(Compressed)}; +compress(#ssh{compress = 'zlib@openssh.com', authenticated = false} = Ssh, Data) -> + {Ssh, Data}; +compress(#ssh{compress = 'zlib@openssh.com', compress_ctx = Context, authenticated = true} = Ssh, Data) -> Compressed = zlib:deflate(Context, Data, sync), {Ssh, list_to_binary(Compressed)}. @@ -892,6 +907,10 @@ compress(#ssh{compress = zlib, compress_ctx = Context} = Ssh, Data) -> decompress_init(#ssh{decompress = none} = Ssh) -> {ok, Ssh}; decompress_init(#ssh{decompress = zlib} = Ssh) -> + Zlib = zlib:open(), + ok = zlib:inflateInit(Zlib), + {ok, Ssh#ssh{decompress_ctx = Zlib}}; +decompress_init(#ssh{decompress = 'zlib@openssh.com'} = Ssh) -> Zlib = zlib:open(), ok = zlib:inflateInit(Zlib), {ok, Ssh#ssh{decompress_ctx = Zlib}}. @@ -899,12 +918,22 @@ decompress_init(#ssh{decompress = zlib} = Ssh) -> decompress_final(#ssh{decompress = none} = Ssh) -> {ok, Ssh}; decompress_final(#ssh{decompress = zlib, decompress_ctx = Context} = Ssh) -> + zlib:close(Context), + {ok, Ssh#ssh{decompress = none, decompress_ctx = undefined}}; +decompress_final(#ssh{decompress = 'zlib@openssh.com', authenticated = false} = Ssh) -> + {ok, Ssh}; +decompress_final(#ssh{decompress = 'zlib@openssh.com', decompress_ctx = Context, authenticated = true} = Ssh) -> zlib:close(Context), {ok, Ssh#ssh{decompress = none, decompress_ctx = undefined}}. decompress(#ssh{decompress = none} = Ssh, Data) -> {Ssh, Data}; decompress(#ssh{decompress = zlib, decompress_ctx = Context} = Ssh, Data) -> + Decompressed = zlib:inflate(Context, Data), + {Ssh, list_to_binary(Decompressed)}; +decompress(#ssh{decompress = 'zlib@openssh.com', authenticated = false} = Ssh, Data) -> + {Ssh, Data}; +decompress(#ssh{decompress = 'zlib@openssh.com', decompress_ctx = Context, authenticated = true} = Ssh, Data) -> Decompressed = zlib:inflate(Context, Data), {Ssh, list_to_binary(Decompressed)}. -- cgit v1.2.3 From dc5e0ede0f692000afc60c64ec428ea81ce67040 Mon Sep 17 00:00:00 2001 From: Fredrik Gustafsson Date: Thu, 27 Jun 2013 18:49:07 +0200 Subject: ssh: fixed bad match failure when disconnect msg --- lib/ssh/src/ssh_connection_handler.erl | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index d8950a7b67..0ec0424f74 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -419,10 +419,16 @@ userauth(#ssh_msg_userauth_failure{authentications = Methodes}, #state{ssh_params = #ssh{role = client, userauth_methods = none} = Ssh0} = State) -> AuthMethods = string:tokens(Methodes, ","), - {Msg, Ssh} = ssh_auth:userauth_request_msg( - Ssh0#ssh{userauth_methods = AuthMethods}), - send_msg(Msg, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; + case ssh_auth:userauth_request_msg( + Ssh0#ssh{userauth_methods = AuthMethods}) of + {disconnect, DisconnectMsg,{Msg, Ssh}} -> + send_msg(Msg, State), + handle_disconnect(DisconnectMsg, State#state{ssh_params = Ssh}); + {Msg, Ssh} -> + send_msg(Msg, State), + {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} + end; + %% The prefered authentication method failed try next method userauth(#ssh_msg_userauth_failure{}, -- cgit v1.2.3 From 8f5992f826b86e5a4f28a8feae10a6a678f07065 Mon Sep 17 00:00:00 2001 From: Fredrik Gustafsson Date: Fri, 28 Jun 2013 10:36:08 +0200 Subject: ssh: version updates --- lib/ssh/src/ssh.appup.src | 2 ++ lib/ssh/vsn.mk | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index d99931c746..08851dc445 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,12 +19,14 @@ {"%VSN%", [ + {<<"2.1.2">>, [{restart_application, ssh}]}, {<<"2.1.1">>, [{restart_application, ssh}]}, {<<"2.1">>, [{restart_application, ssh}]}, {<<"2.0\\.*">>, [{restart_application, ssh}]}, {<<"1\\.*">>, [{restart_application, ssh}]} ], [ + {<<"2.1.2">>, [{restart_application, ssh}]}, {<<"2.1.1">>, [{restart_application, ssh}]}, {<<"2.1">>,[{restart_application, ssh}]}, {<<"2.0\\.*">>, [{restart_application, ssh}]}, diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 921ec2206a..37353707c2 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 2.1.2 +SSH_VSN = 2.1.2.1 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 90f6229822c720d7616f9a11d1ca51e522586564 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Fri, 28 Jun 2013 10:51:27 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index d4acb2ef1a..6e7d76c137 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,22 @@ notes.xml
+
Ssh 2.1.2.1 + +
Improvements and New Features + + +

+ Removed error report in ssh_connection_handler triggered + by badmatch failure.

+

+ Own Id: OTP-11188

+ + +
+ +
+
Ssh 2.1.2
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 12d96ad4cbb41c361cb633615fd52f4b933e907f Mon Sep 17 00:00:00 2001 From: Fredrik Gustafsson Date: Tue, 20 Aug 2013 10:07:33 +0200 Subject: ssh: clarified timeout options --- lib/ssh/doc/src/ssh.xml | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index bd0d3d49dd..141d3df38e 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -88,6 +88,7 @@ number for SSH. Options = [{Option, Value}] Timeout = infinity | integer(milliseconds) + Negotiation timeout, for connection timeout use the option {connect_timeout, timeout()}.

Connects to an SSH server. No channel is started. This is done -- cgit v1.2.3 From 4f0f336665ea63a7865881e1f41e435de4342077 Mon Sep 17 00:00:00 2001 From: Fredrik Gustafsson Date: Tue, 20 Aug 2013 15:56:11 +0200 Subject: ssh: added basic connection testcase for openssh zlib --- lib/ssh/test/ssh_basic_SUITE.erl | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 93029c5038..0aa60624bf 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -48,8 +48,8 @@ all() -> close]. groups() -> - [{dsa_key, [], [send, exec, exec_compressed, shell, known_hosts, idle_time, rekey]}, - {rsa_key, [], [send, exec, exec_compressed, shell, known_hosts, idle_time, rekey]}, + [{dsa_key, [], [send, exec, exec_compressed, shell, known_hosts, idle_time, rekey, openssh_zlib_basic_test]}, + {rsa_key, [], [send, exec, exec_compressed, shell, known_hosts, idle_time, rekey, openssh_zlib_basic_test]}, {dsa_pass_key, [], [pass_phrase]}, {rsa_pass_key, [], [pass_phrase]}, {internal_error, [], [internal_error]} @@ -493,7 +493,24 @@ close(Config) when is_list(Config) -> exit(CM, {shutdown, normal}), ok = ssh:close(CM). - + +openssh_zlib_basic_test() -> + [{doc, "Test basic connection with openssh_zlib"}]. +openssh_zlib_basic_test(Config) -> + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {failfun, fun ssh_test_lib:failfun/2}]), + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user_interaction, false}, + {compression, openssh_zlib}]), + ok = ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). + %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- -- cgit v1.2.3 From c011973178d860f280c6ce18b07ce4176aec5b35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Gustavsson?= Date: Fri, 6 Sep 2013 13:40:21 +0200 Subject: Change encoding of troublesome notes.xml files to utf-8 Most notes.xml files will be updated in every release and cause the kind of the problems described in the previous commit. --- lib/ssh/doc/src/notes.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 299dd5058a..6b7ff7b238 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -1,4 +1,4 @@ - + @@ -138,7 +138,7 @@

Fix link to documentation for ssh:connect/3,4. Thanks to - Martin Hässler.

+ Martin Hässler.

Own Id: OTP-10862

-- cgit v1.2.3 From 20641fe0f2ea745873fc7557448d3a7deb1bd639 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 16 Sep 2013 20:11:53 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 35 +++++++++++++++++++++++++++++++++++ lib/ssh/vsn.mk | 2 +- 2 files changed, 36 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 6b7ff7b238..041f5e54af 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,41 @@ notes.xml
+
Ssh 2.1.8 + +
Improvements and New Features + + +

+ Do not chmod ~/.ssh unnecessarily.

+

+ Own Id: OTP-11189

+ + +

+ Make ssh_cli.erl handle CTRL+C. Thanks to Stefan + Zegenhagen.

+

+ Own Id: OTP-11199

+ + +

+ Clarified timeout options in documentation.

+

+ Own Id: OTP-11249

+ + +

+ Add openssh_zlib compression type to ssh_transport. + Thanks to Louis-Philippe Gauthier.

+

+ Own Id: OTP-11256

+ + +
+ +
+
Ssh 2.1.7
Fixed Bugs and Malfunctions diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 231779b75a..90f09471c9 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 2.1.7 +SSH_VSN = 2.1.8 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 20363d9af0f0f9446d3a1dfb099f4aa1898dc231 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20H=C3=A4ssler?= Date: Mon, 14 Oct 2013 20:42:58 +0200 Subject: Fix ssh doc typos ssh_rsa changed to 'ssh-rsa' and missing space added. --- lib/ssh/doc/src/ssh.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 141d3df38e..fb58a4b014 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -141,7 +141,7 @@

Sets the preferred public key algorithm to use for user authentication. If the the preferred algorithm fails for some reason, the other algorithm is tried. The default is - to try first.

+ to try first.

@@ -248,7 +248,7 @@ requested by the client. Default is to use the erlang shell: - Provides your own cli implementation, i.e. a channel callback -- cgit v1.2.3 From d54e4318a77c7a42a7b8952780b33987775c7608 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 25 Sep 2013 14:56:19 +0200 Subject: ssh: Add function ssh:peername/1 with test OTP-11345, sto575, tsk374 --- lib/ssh/doc/src/ssh.xml | 14 ++++++++++++++ lib/ssh/src/ssh.erl | 12 ++++++++++++ lib/ssh/test/ssh_basic_SUITE.erl | 34 +++++++++++++++++++++++++++++++++- 3 files changed, 59 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index fb58a4b014..ddfb50ebd2 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -333,6 +333,20 @@ + + peername(ConnectionRef) -> {ok, {Address,Port}} | {error,Error} + + + ConnectionRef = ssh_connection_ref() + Address = ip_address() + Port = integer() + + +

Returns the address and port for the other end of a connection. +

+ + + shell(Host) -> shell(Host, Option) -> diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 7d5478c3f6..718321ef21 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -28,6 +28,7 @@ -export([start/0, start/1, stop/0, connect/3, connect/4, close/1, connection_info/2, channel_info/3, daemon/1, daemon/2, daemon/3, + peername/1, stop_listener/1, stop_listener/2, stop_daemon/1, stop_daemon/2, shell/1, shell/2, shell/3]). @@ -244,6 +245,17 @@ shell(Host, Port, Options) -> Error end. +%%-------------------------------------------------------------------- +%% Function: peername(ConnectionRef) -> {ok, {Host,Port}} +%% | {error,Error} +%% +%% Description: Returns the peer address of the connection +%%-------------------------------------------------------------------- +peername(ConnectionRef) -> + [{peer, {_Name,{IP,Port}}}] = + ssh_connection_manager:connection_info(ConnectionRef, [peer]), + {ok, {IP,Port}}. + %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 0aa60624bf..e13610bc2a 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -22,6 +22,7 @@ -module(ssh_basic_SUITE). -include_lib("common_test/include/ct.hrl"). +-include_lib("kernel/include/inet.hrl"). %% Note: This directive should only be used in test suites. -compile(export_all). @@ -48,7 +49,7 @@ all() -> close]. groups() -> - [{dsa_key, [], [send, exec, exec_compressed, shell, known_hosts, idle_time, rekey, openssh_zlib_basic_test]}, + [{dsa_key, [], [send, peername, exec, exec_compressed, shell, known_hosts, idle_time, rekey, openssh_zlib_basic_test]}, {rsa_key, [], [send, exec, exec_compressed, shell, known_hosts, idle_time, rekey, openssh_zlib_basic_test]}, {dsa_pass_key, [], [pass_phrase]}, {rsa_pass_key, [], [pass_phrase]}, @@ -472,6 +473,37 @@ send(Config) when is_list(Config) -> ssh:stop_daemon(Pid). +%%-------------------------------------------------------------------- +peername() -> + [{doc, "Test ssh:peername/1"}]. +peername(Config) when is_list(Config) -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {failfun, fun ssh_test_lib:failfun/2}]), + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user_interaction, false}]), + {ok,{IP,Port}} = ssh:peername(ConnectionRef), + host_equal(Host,IP), + ssh:stop_daemon(Pid). + + +host_equal(Name, IP) when is_list(Name), is_tuple(IP) -> + Family = if size(IP)==4 -> inet; + size(IP)==8 -> inet6 + end, + {ok,#hostent{h_addr_list=IPs}} = inet:gethostbyname(Name,Family), + lists:any(fun(X) -> X==IP end, IPs); +host_equal(IP, Name) when is_list(Name), is_tuple(IP) -> + host_equal(Name, IP); +host_equal(X,Y) -> X==Y. + + %%-------------------------------------------------------------------- close() -> [{doc, "Simulate that we try to close an already closed connection"}]. -- cgit v1.2.3 From f5495aa1560daf65c063a8d5b99a5ea17520ea92 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 30 Sep 2013 16:35:09 +0200 Subject: ssh: Add ssh:sockname/1 incl doc and tests OTP-11345, sto575, tsk374 --- lib/ssh/doc/src/ssh.xml | 14 +++++++ lib/ssh/src/ssh.erl | 12 ++++++ lib/ssh/src/ssh_connection_handler.erl | 29 +++++++------- lib/ssh/test/Makefile | 5 ++- lib/ssh/test/ssh_basic_SUITE.erl | 55 +++++++++++++++++--------- lib/ssh/test/ssh_peername_sockname_server.erl | 56 +++++++++++++++++++++++++++ 6 files changed, 137 insertions(+), 34 deletions(-) create mode 100644 lib/ssh/test/ssh_peername_sockname_server.erl (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index ddfb50ebd2..896b98edc2 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -366,6 +366,20 @@ + + sockname(ConnectionRef) -> {ok, {Address,Port}} | {error,Error} + + + ConnectionRef = ssh_connection_ref() + Address = ip_address() + Port = integer() + + +

Returns the local address and port number for a connection. +

+ + + start() -> start(Type) -> ok | {error, Reason} diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 718321ef21..80d20abbbd 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -29,6 +29,7 @@ channel_info/3, daemon/1, daemon/2, daemon/3, peername/1, + sockname/1, stop_listener/1, stop_listener/2, stop_daemon/1, stop_daemon/2, shell/1, shell/2, shell/3]). @@ -256,6 +257,17 @@ peername(ConnectionRef) -> ssh_connection_manager:connection_info(ConnectionRef, [peer]), {ok, {IP,Port}}. +%%-------------------------------------------------------------------- +%% Function: sockname(ConnectionRef) -> {ok, {Host,Port}} +%% | {error,Error} +%% +%% Description: Returns the local address of the connection +%%-------------------------------------------------------------------- +sockname(ConnectionRef) -> + [{sockname, Result}] = + ssh_connection_manager:connection_info(ConnectionRef, [sockname]), + Result. + %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 9de4dd5967..c3e8a3c742 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -46,7 +46,7 @@ handle_sync_event/4, handle_info/3, terminate/3, code_change/4]). %% spawn export --export([ssh_info_handler/3]). +-export([ssh_info_handler/4]). -record(state, { transport_protocol, % ex: tcp @@ -533,7 +533,7 @@ handle_event(renegotiate, StateName, State) -> {next_state, StateName, State}; handle_event({info, From, Options}, StateName, #state{ssh_params = Ssh} = State) -> - spawn(?MODULE, ssh_info_handler, [Options, Ssh, From]), + spawn(?MODULE, ssh_info_handler, [Options, Ssh, State, From]), {next_state, StateName, State}; handle_event(data_size, connected, #state{ssh_params = Ssh0} = State) -> {ok, [{send_oct,Sent}]} = inet:getstat(State#state.socket, [send_oct]), @@ -1022,26 +1022,29 @@ retry_fun(User, Reason, Opts) -> catch Fun(User, Reason) end. -ssh_info_handler(Options, Ssh, From) -> - Info = ssh_info(Options, Ssh, []), +ssh_info_handler(Options, Ssh, State, From) -> + Info = ssh_info(Options, Ssh, State, []), ssh_connection_manager:send_msg({channel_requst_reply, From, Info}). -ssh_info([], _, Acc) -> +ssh_info([], _, _, Acc) -> Acc; ssh_info([client_version | Rest], #ssh{c_vsn = IntVsn, - c_version = StringVsn} = SshParams, Acc) -> - ssh_info(Rest, SshParams, [{client_version, {IntVsn, StringVsn}} | Acc]); + c_version = StringVsn} = SshParams, State, Acc) -> + ssh_info(Rest, SshParams, State, [{client_version, {IntVsn, StringVsn}} | Acc]); ssh_info([server_version | Rest], #ssh{s_vsn = IntVsn, - s_version = StringVsn} = SshParams, Acc) -> - ssh_info(Rest, SshParams, [{server_version, {IntVsn, StringVsn}} | Acc]); + s_version = StringVsn} = SshParams, State, Acc) -> + ssh_info(Rest, SshParams, State, [{server_version, {IntVsn, StringVsn}} | Acc]); -ssh_info([peer | Rest], #ssh{peer = Peer} = SshParams, Acc) -> - ssh_info(Rest, SshParams, [{peer, Peer} | Acc]); +ssh_info([peer | Rest], #ssh{peer = Peer} = SshParams, State, Acc) -> + ssh_info(Rest, SshParams, State, [{peer, Peer} | Acc]); -ssh_info([ _ | Rest], SshParams, Acc) -> - ssh_info(Rest, SshParams, Acc). +ssh_info([sockname | Rest], SshParams, #state{socket=Socket}=State, Acc) -> + ssh_info(Rest, SshParams, State, [{sockname,inet:sockname(Socket)}|Acc]); + +ssh_info([ _ | Rest], SshParams, State, Acc) -> + ssh_info(Rest, SshParams, State, Acc). log_error(Reason) -> Report = io_lib:format("Erlang ssh connection handler failed with reason: " diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile index f5db31baee..13caafc055 100644 --- a/lib/ssh/test/Makefile +++ b/lib/ssh/test/Makefile @@ -1,7 +1,7 @@ # # %CopyrightBegin% # -# Copyright Ericsson AB 2004-2012. All Rights Reserved. +# Copyright Ericsson AB 2004-2013. All Rights Reserved. # # The contents of this file are subject to the Erlang Public License, # Version 1.1, (the "License"); you may not use this file except in @@ -38,7 +38,8 @@ MODULES= \ ssh_sftpd_SUITE \ ssh_sftpd_erlclient_SUITE \ ssh_connection_SUITE \ - ssh_echo_server + ssh_echo_server \ + ssh_peername_sockname_server HRL_FILES_NEEDED_IN_TEST= \ $(ERL_TOP)/lib/ssh/src/ssh.hrl \ diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index e13610bc2a..e8f1d5213c 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -49,7 +49,9 @@ all() -> close]. groups() -> - [{dsa_key, [], [send, peername, exec, exec_compressed, shell, known_hosts, idle_time, rekey, openssh_zlib_basic_test]}, + [{dsa_key, [], [send, + peername_sockname, + exec, exec_compressed, shell, known_hosts, idle_time, rekey, openssh_zlib_basic_test]}, {rsa_key, [], [send, exec, exec_compressed, shell, known_hosts, idle_time, rekey, openssh_zlib_basic_test]}, {dsa_pass_key, [], [pass_phrase]}, {rsa_pass_key, [], [pass_phrase]}, @@ -474,35 +476,50 @@ send(Config) when is_list(Config) -> %%-------------------------------------------------------------------- -peername() -> - [{doc, "Test ssh:peername/1"}]. -peername(Config) when is_list(Config) -> +peername_sockname() -> + [{doc, "Test ssh:peername/1 and ssh:sockname/1"}]. +peername_sockname(Config) when is_list(Config) -> process_flag(trap_exit, true), SystemDir = filename:join(?config(priv_dir, Config), system), UserDir = ?config(priv_dir, Config), - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, UserDir}, - {failfun, fun ssh_test_lib:failfun/2}]), + {subsystems, [{"peername_sockname", + {ssh_peername_sockname_server, []}} + ]} + ]), ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, {user_dir, UserDir}, {user_interaction, false}]), - {ok,{IP,Port}} = ssh:peername(ConnectionRef), - host_equal(Host,IP), - ssh:stop_daemon(Pid). - + {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + success = ssh_connection:subsystem(ConnectionRef, ChannelId, "peername_sockname", infinity), + {ok,{HostPeerClient,PortPeerClient}} = ssh:peername(ConnectionRef), + {ok,{HostSockClient,PortSockClient}} = ssh:sockname(ConnectionRef), + receive + {ssh_cm, ConnectionRef, {data, ChannelId, _, Response}} -> + {PeerNameSrv,SockNameSrv} = binary_to_term(Response), + {ok,{HostPeerSrv,PortPeerSrv}} = PeerNameSrv, + {ok,{HostSockSrv,PortSockSrv}} = SockNameSrv, + host_equal(HostPeerSrv, HostSockClient), + PortPeerSrv = PortSockClient, + host_equal(HostSockSrv, HostPeerClient), + PortSockSrv = PortPeerClient, + host_equal(HostSockSrv, Host), + PortSockSrv = Port + after 10000 -> + throw(timeout) + end. -host_equal(Name, IP) when is_list(Name), is_tuple(IP) -> - Family = if size(IP)==4 -> inet; - size(IP)==8 -> inet6 - end, - {ok,#hostent{h_addr_list=IPs}} = inet:gethostbyname(Name,Family), - lists:any(fun(X) -> X==IP end, IPs); -host_equal(IP, Name) when is_list(Name), is_tuple(IP) -> - host_equal(Name, IP); -host_equal(X,Y) -> X==Y. +host_equal(H1, H2) -> + not ordsets:is_disjoint(ips(H1), ips(H2)). +ips(IP) when is_tuple(IP) -> ordsets:from_list([IP]); +ips(Name) when is_list(Name) -> + {ok,#hostent{h_addr_list=IPs4}} = inet:gethostbyname(Name,inet), + {ok,#hostent{h_addr_list=IPs6}} = inet:gethostbyname(Name,inet6), + ordsets:from_list(IPs4++IPs6). %%-------------------------------------------------------------------- close() -> diff --git a/lib/ssh/test/ssh_peername_sockname_server.erl b/lib/ssh/test/ssh_peername_sockname_server.erl new file mode 100644 index 0000000000..7664f3ee25 --- /dev/null +++ b/lib/ssh/test/ssh_peername_sockname_server.erl @@ -0,0 +1,56 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% + +-module(ssh_peername_sockname_server). + +%% The purpose of this module is to perform tests on the server side of an +%% ssh connection. + + +-behaviour(ssh_daemon_channel). +-record(state, {}). + +-export([init/1, handle_msg/2, handle_ssh_msg/2, terminate/2]). + +init([]) -> + {ok, #state{}}. + +handle_msg({ssh_channel_up, ChannelId, ConnectionManager}, State) -> + ssh_connection:send(ConnectionManager, ChannelId, + term_to_binary( + {catch ssh:peername(ConnectionManager), + catch ssh:sockname(ConnectionManager) + }) + ), + {ok, State}. + +handle_ssh_msg({ssh_cm, _, {exit_signal, ChannelId, _, _Error, _}}, + State) -> + {stop, ChannelId, State}; + +handle_ssh_msg({ssh_cm, _, {exit_status, ChannelId, _Status}}, State) -> + {stop, ChannelId, State}; + +handle_ssh_msg({ssh_cm, _CM, _}, State) -> + {ok, State}. + +terminate(_Reason, _State) -> + ok. -- cgit v1.2.3 From d27003ba5c5ce962df439a99076a85607b82d746 Mon Sep 17 00:00:00 2001 From: Tristan Sloughter Date: Thu, 5 Sep 2013 17:43:05 -0500 Subject: fix private_key type documentation in ssh_server_key_api --- lib/ssh/doc/src/ssh_server_key_api.xml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_server_key_api.xml b/lib/ssh/doc/src/ssh_server_key_api.xml index c4562e1211..51e1fc1f2e 100644 --- a/lib/ssh/doc/src/ssh_server_key_api.xml +++ b/lib/ssh/doc/src/ssh_server_key_api.xml @@ -29,7 +29,7 @@ -behaviour(ssh_server_key_api). -

Behaviour describing the API for an SSH server's public key handling.By implementing the callbacks defined +

Behaviour describing the API for an SSH server's public key handling. By implementing the callbacks defined in this behavior it is possible to customize the SSH server's public key handling. By default the SSH application implements this behavior with help of the standard openssh files, see ssh(6).

@@ -44,9 +44,9 @@

boolean() = true | false

string() = [byte()]

-

public_key() = #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term()

-

private_key() = #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term()

-

public_key_algorithm() = 'ssh-rsa'| 'ssh-dss' | atom()

+

public_key() = #'RSAPublicKey'{} | {integer(), #'Dss-Parms'{}} | term()

+

private_key() = #'RSAPrivateKey'{} | #'DSAPrivateKey'{} | term()

+

public_key_algorithm() = 'ssh-rsa' | 'ssh-dss' | atom()

@@ -56,7 +56,7 @@ Fetches the hosts private key Algorithm = public_key_algorithm() - Host key algorithm. Should support 'ssh-rsa'| 'ssh-dss' but additional algorithms + Host key algorithm. Should support 'ssh-rsa' | 'ssh-dss' but additional algorithms can be handled. DaemonOptions = proplists:proplist() Options provided to ssh:daemon/[2,3] -- cgit v1.2.3 From d53cea682010766c82ba7088f40efcfafe196621 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 4 Oct 2013 16:05:22 +0200 Subject: ssh: Remove use of process dictionary This is step one in in making ssh process structure less complicated. As an effect I also found other simplifications/clean ups of the code that could be done. --- lib/ssh/src/Makefile | 1 + lib/ssh/src/ssh.app.src | 1 + lib/ssh/src/ssh_auth.erl | 98 +++---- lib/ssh/src/ssh_bits.erl | 222 +++++++------- lib/ssh/src/ssh_connection.erl | 68 +---- lib/ssh/src/ssh_connection_handler.erl | 5 +- lib/ssh/src/ssh_connection_manager.erl | 6 +- lib/ssh/src/ssh_message.erl | 519 +++++++++++++++++++++++++++++++++ lib/ssh/src/ssh_transport.erl | 156 ++-------- 9 files changed, 714 insertions(+), 362 deletions(-) create mode 100644 lib/ssh/src/ssh_message.erl (limited to 'lib/ssh') diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile index 93d0b54f57..a31e4a8525 100644 --- a/lib/ssh/src/Makefile +++ b/lib/ssh/src/Makefile @@ -67,6 +67,7 @@ MODULES= \ ssh_file \ ssh_io \ ssh_math \ + ssh_message \ ssh_no_io \ ssh_sftp \ ssh_sftpd \ diff --git a/lib/ssh/src/ssh.app.src b/lib/ssh/src/ssh.app.src index 49707f3378..bae8f82d01 100644 --- a/lib/ssh/src/ssh.app.src +++ b/lib/ssh/src/ssh.app.src @@ -8,6 +8,7 @@ ssh_acceptor, ssh_acceptor_sup, ssh_auth, + ssh_message, ssh_bits, ssh_cli, ssh_client_key_api, diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index cb0c7751f0..f3d1a711ae 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -30,8 +30,8 @@ -export([publickey_msg/1, password_msg/1, keyboard_interactive_msg/1, service_request_msg/1, init_userauth_request_msg/1, userauth_request_msg/1, handle_userauth_request/3, - handle_userauth_info_request/3, handle_userauth_info_response/2, - userauth_messages/0 + handle_userauth_info_request/3, handle_userauth_info_response/2 + %%userauth_messages/0 ]). %%-------------------------------------------------------------------- @@ -43,7 +43,7 @@ publickey_msg([Alg, #ssh{user = User, opts = Opts} = Ssh]) -> Hash = sha, %% Maybe option?! - ssh_bits:install_messages(userauth_pk_messages()), + %%ssh_bits:install_messages(userauth_pk_messages()), KeyCb = proplists:get_value(key_cb, Opts, ssh_file), case KeyCb:user_key(Alg, Opts) of @@ -69,7 +69,7 @@ publickey_msg([Alg, #ssh{user = User, password_msg([#ssh{opts = Opts, io_cb = IoCb, user = User, service = Service} = Ssh]) -> - ssh_bits:install_messages(userauth_passwd_messages()), + %%ssh_bits:install_messages(userauth_passwd_messages()), Password = case proplists:get_value(password, Opts) of undefined -> user_interaction(IoCb, Ssh); @@ -99,7 +99,7 @@ user_interaction(IoCb, Ssh) -> %% See RFC 4256 for info on keyboard-interactive keyboard_interactive_msg([#ssh{user = User, service = Service} = Ssh]) -> - ssh_bits:install_messages(userauth_keyboard_interactive_messages()), + %%ssh_bits:install_messages(userauth_keyboard_interactive_messages()), ssh_transport:ssh_packet( #ssh_msg_userauth_request{user = User, service = Service, @@ -239,7 +239,7 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, partial_success = false}, Ssh)} end; ?FALSE -> - ssh_bits:install_messages(userauth_pk_messages()), + %%ssh_bits:install_messages(userauth_pk_messages()), {not_authorized, {User, undefined}, ssh_transport:ssh_packet( #ssh_msg_userauth_pk_ok{algorithm_name = Alg, @@ -278,23 +278,23 @@ handle_userauth_info_response(#ssh_msg_userauth_info_response{}, description = "Server does not support" "keyboard-interactive", language = "en"}). -userauth_messages() -> - [ {ssh_msg_userauth_request, ?SSH_MSG_USERAUTH_REQUEST, - [string, - string, - string, - '...']}, - - {ssh_msg_userauth_failure, ?SSH_MSG_USERAUTH_FAILURE, - [string, - boolean]}, - - {ssh_msg_userauth_success, ?SSH_MSG_USERAUTH_SUCCESS, - []}, - - {ssh_msg_userauth_banner, ?SSH_MSG_USERAUTH_BANNER, - [string, - string]}]. +%% userauth_messages() -> +%% [ {ssh_msg_userauth_request, ?SSH_MSG_USERAUTH_REQUEST, +%% [string, +%% string, +%% string, +%% '...']}, + +%% {ssh_msg_userauth_failure, ?SSH_MSG_USERAUTH_FAILURE, +%% [string, +%% boolean]}, + +%% {ssh_msg_userauth_success, ?SSH_MSG_USERAUTH_SUCCESS, +%% []}, + +%% {ssh_msg_userauth_banner, ?SSH_MSG_USERAUTH_BANNER, +%% [string, +%% string]}]. %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- @@ -431,31 +431,31 @@ keyboard_interact(IoCb, Name, Instr, Prompts, Opts) -> end, Prompts). -userauth_passwd_messages() -> - [ - {ssh_msg_userauth_passwd_changereq, ?SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, - [string, - string]} - ]. - -userauth_keyboard_interactive_messages() -> - [ {ssh_msg_userauth_info_request, ?SSH_MSG_USERAUTH_INFO_REQUEST, - [string, - string, - string, - uint32, - '...']}, - - {ssh_msg_userauth_info_response, ?SSH_MSG_USERAUTH_INFO_RESPONSE, - [uint32, - '...']} - ]. - -userauth_pk_messages() -> - [ {ssh_msg_userauth_pk_ok, ?SSH_MSG_USERAUTH_PK_OK, - [string, % algorithm name - binary]} % key blob - ]. +%% userauth_passwd_messages() -> +%% [ +%% {ssh_msg_userauth_passwd_changereq, ?SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, +%% [string, +%% string]} +%% ]. + +%% userauth_keyboard_interactive_messages() -> +%% [ {ssh_msg_userauth_info_request, ?SSH_MSG_USERAUTH_INFO_REQUEST, +%% [string, +%% string, +%% string, +%% uint32, +%% '...']}, + + %% {ssh_msg_userauth_info_response, ?SSH_MSG_USERAUTH_INFO_RESPONSE, + %% [uint32, + %% '...']} + %% ]. + +%% userauth_pk_messages() -> +%% [ {ssh_msg_userauth_pk_ok, ?SSH_MSG_USERAUTH_PK_OK, +%% [string, % algorithm name +%% binary]} % key blob +%% ]. other_alg('ssh-rsa') -> 'ssh-dss'; diff --git a/lib/ssh/src/ssh_bits.erl b/lib/ssh/src/ssh_bits.erl index fc6efc817f..1570e5ed4d 100644 --- a/lib/ssh/src/ssh_bits.erl +++ b/lib/ssh/src/ssh_bits.erl @@ -25,19 +25,19 @@ -include("ssh.hrl"). --export([encode/1, encode/2]). --export([decode/1, decode/2, decode/3]). +-export([encode/2, decode/2]). +%%-export([decode/1, decode/2, decode/3]). -export([mpint/1, bignum/1, string/1, name_list/1]). --export([b64_encode/1, b64_decode/1]). --export([install_messages/1, uninstall_messages/1]). +%%-export([b64_encode/1, b64_decode/1]). +%%-export([install_messages/1, uninstall_messages/1]). %% integer utils -export([isize/1]). -export([random/1]). --export([xor_bits/2, fill_bits/2]). +%%-export([xor_bits/2, fill_bits/2]). -export([i2bin/2, bin2i/1]). --import(lists, [foreach/2, reverse/1]). +%%-import(lists, [foreach/2, reverse/1]). -define(name_list(X), (fun(B) -> ?binary(B) end)(list_to_binary(name_concat(X)))). @@ -102,30 +102,30 @@ bignum(X) -> <>. -install_messages(Codes) -> - foreach(fun({Name, Code, Ts}) -> - put({msg_name,Code}, {Name,Ts}), - put({msg_code,Name}, {Code,Ts}) - end, Codes). +%% install_messages(Codes) -> +%% foreach(fun({Name, Code, Ts}) -> +%% put({msg_name,Code}, {Name,Ts}), +%% put({msg_code,Name}, {Code,Ts}) +%% end, Codes). -uninstall_messages(Codes) -> - foreach(fun({Name, Code, _Ts}) -> - erase({msg_name,Code}), - erase({msg_code,Name}) - end, Codes). +%% uninstall_messages(Codes) -> +%% foreach(fun({Name, Code, _Ts}) -> +%% erase({msg_name,Code}), +%% erase({msg_code,Name}) +%% end, Codes). %% %% Encode a record, the type spec is expected to be %% in process dictionary under the key {msg_code, RecodeName} %% -encode(Record) -> - case get({msg_code, element(1, Record)}) of - undefined -> - {error, unimplemented}; - {Code, Ts} -> - Data = enc(tl(tuple_to_list(Record)), Ts), - list_to_binary([Code, Data]) - end. +%% encode(Record) -> +%% case get({msg_code, element(1, Record)}) of +%% undefined -> +%% {error, unimplemented}; +%% {Code, Ts} -> +%% Data = enc(tl(tuple_to_list(Record)), Ts), +%% list_to_binary([Code, Data]) +%% end. encode(List, Types) -> list_to_binary(enc(List, Types)). @@ -136,74 +136,70 @@ encode(List, Types) -> enc(Xs, Ts) -> enc(Xs, Ts, 0). -enc(Xs, [Type|Ts], Offset) -> - case Type of - boolean -> - X=hd(Xs), - [?boolean(X) | enc(tl(Xs), Ts, Offset+1)]; - byte -> - X=hd(Xs), - [?byte(X) | enc(tl(Xs), Ts,Offset+1)]; - uint16 -> - X=hd(Xs), - [?uint16(X) | enc(tl(Xs), Ts,Offset+2)]; - uint32 -> - X=hd(Xs), - [?uint32(X) | enc(tl(Xs), Ts,Offset+4)]; - uint64 -> - X=hd(Xs), - [?uint64(X) | enc(tl(Xs), Ts,Offset+8)]; - mpint -> - Y=mpint(hd(Xs)), - [Y | enc(tl(Xs), Ts,Offset+size(Y))]; - bignum -> - Y=bignum(hd(Xs)), - [Y | enc(tl(Xs),Ts,Offset+size(Y))]; - string -> - X0=hd(Xs), - Y=?string(X0), - [Y | enc(tl(Xs),Ts,Offset+size(Y))]; - binary -> - X0=hd(Xs), - Y=?binary(X0), - [Y | enc(tl(Xs), Ts,Offset+size(Y))]; - name_list -> - X0=hd(Xs), - Y=?name_list(X0), - [Y | enc(tl(Xs), Ts, Offset+size(Y))]; - cookie -> - [random(16) | enc(tl(Xs), Ts, Offset+16)]; - {pad,N} -> - K = (N - (Offset rem N)) rem N, - [fill_bits(K,0) | enc(Xs, Ts, Offset+K)]; - '...' when Ts==[] -> - X=hd(Xs), - if is_binary(X) -> - [X]; - is_list(X) -> - [list_to_binary(X)]; - X==undefined -> - [] - end +enc(Xs, [boolean|Ts], Offset) -> + X = hd(Xs), + [?boolean(X) | enc(tl(Xs), Ts, Offset+1)]; +enc(Xs, [byte|Ts], Offset) -> + X = hd(Xs), + [?byte(X) | enc(tl(Xs), Ts,Offset+1)]; +enc(Xs, [uint16|Ts], Offset) -> + X = hd(Xs), + [?uint16(X) | enc(tl(Xs), Ts,Offset+2)]; +enc(Xs, [uint32 |Ts], Offset) -> + X = hd(Xs), + [?uint32(X) | enc(tl(Xs), Ts,Offset+4)]; +enc(Xs, [uint64|Ts], Offset) -> + X = hd(Xs), + [?uint64(X) | enc(tl(Xs), Ts,Offset+8)]; +enc(Xs, [mpint|Ts], Offset) -> + Y = mpint(hd(Xs)), + [Y | enc(tl(Xs), Ts,Offset+size(Y))]; +enc(Xs, [bignum|Ts], Offset) -> + Y = bignum(hd(Xs)), + [Y | enc(tl(Xs),Ts,Offset+size(Y))]; +enc(Xs, [string|Ts], Offset) -> + X0 = hd(Xs), + Y = ?string(X0), + [Y | enc(tl(Xs),Ts,Offset+size(Y))]; +enc(Xs, [binary|Ts], Offset) -> + X0 = hd(Xs), + Y = ?binary(X0), + [Y | enc(tl(Xs), Ts,Offset+size(Y))]; +enc(Xs, [name_list|Ts], Offset) -> + X0 = hd(Xs), + Y = ?name_list(X0), + [Y | enc(tl(Xs), Ts, Offset+size(Y))]; +enc(Xs, [cookie|Ts], Offset) -> + [random(16) | enc(tl(Xs), Ts, Offset+16)]; +enc(Xs, [{pad,N}|Ts], Offset) -> + K = (N - (Offset rem N)) rem N, + [fill_bits(K,0) | enc(Xs, Ts, Offset+K)]; +enc(Xs, ['...'| []], _Offset) -> + X = hd(Xs), + if is_binary(X) -> + [X]; + is_list(X) -> + [list_to_binary(X)]; + X==undefined -> + [] end; + enc([], [],_) -> []. - - %% %% Decode a SSH record the type is encoded as the first byte %% and the type spec MUST be installed in {msg_name, ID} %% -decode(Binary = <>) -> - case get({msg_name, ID}) of - undefined -> - {unknown, Binary}; - {Name, Ts} -> - {_, Elems} = decode(Binary,1,Ts), - list_to_tuple([Name | Elems]) - end. +%% decode(Binary = <>) -> +%% case get({msg_name, ID}) of +%% undefined -> +%% {unknown, Binary}; +%% {Name, Ts} -> +%% {_, Elems} = decode(Binary,1,Ts), +%% list_to_tuple([Name | Elems]) +%% end. %% %% Decode a binary form offset 0 @@ -214,15 +210,15 @@ decode(Binary, Types) when is_binary(Binary) andalso is_list(Types) -> Elems. -%% -%% Decode a binary from byte offset Offset -%% return {UpdatedOffset, DecodedElements} -%% +%% %% +%% %% Decode a binary from byte offset Offset +%% %% return {UpdatedOffset, DecodedElements} +%% %% decode(Binary, Offset, Types) -> - decode(Binary, Offset, Types, []). + decode(Binary, Offset, Types, []). decode(Binary, Offset, [Type|Ts], Acc) -> - case Type of + case Type of boolean -> <<_:Offset/binary, ?BOOLEAN(X0), _/binary>> = Binary, X = if X0 == 0 -> false; true -> true end, @@ -262,11 +258,11 @@ decode(Binary, Offset, [Type|Ts], Acc) -> Size = size(Binary), if Size < Offset + 4 -> %% empty string at end - {Size, reverse(["" | Acc])}; + {Size, lists:reverse(["" | Acc])}; true -> <<_:Offset/binary,?UINT32(L), X:L/binary,_/binary>> = Binary, - decode(Binary, Offset+4+L, Ts, [binary_to_list(X) | + decode(Binary, Offset+4+L, Ts, [binary_to_list(X) | Acc]) end; @@ -290,10 +286,10 @@ decode(Binary, Offset, [Type|Ts], Acc) -> '...' when Ts==[] -> <<_:Offset/binary, X/binary>> = Binary, - {Offset+size(X), reverse([X | Acc])} - end; -decode(_Binary, Offset, [], Acc) -> - {Offset, reverse(Acc)}. + {Offset+size(X), lists:reverse([X | Acc])} + end; + decode(_Binary, Offset, [], Acc) -> + {Offset, lists:reverse(Acc)}. @@ -378,13 +374,13 @@ fill(N,C) -> end. %% xor 2 binaries -xor_bits(XBits, YBits) -> - XSz = size(XBits)*8, - YSz = size(YBits)*8, - Sz = if XSz < YSz -> XSz; true -> YSz end, %% min - <> = XBits, - <> = YBits, - <<(X bxor Y):Sz>>. +%% xor_bits(XBits, YBits) -> +%% XSz = size(XBits)*8, +%% YSz = size(YBits)*8, +%% Sz = if XSz < YSz -> XSz; true -> YSz end, %% min +%% <> = XBits, +%% <> = YBits, +%% <<(X bxor Y):Sz>>. %% random/1 @@ -393,18 +389,18 @@ xor_bits(XBits, YBits) -> random(N) -> crypto:strong_rand_bytes(N). -%% -%% Base 64 encode/decode -%% +%% %% +%% %% Base 64 encode/decode +%% %% -b64_encode(Bs) when is_list(Bs) -> - base64:encode(Bs); -b64_encode(Bin) when is_binary(Bin) -> - base64:encode(Bin). +%% b64_encode(Bs) when is_list(Bs) -> +%% base64:encode(Bs); +%% b64_encode(Bin) when is_binary(Bin) -> +%% base64:encode(Bin). -b64_decode(Bin) when is_binary(Bin) -> - base64:mime_decode(Bin); -b64_decode(Cs) when is_list(Cs) -> - base64:mime_decode(Cs). +%% b64_decode(Bin) when is_binary(Bin) -> +%% base64:mime_decode(Bin); +%% b64_decode(Cs) when is_list(Cs) -> +%% base64:mime_decode(Cs). diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index 9424cdd423..ec3022e7c1 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -44,7 +44,7 @@ channel_open_failure_msg/4, channel_request_msg/4, global_request_msg/3, request_failure_msg/0, request_success_msg/1, bind/4, unbind/3, unbind_channel/2, - bound_channel/3, messages/0]). + bound_channel/3]). %%-------------------------------------------------------------------- %%% Internal application API @@ -880,70 +880,6 @@ bound_channel(IP, Port, Connection) -> _ -> undefined end. -messages() -> - [ {ssh_msg_global_request, ?SSH_MSG_GLOBAL_REQUEST, - [string, - boolean, - '...']}, - - {ssh_msg_request_success, ?SSH_MSG_REQUEST_SUCCESS, - ['...']}, - - {ssh_msg_request_failure, ?SSH_MSG_REQUEST_FAILURE, - []}, - - {ssh_msg_channel_open, ?SSH_MSG_CHANNEL_OPEN, - [string, - uint32, - uint32, - uint32, - '...']}, - - {ssh_msg_channel_open_confirmation, ?SSH_MSG_CHANNEL_OPEN_CONFIRMATION, - [uint32, - uint32, - uint32, - uint32, - '...']}, - - {ssh_msg_channel_open_failure, ?SSH_MSG_CHANNEL_OPEN_FAILURE, - [uint32, - uint32, - string, - string]}, - - {ssh_msg_channel_window_adjust, ?SSH_MSG_CHANNEL_WINDOW_ADJUST, - [uint32, - uint32]}, - - {ssh_msg_channel_data, ?SSH_MSG_CHANNEL_DATA, - [uint32, - binary]}, - - {ssh_msg_channel_extended_data, ?SSH_MSG_CHANNEL_EXTENDED_DATA, - [uint32, - uint32, - binary]}, - - {ssh_msg_channel_eof, ?SSH_MSG_CHANNEL_EOF, - [uint32]}, - - {ssh_msg_channel_close, ?SSH_MSG_CHANNEL_CLOSE, - [uint32]}, - - {ssh_msg_channel_request, ?SSH_MSG_CHANNEL_REQUEST, - [uint32, - string, - boolean, - '...']}, - - {ssh_msg_channel_success, ?SSH_MSG_CHANNEL_SUCCESS, - [uint32]}, - - {ssh_msg_channel_failure, ?SSH_MSG_CHANNEL_FAILURE, - [uint32]} - ]. - encode_ip(Addr) when is_tuple(Addr) -> case catch inet_parse:ntoa(Addr) of {'EXIT',_} -> false; diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index c3e8a3c742..c10a60bfcf 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -111,7 +111,6 @@ peer_address(ConnectionHandler) -> init([Role, Manager, Socket, SshOpts]) -> process_flag(trap_exit, true), {NumVsn, StrVsn} = ssh_transport:versions(Role, SshOpts), - ssh_bits:install_messages(ssh_transport:transport_messages(NumVsn)), {Protocol, Callback, CloseTag} = proplists:get_value(transport, SshOpts, {tcp, gen_tcp, tcp_closed}), try init_ssh(Role, NumVsn, StrVsn, SshOpts, Socket) of @@ -323,7 +322,6 @@ new_keys(#ssh_msg_newkeys{} = Msg, #state{ssh_params = Ssh0} = State0) -> userauth(#ssh_msg_service_request{name = "ssh-userauth"} = Msg, #state{ssh_params = #ssh{role = server, session_id = SessionId} = Ssh0} = State) -> - ssh_bits:install_messages(ssh_auth:userauth_messages()), try ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of {ok, {Reply, Ssh}} -> send_msg(Reply, State), @@ -887,7 +885,7 @@ generate_event(<> = Msg, StateName, {stop, {shutdown, Reason}, State0} end; generate_event(Msg, StateName, State0, EncData) -> - Event = ssh_bits:decode(Msg), + Event = ssh_message:decode(Msg), State = generate_event_new_state(State0, EncData), case Event of #ssh_msg_kexinit{} -> @@ -931,7 +929,6 @@ after_new_keys(#state{renegotiate = true} = State) -> {connected, State#state{renegotiate = false}}; after_new_keys(#state{renegotiate = false, ssh_params = #ssh{role = client} = Ssh0} = State) -> - ssh_bits:install_messages(ssh_auth:userauth_messages()), {Msg, Ssh} = ssh_auth:service_request_msg(Ssh0), send_msg(Msg, State), {userauth, State#state{ssh_params = Ssh}}; diff --git a/lib/ssh/src/ssh_connection_manager.erl b/lib/ssh/src/ssh_connection_manager.erl index 99a0b6a7c8..fb57a790fe 100644 --- a/lib/ssh/src/ssh_connection_manager.erl +++ b/lib/ssh/src/ssh_connection_manager.erl @@ -183,7 +183,6 @@ send_eof(ConnectionManager, ChannelId) -> %%-------------------------------------------------------------------- init([server, _Socket, Opts]) -> process_flag(trap_exit, true), - ssh_bits:install_messages(ssh_connection:messages()), Cache = ssh_channel:cache_create(), {ok, #state{role = server, connection_state = #connection{channel_cache = Cache, @@ -196,7 +195,6 @@ init([server, _Socket, Opts]) -> init([client, Opts]) -> process_flag(trap_exit, true), {links, [Parent]} = process_info(self(), links), - ssh_bits:install_messages(ssh_connection:messages()), Cache = ssh_channel:cache_create(), Address = proplists:get_value(address, Opts), Port = proplists:get_value(port, Opts), @@ -762,7 +760,7 @@ cast(Pid, Msg) -> gen_server:cast(Pid, Msg). decode_ssh_msg(BinMsg) when is_binary(BinMsg)-> - ssh_bits:decode(BinMsg); + ssh_message:decode(BinMsg); decode_ssh_msg(Msg) -> Msg. @@ -774,7 +772,7 @@ do_send_msg({channel_data, Pid, Data}) -> do_send_msg({channel_requst_reply, From, Data}) -> gen_server:reply(From, Data); do_send_msg({connection_reply, Pid, Data}) -> - Msg = ssh_bits:encode(Data), + Msg = ssh_message:encode(Data), ssh_connection_handler:send(Pid, Msg); do_send_msg({flow_control, Cache, Channel, From, Msg}) -> ssh_channel:cache_update(Cache, Channel#channel{flow_control = undefined}), diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl new file mode 100644 index 0000000000..dc4943ace4 --- /dev/null +++ b/lib/ssh/src/ssh_message.erl @@ -0,0 +1,519 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2013-2013. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% + +%%------------------------------------------------------------------ +-module(ssh_message). + +-include_lib("public_key/include/public_key.hrl"). + +-include("ssh.hrl"). +-include("ssh_connect.hrl"). +-include("ssh_auth.hrl"). +-include("ssh_transport.hrl"). + +-export([encode/1, decode/1, encode_host_key/1]). + +encode(#ssh_msg_global_request{ + name = Name, + want_reply = Bool, + data = Data}) -> + ssh_bits:encode([?SSH_MSG_GLOBAL_REQUEST, + Name, Bool, Data], [byte, string, boolean, '...']); +encode(#ssh_msg_request_success{data = Data}) -> + <>; +encode(#ssh_msg_request_failure{}) -> + <>; +encode(#ssh_msg_channel_open{ + channel_type = Type, + sender_channel = Sender, + initial_window_size = Window, + maximum_packet_size = Max, + data = Data + }) -> + ssh_bits:encode([?SSH_MSG_CHANNEL_OPEN, + Type, Sender, Window, Max, Data], [byte, string, uint32, + uint32, uint32, '...']); +encode(#ssh_msg_channel_open_confirmation{ + recipient_channel = Recipient, + sender_channel = Sender, + initial_window_size = InitWindowSize, + maximum_packet_size = MaxPacketSize, + data = Data + }) -> + ssh_bits:encode([?SSH_MSG_CHANNEL_OPEN_CONFIRMATION, Recipient, + Sender, InitWindowSize, MaxPacketSize, Data], + [byte, uint32, uint32, uint32, uint32, '...']); +encode(#ssh_msg_channel_open_failure{ + recipient_channel = Recipient, + reason = Reason, + description = Desc, + lang = Lang + }) -> + ssh_bits:encode([?SSH_MSG_CHANNEL_OPEN_FAILURE, Recipient, + Reason, Desc, Lang], [byte, uint32, uint32, string, string]); +encode(#ssh_msg_channel_window_adjust{ + recipient_channel = Recipient, + bytes_to_add = Bytes + }) -> + ssh_bits:encode([?SSH_MSG_CHANNEL_WINDOW_ADJUST, Recipient, Bytes], + [byte, uint32, uint32]); +encode(#ssh_msg_channel_data{ + recipient_channel = Recipient, + data = Data + }) -> + ssh_bits:encode([?SSH_MSG_CHANNEL_DATA, Recipient, Data], [byte, uint32, binary]); + +encode(#ssh_msg_channel_extended_data{ + recipient_channel = Recipient, + data_type_code = DataType, + data = Data + }) -> + ssh_bits:encode([?SSH_MSG_CHANNEL_EXTENDED_DATA, Recipient, + DataType, Data], [byte, uint32, uint32, binary]); + +encode(#ssh_msg_channel_eof{recipient_channel = Recipient + }) -> + <>; +encode(#ssh_msg_channel_close{ + recipient_channel = Recipient + }) -> + <>; +encode(#ssh_msg_channel_request{ + recipient_channel = Recipient, + request_type = Type, + want_reply = Bool, + data = Data + }) -> + ssh_bits:encode([?SSH_MSG_CHANNEL_REQUEST, Recipient, Type, Bool, Data], + [byte, uint32, string, boolean, '...']); +encode(#ssh_msg_channel_success{ + recipient_channel = Recipient + }) -> + <>; +encode(#ssh_msg_channel_failure{ + recipient_channel = Recipient + }) -> + <>; + +encode(#ssh_msg_userauth_request{ + user = User, + service = Service, + method = Method, + data = Data + }) -> + ssh_bits:encode([?SSH_MSG_USERAUTH_REQUEST, User, Service, Method, Data], + [byte, string, string, string, '...']); +encode(#ssh_msg_userauth_failure{ + authentications = Auths, + partial_success = Bool + }) -> + ssh_bits:encode([?SSH_MSG_USERAUTH_FAILURE, Auths, Bool], + [byte, string, boolean]); +encode(#ssh_msg_userauth_success{}) -> + <>; + +encode(#ssh_msg_userauth_banner{ + message = Banner, + language = Lang + }) -> + ssh_bits:encode([?SSH_MSG_USERAUTH_BANNER, Banner, Lang], + [byte, string, string]); + +encode(#ssh_msg_userauth_pk_ok{ + algorithm_name = Alg, + key_blob = KeyBlob + }) -> + ssh_bits:encode([?SSH_MSG_USERAUTH_PK_OK, Alg, KeyBlob], + [byte, string, binary]); + +encode(#ssh_msg_userauth_passwd_changereq{prompt = Prompt, + languge = Lang + })-> + ssh_bits:encode([?SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, Prompt, Lang], + [byte, string, string]); + +encode(#ssh_msg_userauth_info_request{ + name = Name, + instruction = Inst, + language_tag = Lang, + num_prompts = NumPromtps, + data = Data}) -> + ssh_bits:encode([?SSH_MSG_USERAUTH_INFO_REQUEST, Name, Inst, Lang, NumPromtps, Data], + [byte, string, string, string, uint32, '...']); + +encode(#ssh_msg_userauth_info_response{ + num_responses = Num, + data = Data}) -> + ssh_bits:encode([?SSH_MSG_USERAUTH_INFO_RESPONSE, Num, Data], + [byte, uint32, '...']); +encode(#ssh_msg_disconnect{ + code = Code, + description = Desc, + language = Lang + }) -> + ssh_bits:encode([?SSH_MSG_DISCONNECT, Code, Desc, Lang], + [byte, uint32, string, string]); + +encode(#ssh_msg_service_request{ + name = Service + }) -> + ssh_bits:encode([?SSH_MSG_SERVICE_REQUEST, Service], [byte, string]); + +encode(#ssh_msg_service_accept{ + name = Service + }) -> + ssh_bits:encode([?SSH_MSG_SERVICE_ACCEPT, Service], [byte, string]); + +encode(#ssh_msg_newkeys{}) -> + <>; + +encode(#ssh_msg_kexinit{ + cookie = Cookie, + kex_algorithms = KeyAlgs, + server_host_key_algorithms = HostKeyAlgs, + encryption_algorithms_client_to_server = EncAlgC2S, + encryption_algorithms_server_to_client = EncAlgS2C, + mac_algorithms_client_to_server = MacAlgC2S, + mac_algorithms_server_to_client = MacAlgS2C, + compression_algorithms_client_to_server = CompAlgS2C, + compression_algorithms_server_to_client = CompAlgC2S, + languages_client_to_server = LangC2S, + languages_server_to_client = LangS2C, + first_kex_packet_follows = Bool, + reserved = Reserved + }) -> + ssh_bits:encode([?SSH_MSG_KEXINIT, Cookie, KeyAlgs, HostKeyAlgs, EncAlgC2S, EncAlgS2C, + MacAlgC2S, MacAlgS2C, CompAlgS2C, CompAlgC2S, LangC2S, LangS2C, Bool, + Reserved], + [byte, cookie, + name_list, name_list, + name_list, name_list, + name_list, name_list, + name_list, name_list, + name_list, name_list, + boolean, uint32]); + +encode(#ssh_msg_kexdh_init{e = E}) -> + ssh_bits:encode([?SSH_MSG_KEXDH_INIT, E], [byte, mpint]); + +encode(#ssh_msg_kexdh_reply{ + public_host_key = Key, + f = F, + h_sig = Signature + }) -> + EncKey = encode_host_key(Key), + EncSign = encode_sign(Key, Signature), + ssh_bits:encode([?SSH_MSG_KEXDH_REPLY, EncKey, F, EncSign], [byte, binary, mpint, binary]); + +encode(#ssh_msg_kex_dh_gex_request{ + min = Min, + n = N, + max = Max + }) -> + ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_REQUEST, Min, N, Max], + [byte, uint32, uint32, uint32, uint32]); +encode(#ssh_msg_kex_dh_gex_request_old{n = N}) -> + ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_REQUEST_OLD, N], + [byte, uint32]); + +encode(#ssh_msg_kex_dh_gex_group{p = Prime, g = Generator}) -> + ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_GROUP, Prime, Generator], + [byte, mpint, mpint]); + +encode(#ssh_msg_kex_dh_gex_reply{ + %% Will be private key encode_host_key extracts only the public part! + public_host_key = Key, + f = F, + h_sig = Signature + }) -> + EncKey = encode_host_key(Key), + EncSign = encode_sign(Key, Signature), + ssh_bits:encode([?SSH_MSG_KEXDH_REPLY, EncKey, F, EncSign], [byte, binary, mpint, binary]); + +encode(#ssh_msg_ignore{data = Data}) -> + ssh_bits:encode([?SSH_MSG_IGNORE, Data], [byte, string]); + +encode(#ssh_msg_unimplemented{sequence = Seq}) -> + ssh_bits:encode([?SSH_MSG_IGNORE, Seq], [byte, uint32]); + +encode(#ssh_msg_debug{always_display = Bool, + message = Msg, + language = Lang}) -> + ssh_bits:encode([?SSH_MSG_DEBUG, Bool, Msg, Lang], [byte, boolean, string, string]). + + +%% Connection Messages +decode(<>) -> + #ssh_msg_global_request{ + name = Name, + want_reply = erl_boolean(Bool), + data = Data + }; +decode(<>) -> + #ssh_msg_request_success{data = Data}; +decode(<>) -> + #ssh_msg_request_failure{}; +decode(<>) -> + #ssh_msg_channel_open{ + channel_type = binary_to_list(Type), + sender_channel = Sender, + initial_window_size = Window, + maximum_packet_size = Max, + data = Data + }; +decode(<>) -> + #ssh_msg_channel_open_confirmation{ + recipient_channel = Recipient, + sender_channel = Sender, + initial_window_size = InitWindowSize, + maximum_packet_size = MaxPacketSize, + data = Data + }; +decode(<>) -> + #ssh_msg_channel_open_failure{ + recipient_channel = Recipient, + reason = Reason, + description = unicode:characters_to_list(Desc), + lang = Lang + }; +decode(<>) -> + #ssh_msg_channel_window_adjust{ + recipient_channel = Recipient, + bytes_to_add = Bytes + }; + +decode(<>) -> + #ssh_msg_channel_data{ + recipient_channel = Recipient, + data = Data + }; +decode(<>) -> + #ssh_msg_channel_extended_data{ + recipient_channel = Recipient, + data_type_code = DataType, + data = Data + }; +decode(<>) -> + #ssh_msg_channel_eof{ + recipient_channel = Recipient + }; +decode(<>) -> + #ssh_msg_channel_close{ + recipient_channel = Recipient + }; +decode(<>) -> + #ssh_msg_channel_request{ + recipient_channel = Recipient, + request_type = unicode:characters_to_list(RequestType), + want_reply = erl_boolean(Bool), + data = Data + }; +decode(<>) -> + #ssh_msg_channel_success{ + recipient_channel = Recipient + }; +decode(<>) -> + #ssh_msg_channel_failure{ + recipient_channel = Recipient + }; + +%%% Auth Messages +decode(<>) -> + #ssh_msg_userauth_request{ + user = unicode:characters_to_list(User), + service = unicode:characters_to_list(Service), + method = unicode:characters_to_list(Method), + data = Data + }; + +decode(<>) -> + #ssh_msg_userauth_failure { + authentications = unicode:characters_to_list(Auths), + partial_success = erl_boolean(Bool) + }; + +decode(<>) -> + #ssh_msg_userauth_success{}; + +decode(<>) -> + #ssh_msg_userauth_banner{ + message = Banner, + language = Lang + }; + +decode(<>) -> + #ssh_msg_userauth_pk_ok{ + algorithm_name = Alg, + key_blob = KeyBlob + }; + +decode(<>) -> + #ssh_msg_userauth_passwd_changereq{ + prompt = Prompt, + languge = Lang + }; +decode(<>) -> + #ssh_msg_userauth_info_request{ + name = Name, + instruction = Inst, + language_tag = Lang, + num_prompts = NumPromtps, + data = Data}; + +decode(<>) -> + #ssh_msg_userauth_info_response{ + num_responses = Num, + data = Data}; + +%%% Keyexchange messages +decode(<>) -> + decode_kex_init(Data, [Cookie, ssh_msg_kexinit], 10); + +decode(<>) -> + #ssh_msg_kexdh_init{e = erlint(Len, E) + }; +decode(<>) -> + #ssh_msg_kex_dh_gex_request{ + min = Min, + n = N, + max = Max + }; +decode(<>) -> + #ssh_msg_kex_dh_gex_request_old{ + n = N + }; +decode(<>) -> + #ssh_msg_kex_dh_gex_group{ + p = Prime, + g = Generator + }; +decode(<>) -> + #ssh_msg_kexdh_reply{ + public_host_key = decode_host_key(Key), + f = erlint(Len1, F), + h_sig = decode_sign(Hashsign) + }; + +decode(<>) -> + #ssh_msg_service_request{ + name = unicode:characters_to_list(Service) + }; + +decode(<>) -> + #ssh_msg_service_accept{ + name = unicode:characters_to_list(Service) + }; + +decode(<>) -> + #ssh_msg_disconnect{ + code = Code, + description = unicode:characters_to_list(Desc), + language = Lang + }; + +decode(<>) -> + #ssh_msg_newkeys{}; + +decode(<>) -> + #ssh_msg_ignore{data = Data}; + +decode(<>) -> + #ssh_msg_unimplemented{sequence = Seq}; + +decode(<>) -> + #ssh_msg_debug{always_display = erl_boolean(Bool), + message = Msg, + language = Lang}. +erl_boolean(0) -> + false; +erl_boolean(1) -> + true. + +decode_kex_init(<>, Acc, 0) -> + list_to_tuple(lists:reverse([X, erl_boolean(Bool) | Acc])); +decode_kex_init(<>, Acc, N) -> + Names = string:tokens(unicode:characters_to_list(Data), ","), + decode_kex_init(Rest, [Names | Acc], N -1). + +erlint(MPIntSize, MPIntValue) -> + Bits = MPIntSize * 8, + <> = MPIntValue, + Integer. + +decode_sign(<>) -> + Signature. + +decode_host_key(<>) -> + decode_host_key(Alg, Rest). + +decode_host_key(<<"ssh-rsa">>, <>) -> + #'RSAPublicKey'{publicExponent = erlint(Len0, E), + modulus = erlint(Len1, N)}; + +decode_host_key(<<"ssh-dss">>, + <>) -> + {erlint(Len3, Y), #'Dss-Parms'{p = erlint(Len0, P), q = erlint(Len1, Q), + g = erlint(Len2, G)}}. + +encode_host_key(#'RSAPublicKey'{modulus = N, publicExponent = E}) -> + ssh_bits:encode(["ssh-rsa", E, N], [string, mpint, mpint]); +encode_host_key({Y, #'Dss-Parms'{p = P, q = Q, g = G}}) -> + ssh_bits:encode(["ssh-dss", P, Q, G, Y], + [string, mpint, mpint, mpint, mpint]); +encode_host_key(#'RSAPrivateKey'{modulus = N, publicExponent = E}) -> + ssh_bits:encode(["ssh-rsa", E, N], [string, mpint, mpint]); +encode_host_key(#'DSAPrivateKey'{y = Y, p = P, q = Q, g = G}) -> + ssh_bits:encode(["ssh-dss", P, Q, G, Y], + [string, mpint, mpint, mpint, mpint]). +encode_sign(#'RSAPrivateKey'{}, Signature) -> + ssh_bits:encode(["ssh-rsa", Signature],[string, binary]); +encode_sign(#'DSAPrivateKey'{}, Signature) -> + ssh_bits:encode(["ssh-dss", Signature],[string, binary]). diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 682d766d99..45292ca6f0 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -32,9 +32,10 @@ -export([connect/5, accept/4]). -export([versions/2, hello_version_msg/1]). -export([next_seqnum/1, decrypt_first_block/2, decrypt_blocks/3, - is_valid_mac/3, transport_messages/1, kexdh_messages/0, - kex_dh_gex_messages/0, handle_hello_version/1, - key_exchange_init_msg/1, key_init/3, new_keys_message/1, + is_valid_mac/3, + handle_hello_version/1, + key_exchange_init_msg/1, + key_init/3, new_keys_message/1, handle_kexinit_msg/3, handle_kexdh_init/2, handle_kex_dh_gex_group/2, handle_kex_dh_gex_reply/2, handle_new_keys/2, handle_kex_dh_gex_request/2, @@ -74,64 +75,6 @@ is_valid_mac(Mac, Data, #ssh{recv_mac = Algorithm, recv_mac_key = Key, recv_sequence = SeqNum}) -> Mac == mac(Algorithm, Key, SeqNum, Data). -transport_messages(_) -> - [{ssh_msg_disconnect, ?SSH_MSG_DISCONNECT, - [uint32, string, string]}, - - {ssh_msg_ignore, ?SSH_MSG_IGNORE, - [string]}, - - {ssh_msg_unimplemented, ?SSH_MSG_UNIMPLEMENTED, - [uint32]}, - - {ssh_msg_debug, ?SSH_MSG_DEBUG, - [boolean, string, string]}, - - {ssh_msg_service_request, ?SSH_MSG_SERVICE_REQUEST, - [string]}, - - {ssh_msg_service_accept, ?SSH_MSG_SERVICE_ACCEPT, - [string]}, - - {ssh_msg_kexinit, ?SSH_MSG_KEXINIT, - [cookie, - name_list, name_list, - name_list, name_list, - name_list, name_list, - name_list, name_list, - name_list, name_list, - boolean, - uint32]}, - - {ssh_msg_newkeys, ?SSH_MSG_NEWKEYS, - []} - ]. - -kexdh_messages() -> - [{ssh_msg_kexdh_init, ?SSH_MSG_KEXDH_INIT, - [mpint]}, - - {ssh_msg_kexdh_reply, ?SSH_MSG_KEXDH_REPLY, - [binary, mpint, binary]} - ]. - -kex_dh_gex_messages() -> - [{ssh_msg_kex_dh_gex_request, ?SSH_MSG_KEX_DH_GEX_REQUEST, - [uint32, uint32, uint32]}, - - {ssh_msg_kex_dh_gex_request_old, ?SSH_MSG_KEX_DH_GEX_REQUEST_OLD, - [uint32]}, - - {ssh_msg_kex_dh_gex_group, ?SSH_MSG_KEX_DH_GEX_GROUP, - [mpint, mpint]}, - - {ssh_msg_kex_dh_gex_init, ?SSH_MSG_KEX_DH_GEX_INIT, - [mpint]}, - - {ssh_msg_kex_dh_gex_reply, ?SSH_MSG_KEX_DH_GEX_REPLY, - [binary, mpint, binary]} - ]. - yes_no(Ssh, Prompt) -> (Ssh#ssh.io_cb):yes_no(Prompt, Ssh). @@ -257,7 +200,6 @@ handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own, {ok, Algoritms} = select_algorithm(client, Own, CounterPart), case verify_algorithm(Algoritms) of true -> - install_messages(Algoritms#alg.kex), key_exchange_first_msg(Algoritms#alg.kex, Ssh0#ssh{algorithms = Algoritms}); _ -> @@ -271,7 +213,6 @@ handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own, handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own, #ssh{role = server} = Ssh) -> {ok, Algoritms} = select_algorithm(server, CounterPart, Own), - install_messages(Algoritms#alg.kex), {ok, Ssh#ssh{algorithms = Algoritms}}. @@ -284,11 +225,6 @@ verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha1'}) -> verify_algorithm(_) -> false. -install_messages('diffie-hellman-group1-sha1') -> - ssh_bits:install_messages(kexdh_messages()); -install_messages('diffie-hellman-group-exchange-sha1') -> - ssh_bits:install_messages(kex_dh_gex_messages()). - key_exchange_first_msg('diffie-hellman-group1-sha1', Ssh0) -> {G, P} = dh_group1(), {Private, Public} = dh_gen_key(G, P, 1024), @@ -312,10 +248,10 @@ handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) -> {G, P} = dh_group1(), {Private, Public} = dh_gen_key(G, P, 1024), K = ssh_math:ipow(E, Private, P), - {Key, K_S} = get_host_key(Ssh0), - H = kex_h(Ssh0, K_S, E, Public, K), + Key = get_host_key(Ssh0), + H = kex_h(Ssh0, Key, E, Public, K), H_SIG = sign_host_key(Ssh0, Key, H), - {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_reply{public_host_key = K_S, + {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_reply{public_host_key = Key, f = Public, h_sig = H_SIG }, Ssh0), @@ -411,65 +347,33 @@ get_host_key(SSH) -> #ssh{key_cb = Mod, opts = Opts, algorithms = ALG} = SSH, case Mod:host_key(ALG#alg.hkey, Opts) of - {ok, #'RSAPrivateKey'{modulus = N, publicExponent = E} = Key} -> - {Key, - ssh_bits:encode(["ssh-rsa",E,N],[string,mpint,mpint])}; - {ok, #'DSAPrivateKey'{y = Y, p = P, q = Q, g = G} = Key} -> - {Key, ssh_bits:encode(["ssh-dss",P,Q,G,Y], - [string,mpint,mpint,mpint,mpint])}; + {ok, #'RSAPrivateKey'{} = Key} -> + Key; + {ok, #'DSAPrivateKey'{} = Key} -> + Key; Result -> exit({error, {Result, unsupported_key_type}}) end. sign_host_key(_Ssh, #'RSAPrivateKey'{} = Private, H) -> Hash = sha, %% Option ?! - Signature = sign(H, Hash, Private), - ssh_bits:encode(["ssh-rsa", Signature],[string, binary]); + _Signature = sign(H, Hash, Private); sign_host_key(_Ssh, #'DSAPrivateKey'{} = Private, H) -> Hash = sha, %% Option ?! - RawSignature = sign(H, Hash, Private), - ssh_bits:encode(["ssh-dss", RawSignature],[string, binary]). - -verify_host_key(SSH, K_S, H, H_SIG) -> - ALG = SSH#ssh.algorithms, - case ALG#alg.hkey of - 'ssh-rsa' -> - verify_host_key_rsa(SSH, K_S, H, H_SIG); - 'ssh-dss' -> - verify_host_key_dss(SSH, K_S, H, H_SIG); - _ -> - {error, bad_host_key_algorithm} - end. + _RawSignature = sign(H, Hash, Private). -verify_host_key_rsa(SSH, K_S, H, H_SIG) -> - case ssh_bits:decode(K_S,[string,mpint,mpint]) of - ["ssh-rsa", E, N] -> - ["ssh-rsa",SIG] = ssh_bits:decode(H_SIG,[string,binary]), - Public = #'RSAPublicKey'{publicExponent = E, modulus = N}, - case verify(H, sha, SIG, Public) of - false -> - {error, bad_signature}; - true -> - known_host_key(SSH, Public, 'ssh-rsa') - end; - _ -> - {error, bad_format} +verify_host_key(SSH, PublicKey, Digest, Signature) -> + case verify(Digest, sha, Signature, PublicKey) of + false -> + {error, bad_signature}; + true -> + known_host_key(SSH, PublicKey, public_algo(PublicKey)) end. -verify_host_key_dss(SSH, K_S, H, H_SIG) -> - case ssh_bits:decode(K_S,[string,mpint,mpint,mpint,mpint]) of - ["ssh-dss",P,Q,G,Y] -> - ["ssh-dss",SIG] = ssh_bits:decode(H_SIG,[string,binary]), - Public = {Y, #'Dss-Parms'{p = P, q = Q, g = G}}, - case verify(H, sha, SIG, Public) of - false -> - {error, bad_signature}; - true -> - known_host_key(SSH, Public, 'ssh-dss') - end; - _ -> - {error, bad_host_key_format} - end. +public_algo(#'RSAPublicKey'{}) -> + 'ssh-rsa'; +public_algo({_, #'Dss-Parms'{}}) -> + 'ssh-dss'. accepted_host(Ssh, PeerName, Opts) -> case proplists:get_value(silently_accept_hosts, Opts, false) of @@ -636,12 +540,12 @@ select(CL, SL) -> C. ssh_packet(#ssh_msg_kexinit{} = Msg, Ssh0) -> - BinMsg = ssh_bits:encode(Msg), + BinMsg = ssh_message:encode(Msg), Ssh = key_init(Ssh0#ssh.role, Ssh0, BinMsg), pack(BinMsg, Ssh); ssh_packet(Msg, Ssh) -> - BinMsg = ssh_bits:encode(Msg), + BinMsg = ssh_message:encode(Msg), pack(BinMsg, Ssh). pack(Data0, #ssh{encrypt_block_size = BlockSize, @@ -1021,23 +925,23 @@ hash(K, H, Ki, N, HASH) -> Kj = HASH([K, H, Ki]), hash(K, H, <>, N-128, HASH). -kex_h(SSH, K_S, E, F, K) -> +kex_h(SSH, Key, E, F, K) -> L = ssh_bits:encode([SSH#ssh.c_version, SSH#ssh.s_version, SSH#ssh.c_keyinit, SSH#ssh.s_keyinit, - K_S, E,F,K], + ssh_message:encode_host_key(Key), E,F,K], [string,string,binary,binary,binary, mpint,mpint,mpint]), crypto:hash(sha,L). -kex_h(SSH, K_S, Min, NBits, Max, Prime, Gen, E, F, K) -> +kex_h(SSH, Key, Min, NBits, Max, Prime, Gen, E, F, K) -> L = if Min==-1; Max==-1 -> Ts = [string,string,binary,binary,binary, uint32, mpint,mpint,mpint,mpint,mpint], ssh_bits:encode([SSH#ssh.c_version,SSH#ssh.s_version, SSH#ssh.c_keyinit,SSH#ssh.s_keyinit, - K_S, NBits, Prime, Gen, E,F,K], + ssh_message:encode_host_key(Key), NBits, Prime, Gen, E,F,K], Ts); true -> Ts = [string,string,binary,binary,binary, @@ -1045,7 +949,7 @@ kex_h(SSH, K_S, Min, NBits, Max, Prime, Gen, E, F, K) -> mpint,mpint,mpint,mpint,mpint], ssh_bits:encode([SSH#ssh.c_version,SSH#ssh.s_version, SSH#ssh.c_keyinit,SSH#ssh.s_keyinit, - K_S, Min, NBits, Max, + ssh_message:encode_host_key(Key), Min, NBits, Max, Prime, Gen, E,F,K], Ts) end, crypto:hash(sha,L). -- cgit v1.2.3 From 68263a48bfbdac4dc219a91f06af3d535d881850 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 15 Oct 2013 18:24:50 +0200 Subject: ssh: Merge connection_manager and connection_handler processes Also start adding dialyzer specs and removing dead code --- lib/ssh/src/Makefile | 1 - lib/ssh/src/ssh.app.src | 1 - lib/ssh/src/ssh.erl | 134 ++-- lib/ssh/src/ssh.hrl | 4 +- lib/ssh/src/ssh_acceptor.erl | 19 +- lib/ssh/src/ssh_auth.erl | 95 +-- lib/ssh/src/ssh_bits.erl | 244 +----- lib/ssh/src/ssh_channel.erl | 2 +- lib/ssh/src/ssh_channel_sup.erl | 4 +- lib/ssh/src/ssh_cli.erl | 40 +- lib/ssh/src/ssh_connect.hrl | 5 +- lib/ssh/src/ssh_connection.erl | 584 ++++++-------- lib/ssh/src/ssh_connection_controler.erl | 137 ---- lib/ssh/src/ssh_connection_handler.erl | 1245 +++++++++++++++++++++--------- lib/ssh/src/ssh_connection_manager.erl | 914 ---------------------- lib/ssh/src/ssh_connection_sup.erl | 87 +-- lib/ssh/src/ssh_message.erl | 12 +- lib/ssh/src/ssh_sftpd.erl | 2 +- lib/ssh/src/ssh_subsystem_sup.erl | 16 +- lib/ssh/src/ssh_system_sup.erl | 6 +- lib/ssh/src/ssh_transport.erl | 47 -- lib/ssh/src/ssh_xfer.erl | 4 +- lib/ssh/src/sshc_sup.erl | 6 +- lib/ssh/test/ssh_basic_SUITE.erl | 14 +- 24 files changed, 1286 insertions(+), 2337 deletions(-) delete mode 100644 lib/ssh/src/ssh_connection_controler.erl delete mode 100644 lib/ssh/src/ssh_connection_manager.erl (limited to 'lib/ssh') diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile index a31e4a8525..caca355955 100644 --- a/lib/ssh/src/Makefile +++ b/lib/ssh/src/Makefile @@ -53,7 +53,6 @@ MODULES= \ ssh_connection_sup \ ssh_connection \ ssh_connection_handler \ - ssh_connection_manager \ ssh_shell \ ssh_system_sup \ ssh_subsystem_sup \ diff --git a/lib/ssh/src/ssh.app.src b/lib/ssh/src/ssh.app.src index bae8f82d01..9740b67dca 100644 --- a/lib/ssh/src/ssh.app.src +++ b/lib/ssh/src/ssh.app.src @@ -16,7 +16,6 @@ ssh_channel_sup, ssh_connection, ssh_connection_handler, - ssh_connection_manager, ssh_connection_sup, ssh_daemon_channel, ssh_shell, diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 80d20abbbd..9cf10e7a3a 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -34,9 +34,8 @@ shell/1, shell/2, shell/3]). %%-------------------------------------------------------------------- -%% Function: start([, Type]) -> ok -%% -%% Type = permanent | transient | temporary +-spec start() -> ok. +-spec start(permanent | transient | temporary) -> ok. %% %% Description: Starts the ssh application. Default type %% is temporary. see application(3) @@ -54,7 +53,7 @@ start(Type) -> application:start(ssh, Type). %%-------------------------------------------------------------------- -%% Function: stop() -> ok +-spec stop() -> ok. %% %% Description: Stops the ssh application. %%-------------------------------------------------------------------- @@ -62,13 +61,8 @@ stop() -> application:stop(ssh). %%-------------------------------------------------------------------- -%% Function: connect(Host, Port, Options) -> -%% connect(Host, Port, Options, Timeout -> ConnectionRef | {error, Reason} -%% -%% Host - string() -%% Port - integer() -%% Options - [{Option, Value}] -%% Timeout - infinity | integer(). +-spec connect(string(), integer(), proplists:proplists()) -> {ok, pid()} | {error, term()}. +-spec connect(string(), integer(), proplists:proplists(), timeout()) -> {ok, pid()} | {error, term()}. %% %% Description: Starts an ssh connection. %%-------------------------------------------------------------------- @@ -80,82 +74,52 @@ connect(Host, Port, Options, Timeout) -> Error; {SocketOptions, SshOptions} -> DisableIpv6 = proplists:get_value(ipv6_disabled, SshOptions, false), + {_, Transport, _} = TransportOpts = + proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), Inet = inetopt(DisableIpv6), - do_connect(Host, Port, [Inet | SocketOptions], - [{user_pid, self()}, {host, Host} | fix_idle_time(SshOptions)], Timeout, DisableIpv6) + try Transport:connect(Host, Port, [ {active, false}, Inet | SocketOptions], Timeout) of + {ok, Socket} -> + Opts = [{user_pid, self()}, {host, Host} | fix_idle_time(SshOptions)], + ssh_connection_handler:start_connection(client, Socket, Opts, Timeout); + {error, Reason} -> + {error, Reason} + catch + exit:{function_clause, _} -> + {error, {options, {transport, TransportOpts}}}; + exit:badarg -> + {error, {options, {socket_options, SocketOptions}}} + end end. -do_connect(Host, Port, SocketOptions, SshOptions, Timeout, DisableIpv6) -> - try sshc_sup:start_child([[{address, Host}, {port, Port}, - {role, client}, - {channel_pid, self()}, - {socket_opts, SocketOptions}, - {ssh_opts, SshOptions}]]) of - {ok, ConnectionSup} -> - {ok, Manager} = - ssh_connection_sup:connection_manager(ConnectionSup), - msg_loop(Manager, DisableIpv6, Host, Port, SocketOptions, SshOptions, Timeout) - catch - exit:{noproc, _} -> - {error, ssh_not_started} - end. -msg_loop(Manager, DisableIpv6, Host, Port, SocketOptions, SshOptions, Timeout) -> - receive - {Manager, is_connected} -> - {ok, Manager}; - %% When the connection fails - %% ssh_connection_sup:connection_manager - %% might return undefined as the connection manager - %% could allready have terminated, so we will not - %% match the Manager in this case - {_, not_connected, {error, econnrefused}} when DisableIpv6 == false -> - do_connect(Host, Port, proplists:delete(inet6, SocketOptions), - SshOptions, Timeout, true); - {_, not_connected, {error, Reason}} -> - {error, Reason}; - {_, not_connected, Other} -> - {error, Other}; - {From, user_password} -> - Pass = io:get_password(), - From ! Pass, - msg_loop(Manager, DisableIpv6, Host, Port, SocketOptions, SshOptions, Timeout); - {From, question} -> - Answer = io:get_line(""), - From ! Answer, - msg_loop(Manager, DisableIpv6, Host, Port, SocketOptions, SshOptions, Timeout) - after Timeout -> - ssh_connection_manager:stop(Manager), - {error, timeout} - end. %%-------------------------------------------------------------------- -%% Function: close(ConnectionRef) -> ok +-spec close(pid()) -> ok. %% %% Description: Closes an ssh connection. %%-------------------------------------------------------------------- close(ConnectionRef) -> - ssh_connection_manager:stop(ConnectionRef). + ssh_connection_handler:stop(ConnectionRef). %%-------------------------------------------------------------------- -%% Function: connection_info(ConnectionRef) -> [{Option, Value}] +-spec connection_info(pid(), [atom()]) -> [{atom(), term()}]. %% %% Description: Retrieves information about a connection. %%-------------------------------------------------------------------- connection_info(ConnectionRef, Options) -> - ssh_connection_manager:connection_info(ConnectionRef, Options). + ssh_connection_handler:connection_info(ConnectionRef, Options). %%-------------------------------------------------------------------- -%% Function: channel_info(ConnectionRef) -> [{Option, Value}] +-spec channel_info(pid(), channel_id(), [atom()]) -> [{atom(), term()}]. %% %% Description: Retrieves information about a connection. %%-------------------------------------------------------------------- channel_info(ConnectionRef, ChannelId, Options) -> - ssh_connection_manager:channel_info(ConnectionRef, ChannelId, Options). + ssh_connection_handler:channel_info(ConnectionRef, ChannelId, Options). %%-------------------------------------------------------------------- -%% Function: daemon(Port) -> -%% daemon(Port, Options) -> -%% daemon(Address, Port, Options) -> SshSystemRef -%% +-spec daemon(integer()) -> {ok, pid()}. +-spec daemon(integer(), proplists:proplist()) -> {ok, pid()}. +-spec daemon(any | inet:ip_address(), integer(), proplists:proplist()) -> {ok, pid()}. + %% Description: Starts a server listening for SSH connections %% on the given port. %%-------------------------------------------------------------------- @@ -187,9 +151,8 @@ daemon(HostAddr, Port, Options0) -> start_daemon(Host, Port, Options, Inet). %%-------------------------------------------------------------------- -%% Function: stop_listener(SysRef) -> ok -%% stop_listener(Address, Port) -> ok -%% +-spec stop_listener(pid()) -> ok. +-spec stop_listener(inet:ip_address(), integer()) -> ok. %% %% Description: Stops the listener, but leaves %% existing connections started by the listener up and running. @@ -200,9 +163,8 @@ stop_listener(Address, Port) -> ssh_system_sup:stop_listener(Address, Port). %%-------------------------------------------------------------------- -%% Function: stop_daemon(SysRef) -> ok -%%% stop_daemon(Address, Port) -> ok -%% +-spec stop_daemon(pid()) -> ok. +-spec stop_daemon(inet:ip_address(), integer()) -> ok. %% %% Description: Stops the listener and all connections started by %% the listener. @@ -213,9 +175,10 @@ stop_daemon(Address, Port) -> ssh_system_sup:stop_system(Address, Port). %%-------------------------------------------------------------------- -%% Function: shell(Host [,Port,Options]) -> {ok, ConnectionRef} | -%% {error, Reason} -%% +-spec shell(string()) -> _. +-spec shell(string(), proplists:proplist()) -> _. +-spec shell(string(), integer(), proplists:proplist()) -> _. + %% Host = string() %% Port = integer() %% Options = [{Option, Value}] @@ -247,25 +210,23 @@ shell(Host, Port, Options) -> end. %%-------------------------------------------------------------------- -%% Function: peername(ConnectionRef) -> {ok, {Host,Port}} -%% | {error,Error} +-spec peername(pid()) -> {ok, {inet:ip_address(), integer()}} | {error, term()}. %% %% Description: Returns the peer address of the connection %%-------------------------------------------------------------------- peername(ConnectionRef) -> [{peer, {_Name,{IP,Port}}}] = - ssh_connection_manager:connection_info(ConnectionRef, [peer]), + ssh_connection_handler:connection_info(ConnectionRef, [peer]), {ok, {IP,Port}}. %%-------------------------------------------------------------------- -%% Function: sockname(ConnectionRef) -> {ok, {Host,Port}} -%% | {error,Error} +-spec sockname(pid()) -> {ok, {inet:ip_address(), integer()}} | {error, term()}. %% %% Description: Returns the local address of the connection %%-------------------------------------------------------------------- sockname(ConnectionRef) -> [{sockname, Result}] = - ssh_connection_manager:connection_info(ConnectionRef, [sockname]), + ssh_connection_handler:connection_info(ConnectionRef, [sockname]), Result. %%-------------------------------------------------------------------- @@ -403,9 +364,9 @@ handle_ssh_option({user_dir, Value} = Opt) when is_list(Value) -> Opt; handle_ssh_option({user_dir_fun, Value} = Opt) when is_function(Value) -> Opt; -handle_ssh_option({silently_accept_hosts, Value} = Opt) when Value == true; Value == false -> +handle_ssh_option({silently_accept_hosts, Value} = Opt) when is_boolean(Value) -> Opt; -handle_ssh_option({user_interaction, Value} = Opt) when Value == true; Value == false -> +handle_ssh_option({user_interaction, Value} = Opt) when is_boolean(Value) -> Opt; handle_ssh_option({public_key_alg, ssh_dsa}) -> {public_key_alg, 'ssh-dss'}; @@ -453,8 +414,7 @@ handle_ssh_option({disconnectfun , Value} = Opt) when is_function(Value) -> handle_ssh_option({failfun, Value} = Opt) when is_function(Value) -> Opt; -handle_ssh_option({ipv6_disabled, Value} = Opt) when Value == true; - Value == false -> +handle_ssh_option({ipv6_disabled, Value} = Opt) when is_boolean(Value) -> Opt; handle_ssh_option({transport, {Protocol, Cb, ClosTag}} = Opt) when is_atom(Protocol), is_atom(Cb), @@ -469,8 +429,7 @@ handle_ssh_option({shell, {Module, Function, _}} = Opt) when is_atom(Module), Opt; handle_ssh_option({shell, Value} = Opt) when is_function(Value) -> Opt; -handle_ssh_option({quiet_mode, Value} = Opt) when Value == true; - Value == false -> +handle_ssh_option({quiet_mode, Value} = Opt) when is_boolean(Value) -> Opt; handle_ssh_option({idle_time, Value} = Opt) when is_integer(Value), Value > 0 -> Opt; @@ -521,6 +480,3 @@ inetopt(false) -> inet end. -%%% -%% Deprecated -%%% diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index 4fd347ba8f..94ced9da6f 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2012. All Rights Reserved. +%% Copyright Ericsson AB 2004-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -29,6 +29,8 @@ -define(SSH_DEFAULT_PORT, 22). -define(SSH_MAX_PACKET_SIZE, (256*1024)). -define(SSH_LENGHT_INDICATOR_SIZE, 4). +-define(REKEY_TIMOUT, 3600000). +-define(REKEY_DATA_TIMOUT, 60000). -define(FALSE, 0). -define(TRUE, 1). diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index d023656c32..91905b2eaf 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -25,7 +25,6 @@ -export([start_link/5]). %% spawn export -%% TODO: system messages -export([acceptor_init/6, acceptor_loop/6]). -define(SLEEP_TIME, 200). @@ -81,17 +80,15 @@ acceptor_loop(Callback, Port, Address, Opts, ListenSocket, AcceptTimeout) -> ListenSocket, AcceptTimeout) end. -handle_connection(Callback, Address, Port, Options, Socket) -> +handle_connection(_Callback, Address, Port, Options, Socket) -> SystemSup = ssh_system_sup:system_supervisor(Address, Port), {ok, SubSysSup} = ssh_system_sup:start_subsystem(SystemSup, Options), - ConnectionSup = ssh_system_sup:connection_supervisor(SystemSup), - {ok, Pid} = - ssh_connection_sup:start_manager_child(ConnectionSup, - [server, Socket, Options]), - Callback:controlling_process(Socket, Pid), - SshOpts = proplists:get_value(ssh_opts, Options), - Pid ! {start_connection, server, [Address, Port, Socket, SshOpts, SubSysSup]}. - + ConnectionSup = ssh_subsystem_sup:connection_supervisor(SubSysSup), + ssh_connection_handler:start_connection(server, Socket, + [{supervisors, [{system_sup, SystemSup}, + {subsystem_sup, SubSysSup}, + {connection_sup, ConnectionSup}]} + | Options], infinity). handle_error(timeout) -> ok; diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index f3d1a711ae..1fa3df847f 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -31,7 +31,6 @@ service_request_msg/1, init_userauth_request_msg/1, userauth_request_msg/1, handle_userauth_request/3, handle_userauth_info_request/3, handle_userauth_info_response/2 - %%userauth_messages/0 ]). %%-------------------------------------------------------------------- @@ -43,7 +42,6 @@ publickey_msg([Alg, #ssh{user = User, opts = Opts} = Ssh]) -> Hash = sha, %% Maybe option?! - %%ssh_bits:install_messages(userauth_pk_messages()), KeyCb = proplists:get_value(key_cb, Opts, ssh_file), case KeyCb:user_key(Alg, Opts) of @@ -69,7 +67,6 @@ publickey_msg([Alg, #ssh{user = User, password_msg([#ssh{opts = Opts, io_cb = IoCb, user = User, service = Service} = Ssh]) -> - %%ssh_bits:install_messages(userauth_passwd_messages()), Password = case proplists:get_value(password, Opts) of undefined -> user_interaction(IoCb, Ssh); @@ -99,7 +96,6 @@ user_interaction(IoCb, Ssh) -> %% See RFC 4256 for info on keyboard-interactive keyboard_interactive_msg([#ssh{user = User, service = Service} = Ssh]) -> - %%ssh_bits:install_messages(userauth_keyboard_interactive_messages()), ssh_transport:ssh_packet( #ssh_msg_userauth_request{user = User, service = Service, @@ -239,7 +235,6 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, partial_success = false}, Ssh)} end; ?FALSE -> - %%ssh_bits:install_messages(userauth_pk_messages()), {not_authorized, {User, undefined}, ssh_transport:ssh_packet( #ssh_msg_userauth_pk_ok{algorithm_name = Alg, @@ -275,26 +270,10 @@ handle_userauth_info_request( handle_userauth_info_response(#ssh_msg_userauth_info_response{}, _Auth) -> throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = "Server does not support" - "keyboard-interactive", + description = "Server does not support" + "keyboard-interactive", language = "en"}). -%% userauth_messages() -> -%% [ {ssh_msg_userauth_request, ?SSH_MSG_USERAUTH_REQUEST, -%% [string, -%% string, -%% string, -%% '...']}, - -%% {ssh_msg_userauth_failure, ?SSH_MSG_USERAUTH_FAILURE, -%% [string, -%% boolean]}, - -%% {ssh_msg_userauth_success, ?SSH_MSG_USERAUTH_SUCCESS, -%% []}, - -%% {ssh_msg_userauth_banner, ?SSH_MSG_USERAUTH_BANNER, -%% [string, -%% string]}]. + %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- @@ -386,13 +365,8 @@ algorithm_string('ssh-rsa') -> algorithm_string('ssh-dss') -> "ssh-dss". -decode_keyboard_interactive_prompts(NumPrompts, Data) -> - Types = lists:append(lists:duplicate(NumPrompts, [string, boolean])), - pairwise_tuplify(ssh_bits:decode(Data, Types)). - -pairwise_tuplify([E1, E2 | Rest]) -> [{E1, E2} | pairwise_tuplify(Rest)]; -pairwise_tuplify([]) -> []. - +decode_keyboard_interactive_prompts(_NumPrompts, Data) -> + ssh_message:decode_keyboard_interactive_prompts(Data, []). keyboard_interact_get_responses(IoCb, Opts, Name, Instr, PromptInfos) -> NumPrompts = length(PromptInfos), @@ -431,50 +405,29 @@ keyboard_interact(IoCb, Name, Instr, Prompts, Opts) -> end, Prompts). -%% userauth_passwd_messages() -> -%% [ -%% {ssh_msg_userauth_passwd_changereq, ?SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, -%% [string, -%% string]} -%% ]. - -%% userauth_keyboard_interactive_messages() -> -%% [ {ssh_msg_userauth_info_request, ?SSH_MSG_USERAUTH_INFO_REQUEST, -%% [string, -%% string, -%% string, -%% uint32, -%% '...']}, - - %% {ssh_msg_userauth_info_response, ?SSH_MSG_USERAUTH_INFO_RESPONSE, - %% [uint32, - %% '...']} - %% ]. - -%% userauth_pk_messages() -> -%% [ {ssh_msg_userauth_pk_ok, ?SSH_MSG_USERAUTH_PK_OK, -%% [string, % algorithm name -%% binary]} % key blob -%% ]. - other_alg('ssh-rsa') -> 'ssh-dss'; other_alg('ssh-dss') -> 'ssh-rsa'. -decode_public_key_v2(K_S, "ssh-rsa") -> - case ssh_bits:decode(K_S,[string,mpint,mpint]) of - ["ssh-rsa", E, N] -> - {ok, #'RSAPublicKey'{publicExponent = E, modulus = N}}; - _ -> - {error, bad_format} - end; -decode_public_key_v2(K_S, "ssh-dss") -> - case ssh_bits:decode(K_S,[string,mpint,mpint,mpint,mpint]) of - ["ssh-dss",P,Q,G,Y] -> - {ok, {Y, #'Dss-Parms'{p = P, q = Q, g = G}}}; - _ -> - {error, bad_format} - end; +decode_public_key_v2(<> + ,"ssh-rsa") -> + E = ssh_bits:erlint(Len1, BinE), + N = ssh_bits:erlint(Len2, BinN), + {ok, #'RSAPublicKey'{publicExponent = E, modulus = N}}; +decode_public_key_v2(<> + , "ssh-dss") -> + P = ssh_bits:erlint(Len1, BinP), + Q = ssh_bits:erlint(Len2, BinQ), + G = ssh_bits:erlint(Len3, BinG), + Y = ssh_bits:erlint(Len4, BinY), + {ok, {Y, #'Dss-Parms'{p = P, q = Q, g = G}}}; + decode_public_key_v2(_, _) -> {error, bad_format}. diff --git a/lib/ssh/src/ssh_bits.erl b/lib/ssh/src/ssh_bits.erl index 1570e5ed4d..2b0241cb83 100644 --- a/lib/ssh/src/ssh_bits.erl +++ b/lib/ssh/src/ssh_bits.erl @@ -25,19 +25,9 @@ -include("ssh.hrl"). --export([encode/2, decode/2]). -%%-export([decode/1, decode/2, decode/3]). --export([mpint/1, bignum/1, string/1, name_list/1]). -%%-export([b64_encode/1, b64_decode/1]). -%%-export([install_messages/1, uninstall_messages/1]). - -%% integer utils --export([isize/1]). +-export([encode/2]). +-export([mpint/1, erlint/2, string/1, name_list/1]). -export([random/1]). -%%-export([xor_bits/2, fill_bits/2]). --export([i2bin/2, bin2i/1]). - -%%-import(lists, [foreach/2, reverse/1]). -define(name_list(X), (fun(B) -> ?binary(B) end)(list_to_binary(name_concat(X)))). @@ -95,38 +85,6 @@ mpint_pos(X,I,Ds) -> mpint_pos(X bsr 8,I+1,[(X band 255)|Ds]). -%% BIGNUM representation SSH1 -bignum(X) -> - XSz = isize(X), - Pad = (8 - (XSz rem 8)) rem 8, - <>. - - -%% install_messages(Codes) -> -%% foreach(fun({Name, Code, Ts}) -> -%% put({msg_name,Code}, {Name,Ts}), -%% put({msg_code,Name}, {Code,Ts}) -%% end, Codes). - -%% uninstall_messages(Codes) -> -%% foreach(fun({Name, Code, _Ts}) -> -%% erase({msg_name,Code}), -%% erase({msg_code,Name}) -%% end, Codes). - -%% -%% Encode a record, the type spec is expected to be -%% in process dictionary under the key {msg_code, RecodeName} -%% -%% encode(Record) -> -%% case get({msg_code, element(1, Record)}) of -%% undefined -> -%% {error, unimplemented}; -%% {Code, Ts} -> -%% Data = enc(tl(tuple_to_list(Record)), Ts), -%% list_to_binary([Code, Data]) -%% end. - encode(List, Types) -> list_to_binary(enc(List, Types)). @@ -154,9 +112,6 @@ enc(Xs, [uint64|Ts], Offset) -> enc(Xs, [mpint|Ts], Offset) -> Y = mpint(hd(Xs)), [Y | enc(tl(Xs), Ts,Offset+size(Y))]; -enc(Xs, [bignum|Ts], Offset) -> - Y = bignum(hd(Xs)), - [Y | enc(tl(Xs),Ts,Offset+size(Y))]; enc(Xs, [string|Ts], Offset) -> X0 = hd(Xs), Y = ?string(X0), @@ -183,179 +138,14 @@ enc(Xs, ['...'| []], _Offset) -> X==undefined -> [] end; - enc([], [],_) -> []. -%% -%% Decode a SSH record the type is encoded as the first byte -%% and the type spec MUST be installed in {msg_name, ID} -%% - -%% decode(Binary = <>) -> -%% case get({msg_name, ID}) of -%% undefined -> -%% {unknown, Binary}; -%% {Name, Ts} -> -%% {_, Elems} = decode(Binary,1,Ts), -%% list_to_tuple([Name | Elems]) -%% end. - -%% -%% Decode a binary form offset 0 -%% - -decode(Binary, Types) when is_binary(Binary) andalso is_list(Types) -> - {_,Elems} = decode(Binary, 0, Types), - Elems. - - -%% %% -%% %% Decode a binary from byte offset Offset -%% %% return {UpdatedOffset, DecodedElements} -%% %% -decode(Binary, Offset, Types) -> - decode(Binary, Offset, Types, []). - -decode(Binary, Offset, [Type|Ts], Acc) -> - case Type of - boolean -> - <<_:Offset/binary, ?BOOLEAN(X0), _/binary>> = Binary, - X = if X0 == 0 -> false; true -> true end, - decode(Binary, Offset+1, Ts, [X | Acc]); - - byte -> - <<_:Offset/binary, ?BYTE(X), _/binary>> = Binary, - decode(Binary, Offset+1, Ts, [X | Acc]); - - uint16 -> - <<_:Offset/binary, ?UINT16(X), _/binary>> = Binary, - decode(Binary, Offset+2, Ts, [X | Acc]); - - uint32 -> - <<_:Offset/binary, ?UINT32(X), _/binary>> = Binary, - decode(Binary, Offset+4, Ts, [X | Acc]); - - uint64 -> - <<_:Offset/binary, ?UINT64(X), _/binary>> = Binary, - decode(Binary, Offset+8, Ts, [X | Acc]); - - mpint -> - <<_:Offset/binary, ?UINT32(L), X0:L/binary,_/binary>> = Binary, - Sz = L*8, - <> = X0, - decode(Binary, Offset+4+L, Ts, [X | Acc]); - - bignum -> - <<_:Offset/binary, ?UINT16(Bits),_/binary>> = Binary, - L = (Bits+7) div 8, - Pad = (8 - (Bits rem 8)) rem 8, - <<_:Offset/binary, _:16, _:Pad, X:Bits/big-unsigned-integer, - _/binary>> = Binary, - decode(Binary, Offset+2+L, Ts, [X | Acc]); - - string -> - Size = size(Binary), - if Size < Offset + 4 -> - %% empty string at end - {Size, lists:reverse(["" | Acc])}; - true -> - <<_:Offset/binary,?UINT32(L), X:L/binary,_/binary>> = - Binary, - decode(Binary, Offset+4+L, Ts, [binary_to_list(X) | - Acc]) - end; - - binary -> - <<_:Offset/binary,?UINT32(L), X:L/binary,_/binary>> = Binary, - decode(Binary, Offset+4+L, Ts, [X | Acc]); - - name_list -> - <<_:Offset/binary,?UINT32(L), X:L/binary,_/binary>> = Binary, - List = string:tokens(binary_to_list(X), ","), - decode(Binary, Offset+4+L, Ts, [List | Acc]); - - cookie -> - <<_:Offset/binary, X:16/binary, _/binary>> = Binary, - decode(Binary, Offset+16, Ts, [X | Acc]); - - {pad,N} -> %% pad offset to a multiple of N - K = (N - (Offset rem N)) rem N, - decode(Binary, Offset+K, Ts, Acc); - +erlint(Len, BinInt) -> + Sz = Len*8, + <> = BinInt, + Int. - '...' when Ts==[] -> - <<_:Offset/binary, X/binary>> = Binary, - {Offset+size(X), lists:reverse([X | Acc])} - end; - decode(_Binary, Offset, [], Acc) -> - {Offset, lists:reverse(Acc)}. - - - -%% HACK WARNING :-) --define(VERSION_MAGIC, 131). --define(SMALL_INTEGER_EXT, $a). --define(INTEGER_EXT, $b). --define(SMALL_BIG_EXT, $n). --define(LARGE_BIG_EXT, $o). - -isize(N) when N > 0 -> - case term_to_binary(N) of - <> -> - isize_byte(X); - <> -> - isize_bytes([X3,X2,X1,X0]); - <> -> - K = S - 1, - <<_:K/binary, Top>> = Ds, - isize_byte(Top)+K*8; - <> -> - K = S - 1, - <<_:K/binary, Top>> = Ds, - isize_byte(Top)+K*8 - end; -isize(0) -> 0. - -%% big endian byte list -isize_bytes([0|L]) -> - isize_bytes(L); -isize_bytes([Top|L]) -> - isize_byte(Top) + length(L)*8. - -%% Well could be improved -isize_byte(X) -> - if X >= 2#10000000 -> 8; - X >= 2#1000000 -> 7; - X >= 2#100000 -> 6; - X >= 2#10000 -> 5; - X >= 2#1000 -> 4; - X >= 2#100 -> 3; - X >= 2#10 -> 2; - X >= 2#1 -> 1; - true -> 0 - end. - -%% Convert integer into binary -%% When XLen is the wanted size in octets of the output -i2bin(X, XLen) -> - XSz = isize(X), - Sz = XLen*8, - if Sz < XSz -> - exit(integer_to_large); - true -> - (<>) - end. - -%% Convert a binary into an integer -%% -bin2i(X) -> - Sz = size(X)*8, - <> = X, - Y. - %% %% Create a binary with constant bytes %% @@ -373,15 +163,6 @@ fill(N,C) -> [C,Cs,Cs] end. -%% xor 2 binaries -%% xor_bits(XBits, YBits) -> -%% XSz = size(XBits)*8, -%% YSz = size(YBits)*8, -%% Sz = if XSz < YSz -> XSz; true -> YSz end, %% min -%% <> = XBits, -%% <> = YBits, -%% <<(X bxor Y):Sz>>. - %% random/1 %% Generate N random bytes @@ -389,18 +170,5 @@ fill(N,C) -> random(N) -> crypto:strong_rand_bytes(N). -%% %% -%% %% Base 64 encode/decode -%% %% - -%% b64_encode(Bs) when is_list(Bs) -> -%% base64:encode(Bs); -%% b64_encode(Bin) when is_binary(Bin) -> -%% base64:encode(Bin). - -%% b64_decode(Bin) when is_binary(Bin) -> -%% base64:mime_decode(Bin); -%% b64_decode(Cs) when is_list(Cs) -> -%% base64:mime_decode(Cs). diff --git a/lib/ssh/src/ssh_channel.erl b/lib/ssh/src/ssh_channel.erl index 062ed764ca..508ae637cf 100644 --- a/lib/ssh/src/ssh_channel.erl +++ b/lib/ssh/src/ssh_channel.erl @@ -284,7 +284,7 @@ handle_info(Msg, #state{cm = ConnectionManager, channel_cb = Module, terminate(Reason, #state{cm = ConnectionManager, channel_id = ChannelId, close_sent = false} = State) -> - ssh_connection:close(ConnectionManager, ChannelId), + catch ssh_connection:close(ConnectionManager, ChannelId), terminate(Reason, State#state{close_sent = true}); terminate(_, #state{channel_cb = Cb, channel_state = ChannelState}) -> catch Cb:terminate(Cb, ChannelState), diff --git a/lib/ssh/src/ssh_channel_sup.erl b/lib/ssh/src/ssh_channel_sup.erl index 0093bce9c2..ee37ed35f8 100644 --- a/lib/ssh/src/ssh_channel_sup.erl +++ b/lib/ssh/src/ssh_channel_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2010. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -31,7 +31,7 @@ -export([init/1]). %%%========================================================================= -%%% API +%%% Internal API %%%========================================================================= start_link(Args) -> supervisor:start_link(?MODULE, [Args]). diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl index 54911e757c..69a4d0b247 100644 --- a/lib/ssh/src/ssh_cli.erl +++ b/lib/ssh/src/ssh_cli.erl @@ -32,9 +32,6 @@ %% ssh_channel callbacks -export([init/1, handle_ssh_msg/2, handle_msg/2, terminate/2]). -%% backwards compatibility --export([listen/1, listen/2, listen/3, listen/4, stop/1]). - %% state -record(state, { cm, @@ -444,8 +441,9 @@ start_shell(ConnectionManager, State) -> {arity, 1} -> fun() -> Shell(User) end; {arity, 2} -> - {ok, PeerAddr} = - ssh_connection_manager:peer_addr(ConnectionManager), + [{ok, PeerAddr}] = + ssh_connection_handler:info(ConnectionManager, + [peer]), fun() -> Shell(User, PeerAddr) end; _ -> Shell @@ -470,8 +468,8 @@ start_shell(ConnectionManager, Cmd, #state{exec=Shell} = State) when is_function {arity, 2} -> fun() -> Shell(Cmd, User) end; {arity, 3} -> - {ok, PeerAddr} = - ssh_connection_manager:peer_addr(ConnectionManager), + [{ok, PeerAddr}] = + ssh_connection_handler:connection_info(ConnectionManager, [peer]), fun() -> Shell(Cmd, User, PeerAddr) end; _ -> Shell @@ -505,31 +503,3 @@ not_zero(0, B) -> not_zero(A, _) -> A. -%%% Backwards compatibility - -%%-------------------------------------------------------------------- -%% Function: listen(...) -> {ok,Pid} | ignore | {error,Error} -%% Description: Starts a listening server -%% Note that the pid returned is NOT the pid of this gen_server; -%% this server is started when an SSH connection is made on the -%% listening port -%%-------------------------------------------------------------------- -listen(Shell) -> - listen(Shell, 22). - -listen(Shell, Port) -> - listen(Shell, Port, []). - -listen(Shell, Port, Opts) -> - listen(Shell, any, Port, Opts). - -listen(Shell, HostAddr, Port, Opts) -> - ssh:daemon(HostAddr, Port, [{shell, Shell} | Opts]). - - -%%-------------------------------------------------------------------- -%% Function: stop(Pid) -> ok -%% Description: Stops the listener -%%-------------------------------------------------------------------- -stop(Pid) -> - ssh:stop_listener(Pid). diff --git a/lib/ssh/src/ssh_connect.hrl b/lib/ssh/src/ssh_connect.hrl index 932b0642f1..8421b07167 100644 --- a/lib/ssh/src/ssh_connect.hrl +++ b/lib/ssh/src/ssh_connect.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2012. All Rights Reserved. +%% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -21,6 +21,8 @@ %%% Description : SSH connection protocol +-type channel_id() :: integer(). + -define(DEFAULT_PACKET_SIZE, 32768). -define(DEFAULT_WINDOW_SIZE, 2*?DEFAULT_PACKET_SIZE). -define(DEFAULT_TIMEOUT, 5000). @@ -260,6 +262,7 @@ port, options, exec, + system_supervisor, sub_system_supervisor, connection_supervisor }). diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index ec3022e7c1..d3760f8295 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -29,232 +29,205 @@ -include("ssh_connect.hrl"). -include("ssh_transport.hrl"). +%% API -export([session_channel/2, session_channel/4, exec/4, shell/2, subsystem/4, send/3, send/4, send/5, - send_eof/2, adjust_window/3, open_pty/3, open_pty/7, - open_pty/9, setenv/5, window_change/4, window_change/6, + send_eof/2, adjust_window/3, setenv/5, close/2, reply_request/4]). + +%% Potential API currently unsupported and not tested +-export([open_pty/3, open_pty/7, + open_pty/9, window_change/4, window_change/6, direct_tcpip/6, direct_tcpip/8, tcpip_forward/3, - cancel_tcpip_forward/3, signal/3, exit_status/3, encode_ip/1, close/2, - reply_request/4]). + cancel_tcpip_forward/3, signal/3, exit_status/3]). --export([channel_data/6, handle_msg/4, channel_eof_msg/1, +%% Internal application API +-export([channel_data/5, handle_msg/3, channel_eof_msg/1, channel_close_msg/1, channel_success_msg/1, channel_failure_msg/1, + channel_status_msg/1, channel_adjust_window_msg/2, channel_data_msg/3, channel_open_msg/5, channel_open_confirmation_msg/4, channel_open_failure_msg/4, channel_request_msg/4, global_request_msg/3, request_failure_msg/0, request_success_msg/1, bind/4, unbind/3, unbind_channel/2, - bound_channel/3]). + bound_channel/3, encode_ip/1]). %%-------------------------------------------------------------------- -%%% Internal application API +%%% API %%-------------------------------------------------------------------- %%-------------------------------------------------------------------- -%% Function: session_channel(ConnectionManager -%% [, InitialWindowSize, MaxPacketSize], -%% Timeout) -> {ok, } -%% ConnectionManager = pid() -%% InitialWindowSize = integer() -%% MaxPacketSize = integer() -%% +-spec session_channel(pid(), timeout()) -> {ok, channel_id()} | {error, term()}. +-spec session_channel(pid(), integer(), integer(), timeout()) -> {ok, channel_id()} | {error, term()}. + %% Description: Opens a channel for a ssh session. A session is a %% remote execution of a program. The program may be a shell, an %% application, a system command, or some built-in subsystem. %% -------------------------------------------------------------------- -session_channel(ConnectionManager, Timeout) -> - session_channel(ConnectionManager, + +session_channel(ConnectionHandler, Timeout) -> + session_channel(ConnectionHandler, ?DEFAULT_WINDOW_SIZE, ?DEFAULT_PACKET_SIZE, Timeout). -session_channel(ConnectionManager, InitialWindowSize, + +session_channel(ConnectionHandler, InitialWindowSize, MaxPacketSize, Timeout) -> - ssh_connection_manager:open_channel(ConnectionManager, "session", <<>>, + case ssh_connection_handler:open_channel(ConnectionHandler, "session", <<>>, InitialWindowSize, - MaxPacketSize, Timeout). + MaxPacketSize, Timeout) of + {open, Channel} -> + {ok, Channel}; + Error -> + Error + end. + %%-------------------------------------------------------------------- -%% Function: exec(ConnectionManager, ChannelId, Command, Timeout) -> -%% -%% ConnectionManager = pid() -%% ChannelId = integer() -%% Cmd = string() -%% Timeout = integer() -%% +-spec exec(pid(), channel_id(), string(), timeout()) -> success | failure. + %% Description: Will request that the server start the %% execution of the given command. %%-------------------------------------------------------------------- -exec(ConnectionManager, ChannelId, Command, TimeOut) -> - ssh_connection_manager:request(ConnectionManager, self(), ChannelId, "exec", - true, [?string(Command)], TimeOut). +exec(ConnectionHandler, ChannelId, Command, TimeOut) -> + ssh_connection_handler:request(ConnectionHandler, self(), ChannelId, "exec", + true, [?string(Command)], TimeOut). + %%-------------------------------------------------------------------- -%% Function: shell(ConnectionManager, ChannelId) -> -%% -%% ConnectionManager = pid() -%% ChannelId = integer() -%% +-spec shell(pid(), channel_id()) -> _. + %% Description: Will request that the user's default shell (typically %% defined in /etc/passwd in UNIX systems) be started at the other %% end. %%-------------------------------------------------------------------- -shell(ConnectionManager, ChannelId) -> - ssh_connection_manager:request(ConnectionManager, self(), ChannelId, +shell(ConnectionHandler, ChannelId) -> + ssh_connection_handler:request(ConnectionHandler, self(), ChannelId, "shell", false, <<>>, 0). %%-------------------------------------------------------------------- -%% Function: subsystem(ConnectionManager, ChannelId, SubSystem, TimeOut) -> -%% -%% ConnectionManager = pid() -%% ChannelId = integer() -%% SubSystem = string() -%% TimeOut = integer() -%% +-spec subsystem(pid(), channel_id(), string(), timeout()) -> + success | failure | {error, timeout}. %% %% Description: Executes a predefined subsystem. %%-------------------------------------------------------------------- -subsystem(ConnectionManager, ChannelId, SubSystem, TimeOut) -> - ssh_connection_manager:request(ConnectionManager, self(), +subsystem(ConnectionHandler, ChannelId, SubSystem, TimeOut) -> + ssh_connection_handler:request(ConnectionHandler, self(), ChannelId, "subsystem", true, [?string(SubSystem)], TimeOut). %%-------------------------------------------------------------------- -%% Function: send(ConnectionManager, ChannelId, Type, Data, [TimeOut]) -> +-spec send(pid(), channel_id(), iodata()) -> + ok | {error, closed}. +-spec send(pid(), channel_id(), integer()| iodata(), timeout() | iodata()) -> + ok | {error, timeout} | {error, closed}. +-spec send(pid(), channel_id(), integer(), iodata(), timeout()) -> + ok | {error, timeout} | {error, closed}. %% %% %% Description: Sends channel data. %%-------------------------------------------------------------------- -send(ConnectionManager, ChannelId, Data) -> - send(ConnectionManager, ChannelId, 0, Data, infinity). -send(ConnectionManager, ChannelId, Data, TimeOut) when is_integer(TimeOut) -> - send(ConnectionManager, ChannelId, 0, Data, TimeOut); -send(ConnectionManager, ChannelId, Data, infinity) -> - send(ConnectionManager, ChannelId, 0, Data, infinity); -send(ConnectionManager, ChannelId, Type, Data) -> - send(ConnectionManager, ChannelId, Type, Data, infinity). -send(ConnectionManager, ChannelId, Type, Data, TimeOut) -> - ssh_connection_manager:send(ConnectionManager, ChannelId, +send(ConnectionHandler, ChannelId, Data) -> + send(ConnectionHandler, ChannelId, 0, Data, infinity). +send(ConnectionHandler, ChannelId, Data, TimeOut) when is_integer(TimeOut) -> + send(ConnectionHandler, ChannelId, 0, Data, TimeOut); +send(ConnectionHandler, ChannelId, Data, infinity) -> + send(ConnectionHandler, ChannelId, 0, Data, infinity); +send(ConnectionHandler, ChannelId, Type, Data) -> + send(ConnectionHandler, ChannelId, Type, Data, infinity). +send(ConnectionHandler, ChannelId, Type, Data, TimeOut) -> + ssh_connection_handler:send(ConnectionHandler, ChannelId, Type, Data, TimeOut). %%-------------------------------------------------------------------- -%% Function: send_eof(ConnectionManager, ChannelId) -> +-spec send_eof(pid(), channel_id()) -> ok | {error, closed}. %% %% %% Description: Sends eof on the channel . %%-------------------------------------------------------------------- -send_eof(ConnectionManager, Channel) -> - ssh_connection_manager:send_eof(ConnectionManager, Channel). +send_eof(ConnectionHandler, Channel) -> + ssh_connection_handler:send_eof(ConnectionHandler, Channel). %%-------------------------------------------------------------------- -%% Function: adjust_window(ConnectionManager, Channel, Bytes) -> +-spec adjust_window(pid(), channel_id(), integer()) -> ok. %% %% %% Description: Adjusts the ssh flowcontrol window. %%-------------------------------------------------------------------- -adjust_window(ConnectionManager, Channel, Bytes) -> - ssh_connection_manager:adjust_window(ConnectionManager, Channel, Bytes). +adjust_window(ConnectionHandler, Channel, Bytes) -> + ssh_connection_handler:adjust_window(ConnectionHandler, Channel, Bytes). %%-------------------------------------------------------------------- -%% Function: setenv(ConnectionManager, ChannelId, Var, Value, TimeOut) -> +-spec setenv(pid(), channel_id(), string(), string(), timeout()) -> success | failure. %% %% %% Description: Environment variables may be passed to the shell/command to be %% started later. %%-------------------------------------------------------------------- -setenv(ConnectionManager, ChannelId, Var, Value, TimeOut) -> - ssh_connection_manager:request(ConnectionManager, ChannelId, +setenv(ConnectionHandler, ChannelId, Var, Value, TimeOut) -> + ssh_connection_handler:request(ConnectionHandler, ChannelId, "env", true, [?string(Var), ?string(Value)], TimeOut). %%-------------------------------------------------------------------- -%% Function: close(ConnectionManager, ChannelId) -> +-spec close(pid(), channel_id()) -> ok. %% %% %% Description: Sends a close message on the channel . %%-------------------------------------------------------------------- -close(ConnectionManager, ChannelId) -> - ssh_connection_manager:close(ConnectionManager, ChannelId). - +close(ConnectionHandler, ChannelId) -> + ssh_connection_handler:close(ConnectionHandler, ChannelId). %%-------------------------------------------------------------------- -%% Function: reply_request(ConnectionManager, WantReply, Status, CannelId) ->_ +-spec reply_request(pid(), boolean(), success | failure, channel_id()) -> ok. %% %% %% Description: Send status replies to requests that want such replies. %%-------------------------------------------------------------------- -reply_request(ConnectionManager, true, Status, ChannelId) -> - ssh_connection_manager:reply_request(ConnectionManager, Status, ChannelId), - ok; +reply_request(ConnectionHandler, true, Status, ChannelId) -> + ssh_connection_handler:reply_request(ConnectionHandler, Status, ChannelId); reply_request(_,false, _, _) -> ok. - %%-------------------------------------------------------------------- -%% Function: window_change(ConnectionManager, Channel, Width, Height) -> -%% -%% -%% Description: Not yet officialy supported. +%% Not yet officialy supported! The following functions are part of the +%% initial contributed ssh application. They are untested. Do we want them? +%% Should they be documented and tested? %%-------------------------------------------------------------------- -window_change(ConnectionManager, Channel, Width, Height) -> - window_change(ConnectionManager, Channel, Width, Height, 0, 0). -window_change(ConnectionManager, Channel, Width, Height, +window_change(ConnectionHandler, Channel, Width, Height) -> + window_change(ConnectionHandler, Channel, Width, Height, 0, 0). +window_change(ConnectionHandler, Channel, Width, Height, PixWidth, PixHeight) -> - ssh_connection_manager:request(ConnectionManager, Channel, + ssh_connection_handler:request(ConnectionHandler, Channel, "window-change", false, [?uint32(Width), ?uint32(Height), ?uint32(PixWidth), ?uint32(PixHeight)], 0). -%%-------------------------------------------------------------------- -%% Function: signal(ConnectionManager, Channel, Sig) -> -%% -%% -%% Description: Not yet officialy supported. -%%-------------------------------------------------------------------- -signal(ConnectionManager, Channel, Sig) -> - ssh_connection_manager:request(ConnectionManager, Channel, + +signal(ConnectionHandler, Channel, Sig) -> + ssh_connection_handler:request(ConnectionHandler, Channel, "signal", false, [?string(Sig)], 0). -%%-------------------------------------------------------------------- -%% Function: signal(ConnectionManager, Channel, Status) -> -%% -%% -%% Description: Not yet officialy supported. -%%-------------------------------------------------------------------- -exit_status(ConnectionManager, Channel, Status) -> - ssh_connection_manager:request(ConnectionManager, Channel, - "exit-status", false, [?uint32(Status)], 0). +exit_status(ConnectionHandler, Channel, Status) -> + ssh_connection_handler:request(ConnectionHandler, Channel, + "exit-status", false, [?uint32(Status)], 0). -%%-------------------------------------------------------------------- -%% Function: open_pty(ConnectionManager, Channel, TimeOut) -> -%% -%% -%% Description: Not yet officialy supported. -%%-------------------------------------------------------------------- -open_pty(ConnectionManager, Channel, TimeOut) -> - open_pty(ConnectionManager, Channel, +open_pty(ConnectionHandler, Channel, TimeOut) -> + open_pty(ConnectionHandler, Channel, os:getenv("TERM"), 80, 24, [], TimeOut). -open_pty(ConnectionManager, Channel, Term, Width, Height, PtyOpts, TimeOut) -> - open_pty(ConnectionManager, Channel, Term, Width, +open_pty(ConnectionHandler, Channel, Term, Width, Height, PtyOpts, TimeOut) -> + open_pty(ConnectionHandler, Channel, Term, Width, Height, 0, 0, PtyOpts, TimeOut). -open_pty(ConnectionManager, Channel, Term, Width, Height, +open_pty(ConnectionHandler, Channel, Term, Width, Height, PixWidth, PixHeight, PtyOpts, TimeOut) -> - ssh_connection_manager:request(ConnectionManager, + ssh_connection_handler:request(ConnectionHandler, Channel, "pty-req", true, [?string(Term), ?uint32(Width), ?uint32(Height), ?uint32(PixWidth),?uint32(PixHeight), encode_pty_opts(PtyOpts)], TimeOut). - -%%-------------------------------------------------------------------- -%% Function: direct_tcpip(ConnectionManager, RemoteHost, -%% RemotePort, OrigIP, OrigPort, Timeout) -> -%% -%% -%% Description: Not yet officialy supported. -%%-------------------------------------------------------------------- -direct_tcpip(ConnectionManager, RemoteHost, +direct_tcpip(ConnectionHandler, RemoteHost, RemotePort, OrigIP, OrigPort, Timeout) -> - direct_tcpip(ConnectionManager, RemoteHost, RemotePort, OrigIP, OrigPort, + direct_tcpip(ConnectionHandler, RemoteHost, RemotePort, OrigIP, OrigPort, ?DEFAULT_WINDOW_SIZE, ?DEFAULT_PACKET_SIZE, Timeout). -direct_tcpip(ConnectionManager, RemoteIP, RemotePort, OrigIP, OrigPort, +direct_tcpip(ConnectionHandler, RemoteIP, RemotePort, OrigIP, OrigPort, InitialWindowSize, MaxPacketSize, Timeout) -> case {encode_ip(RemoteIP), encode_ip(OrigIP)} of {false, _} -> @@ -262,7 +235,7 @@ direct_tcpip(ConnectionManager, RemoteIP, RemotePort, OrigIP, OrigPort, {_, false} -> {error, einval}; {RIP, OIP} -> - ssh_connection_manager:open_channel(ConnectionManager, + ssh_connection_handler:open_channel(ConnectionHandler, "direct-tcpip", [?string(RIP), ?uint32(RemotePort), @@ -272,34 +245,24 @@ direct_tcpip(ConnectionManager, RemoteIP, RemotePort, OrigIP, OrigPort, MaxPacketSize, Timeout) end. -%%-------------------------------------------------------------------- -%% Function: tcpip_forward(ConnectionManager, BindIP, BindPort) -> -%% -%% -%% Description: Not yet officialy supported. -%%-------------------------------------------------------------------- -tcpip_forward(ConnectionManager, BindIP, BindPort) -> + +tcpip_forward(ConnectionHandler, BindIP, BindPort) -> case encode_ip(BindIP) of false -> {error, einval}; IPStr -> - ssh_connection_manager:global_request(ConnectionManager, + ssh_connection_handler:global_request(ConnectionHandler, "tcpip-forward", true, [?string(IPStr), ?uint32(BindPort)]) end. -%%-------------------------------------------------------------------- -%% Function: cancel_tcpip_forward(ConnectionManager, BindIP, Port) -> -%% -%% -%% Description: Not yet officialy supported. -%%-------------------------------------------------------------------- -cancel_tcpip_forward(ConnectionManager, BindIP, Port) -> + +cancel_tcpip_forward(ConnectionHandler, BindIP, Port) -> case encode_ip(BindIP) of false -> {error, einval}; IPStr -> - ssh_connection_manager:global_request(ConnectionManager, + ssh_connection_handler:global_request(ConnectionHandler, "cancel-tcpip-forward", true, [?string(IPStr), ?uint32(Port)]) @@ -308,22 +271,23 @@ cancel_tcpip_forward(ConnectionManager, BindIP, Port) -> %%-------------------------------------------------------------------- %%% Internal API %%-------------------------------------------------------------------- -channel_data(ChannelId, DataType, Data, Connection, ConnectionPid, From) +channel_data(ChannelId, DataType, Data, Connection, From) when is_list(Data)-> channel_data(ChannelId, DataType, - list_to_binary(Data), Connection, ConnectionPid, From); + list_to_binary(Data), Connection, From); channel_data(ChannelId, DataType, Data, - #connection{channel_cache = Cache} = Connection, ConnectionPid, + #connection{channel_cache = Cache} = Connection, From) -> case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{remote_id = Id, sent_close = false} = Channel0 -> - {SendList, Channel} = update_send_window(Channel0#channel{flow_control = From}, DataType, - Data, Connection), + {SendList, Channel} = + update_send_window(Channel0#channel{flow_control = From}, DataType, + Data, Connection), Replies = lists:map(fun({SendDataType, SendData}) -> - {connection_reply, ConnectionPid, + {connection_reply, channel_data_msg(Id, SendDataType, SendData)} @@ -333,7 +297,7 @@ channel_data(ChannelId, DataType, Data, Cache), {{replies, Replies ++ FlowCtrlMsgs}, Connection}; _ -> - gen_server:reply(From, {error, closed}), + gen_fsm:reply(From, {error, closed}), {noreply, Connection} end. @@ -341,7 +305,7 @@ handle_msg(#ssh_msg_channel_open_confirmation{recipient_channel = ChannelId, sender_channel = RemoteId, initial_window_size = WindowSz, maximum_packet_size = PacketSz}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> #channel{remote_id = undefined} = Channel = ssh_channel:cache_lookup(Cache, ChannelId), @@ -357,7 +321,7 @@ handle_msg(#ssh_msg_channel_open_failure{recipient_channel = ChannelId, reason = Reason, description = Descr, lang = Lang}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> Channel = ssh_channel:cache_lookup(Cache, ChannelId), ssh_channel:cache_delete(Cache, ChannelId), {Reply, Connection} = @@ -365,51 +329,59 @@ handle_msg(#ssh_msg_channel_open_failure{recipient_channel = ChannelId, {{replies, [Reply]}, Connection}; handle_msg(#ssh_msg_channel_success{recipient_channel = ChannelId}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> Channel = ssh_channel:cache_lookup(Cache, ChannelId), - {Reply, Connection} = reply_msg(Channel, Connection0, success), - {{replies, [Reply]}, Connection}; + case reply_msg(Channel, Connection0, success) of + {[], Connection} -> + {noreply, Connection}; + {Reply, Connection} -> + {{replies, [Reply]}, Connection} + end; handle_msg(#ssh_msg_channel_failure{recipient_channel = ChannelId}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> Channel = ssh_channel:cache_lookup(Cache, ChannelId), - {Reply, Connection} = reply_msg(Channel, Connection0, failure), - {{replies, [Reply]}, Connection}; + case reply_msg(Channel, Connection0, failure) of + {[], Connection} -> + {noreply, Connection}; + {Reply, Connection} -> + {{replies, [Reply]}, Connection} + end; + handle_msg(#ssh_msg_channel_eof{recipient_channel = ChannelId}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> Channel = ssh_channel:cache_lookup(Cache, ChannelId), {Reply, Connection} = reply_msg(Channel, Connection0, {eof, ChannelId}), {{replies, [Reply]}, Connection}; handle_msg(#ssh_msg_channel_close{recipient_channel = ChannelId}, - #connection{channel_cache = Cache} = Connection0, - ConnectionPid, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{sent_close = Closed, remote_id = RemoteId, flow_control = FlowControl} = Channel -> + #channel{sent_close = Closed, remote_id = RemoteId, + flow_control = FlowControl} = Channel -> ssh_channel:cache_delete(Cache, ChannelId), {CloseMsg, Connection} = reply_msg(Channel, Connection0, {closed, ChannelId}), - - ConnReplyMsgs = - case Closed of - true -> []; - false -> - RemoteCloseMsg = channel_close_msg(RemoteId), - [{connection_reply, ConnectionPid, RemoteCloseMsg}] - end, - - %% if there was a send() in progress, make it fail - SendReplyMsgs = - case FlowControl of - undefined -> []; - From -> - [{flow_control, From, {error, closed}}] - end, - - Replies = ConnReplyMsgs ++ [CloseMsg] ++ SendReplyMsgs, - {{replies, Replies}, Connection}; + ConnReplyMsgs = + case Closed of + true -> []; + false -> + RemoteCloseMsg = channel_close_msg(RemoteId), + [{connection_reply, RemoteCloseMsg}] + end, + + %% if there was a send() in progress, make it fail + SendReplyMsgs = + case FlowControl of + undefined -> []; + From -> + [{flow_control, From, {error, closed}}] + end, + + Replies = ConnReplyMsgs ++ [CloseMsg] ++ SendReplyMsgs, + {{replies, Replies}, Connection}; undefined -> {{replies, []}, Connection0} @@ -417,21 +389,24 @@ handle_msg(#ssh_msg_channel_close{recipient_channel = ChannelId}, handle_msg(#ssh_msg_channel_data{recipient_channel = ChannelId, data = Data}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> - #channel{recv_window_size = Size} = Channel = - ssh_channel:cache_lookup(Cache, ChannelId), - WantedSize = Size - size(Data), - ssh_channel:cache_update(Cache, Channel#channel{ - recv_window_size = WantedSize}), - {Replies, Connection} = - channel_data_reply(Cache, Channel, Connection0, 0, Data), - {{replies, Replies}, Connection}; + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{recv_window_size = Size} = Channel -> + WantedSize = Size - size(Data), + ssh_channel:cache_update(Cache, Channel#channel{ + recv_window_size = WantedSize}), + {Replies, Connection} = + channel_data_reply(Cache, Channel, Connection0, 0, Data), + {{replies, Replies}, Connection}; + undefined -> + {noreply, Connection0} + end; handle_msg(#ssh_msg_channel_extended_data{recipient_channel = ChannelId, data_type_code = DataType, data = Data}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> #channel{recv_window_size = Size} = Channel = ssh_channel:cache_lookup(Cache, ChannelId), @@ -444,9 +419,7 @@ handle_msg(#ssh_msg_channel_extended_data{recipient_channel = ChannelId, handle_msg(#ssh_msg_channel_window_adjust{recipient_channel = ChannelId, bytes_to_add = Add}, - #connection{channel_cache = Cache} = Connection, - ConnectionPid, _) -> - + #connection{channel_cache = Cache} = Connection, _) -> #channel{send_window_size = Size, remote_id = RemoteId} = Channel0 = ssh_channel:cache_lookup(Cache, ChannelId), @@ -455,8 +428,7 @@ handle_msg(#ssh_msg_channel_window_adjust{recipient_channel = ChannelId, 0, undefined, Connection), Replies = lists:map(fun({Type, Data}) -> - {connection_reply, ConnectionPid, - channel_data_msg(RemoteId, Type, Data)} + {connection_reply, channel_data_msg(RemoteId, Type, Data)} end, SendList), FlowCtrlMsgs = flow_control(Channel, Cache), {{replies, Replies ++ FlowCtrlMsgs}, Connection}; @@ -464,10 +436,9 @@ handle_msg(#ssh_msg_channel_window_adjust{recipient_channel = ChannelId, handle_msg(#ssh_msg_channel_open{channel_type = "session" = Type, sender_channel = RemoteId, initial_window_size = WindowSz, - maximum_packet_size = PacketSz}, Connection0, - ConnectionPid, server) -> + maximum_packet_size = PacketSz}, Connection0, server) -> - try setup_session(Connection0, ConnectionPid, RemoteId, + try setup_session(Connection0, RemoteId, Type, WindowSz, PacketSz) of Result -> Result @@ -475,20 +446,20 @@ handle_msg(#ssh_msg_channel_open{channel_type = "session" = Type, FailMsg = channel_open_failure_msg(RemoteId, ?SSH_OPEN_CONNECT_FAILED, "Connection refused", "en"), - {{replies, [{connection_reply, ConnectionPid, FailMsg}]}, + {{replies, [{connection_reply, FailMsg}]}, Connection0} end; handle_msg(#ssh_msg_channel_open{channel_type = "session", sender_channel = RemoteId}, - Connection, ConnectionPid, client) -> + Connection, client) -> %% Client implementations SHOULD reject any session channel open %% requests to make it more difficult for a corrupt server to attack the %% client. See See RFC 4254 6.1. FailMsg = channel_open_failure_msg(RemoteId, ?SSH_OPEN_CONNECT_FAILED, "Connection refused", "en"), - {{replies, [{connection_reply, ConnectionPid, FailMsg}]}, + {{replies, [{connection_reply, FailMsg}]}, Connection}; handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip" = Type, @@ -496,8 +467,7 @@ handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip" = Type, initial_window_size = RWindowSz, maximum_packet_size = RPacketSz, data = Data}, - #connection{channel_cache = Cache} = Connection0, - ConnectionPid, server) -> + #connection{channel_cache = Cache} = Connection0, server) -> <> = Data, @@ -507,7 +477,7 @@ handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip" = Type, ?SSH_OPEN_CONNECT_FAILED, "Connection refused", "en"), {{replies, - [{connection_reply, ConnectionPid, FailMsg}]}, Connection0}; + [{connection_reply, FailMsg}]}, Connection0}; ChannelPid -> {ChannelId, Connection1} = new_channel_id(Connection0), LWindowSz = ?DEFAULT_WINDOW_SIZE, @@ -528,32 +498,31 @@ handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip" = Type, {open, Channel, {forwarded_tcpip, decode_ip(Address), Port, decode_ip(Orig), OrigPort}}), - {{replies, [{connection_reply, ConnectionPid, OpenConfMsg}, + {{replies, [{connection_reply, OpenConfMsg}, OpenMsg]}, Connection} end; handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip", sender_channel = RemoteId}, - Connection, ConnectionPid, client) -> + Connection, client) -> %% Client implementations SHOULD reject direct TCP/IP open requests for %% security reasons. See RFC 4254 7.2. FailMsg = channel_open_failure_msg(RemoteId, ?SSH_OPEN_CONNECT_FAILED, "Connection refused", "en"), - {{replies, [{connection_reply, ConnectionPid, FailMsg}]}, Connection}; + {{replies, [{connection_reply, FailMsg}]}, Connection}; -handle_msg(#ssh_msg_channel_open{sender_channel = RemoteId}, Connection, - ConnectionPid, _) -> +handle_msg(#ssh_msg_channel_open{sender_channel = RemoteId}, Connection, _) -> FailMsg = channel_open_failure_msg(RemoteId, ?SSH_OPEN_ADMINISTRATIVELY_PROHIBITED, "Not allowed", "en"), - {{replies, [{connection_reply, ConnectionPid, FailMsg}]}, Connection}; + {{replies, [{connection_reply, FailMsg}]}, Connection}; handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "exit-status", data = Data}, - #connection{channel_cache = Cache} = Connection, _, _) -> + #connection{channel_cache = Cache} = Connection, _) -> <> = Data, Channel = ssh_channel:cache_lookup(Cache, ChannelId), {Reply, Connection} = @@ -564,8 +533,7 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "exit-signal", want_reply = false, data = Data}, - #connection{channel_cache = Cache} = Connection0, - ConnectionPid, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> < + #connection{channel_cache = Cache} = Connection, _) -> <> = Data, Channel = ssh_channel:cache_lookup(Cache, ChannelId), {Reply, Connection} = @@ -596,7 +564,7 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "window-change", want_reply = false, data = Data}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> <> = Data, Channel = ssh_channel:cache_lookup(Cache, ChannelId), @@ -609,7 +577,7 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "signal", data = Data}, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> <> = Data, Channel = ssh_channel:cache_lookup(Cache, ChannelId), @@ -622,8 +590,7 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "subsystem", want_reply = WantReply, data = Data}, - #connection{channel_cache = Cache} = Connection, - ConnectionPid, server) -> + #connection{channel_cache = Cache} = Connection, server) -> <> = Data, #channel{remote_id = RemoteId} = Channel0 = @@ -631,22 +598,23 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, ReplyMsg = {subsystem, ChannelId, WantReply, binary_to_list(SsName)}, - try start_subsytem(SsName, Connection, Channel0, ReplyMsg) of - {ok, Pid} -> - erlang:monitor(process, Pid), - Channel = Channel0#channel{user = Pid}, - ssh_channel:cache_update(Cache, Channel), - Reply = {connection_reply, ConnectionPid, - channel_success_msg(RemoteId)}, - {{replies, [Reply]}, Connection} - catch _:_ -> - Reply = {connection_reply, ConnectionPid, - channel_failure_msg(RemoteId)}, - {{replies, [Reply]}, Connection} + try + {ok, Pid} = start_subsytem(SsName, Connection, Channel0, ReplyMsg), + erlang:monitor(process, Pid), + Channel = Channel0#channel{user = Pid}, + ssh_channel:cache_update(Cache, Channel), + Reply = {connection_reply, + channel_success_msg(RemoteId)}, + {{replies, [Reply]}, Connection} + catch + _:_ -> + ErrorReply = {connection_reply, + channel_failure_msg(RemoteId)}, + {{replies, [ErrorReply]}, Connection} end; handle_msg(#ssh_msg_channel_request{request_type = "subsystem"}, - Connection, _, client) -> + Connection, client) -> %% The client SHOULD ignore subsystem requests. See RFC 4254 6.5. {{replies, []}, Connection}; @@ -654,8 +622,7 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "pty-req", want_reply = WantReply, data = Data}, - #connection{channel_cache = Cache} = Connection, - ConnectionPid, server) -> + #connection{channel_cache = Cache} = Connection, server) -> < + Connection, client) -> %% The client SHOULD ignore pty requests. See RFC 4254 6.2. {{replies, []}, Connection}; handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "shell", want_reply = WantReply}, - #connection{channel_cache = Cache} = Connection, - ConnectionPid, server) -> + #connection{channel_cache = Cache} = Connection, server) -> Channel = ssh_channel:cache_lookup(Cache, ChannelId), - handle_cli_msg(Connection, ConnectionPid, Channel, + handle_cli_msg(Connection, Channel, {shell, ChannelId, WantReply}); handle_msg(#ssh_msg_channel_request{request_type = "shell"}, - Connection, _, client) -> + Connection, client) -> %% The client SHOULD ignore shell requests. See RFC 4254 6.5. {{replies, []}, Connection}; @@ -695,17 +661,16 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "exec", want_reply = WantReply, data = Data}, - #connection{channel_cache = Cache} = Connection, - ConnectionPid, server) -> + #connection{channel_cache = Cache} = Connection, server) -> <> = Data, Channel = ssh_channel:cache_lookup(Cache, ChannelId), - handle_cli_msg(Connection, ConnectionPid, Channel, + handle_cli_msg(Connection, Channel, {exec, ChannelId, WantReply, binary_to_list(Command)}); handle_msg(#ssh_msg_channel_request{request_type = "exec"}, - Connection, _, client) -> + Connection, client) -> %% The client SHOULD ignore exec requests. See RFC 4254 6.5. {{replies, []}, Connection}; @@ -713,31 +678,30 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = "env", want_reply = WantReply, data = Data}, - #connection{channel_cache = Cache} = Connection, - ConnectionPid, server) -> + #connection{channel_cache = Cache} = Connection, server) -> <> = Data, Channel = ssh_channel:cache_lookup(Cache, ChannelId), - handle_cli_msg(Connection, ConnectionPid, Channel, + handle_cli_msg(Connection, Channel, {env, ChannelId, WantReply, Var, Value}); handle_msg(#ssh_msg_channel_request{request_type = "env"}, - Connection, _, client) -> + Connection, client) -> %% The client SHOULD ignore env requests. {{replies, []}, Connection}; handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, request_type = _Other, - want_reply = WantReply}, #connection{channel_cache = Cache} = Connection, - ConnectionPid, _) -> + want_reply = WantReply}, + #connection{channel_cache = Cache} = Connection, _) -> if WantReply == true -> case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{remote_id = RemoteId} -> FailMsg = channel_failure_msg(RemoteId), - {{replies, [{connection_reply, ConnectionPid, FailMsg}]}, + {{replies, [{connection_reply, FailMsg}]}, Connection}; undefined -> %% Chanel has been closed {noreply, Connection} @@ -748,61 +712,75 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, handle_msg(#ssh_msg_global_request{name = _Type, want_reply = WantReply, - data = _Data}, Connection, - ConnectionPid, _) -> + data = _Data}, Connection, _) -> if WantReply == true -> FailMsg = request_failure_msg(), - {{replies, [{connection_reply, ConnectionPid, FailMsg}]}, + {{replies, [{connection_reply, FailMsg}]}, Connection}; true -> {noreply, Connection} end; +handle_msg(#ssh_msg_request_failure{}, + #connection{requests = [{_, From} | Rest]} = Connection, _) -> + {{replies, [{channel_requst_reply, From, {failure, <<>>}}]}, + Connection#connection{requests = Rest}}; +handle_msg(#ssh_msg_request_success{data = Data}, + #connection{requests = [{_, From} | Rest]} = Connection, _) -> + {{replies, [{channel_requst_reply, From, {success, Data}}]}, + Connection#connection{requests = Rest}}; + %%% This transport message will also be handled at the connection level handle_msg(#ssh_msg_disconnect{code = Code, description = Description, language = _Lang }, - #connection{channel_cache = Cache} = Connection0, _, _) -> + #connection{channel_cache = Cache} = Connection0, _) -> {Connection, Replies} = ssh_channel:cache_foldl(fun(Channel, {Connection1, Acc}) -> {Reply, Connection2} = reply_msg(Channel, - Connection1, {closed, Channel#channel.local_id}), + Connection1, + {closed, Channel#channel.local_id}), {Connection2, [Reply | Acc]} end, {Connection0, []}, Cache), ssh_channel:cache_delete(Cache), {disconnect, {Code, Description}, {{replies, Replies}, Connection}}. -handle_cli_msg(#connection{channel_cache = Cache} = Connection0, - ConnectionPid, +handle_cli_msg(#connection{channel_cache = Cache} = Connection, #channel{user = undefined, + remote_id = RemoteId, local_id = ChannelId} = Channel0, Reply0) -> - case (catch start_cli(Connection0, ChannelId)) of + case (catch start_cli(Connection, ChannelId)) of {ok, Pid} -> erlang:monitor(process, Pid), Channel = Channel0#channel{user = Pid}, ssh_channel:cache_update(Cache, Channel), - {Reply, Connection} = reply_msg(Channel, Connection0, Reply0), - {{replies, [Reply]}, Connection}; - _ -> - Reply = {connection_reply, ConnectionPid, - request_failure_msg()}, - {{replies, [Reply]}, Connection0} + Reply = {connection_reply, + channel_success_msg(RemoteId)}, + {{replies, [{channel_data, Pid, Reply0}, Reply]}, Connection}; + _Other -> + Reply = {connection_reply, + channel_failure_msg(RemoteId)}, + {{replies, [Reply]}, Connection} end; -handle_cli_msg(Connection0, _, Channel, Reply0) -> +handle_cli_msg(Connection0, Channel, Reply0) -> {Reply, Connection} = reply_msg(Channel, Connection0, Reply0), {{replies, [Reply]}, Connection}. - channel_eof_msg(ChannelId) -> #ssh_msg_channel_eof{recipient_channel = ChannelId}. channel_close_msg(ChannelId) -> #ssh_msg_channel_close {recipient_channel = ChannelId}. +channel_status_msg({success, ChannelId}) -> + channel_success_msg(ChannelId); +channel_status_msg({failure, ChannelId}) -> + channel_failure_msg(ChannelId). + channel_success_msg(ChannelId) -> #ssh_msg_channel_success{recipient_channel = ChannelId}. @@ -901,14 +879,14 @@ start_channel(Cb, Id, Args, SubSysSup) -> start_channel(Cb, Id, Args, SubSysSup, Exec) -> ChildSpec = child_spec(Cb, Id, Args, Exec), - ChannelSup =ssh_subsystem_sup:channel_supervisor(SubSysSup), + ChannelSup = ssh_subsystem_sup:channel_supervisor(SubSysSup), ssh_channel_sup:start_child(ChannelSup, ChildSpec). %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- setup_session(#connection{channel_cache = Cache} = Connection0, - ConnectionPid, RemoteId, + RemoteId, Type, WindowSize, PacketSize) -> {ChannelId, Connection} = new_channel_id(Connection0), @@ -926,7 +904,7 @@ setup_session(#connection{channel_cache = Cache} = Connection0, ?DEFAULT_WINDOW_SIZE, ?DEFAULT_PACKET_SIZE), - {{replies, [{connection_reply, ConnectionPid, OpenConfMsg}]}, Connection}. + {{replies, [{connection_reply, OpenConfMsg}]}, Connection}. check_subsystem("sftp"= SsName, Options) -> @@ -955,35 +933,19 @@ child_spec(Callback, Id, Args, Exec) -> Type = worker, {Name, StartFunc, Restart, Shutdown, Type, [ssh_channel]}. -%% Backwards compatibility -start_cli(#connection{address = Address, port = Port, cli_spec = {Fun, [Shell]}, - options = Options}, - _ChannelId) when is_function(Fun) -> - case Fun(Shell, Address, Port, Options) of - NewFun when is_function(NewFun) -> - {ok, NewFun()}; - Pid when is_pid(Pid) -> - {ok, Pid} - end; - start_cli(#connection{cli_spec = {CbModule, Args}, exec = Exec, sub_system_supervisor = SubSysSup}, ChannelId) -> start_channel(CbModule, ChannelId, Args, SubSysSup, Exec). -start_subsytem(BinName, #connection{address = Address, port = Port, - options = Options, +start_subsytem(BinName, #connection{options = Options, sub_system_supervisor = SubSysSup}, - #channel{local_id = ChannelId, remote_id = RemoteChannelId}, - ReplyMsg) -> + #channel{local_id = ChannelId}, _ReplyMsg) -> Name = binary_to_list(BinName), case check_subsystem(Name, Options) of {Callback, Opts} when is_atom(Callback), Callback =/= none -> start_channel(Callback, ChannelId, Opts, SubSysSup); {Other, _} when Other =/= none -> - handle_backwards_compatibility(Other, self(), - ChannelId, RemoteChannelId, - Options, Address, Port, - {ssh_cm, self(), ReplyMsg}) + {error, legacy_option_not_supported} end. channel_data_reply(_, #channel{local_id = ChannelId} = Channel, @@ -1006,9 +968,12 @@ reply_msg(Channel, Connection, failure = Reply) -> request_reply_or_data(Channel, Connection, Reply); reply_msg(Channel, Connection, {closed, _} = Reply) -> request_reply_or_data(Channel, Connection, Reply); +reply_msg(undefined, Connection, _Reply) -> + {noreply, Connection}; reply_msg(#channel{user = ChannelPid}, Connection, Reply) -> {{channel_data, ChannelPid, Reply}, Connection}. + request_reply_or_data(#channel{local_id = ChannelId, user = ChannelPid}, #connection{requests = Requests} = Connection, Reply) -> @@ -1016,10 +981,13 @@ request_reply_or_data(#channel{local_id = ChannelId, user = ChannelPid}, {value, {ChannelId, From}} -> {{channel_requst_reply, From, Reply}, Connection#connection{requests = - lists:keydelete(ChannelId, 1, Requests)}}; + lists:keydelete(ChannelId, 1, Requests)}}; + false when (Reply == success) or (Reply == failure) -> + {[], Connection}; false -> {{channel_data, ChannelPid, Reply}, Connection} end. + update_send_window(Channel, _, undefined, #connection{channel_cache = Cache}) -> do_update_send_window(Channel, Channel#channel.send_buf, Cache); @@ -1075,7 +1043,7 @@ flow_control([], Channel, Cache) -> []; flow_control([_|_], #channel{flow_control = From, - send_buf = []} = Channel, Cache) when From =/= undefined -> + send_buf = []} = Channel, Cache) when From =/= undefined -> [{flow_control, Cache, Channel, From, ok}]; flow_control(_,_,_) -> []. @@ -1277,43 +1245,3 @@ decode_ip(Addr) when is_binary(Addr) -> {ok,A} -> A end. -%% This is really awful and that is why it is beeing phased out. -handle_backwards_compatibility({_,_,_,_,_,_} = ChildSpec, _, _, _, _, - Address, Port, _) -> - SystemSup = ssh_system_sup:system_supervisor(Address, Port), - ChannelSup = ssh_system_sup:channel_supervisor(SystemSup), - ssh_channel_sup:start_child(ChannelSup, ChildSpec); - -handle_backwards_compatibility(Module, ConnectionManager, ChannelId, - RemoteChannelId, Opts, - _, _, Msg) when is_atom(Module) -> - {ok, SubSystemPid} = gen_server:start_link(Module, [Opts], []), - SubSystemPid ! - {ssh_cm, ConnectionManager, - {open, ChannelId, RemoteChannelId, {session}}}, - SubSystemPid ! Msg, - {ok, SubSystemPid}; - -handle_backwards_compatibility(Fun, ConnectionManager, ChannelId, - RemoteChannelId, - _, _, _, Msg) when is_function(Fun) -> - SubSystemPid = Fun(), - SubSystemPid ! - {ssh_cm, ConnectionManager, - {open, ChannelId, RemoteChannelId, {session}}}, - SubSystemPid ! Msg, - {ok, SubSystemPid}; - -handle_backwards_compatibility(ChildSpec, - ConnectionManager, - ChannelId, RemoteChannelId, _, - Address, Port, Msg) -> - SystemSup = ssh_system_sup:system_supervisor(Address, Port), - ChannelSup = ssh_system_sup:channel_supervisor(SystemSup), - {ok, SubSystemPid} - = ssh_channel_sup:start_child(ChannelSup, ChildSpec), - SubSystemPid ! - {ssh_cm, ConnectionManager, - {open, ChannelId, RemoteChannelId, {session}}}, - SubSystemPid ! Msg, - {ok, SubSystemPid}. diff --git a/lib/ssh/src/ssh_connection_controler.erl b/lib/ssh/src/ssh_connection_controler.erl deleted file mode 100644 index ca3e62dc83..0000000000 --- a/lib/ssh/src/ssh_connection_controler.erl +++ /dev/null @@ -1,137 +0,0 @@ -%% -%% %CopyrightBegin% -%% -%% Copyright Ericsson AB 2009-2010. All Rights Reserved. -%% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. -%% -%% %CopyrightEnd% -%% -%%-------------------------------------------------------------------- -%% File : ssh_connection_controler.erl -%% Description : -%% -%%-------------------------------------------------------------------- - --module(ssh_connection_controler). - --behaviour(gen_server). - -%%----------------------------------------------------------------- -%% External exports -%%----------------------------------------------------------------- --export([start_link/1, start_handler_child/2, start_manager_child/2, - connection_manager/1]). - -%%----------------------------------------------------------------- -%% Internal exports -%%----------------------------------------------------------------- --export([init/1, handle_call/3, handle_cast/2, handle_info/2, - code_change/3, terminate/2, stop/1]). - --record(state, {role, manager, handler, timeout}). - -%%----------------------------------------------------------------- -%% External interface functions -%%----------------------------------------------------------------- -%%----------------------------------------------------------------- -%% Func: start/0 -%%----------------------------------------------------------------- -start_link(Args) -> - gen_server:start_link(?MODULE, [Args], []). - -%% Will be called from the manager child process -start_handler_child(ServerRef, Args) -> - gen_server:call(ServerRef, {handler, self(), Args}, infinity). - -%% Will be called from the acceptor process -start_manager_child(ServerRef, Args) -> - gen_server:call(ServerRef, {manager, Args}, infinity). - -connection_manager(ServerRef) -> - {ok, gen_server:call(ServerRef, manager, infinity)}. - -%%----------------------------------------------------------------- -%% Internal interface functions -%%----------------------------------------------------------------- -%%----------------------------------------------------------------- -%% Func: stop/1 -%%----------------------------------------------------------------- -stop(Pid) -> - gen_server:cast(Pid, stop). - -%%----------------------------------------------------------------- -%% Server functions -%%----------------------------------------------------------------- -%%----------------------------------------------------------------- -%% Func: init/1 -%%----------------------------------------------------------------- -init([Opts]) -> - process_flag(trap_exit, true), - case proplists:get_value(role, Opts) of - client -> - {ok, Manager} = ssh_connection_manager:start_link([client, Opts]), - {ok, #state{role = client, manager = Manager}}; - _server -> - %% Children started by acceptor process - {ok, #state{role = server}} - end. - - -%%----------------------------------------------------------------- -%% Func: terminate/2 -%%----------------------------------------------------------------- -terminate(_Reason, #state{}) -> - ok. - -%%----------------------------------------------------------------- -%% Func: handle_call/3 -%%----------------------------------------------------------------- -handle_call({handler, Pid, [Role, Socket, Opts]}, _From, State) -> - {ok, Handler} = ssh_connection_handler:start_link(Role, Pid, Socket, Opts), - {reply, {ok, Handler}, State#state{handler = Handler}}; -handle_call({manager, [server = Role, Socket, Opts, SubSysSup]}, _From, State) -> - {ok, Manager} = ssh_connection_manager:start_link([Role, Socket, Opts, SubSysSup]), - {reply, {ok, Manager}, State#state{manager = Manager}}; -handle_call({manager, [client = Role | Opts]}, _From, State) -> - {ok, Manager} = ssh_connection_manager:start_link([Role, Opts]), - {reply, {ok, Manager}, State#state{manager = Manager}}; -handle_call(manager, _From, State) -> - {reply, State#state.manager, State}; -handle_call(stop, _From, State) -> - {stop, normal, ok, State}; -handle_call(_, _, State) -> - {noreply, State, State#state.timeout}. - -%%----------------------------------------------------------------- -%% Func: handle_cast/2 -%%----------------------------------------------------------------- -handle_cast(stop, State) -> - {stop, normal, State}; -handle_cast(_, State) -> - {noreply, State, State#state.timeout}. - -%%----------------------------------------------------------------- -%% Func: handle_info/2 -%%----------------------------------------------------------------- -%% handle_info(ssh_connected, State) -> -%% {stop, normal, State}; -%% Servant termination. -handle_info({'EXIT', _Pid, Reason}, State) -> - {stop, Reason, State}. - -%%----------------------------------------------------------------- -%% Func: code_change/3 -%%----------------------------------------------------------------- -code_change(_OldVsn, State, _Extra) -> - {ok, State}. - diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index c10a60bfcf..6bff27b860 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -18,10 +18,11 @@ %% %% %%---------------------------------------------------------------------- -%% Purpose: Handles the setup of an ssh connection, e.i. both the -%% setup SSH Transport Layer Protocol (RFC 4253) and Authentication -%% Protocol (RFC 4252). Details of the different protocols are -%% implemented in ssh_transport.erl, ssh_auth.erl +%% Purpose: Handles an ssh connection, e.i. both the +%% setup SSH Transport Layer Protocol (RFC 4253), Authentication +%% Protocol (RFC 4252) and SSH connection Protocol (RFC 4255) +%% Details of the different protocols are +%% implemented in ssh_transport.erl, ssh_auth.erl and ssh_connection.erl %% ---------------------------------------------------------------------- -module(ssh_connection_handler). @@ -33,10 +34,14 @@ -include("ssh_auth.hrl"). -include("ssh_connect.hrl"). --export([start_link/4, send/2, renegotiate/1, send_event/2, - connection_info/3, - peer_address/1, - renegotiate_data/1]). +-export([start_link/3]). + +%% Internal application API +-export([open_channel/6, reply_request/3, request/6, request/7, + global_request/4, send/5, send_eof/2, info/1, info/2, + connection_info/2, channel_info/3, + adjust_window/3, close/2, stop/1, renegotiate/1, renegotiate_data/1, + start_connection/4]). %% gen_fsm callbacks -export([hello/2, kexinit/2, key_exchange/2, new_keys/2, @@ -45,10 +50,13 @@ -export([init/1, handle_event/3, handle_sync_event/4, handle_info/3, terminate/3, code_change/4]). -%% spawn export --export([ssh_info_handler/4]). - -record(state, { + role, + client, + starter, + connection_state, + latest_channel_id = 0, + idle_timer_ref, transport_protocol, % ex: tcp transport_cb, transport_close_tag, @@ -59,104 +67,234 @@ undecoded_packet_length, % integer() key_exchange_init_msg, % #ssh_msg_kexinit{} renegotiate = false, % boolean() - manager, % pid() connection_queue, address, port, opts }). --define(DBG_MESSAGE, true). +-type state_name() :: hello | kexinit | key_exchange | new_keys | userauth | connection. +-type gen_fsm_state_return() :: {next_state, state_name(), term()} | + {next_state, state_name(), term(), timeout()} | + {stop, term(), term()}. %%==================================================================== %% Internal application API %%==================================================================== + %%-------------------------------------------------------------------- -%% Function: start_link() -> ok,Pid} | ignore | {error,Error} -%% Description:Creates a gen_fsm process which calls Module:init/1 to -%% initialize. To ensure a synchronized start-up procedure, this function -%% does not return until Module:init/1 has returned. +-spec start_connection(client| server, port(), proplists:proplist(), + timeout()) -> {ok, pid()} | {error, term()}. %%-------------------------------------------------------------------- -start_link(Role, Manager, Socket, Options) -> - gen_fsm:start_link(?MODULE, [Role, Manager, Socket, Options], []). - -send(ConnectionHandler, Data) -> - send_all_state_event(ConnectionHandler, {send, Data}). +start_connection(client = Role, Socket, Options, Timeout) -> + try + {ok, Pid} = sshc_sup:start_child([Role, Socket, Options]), + {_, Callback, _} = + proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), + ok = socket_control(Socket, Pid, Callback), + Ref = erlang:monitor(process, Pid), + handshake(Pid, Ref, Timeout) + catch + exit:{noproc, _} -> + {error, ssh_not_started}; + _:Error -> + {error, Error} + end; -renegotiate(ConnectionHandler) -> - send_all_state_event(ConnectionHandler, renegotiate). - -renegotiate_data(ConnectionHandler) -> - send_all_state_event(ConnectionHandler, data_size). -connection_info(ConnectionHandler, From, Options) -> - send_all_state_event(ConnectionHandler, {info, From, Options}). +start_connection(server = Role, Socket, Options, Timeout) -> + try + Sups = proplists:get_value(supervisors, Options), + ConnectionSup = proplists:get_value(connection_sup, Sups), + Opts = [{supervisors, Sups}, {user_pid, self()} | proplists:get_value(ssh_opts, Options, [])], + {ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]), + {_, Callback, _} = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), + socket_control(Socket, Pid, Callback), + Ref = erlang:monitor(process, Pid), + handshake(Pid, Ref, Timeout) + catch + exit:{noproc, _} -> + {error, ssh_not_started}; + _:Error -> + {error, Error} + end. -%% Replaced with option to connection_info/3. For now keep -%% for backwards compatibility -peer_address(ConnectionHandler) -> - sync_send_all_state_event(ConnectionHandler, peer_address). +start_link(Role, Socket, Options) -> + {ok, proc_lib:spawn_link(?MODULE, init, [[Role, Socket, Options]])}. -%%==================================================================== -%% gen_fsm callbacks -%%==================================================================== -%%-------------------------------------------------------------------- -%% Function: init(Args) -> {ok, StateName, State} | -%% {ok, StateName, State, Timeout} | -%% ignore | -%% {stop, StopReason} -%% Description:Whenever a gen_fsm is started using gen_fsm:start/[3,4] or -%% gen_fsm:start_link/3,4, this function is called by the new process to -%% initialize. -%%-------------------------------------------------------------------- -init([Role, Manager, Socket, SshOpts]) -> +init([Role, Socket, SshOpts]) -> process_flag(trap_exit, true), {NumVsn, StrVsn} = ssh_transport:versions(Role, SshOpts), {Protocol, Callback, CloseTag} = proplists:get_value(transport, SshOpts, {tcp, gen_tcp, tcp_closed}), + Cache = ssh_channel:cache_create(), + State0 = #state{ + role = Role, + connection_state = #connection{channel_cache = Cache, + channel_id_seed = 0, + port_bindings = [], + requests = [], + options = SshOpts}, + socket = Socket, + decoded_data_buffer = <<>>, + encoded_data_buffer = <<>>, + transport_protocol = Protocol, + transport_cb = Callback, + transport_close_tag = CloseTag, + opts = SshOpts + }, + + State = init_role(State0), + try init_ssh(Role, NumVsn, StrVsn, SshOpts, Socket) of Ssh -> - {ok, hello, #state{ssh_params = - Ssh#ssh{send_sequence = 0, recv_sequence = 0}, - socket = Socket, - decoded_data_buffer = <<>>, - encoded_data_buffer = <<>>, - transport_protocol = Protocol, - transport_cb = Callback, - transport_close_tag = CloseTag, - manager = Manager, - opts = SshOpts - }} + gen_fsm:enter_loop(?MODULE, [], hello, + State#state{ssh_params = Ssh}) catch - exit:Reason -> - {stop, {shutdown, Reason}} + _:Error -> + gen_fsm:enter_loop(?MODULE, [], error, {Error, State0}) end. + +%%-------------------------------------------------------------------- +-spec open_channel(pid(), string(), iodata(), integer(), integer(), + timeout()) -> {open, channel_id()} | {open_error, term(), string(), string()}. +%%-------------------------------------------------------------------- +open_channel(ConnectionHandler, ChannelType, ChannelSpecificData, + InitialWindowSize, + MaxPacketSize, Timeout) -> + sync_send_all_state_event(ConnectionHandler, {open, self(), ChannelType, + InitialWindowSize, MaxPacketSize, + ChannelSpecificData, + Timeout}). +%%-------------------------------------------------------------------- +-spec request(pid(), pid(), channel_id(), string(), boolean(), iodata(), + timeout()) -> success | failure | ok | {error, term()}. +%%-------------------------------------------------------------------- +request(ConnectionHandler, ChannelPid, ChannelId, Type, true, Data, Timeout) -> + sync_send_all_state_event(ConnectionHandler, {request, ChannelPid, ChannelId, Type, Data, + Timeout}); +request(ConnectionHandler, ChannelPid, ChannelId, Type, false, Data, _) -> + send_all_state_event(ConnectionHandler, {request, ChannelPid, ChannelId, Type, Data}). + +%%-------------------------------------------------------------------- +-spec request(pid(), channel_id(), string(), boolean(), iodata(), + timeout()) -> success | failure | {error, timeout}. %%-------------------------------------------------------------------- -%% Function: -%% state_name(Event, State) -> {next_state, NextStateName, NextState}| -%% {next_state, NextStateName, -%% NextState, Timeout} | -%% {stop, Reason, NewState} -%% Description:There should be one instance of this function for each possible -%% state name. Whenever a gen_fsm receives an event sent using -%% gen_fsm:send_event/2, the instance of this function with the same name as -%% the current state name StateName is called to handle the event. It is also -%% called if a timeout occurs. +request(ConnectionHandler, ChannelId, Type, true, Data, Timeout) -> + sync_send_all_state_event(ConnectionHandler, {request, ChannelId, Type, Data, Timeout}); +request(ConnectionHandler, ChannelId, Type, false, Data, _) -> + send_all_state_event(ConnectionHandler, {request, ChannelId, Type, Data}). + +%%-------------------------------------------------------------------- +-spec reply_request(pid(), success | failure, channel_id()) -> ok. +%%-------------------------------------------------------------------- +reply_request(ConnectionHandler, Status, ChannelId) -> + send_all_state_event(ConnectionHandler, {reply_request, Status, ChannelId}). + +%%-------------------------------------------------------------------- +-spec global_request(pid(), string(), boolean(), iolist()) -> ok | error. +%%-------------------------------------------------------------------- +global_request(ConnectionHandler, Type, true = Reply, Data) -> + case sync_send_all_state_event(ConnectionHandler, + {global_request, self(), Type, Reply, Data}) of + {ssh_cm, ConnectionHandler, {success, _}} -> + ok; + {ssh_cm, ConnectionHandler, {failure, _}} -> + error + end; +global_request(ConnectionHandler, Type, false = Reply, Data) -> + send_all_state_event(ConnectionHandler, {global_request, self(), Type, Reply, Data}). + +%%-------------------------------------------------------------------- +-spec send(pid(), channel_id(), integer(), iolist(), timeout()) -> + ok | {error, timeout} | {error, closed}. +%%-------------------------------------------------------------------- +send(ConnectionHandler, ChannelId, Type, Data, Timeout) -> + sync_send_all_state_event(ConnectionHandler, {data, ChannelId, Type, Data, Timeout}). + +%%-------------------------------------------------------------------- +-spec send_eof(pid(), channel_id()) -> ok | {error, closed}. +%%-------------------------------------------------------------------- +send_eof(ConnectionHandler, ChannelId) -> + sync_send_all_state_event(ConnectionHandler, {eof, ChannelId}). + +%%-------------------------------------------------------------------- +-spec connection_info(pid(), [atom()]) -> proplists:proplist(). +%%-------------------------------------------------------------------- +connection_info(ConnectionHandler, Options) -> + sync_send_all_state_event(ConnectionHandler, {connection_info, Options}). + %%-------------------------------------------------------------------- +-spec channel_info(pid(), channel_id(), [atom()]) -> proplists:proplist(). +%%-------------------------------------------------------------------- +channel_info(ConnectionHandler, ChannelId, Options) -> + sync_send_all_state_event(ConnectionHandler, {channel_info, ChannelId, Options}). + +%%-------------------------------------------------------------------- +-spec adjust_window(pid(), channel_id(), integer()) -> ok. +%%-------------------------------------------------------------------- +adjust_window(ConnectionHandler, Channel, Bytes) -> + send_all_state_event(ConnectionHandler, {adjust_window, Channel, Bytes}). +%%-------------------------------------------------------------------- +-spec renegotiate(pid()) -> ok. +%%-------------------------------------------------------------------- +renegotiate(ConnectionHandler) -> + send_all_state_event(ConnectionHandler, renegotiate). + +%%-------------------------------------------------------------------- +-spec renegotiate_data(pid()) -> ok. +%%-------------------------------------------------------------------- +renegotiate_data(ConnectionHandler) -> + send_all_state_event(ConnectionHandler, data_size). + +%%-------------------------------------------------------------------- +-spec close(pid(), channel_id()) -> ok. +%%-------------------------------------------------------------------- +close(ConnectionHandler, ChannelId) -> + sync_send_all_state_event(ConnectionHandler, {close, ChannelId}). + +%%-------------------------------------------------------------------- +-spec stop(pid()) -> ok | {error, term()}. +%%-------------------------------------------------------------------- +stop(ConnectionHandler)-> + case sync_send_all_state_event(ConnectionHandler, stop) of + {error, closed} -> + ok; + Other -> + Other + end. + +info(ConnectionHandler) -> + info(ConnectionHandler, {info, all}). + +info(ConnectionHandler, ChannelProcess) -> + sync_send_all_state_event(ConnectionHandler, {info, ChannelProcess}). + + +%%==================================================================== +%% gen_fsm callbacks +%%==================================================================== + +%%-------------------------------------------------------------------- +-spec hello(socket_control | {info_line, list()} | {version_exchange, list()}, + #state{}) -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- + hello(socket_control, #state{socket = Socket, ssh_params = Ssh} = State) -> VsnMsg = ssh_transport:hello_version_msg(string_version(Ssh)), send_msg(VsnMsg, State), - inet:setopts(Socket, [{packet, line}]), - {next_state, hello, next_packet(State)}; + inet:setopts(Socket, [{packet, line}, {active, once}]), + {next_state, hello, State}; -hello({info_line, _Line}, State) -> - {next_state, hello, next_packet(State)}; +hello({info_line, _Line},#state{socket = Socket} = State) -> + inet:setopts(Socket, [{active, once}]), + {next_state, hello, State}; hello({version_exchange, Version}, #state{ssh_params = Ssh0, socket = Socket} = State) -> {NumVsn, StrVsn} = ssh_transport:handle_hello_version(Version), case handle_version(NumVsn, StrVsn, Ssh0) of {ok, Ssh1} -> - inet:setopts(Socket, [{packet,0}, {mode,binary}]), + inet:setopts(Socket, [{packet,0}, {mode,binary}, {active, once}]), {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh1), send_msg(SshPacket, State), {next_state, kexinit, next_packet(State#state{ssh_params = Ssh, @@ -172,12 +310,15 @@ hello({version_exchange, Version}, #state{ssh_params = Ssh0, handle_disconnect(DisconnectMsg, State) end. +%%-------------------------------------------------------------------- +-spec kexinit({#ssh_msg_kexinit{}, binary()}, #state{}) -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- kexinit({#ssh_msg_kexinit{} = Kex, Payload}, #state{ssh_params = #ssh{role = Role} = Ssh0, - key_exchange_init_msg = OwnKex} = - State) -> + key_exchange_init_msg = OwnKex} = + State) -> Ssh1 = ssh_transport:key_init(opposite_role(Role), Ssh0, Payload), - try ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1) of + case ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1) of {ok, NextKexMsg, Ssh} when Role == client -> send_msg(NextKexMsg, State), {next_state, key_exchange, @@ -185,156 +326,75 @@ kexinit({#ssh_msg_kexinit{} = Kex, Payload}, {ok, Ssh} when Role == server -> {next_state, key_exchange, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State) end. - + +%%-------------------------------------------------------------------- +-spec key_exchange(#ssh_msg_kexdh_init{} | #ssh_msg_kexdh_reply{} | + #ssh_msg_kex_dh_gex_group{} | #ssh_msg_kex_dh_gex_request{} | + #ssh_msg_kex_dh_gex_request{} | #ssh_msg_kex_dh_gex_reply{}, #state{}) + -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- + key_exchange(#ssh_msg_kexdh_init{} = Msg, - #state{ssh_params = #ssh{role = server} =Ssh0} = State) -> - try ssh_transport:handle_kexdh_init(Msg, Ssh0) of + #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> + case ssh_transport:handle_kexdh_init(Msg, Ssh0) of {ok, KexdhReply, Ssh1} -> send_msg(KexdhReply, State), {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), send_msg(NewKeys, State), {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State) end; -key_exchange({#ssh_msg_kexinit{} = Kex, Payload}, - #state{ssh_params = #ssh{role = Role} = Ssh0, - key_exchange_init_msg = OwnKex} = - State) -> - Ssh1 = ssh_transport:key_init(opposite_role(Role), Ssh0, Payload), - try ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1) of - {ok, NextKexMsg, Ssh} when Role == client -> - send_msg(NextKexMsg, State), - {next_state, key_exchange, - next_packet(State#state{ssh_params = Ssh})}; - {ok, Ssh} when Role == server -> - {next_state, key_exchange, - next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State) - end; - key_exchange(#ssh_msg_kexdh_reply{} = Msg, #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> - try ssh_transport:handle_kexdh_reply(Msg, Ssh0) of - {ok, NewKeys, Ssh} -> - send_msg(NewKeys, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - {ErrorToDisplay, #ssh_msg_disconnect{} = DisconnectMsg} -> - handle_disconnect(DisconnectMsg, State, ErrorToDisplay); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State) - end; + {ok, NewKeys, Ssh} = ssh_transport:handle_kexdh_reply(Msg, Ssh0), + send_msg(NewKeys, State), + {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}; key_exchange(#ssh_msg_kex_dh_gex_group{} = Msg, #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> - try ssh_transport:handle_kex_dh_gex_group(Msg, Ssh0) of - {ok, NextKexMsg, Ssh1} -> - send_msg(NextKexMsg, State), - {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), - send_msg(NewKeys, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State) - end; + {ok, NextKexMsg, Ssh1} = ssh_transport:handle_kex_dh_gex_group(Msg, Ssh0), + send_msg(NextKexMsg, State), + {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), + send_msg(NewKeys, State), + {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}; key_exchange(#ssh_msg_kex_dh_gex_request{} = Msg, #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> - try ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0) of - {ok, NextKexMsg, Ssh} -> - send_msg(NextKexMsg, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State) - end; + {ok, NextKexMsg, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0), + send_msg(NextKexMsg, State), + {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}; + key_exchange(#ssh_msg_kex_dh_gex_reply{} = Msg, #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> - try ssh_transport:handle_kex_dh_gex_reply(Msg, Ssh0) of - {ok, NewKeys, Ssh} -> - send_msg(NewKeys, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State) - end. + {ok, NewKeys, Ssh} = ssh_transport:handle_kex_dh_gex_reply(Msg, Ssh0), + send_msg(NewKeys, State), + {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}. + +%%-------------------------------------------------------------------- +-spec new_keys(#ssh_msg_newkeys{}, #state{}) -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- new_keys(#ssh_msg_newkeys{} = Msg, #state{ssh_params = Ssh0} = State0) -> - try ssh_transport:handle_new_keys(Msg, Ssh0) of - {ok, Ssh} -> - {NextStateName, State} = - after_new_keys(State0#state{ssh_params = Ssh}), - {next_state, NextStateName, next_packet(State)} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State0); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = Desc, - language = "en"}, State0) - end. + {ok, Ssh} = ssh_transport:handle_new_keys(Msg, Ssh0), + {NextStateName, State} = + after_new_keys(State0#state{ssh_params = Ssh}), + {next_state, NextStateName, next_packet(State)}. + +%%-------------------------------------------------------------------- +-spec userauth(#ssh_msg_service_request{} | #ssh_msg_service_accept{} | + #ssh_msg_userauth_request{} | #ssh_msg_userauth_info_request{} | + #ssh_msg_userauth_info_response{} | #ssh_msg_userauth_success{} | + #ssh_msg_userauth_failure{} | #ssh_msg_userauth_banner{}, + #state{}) -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- userauth(#ssh_msg_service_request{name = "ssh-userauth"} = Msg, #state{ssh_params = #ssh{role = server, session_id = SessionId} = Ssh0} = State) -> - try ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of - {ok, {Reply, Ssh}} -> - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = Desc, - language = "en"}, State) - end; + {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0), + send_msg(Reply, State), + {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; userauth(#ssh_msg_service_accept{name = "ssh-userauth"}, #state{ssh_params = #ssh{role = client, @@ -349,27 +409,18 @@ userauth(#ssh_msg_userauth_request{service = "ssh-connection", #state{ssh_params = #ssh{session_id = SessionId, role = server, service = "ssh-connection"} = Ssh0 } = State) -> - try ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of - {not_authorized, {_User, _Reason}, {Reply, Ssh}} -> - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = Desc, - language = "en"}, State) - end; + {not_authorized, {_User, _Reason}, {Reply, Ssh}} = + ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0), + send_msg(Reply, State), + {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; userauth(#ssh_msg_userauth_request{service = "ssh-connection", method = Method} = Msg, #state{ssh_params = #ssh{session_id = SessionId, role = server, service = "ssh-connection", peer = {_, Address}} = Ssh0, - opts = Opts, manager = Pid} = State) -> - try ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of + opts = Opts, starter = Pid} = State) -> + case ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of {authorized, User, {Reply, Ssh}} -> send_msg(Reply, State), ssh_userreg:register_user(User, Pid), @@ -381,54 +432,26 @@ userauth(#ssh_msg_userauth_request{service = "ssh-connection", retry_fun(User, Reason, Opts), send_msg(Reply, State), {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = Desc, - language = "en"}, State) end; userauth(#ssh_msg_userauth_info_request{} = Msg, #state{ssh_params = #ssh{role = client, io_cb = IoCb} = Ssh0} = State) -> - try ssh_auth:handle_userauth_info_request(Msg, IoCb, Ssh0) of - {ok, {Reply, Ssh}} -> - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = Desc, - language = "en"}, State) - end; + {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_info_request(Msg, IoCb, Ssh0), + send_msg(Reply, State), + {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; userauth(#ssh_msg_userauth_info_response{} = Msg, #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> - try ssh_auth:handle_userauth_info_response(Msg, Ssh0) of - {ok, {Reply, Ssh}} -> - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} - catch - #ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - _:Error -> - Desc = log_error(Error), - handle_disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = Desc, - language = "en"}, State) - end; + {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_info_response(Msg, Ssh0), + send_msg(Reply, State), + {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; userauth(#ssh_msg_userauth_success{}, #state{ssh_params = #ssh{role = client} = Ssh, - manager = Pid} = State) -> + starter = Pid} = State) -> Pid ! ssh_connected, - {next_state, connected, next_packet(State#state{ssh_params = Ssh#ssh{authenticated = true}})}; - + {next_state, connected, next_packet(State#state{ssh_params = + Ssh#ssh{authenticated = true}})}; userauth(#ssh_msg_userauth_failure{}, #state{ssh_params = #ssh{role = client, userauth_methods = []}} @@ -477,31 +500,27 @@ userauth(#ssh_msg_userauth_banner{message = Msg}, io:format("~s", [Msg]), {next_state, userauth, next_packet(State)}. +%%-------------------------------------------------------------------- +-spec connected({#ssh_msg_kexinit{}, binary()}, %%| %% #ssh_msg_kexdh_init{}, + #state{}) -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- connected({#ssh_msg_kexinit{}, _Payload} = Event, State) -> - kexinit(Event, State#state{renegotiate = true}); -connected({#ssh_msg_kexdh_init{}, _Payload} = Event, State) -> - key_exchange(Event, State#state{renegotiate = true}). + kexinit(Event, State#state{renegotiate = true}). +%% ; +%% connected(#ssh_msg_kexdh_init{} = Event, State) -> +%% key_exchange(Event, State#state{renegotiate = true}). %%-------------------------------------------------------------------- -%% Function: -%% handle_event(Event, StateName, State) -> {next_state, NextStateName, -%% NextState} | -%% {next_state, NextStateName, -%% NextState, Timeout} | -%% {stop, Reason, NewState} -%% Description: Whenever a gen_fsm receives an event sent using -%% gen_fsm:send_all_state_event/2, this function is called to handle -%% the event. -%%-------------------------------------------------------------------- -handle_event({send, Data}, StateName, #state{ssh_params = Ssh0} = State) -> - {Packet, Ssh} = ssh_transport:pack(Data, Ssh0), - send_msg(Packet, State), - {next_state, StateName, next_packet(State#state{ssh_params = Ssh})}; +-spec handle_event(#ssh_msg_disconnect{} | #ssh_msg_ignore{} | #ssh_msg_debug{} | + #ssh_msg_unimplemented{} | {adjust_window, integer(), integer()} | + {reply_request, success | failure, integer()} | renegotiate | + data_size | {request, pid(), integer(), integer(), iolist()} | + {request, integer(), integer(), iolist()}, state_name(), + #state{}) -> gen_fsm_state_return(). -handle_event(#ssh_msg_disconnect{} = Msg, _StateName, - #state{manager = Pid} = State) -> - (catch ssh_connection_manager:event(Pid, Msg)), - {stop, normal, State}; +%%-------------------------------------------------------------------- +handle_event(#ssh_msg_disconnect{description = Desc}, _StateName, #state{} = State) -> + {stop, {shutdown, Desc}, State}; handle_event(#ssh_msg_ignore{}, StateName, State) -> {next_state, StateName, next_packet(State)}; @@ -517,30 +536,58 @@ handle_event(#ssh_msg_debug{}, StateName, State) -> handle_event(#ssh_msg_unimplemented{}, StateName, State) -> {next_state, StateName, next_packet(State)}; +handle_event({adjust_window, ChannelId, Bytes}, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + State = + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{recv_window_size = WinSize, remote_id = Id} = Channel -> + ssh_channel:cache_update(Cache, Channel#channel{recv_window_size = + WinSize + Bytes}), + Msg = ssh_connection:channel_adjust_window_msg(Id, Bytes), + send_replies([{connection_reply, Msg}], State0); + undefined -> + State0 + end, + {next_state, StateName, next_packet(State)}; + +handle_event({reply_request, success, ChannelId}, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + State = case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{remote_id = RemoteId} -> + Msg = ssh_connection:channel_success_msg(RemoteId), + send_replies([{connection_reply, Msg}], State0); + undefined -> + State0 + end, + {next_state, StateName, State}; + handle_event(renegotiate, connected, #state{ssh_params = Ssh0} = State) -> {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), send_msg(SshPacket, State), - {next_state, connected, + timer:apply_after(?REKEY_TIMOUT, gen_fsm, send_all_state_event, [self(), renegotiate]), + {next_state, kexinit, next_packet(State#state{ssh_params = Ssh, key_exchange_init_msg = KeyInitMsg, renegotiate = true})}; handle_event(renegotiate, StateName, State) -> + timer:apply_after(?REKEY_TIMOUT, gen_fsm, send_all_state_event, [self(), renegotiatie]), %% Allready in keyexcahange so ignore {next_state, StateName, State}; -handle_event({info, From, Options}, StateName, #state{ssh_params = Ssh} = State) -> - spawn(?MODULE, ssh_info_handler, [Options, Ssh, State, From]), - {next_state, StateName, State}; +%% Rekey due to sent data limit reached? handle_event(data_size, connected, #state{ssh_params = Ssh0} = State) -> {ok, [{send_oct,Sent}]} = inet:getstat(State#state.socket, [send_oct]), MaxSent = proplists:get_value(rekey_limit, State#state.opts, 1024000000), + timer:apply_after(?REKEY_DATA_TIMOUT, gen_fsm, send_all_state_event, [self(), data_size]), case Sent >= MaxSent of true -> {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), send_msg(SshPacket, State), - {next_state, connected, + {next_state, kexinit, next_packet(State#state{ssh_params = Ssh, key_exchange_init_msg = KeyInitMsg, renegotiate = true})}; @@ -549,42 +596,196 @@ handle_event(data_size, connected, #state{ssh_params = Ssh0} = State) -> end; handle_event(data_size, StateName, State) -> {next_state, StateName, State}; + +handle_event({request, ChannelPid, ChannelId, Type, Data}, StateName, State0) -> + {{replies, Replies}, State1} = handle_request(ChannelPid, ChannelId, + Type, Data, + false, none, State0), + State = send_replies(Replies, State1), + {next_state, StateName, next_packet(State)}; + +handle_event({request, ChannelId, Type, Data}, StateName, State0) -> + {{replies, Replies}, State1} = handle_request(ChannelId, Type, Data, + false, none, State0), + State = send_replies(Replies, State1), + {next_state, StateName, next_packet(State)}; + handle_event({unknown, Data}, StateName, State) -> Msg = #ssh_msg_unimplemented{sequence = Data}, send_msg(Msg, State), {next_state, StateName, next_packet(State)}. + %%-------------------------------------------------------------------- -%% Function: -%% handle_sync_event(Event, From, StateName, -%% State) -> {next_state, NextStateName, NextState} | -%% {next_state, NextStateName, NextState, -%% Timeout} | -%% {reply, Reply, NextStateName, NextState}| -%% {reply, Reply, NextStateName, NextState, -%% Timeout} | -%% {stop, Reason, NewState} | -%% {stop, Reason, Reply, NewState} -%% Description: Whenever a gen_fsm receives an event sent using -%% gen_fsm:sync_send_all_state_event/2,3, this function is called to handle -%% the event. +-spec handle_sync_event({request, pid(), channel_id(), integer(), binary(), timeout()} | + {request, channel_id(), integer(), binary(), timeout()} | + {global_request, pid(), integer(), boolean(), binary()} | {eof, integer()} | + {open, pid(), integer(), channel_id(), integer(), binary(), _} | + {send_window, channel_id()} | {recv_window, channel_id()} | + {connection_info, [client_version | server_version | peer | + sockname]} | {channel_info, channel_id(), [recv_window | + send_window]} | + {close, channel_id()} | stop, term(), state_name(), #state{}) + -> gen_fsm_state_return(). %%-------------------------------------------------------------------- +handle_sync_event({request, ChannelPid, ChannelId, Type, Data, Timeout}, From, StateName, State0) -> + {{replies, Replies}, State1} = handle_request(ChannelPid, + ChannelId, Type, Data, + true, From, State0), + %% Note reply to channel will happen later when + %% reply is recived from peer on the socket + State = send_replies(Replies, State1), + start_timeout(ChannelId, From, Timeout), + handle_idle_timeout(State), + {next_state, StateName, next_packet(State)}; + +handle_sync_event({request, ChannelId, Type, Data, Timeout}, From, StateName, State0) -> + {{replies, Replies}, State1} = handle_request(ChannelId, Type, Data, + true, From, State0), + %% Note reply to channel will happen later when + %% reply is recived from peer on the socket + State = send_replies(Replies, State1), + start_timeout(ChannelId, From, Timeout), + handle_idle_timeout(State), + {next_state, StateName, next_packet(State)}; + +handle_sync_event({global_request, Pid, _, _, _} = Request, From, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + State1 = handle_global_request(Request, State0), + Channel = ssh_channel:cache_find(Pid, Cache), + State = add_request(true, Channel#channel.local_id, From, State1), + {next_state, StateName, next_packet(State)}; -%% Replaced with option to connection_info/3. For now keep -%% for backwards compatibility -handle_sync_event(peer_address, _From, StateName, - #state{ssh_params = #ssh{peer = {_, Address}}} = State) -> - {reply, {ok, Address}, StateName, State}. +handle_sync_event({data, ChannelId, Type, Data, Timeout}, From, StateName, + #state{connection_state = #connection{channel_cache = _Cache} + = Connection0} = State0) -> + + case ssh_connection:channel_data(ChannelId, Type, Data, Connection0, From) of + {{replies, Replies}, Connection} -> + State = send_replies(Replies, State0#state{connection_state = Connection}), + start_timeout(ChannelId, From, Timeout), + {next_state, StateName, next_packet(State)}; + {noreply, Connection} -> + start_timeout(ChannelId, From, Timeout), + {next_state, StateName, next_packet(State0#state{connection_state = Connection})} + end; + +handle_sync_event({eof, ChannelId}, _From, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{remote_id = Id, sent_close = false} -> + State = send_replies([{connection_reply, + ssh_connection:channel_eof_msg(Id)}], State0), + {reply, ok, StateName, next_packet(State)}; + _ -> + {reply, {error,closed}, StateName, State0} + end; + +handle_sync_event({open, ChannelPid, Type, InitialWindowSize, MaxPacketSize, Data, Timeout}, + From, StateName, #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + erlang:monitor(process, ChannelPid), + {ChannelId, State1} = new_channel_id(State0), + Msg = ssh_connection:channel_open_msg(Type, ChannelId, + InitialWindowSize, + MaxPacketSize, Data), + State2 = send_replies([{connection_reply, Msg}], State1), + Channel = #channel{type = Type, + sys = "none", + user = ChannelPid, + local_id = ChannelId, + recv_window_size = InitialWindowSize, + recv_packet_size = MaxPacketSize}, + ssh_channel:cache_update(Cache, Channel), + State = add_request(true, ChannelId, From, State2), + start_timeout(ChannelId, From, Timeout), + {next_state, StateName, next_packet(remove_timer_ref(State))}; + +handle_sync_event({send_window, ChannelId}, _From, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State) -> + Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{send_window_size = WinSize, + send_packet_size = Packsize} -> + {ok, {WinSize, Packsize}}; + undefined -> + {error, einval} + end, + {reply, Reply, StateName, next_packet(State)}; + +handle_sync_event({recv_window, ChannelId}, _From, StateName, + #state{connection_state = #connection{channel_cache = Cache}} + = State) -> + + Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{recv_window_size = WinSize, + recv_packet_size = Packsize} -> + {ok, {WinSize, Packsize}}; + undefined -> + {error, einval} + end, + {reply, Reply, StateName, next_packet(State)}; + +handle_sync_event({connection_info, Options}, _From, StateName, State) -> + Info = ssh_info(Options, State, []), + {reply, Info, StateName, State}; + +handle_sync_event({channel_info, ChannelId, Options}, _From, StateName, + #state{connection_state = #connection{channel_cache = Cache}} = State) -> + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{} = Channel -> + Info = ssh_channel_info(Options, Channel, []), + {reply, Info, StateName, State}; + undefined -> + {reply, [], StateName, State} + end; + +handle_sync_event({info, ChannelPid}, _From, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State) -> + Result = ssh_channel:cache_foldl( + fun(Channel, Acc) when ChannelPid == all; + Channel#channel.user == ChannelPid -> + [Channel | Acc]; + (_, Acc) -> + Acc + end, [], Cache), + {reply, {ok, Result}, StateName, State}; + +handle_sync_event({close, ChannelId}, _, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + State = + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{remote_id = Id} = Channel -> + State1 = send_replies([{connection_reply, + ssh_connection:channel_close_msg(Id)}], State0), + ssh_channel:cache_update(Cache, Channel#channel{sent_close = true}), + handle_idle_timeout(State1), + State1; + undefined -> + State0 + end, + {reply, ok, StateName, next_packet(State)}; + +handle_sync_event(stop, _, _StateName, #state{connection_state = Connection0, + role = Role, + opts = Opts} = State0) -> + {disconnect, Reason, {{replies, Replies}, Connection}} = + ssh_connection:handle_msg(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + description = "User closed down connection", + language = "en"}, Connection0, Role), + State = send_replies(Replies, State0), + SSHOpts = proplists:get_value(ssh_opts, Opts), + disconnect_fun(Reason, SSHOpts), + {stop, normal, ok, State#state{connection_state = Connection}}. %%-------------------------------------------------------------------- -%% Function: -%% handle_info(Info,StateName,State)-> {next_state, NextStateName, NextState}| -%% {next_state, NextStateName, NextState, -%% Timeout} | -%% {stop, Reason, NewState} -%% Description: This function is called by a gen_fsm when it receives any -%% other message than a synchronous or asynchronous event -%% (or a system message). +-spec handle_info({atom(), port(), binary()} | {atom(), port()} | + term (), state_name(), #state{}) -> gen_fsm_state_return(). %%-------------------------------------------------------------------- + handle_info({Protocol, Socket, "SSH-" ++ _ = Version}, hello, #state{socket = Socket, transport_protocol = Protocol} = State ) -> @@ -649,15 +850,35 @@ handle_info({Protocol, Socket, Data}, Statename, handle_info({CloseTag, _Socket}, _StateName, #state{transport_close_tag = CloseTag, ssh_params = #ssh{role = _Role, opts = _Opts}} = State) -> - DisconnectMsg = - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_CONNECTION_LOST, - description = "Connection Lost", - language = "en"}, - {stop, {shutdown, DisconnectMsg}, State}; + {stop, {shutdown, "Connection Lost"}, State}; + +handle_info({timeout, {_, From} = Request}, Statename, + #state{connection_state = #connection{requests = Requests} = Connection} = State) -> + case lists:member(Request, Requests) of + true -> + gen_fsm:reply(From, {error, timeout}), + {next_state, Statename, + State#state{connection_state = + Connection#connection{requests = + lists:delete(Request, Requests)}}}; + false -> + {next_state, Statename, State} + end; + +%%% Handle that ssh channels user process goes down +handle_info({'DOWN', _Ref, process, ChannelPid, _Reason}, Statename, State0) -> + {{replies, Replies}, State1} = handle_channel_down(ChannelPid, State0), + State = send_replies(Replies, State1), + {next_state, Statename, next_packet(State)}; %%% So that terminate will be run when supervisor is shutdown handle_info({'EXIT', _Sup, Reason}, _StateName, State) -> - {stop, Reason, State}; + {stop, {shutdown, Reason}, State}; + +handle_info({check_cache, _ , _}, + StateName, #state{connection_state = + #connection{channel_cache = Cache}} = State) -> + {next_state, StateName, check_cache(State, Cache)}; handle_info(UnexpectedMessage, StateName, #state{ssh_params = SshParams} = State) -> Msg = lists:flatten(io_lib:format( @@ -671,20 +892,17 @@ handle_info(UnexpectedMessage, StateName, #state{ssh_params = SshParams} = State {next_state, StateName, State}. %%-------------------------------------------------------------------- -%% Function: terminate(Reason, StateName, State) -> void() -%% Description:This function is called by a gen_fsm when it is about -%% to terminate. It should be the opposite of Module:init/1 and do any -%% necessary cleaning up. When it returns, the gen_fsm terminates with -%% Reason. The return value is ignored. +-spec terminate(Reason::term(), state_name(), #state{}) -> _. %%-------------------------------------------------------------------- terminate(normal, _, #state{transport_cb = Transport, - socket = Socket, - manager = Pid}) -> - (catch ssh_userreg:delete_user(Pid)), + connection_state = Connection, + socket = Socket}) -> + terminate_subsytem(Connection), + (catch ssh_userreg:delete_user(self())), (catch Transport:close(Socket)), ok; -%% Terminated as manager terminated +%% Terminated by supervisor terminate(shutdown, StateName, #state{ssh_params = Ssh0} = State) -> DisconnectMsg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, @@ -694,31 +912,34 @@ terminate(shutdown, StateName, #state{ssh_params = Ssh0} = State) -> send_msg(SshPacket, State), terminate(normal, StateName, State#state{ssh_params = Ssh}); -terminate({shutdown, #ssh_msg_disconnect{} = Msg}, StateName, #state{ssh_params = Ssh0, manager = Pid} = State) -> - {SshPacket, Ssh} = ssh_transport:ssh_packet(Msg, Ssh0), +terminate({shutdown, #ssh_msg_disconnect{} = Msg}, StateName, + #state{ssh_params = Ssh0} = State) -> + {SshPacket, Ssh} = ssh_transport:ssh_packet(Msg, Ssh0), send_msg(SshPacket, State), - ssh_connection_manager:event(Pid, Msg), - terminate(normal, StateName, State#state{ssh_params = Ssh}); -terminate({shutdown, {#ssh_msg_disconnect{} = Msg, ErrorMsg}}, StateName, #state{ssh_params = Ssh0, manager = Pid} = State) -> - {SshPacket, Ssh} = ssh_transport:ssh_packet(Msg, Ssh0), - send_msg(SshPacket, State), - ssh_connection_manager:event(Pid, Msg, ErrorMsg), - terminate(normal, StateName, State#state{ssh_params = Ssh}); -terminate(Reason, StateName, #state{ssh_params = Ssh0, manager = Pid} = State) -> + terminate(normal, StateName, State#state{ssh_params = Ssh}); +terminate({shutdown, _}, StateName, State) -> + terminate(normal, StateName, State); +terminate(Reason, StateName, #state{ssh_params = Ssh0, starter = _Pid, + connection_state = Connection} = State) -> + terminate_subsytem(Connection), log_error(Reason), DisconnectMsg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, description = "Internal error", language = "en"}, {SshPacket, Ssh} = ssh_transport:ssh_packet(DisconnectMsg, Ssh0), - ssh_connection_manager:event(Pid, DisconnectMsg), send_msg(SshPacket, State), terminate(normal, StateName, State#state{ssh_params = Ssh}). +terminate_subsytem(#connection{system_supervisor = SysSup, + sub_system_supervisor = SubSysSup}) when is_pid(SubSysSup) -> + ssh_system_sup:stop_subsystem(SysSup, SubSysSup); +terminate_subsytem(_) -> + ok. + %%-------------------------------------------------------------------- -%% Function: -%% code_change(OldVsn, StateName, State, Extra) -> {ok, StateName, NewState} -%% Description: Convert process state when code is changed +-spec code_change(OldVsn::term(), state_name(), Oldstate::term(), Extra::term()) -> + {ok, state_name(), #state{}}. %%-------------------------------------------------------------------- code_change(_OldVsn, StateName, State, _Extra) -> {ok, StateName, State}. @@ -726,6 +947,39 @@ code_change(_OldVsn, StateName, State, _Extra) -> %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- +init_role(#state{role = client, opts = Opts} = State0) -> + Pid = proplists:get_value(user_pid, Opts), + TimerRef = get_idle_time(Opts), + timer:apply_after(?REKEY_TIMOUT, gen_fsm, send_all_state_event, [self(), renegotiate]), + timer:apply_after(?REKEY_DATA_TIMOUT, gen_fsm, send_all_state_event, + [self(), data_size]), + State0#state{starter = Pid, + idle_timer_ref = TimerRef}; +init_role(#state{role = server, opts = Opts, connection_state = Connection} = State) -> + Sups = proplists:get_value(supervisors, Opts), + Pid = proplists:get_value(user_pid, Opts), + SystemSup = proplists:get_value(system_sup, Sups), + SubSystemSup = proplists:get_value(subsystem_sup, Sups), + ConnectionSup = proplists:get_value(connection_sup, Sups), + Shell = proplists:get_value(shell, Opts), + Exec = proplists:get_value(exec, Opts), + CliSpec = proplists:get_value(ssh_cli, Opts, {ssh_cli, [Shell]}), + State#state{starter = Pid, connection_state = Connection#connection{ + cli_spec = CliSpec, + exec = Exec, + system_supervisor = SystemSup, + sub_system_supervisor = SubSystemSup, + connection_supervisor = ConnectionSup + }}. + +get_idle_time(SshOptions) -> + case proplists:get_value(idle_time, SshOptions) of + infinity -> + infinity; + _IdleTime -> %% We dont want to set the timeout on first connect + undefined + end. + init_ssh(client = Role, Vsn, Version, Options, Socket) -> IOCb = case proplists:get_value(user_interaction, Options, true) of true -> @@ -843,7 +1097,15 @@ send_all_state_event(FsmPid, Event) -> gen_fsm:send_all_state_event(FsmPid, Event). sync_send_all_state_event(FsmPid, Event) -> - gen_fsm:sync_send_all_state_event(FsmPid, Event). + try gen_fsm:sync_send_all_state_event(FsmPid, Event, infinity) + catch + exit:{noproc, _} -> + {error, closed}; + exit:{normal, _} -> + {error, closed}; + exit:{{shutdown, _},_} -> + {error, closed} + end. %% simulate send_all_state_event(self(), Event) event(#ssh_msg_disconnect{} = Event, StateName, State) -> @@ -856,10 +1118,33 @@ event(#ssh_msg_unimplemented{} = Event, StateName, State) -> handle_event(Event, StateName, State); %% simulate send_event(self(), Event) event(Event, StateName, State) -> - ?MODULE:StateName(Event, State). + try + ?MODULE:StateName(Event, State) + catch + throw:#ssh_msg_disconnect{} = DisconnectMsg -> + handle_disconnect(DisconnectMsg, State); + throw:{ErrorToDisplay, #ssh_msg_disconnect{} = DisconnectMsg} -> + handle_disconnect(DisconnectMsg, State, ErrorToDisplay); + _:Error -> + log_error(Error), + handle_disconnect(#ssh_msg_disconnect{code = error_code(StateName), + description = "Internal error", + language = "en"}, State) + end. +error_code(key_exchange) -> + ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED; +error_code(new_keys) -> + ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED; +error_code(_) -> + ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE. generate_event(<> = Msg, StateName, - #state{manager = Pid} = State0, EncData) + #state{ + role = Role, + starter = User, + opts = Opts, + renegotiate = Renegotiation, + connection_state = Connection0} = State0, EncData) when Byte == ?SSH_MSG_GLOBAL_REQUEST; Byte == ?SSH_MSG_REQUEST_SUCCESS; Byte == ?SSH_MSG_REQUEST_FAILURE; @@ -874,16 +1159,38 @@ generate_event(<> = Msg, StateName, Byte == ?SSH_MSG_CHANNEL_REQUEST; Byte == ?SSH_MSG_CHANNEL_SUCCESS; Byte == ?SSH_MSG_CHANNEL_FAILURE -> - - try - ssh_connection_manager:event(Pid, Msg), - State = generate_event_new_state(State0, EncData), - next_packet(State), - {next_state, StateName, State} + ConnectionMsg = ssh_message:decode(Msg), + State1 = generate_event_new_state(State0, EncData), + try ssh_connection:handle_msg(ConnectionMsg, Connection0, Role) of + {{replies, Replies}, Connection} -> + State = send_replies(Replies, State1#state{connection_state = Connection}), + {next_state, StateName, next_packet(State)}; + {noreply, Connection} -> + {next_state, StateName, next_packet(State1#state{connection_state = Connection})}; + {disconnect, {_, Reason}, {{replies, Replies}, Connection}} when + Role == client andalso ((StateName =/= connected) and (not Renegotiation)) -> + State = send_replies(Replies, State1#state{connection_state = Connection}), + User ! {self(), not_connected, Reason}, + {stop, {shutdown, normal}, + next_packet(State#state{connection_state = Connection})}; + {disconnect, Reason, {{replies, Replies}, Connection}} -> + State = send_replies(Replies, State1#state{connection_state = Connection}), + SSHOpts = proplists:get_value(ssh_opts, Opts), + disconnect_fun(Reason, SSHOpts), + {stop, {shutdown, normal}, State#state{connection_state = Connection}} catch - exit:{noproc, Reason} -> - {stop, {shutdown, Reason}, State0} + _:Error -> + {disconnect, Reason, {{replies, Replies}, Connection}} = + ssh_connection:handle_msg( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + description = "Internal error", + language = "en"}, Connection0, Role), + State = send_replies(Replies, State1#state{connection_state = Connection}), + SSHOpts = proplists:get_value(ssh_opts, Opts), + disconnect_fun(Reason, SSHOpts), + {stop, {shutdown, Error}, State#state{connection_state = Connection}} end; + generate_event(Msg, StateName, State0, EncData) -> Event = ssh_message:decode(Msg), State = generate_event_new_state(State0, EncData), @@ -895,6 +1202,100 @@ generate_event(Msg, StateName, State0, EncData) -> event(Event, StateName, State) end. + +handle_request(ChannelPid, ChannelId, Type, Data, WantReply, From, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{remote_id = Id} = Channel -> + update_sys(Cache, Channel, Type, ChannelPid), + Msg = ssh_connection:channel_request_msg(Id, Type, + WantReply, Data), + Replies = [{connection_reply, Msg}], + State = add_request(WantReply, ChannelId, From, State0), + {{replies, Replies}, State}; + undefined -> + {{replies, []}, State0} + end. + +handle_request(ChannelId, Type, Data, WantReply, From, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{remote_id = Id} -> + Msg = ssh_connection:channel_request_msg(Id, Type, + WantReply, Data), + Replies = [{connection_reply, Msg}], + State = add_request(WantReply, ChannelId, From, State0), + {{replies, Replies}, State}; + undefined -> + {{replies, []}, State0} + end. + +handle_global_request({global_request, ChannelPid, + "tcpip-forward" = Type, WantReply, + <> = Data}, + #state{connection_state = + #connection{channel_cache = Cache} + = Connection0} = State) -> + ssh_channel:cache_update(Cache, #channel{user = ChannelPid, + type = "forwarded-tcpip", + sys = none}), + Connection = ssh_connection:bind(IP, Port, ChannelPid, Connection0), + Msg = ssh_connection:global_request_msg(Type, WantReply, Data), + send_replies([{connection_reply, Msg}], State#state{connection_state = Connection}); + +handle_global_request({global_request, _Pid, "cancel-tcpip-forward" = Type, + WantReply, <> = Data}, + #state{connection_state = Connection0} = State) -> + Connection = ssh_connection:unbind(IP, Port, Connection0), + Msg = ssh_connection:global_request_msg(Type, WantReply, Data), + send_replies([{connection_reply, Msg}], State#state{connection_state = Connection}); + +handle_global_request({global_request, _, "cancel-tcpip-forward" = Type, + WantReply, Data}, State) -> + Msg = ssh_connection:global_request_msg(Type, WantReply, Data), + send_replies([{connection_reply, Msg}], State). + +handle_idle_timeout(#state{opts = Opts}) -> + case proplists:get_value(idle_time, Opts, infinity) of + infinity -> + ok; + IdleTime -> + erlang:send_after(IdleTime, self(), {check_cache, [], []}) + end. + +handle_channel_down(ChannelPid, #state{connection_state = + #connection{channel_cache = Cache}} = + State) -> + ssh_channel:cache_foldl( + fun(Channel, Acc) when Channel#channel.user == ChannelPid -> + ssh_channel:cache_delete(Cache, + Channel#channel.local_id), + Acc; + (_,Acc) -> + Acc + end, [], Cache), + {{replies, []}, check_cache(State, Cache)}. + +update_sys(Cache, Channel, Type, ChannelPid) -> + ssh_channel:cache_update(Cache, + Channel#channel{sys = Type, user = ChannelPid}). +add_request(false, _ChannelId, _From, State) -> + State; +add_request(true, ChannelId, From, #state{connection_state = + #connection{requests = Requests0} = + Connection} = State) -> + Requests = [{ChannelId, From} | Requests0], + State#state{connection_state = Connection#connection{requests = Requests}}. + +new_channel_id(#state{connection_state = #connection{channel_id_seed = Id} = + Connection} + = State) -> + {Id, State#state{connection_state = + Connection#connection{channel_id_seed = Id + 1}}}. generate_event_new_state(#state{ssh_params = #ssh{recv_sequence = SeqNum0} = Ssh} = State, EncData) -> @@ -904,7 +1305,6 @@ generate_event_new_state(#state{ssh_params = encoded_data_buffer = EncData, undecoded_packet_length = undefined}. - next_packet(#state{decoded_data_buffer = <<>>, encoded_data_buffer = Buff, ssh_params = #ssh{decrypt_block_size = BlockSize}, @@ -978,10 +1378,10 @@ handle_ssh_packet(Length, StateName, #state{decoded_data_buffer = DecData0, handle_disconnect(DisconnectMsg, State0) end. -handle_disconnect(#ssh_msg_disconnect{} = Msg, State) -> - {stop, {shutdown, Msg}, State}. -handle_disconnect(#ssh_msg_disconnect{} = Msg, State, ErrorMsg) -> - {stop, {shutdown, {Msg, ErrorMsg}}, State}. +handle_disconnect(#ssh_msg_disconnect{description = Desc}, State) -> + {stop, {shutdown, Desc}, State}. +handle_disconnect(#ssh_msg_disconnect{description = Desc}, State, ErrorMsg) -> + {stop, {shutdown, {Desc, ErrorMsg}}, State}. counterpart_versions(NumVsn, StrVsn, #ssh{role = server} = Ssh) -> Ssh#ssh{c_vsn = NumVsn , c_version = StrVsn}; @@ -1019,29 +1419,40 @@ retry_fun(User, Reason, Opts) -> catch Fun(User, Reason) end. -ssh_info_handler(Options, Ssh, State, From) -> - Info = ssh_info(Options, Ssh, State, []), - ssh_connection_manager:send_msg({channel_requst_reply, From, Info}). - -ssh_info([], _, _, Acc) -> +ssh_info([], _State, Acc) -> Acc; +ssh_info([client_version | Rest], #state{ssh_params = #ssh{c_vsn = IntVsn, + c_version = StringVsn}} = State, Acc) -> + ssh_info(Rest, State, [{client_version, {IntVsn, StringVsn}} | Acc]); -ssh_info([client_version | Rest], #ssh{c_vsn = IntVsn, - c_version = StringVsn} = SshParams, State, Acc) -> - ssh_info(Rest, SshParams, State, [{client_version, {IntVsn, StringVsn}} | Acc]); +ssh_info([server_version | Rest], #state{ssh_params =#ssh{s_vsn = IntVsn, + s_version = StringVsn}} = State, Acc) -> + ssh_info(Rest, State, [{server_version, {IntVsn, StringVsn}} | Acc]); -ssh_info([server_version | Rest], #ssh{s_vsn = IntVsn, - s_version = StringVsn} = SshParams, State, Acc) -> - ssh_info(Rest, SshParams, State, [{server_version, {IntVsn, StringVsn}} | Acc]); +ssh_info([peer | Rest], #state{ssh_params = #ssh{peer = Peer}} = State, Acc) -> + ssh_info(Rest, State, [{peer, Peer} | Acc]); -ssh_info([peer | Rest], #ssh{peer = Peer} = SshParams, State, Acc) -> - ssh_info(Rest, SshParams, State, [{peer, Peer} | Acc]); +ssh_info([sockname | Rest], #state{socket = Socket} = State, Acc) -> + ssh_info(Rest, State, [{sockname,inet:sockname(Socket)}|Acc]); -ssh_info([sockname | Rest], SshParams, #state{socket=Socket}=State, Acc) -> - ssh_info(Rest, SshParams, State, [{sockname,inet:sockname(Socket)}|Acc]); +ssh_info([ _ | Rest], State, Acc) -> + ssh_info(Rest, State, Acc). -ssh_info([ _ | Rest], SshParams, State, Acc) -> - ssh_info(Rest, SshParams, State, Acc). +ssh_channel_info([], _, Acc) -> + Acc; + +ssh_channel_info([recv_window | Rest], #channel{recv_window_size = WinSize, + recv_packet_size = Packsize + } = Channel, Acc) -> + ssh_channel_info(Rest, Channel, [{recv_window, {{win_size, WinSize}, + {packet_size, Packsize}}} | Acc]); +ssh_channel_info([send_window | Rest], #channel{send_window_size = WinSize, + send_packet_size = Packsize + } = Channel, Acc) -> + ssh_channel_info(Rest, Channel, [{send_window, {{win_size, WinSize}, + {packet_size, Packsize}}} | Acc]); +ssh_channel_info([ _ | Rest], Channel, Acc) -> + ssh_channel_info(Rest, Channel, Acc). log_error(Reason) -> Report = io_lib:format("Erlang ssh connection handler failed with reason: " @@ -1050,3 +1461,101 @@ log_error(Reason) -> [Reason, erlang:get_stacktrace()]), error_logger:error_report(Report), "Internal error". + +send_replies([], State) -> + State; +send_replies([{connection_reply, Data} | Rest], #state{ssh_params = Ssh0} = State) -> + {Packet, Ssh} = ssh_transport:ssh_packet(Data, Ssh0), + send_msg(Packet, State), + send_replies(Rest, State#state{ssh_params = Ssh}); +send_replies([Msg | Rest], State) -> + catch send_reply(Msg), + send_replies(Rest, State). + +send_reply({channel_data, Pid, Data}) -> + Pid ! {ssh_cm, self(), Data}; +send_reply({channel_requst_reply, From, Data}) -> + gen_fsm:reply(From, Data); +send_reply({flow_control, Cache, Channel, From, Msg}) -> + ssh_channel:cache_update(Cache, Channel#channel{flow_control = undefined}), + gen_fsm:reply(From, Msg); +send_reply({flow_control, From, Msg}) -> + gen_fsm:reply(From, Msg). + +disconnect_fun(_, undefined) -> + ok; +disconnect_fun(Reason, Opts) -> + case proplists:get_value(disconnectfun, Opts) of + undefined -> + ok; + Fun -> + catch Fun(Reason) + end. + +check_cache(#state{opts = Opts} = State, Cache) -> + %% Check the number of entries in Cache + case proplists:get_value(size, ets:info(Cache)) of + 0 -> + case proplists:get_value(idle_time, Opts, infinity) of + infinity -> + State; + Time -> + handle_idle_timer(Time, State) + end; + _ -> + State + end. + +handle_idle_timer(Time, #state{idle_timer_ref = undefined} = State) -> + TimerRef = erlang:send_after(Time, self(), {'EXIT', [], "Timeout"}), + State#state{idle_timer_ref=TimerRef}; +handle_idle_timer(_, State) -> + State. + +remove_timer_ref(State) -> + case State#state.idle_timer_ref of + infinity -> %% If the timer is not activated + State; + undefined -> %% If we already has cancelled the timer + State; + TimerRef -> %% Timer is active + erlang:cancel_timer(TimerRef), + State#state{idle_timer_ref = undefined} + end. + +socket_control(Socket, Pid, Transport) -> + case Transport:controlling_process(Socket, Pid) of + ok -> + send_event(Pid, socket_control); + {error, Reason} -> + {error, Reason} + end. + +handshake(Pid, Ref, Timeout) -> + receive + ssh_connected -> + erlang:demonitor(Ref), + {ok, Pid}; + {Pid, not_connected, Reason} -> + {error, Reason}; + {Pid, user_password} -> + Pass = io:get_password(), + Pid ! Pass, + handshake(Pid, Ref, Timeout); + {Pid, question} -> + Answer = io:get_line(""), + Pid ! Answer, + handshake(Pid, Ref, Timeout); + {'DOWN', _, process, Pid, {shutdown, Reason}} -> + {error, Reason}; + {'DOWN', _, process, Pid, Reason} -> + {error, Reason} + after Timeout -> + stop(Pid), + {error, Timeout} + end. + +start_timeout(_,_, infinity) -> + ok; +start_timeout(Channel, From, Time) -> + erlang:send_after(Time, self(), {timeout, {Channel, From}}). diff --git a/lib/ssh/src/ssh_connection_manager.erl b/lib/ssh/src/ssh_connection_manager.erl deleted file mode 100644 index fb57a790fe..0000000000 --- a/lib/ssh/src/ssh_connection_manager.erl +++ /dev/null @@ -1,914 +0,0 @@ -%% -%% %CopyrightBegin% -%% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. -%% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. -%% -%% %CopyrightEnd% -%% -%% -%%---------------------------------------------------------------------- -%% Purpose: Handles multiplexing to ssh channels and global connection -%% requests e.i. the SSH Connection Protocol (RFC 4254), that provides -%% interactive login sessions, remote execution of commands, forwarded -%% TCP/IP connections, and forwarded X11 connections. Details of the -%% protocol is implemented in ssh_connection.erl -%% ---------------------------------------------------------------------- --module(ssh_connection_manager). - --behaviour(gen_server). - --include("ssh.hrl"). --include("ssh_connect.hrl"). --include("ssh_transport.hrl"). - --export([start_link/1]). - --export([info/1, info/2, - renegotiate/1, connection_info/2, channel_info/3, - peer_addr/1, send_window/3, recv_window/3, adjust_window/3, - close/2, stop/1, send/5, - send_eof/2]). - --export([open_channel/6, reply_request/3, request/6, request/7, global_request/4, event/2, event/3, cast/2]). - -%% Internal application API and spawn --export([send_msg/1, ssh_channel_info_handler/3]). - -%% gen_server callbacks --export([init/1, handle_call/3, handle_cast/2, handle_info/2, - terminate/2, code_change/3]). - --define(DBG_MESSAGE, true). - --record(state, - { - role, - client, - starter, - connection, % pid() - connection_state, % #connection{} - latest_channel_id = 0, - opts, - channel_args, - idle_timer_ref, % timerref - connected - }). - -%%==================================================================== -%% Internal application API -%%==================================================================== - -start_link(Opts) -> - gen_server:start_link(?MODULE, Opts, []). - -open_channel(ConnectionManager, ChannelType, ChannelSpecificData, - InitialWindowSize, MaxPacketSize, Timeout) -> - case (catch call(ConnectionManager, {open, self(), ChannelType, - InitialWindowSize, - MaxPacketSize, ChannelSpecificData}, - Timeout)) of - {open, Channel} -> - {ok, Channel}; - Error -> - %% TODO: Best way? - Error - end. - -request(ConnectionManager, ChannelPid, ChannelId, Type, true, Data, Timeout) -> - call(ConnectionManager, {request, ChannelPid, ChannelId, Type, Data}, Timeout); -request(ConnectionManager, ChannelPid, ChannelId, Type, false, Data, _) -> - cast(ConnectionManager, {request, ChannelPid, ChannelId, Type, Data}). - -request(ConnectionManager, ChannelId, Type, true, Data, Timeout) -> - call(ConnectionManager, {request, ChannelId, Type, Data}, Timeout); -request(ConnectionManager, ChannelId, Type, false, Data, _) -> - cast(ConnectionManager, {request, ChannelId, Type, Data}). - -reply_request(ConnectionManager, Status, ChannelId) -> - cast(ConnectionManager, {reply_request, Status, ChannelId}). - -global_request(ConnectionManager, Type, true = Reply, Data) -> - case call(ConnectionManager, - {global_request, self(), Type, Reply, Data}) of - {ssh_cm, ConnectionManager, {success, _}} -> - ok; - {ssh_cm, ConnectionManager, {failure, _}} -> - error - end; - -global_request(ConnectionManager, Type, false = Reply, Data) -> - cast(ConnectionManager, {global_request, self(), Type, Reply, Data}). - -event(ConnectionManager, BinMsg, ErrorMsg) -> - call(ConnectionManager, {ssh_msg, self(), BinMsg, ErrorMsg}). -event(ConnectionManager, BinMsg) -> - call(ConnectionManager, {ssh_msg, self(), BinMsg}). -info(ConnectionManager) -> - info(ConnectionManager, {info, all}). - -info(ConnectionManager, ChannelProcess) -> - call(ConnectionManager, {info, ChannelProcess}). - -%% TODO: Do we really want this function? Should not -%% renegotiation be triggered by configurable timer -%% or amount of data sent counter! -renegotiate(ConnectionManager) -> - cast(ConnectionManager, renegotiate). -renegotiate_data(ConnectionManager) -> - cast(ConnectionManager, renegotiate_data). -connection_info(ConnectionManager, Options) -> - call(ConnectionManager, {connection_info, Options}). - -channel_info(ConnectionManager, ChannelId, Options) -> - call(ConnectionManager, {channel_info, ChannelId, Options}). - -%% Replaced by option peer to connection_info/2 keep for now -%% for Backwards compatibility! -peer_addr(ConnectionManager) -> - call(ConnectionManager, {peer_addr, self()}). - -%% Backwards compatibility! -send_window(ConnectionManager, Channel, TimeOut) -> - call(ConnectionManager, {send_window, Channel}, TimeOut). -%% Backwards compatibility! -recv_window(ConnectionManager, Channel, TimeOut) -> - call(ConnectionManager, {recv_window, Channel}, TimeOut). - -adjust_window(ConnectionManager, Channel, Bytes) -> - cast(ConnectionManager, {adjust_window, Channel, Bytes}). - -close(ConnectionManager, ChannelId) -> - case call(ConnectionManager, {close, ChannelId}) of - ok -> - ok; - {error, channel_closed} -> - ok - end. - -stop(ConnectionManager) -> - case call(ConnectionManager, stop) of - ok -> - ok; - {error, channel_closed} -> - ok - end. - -send(ConnectionManager, ChannelId, Type, Data, Timeout) -> - call(ConnectionManager, {data, ChannelId, Type, Data}, Timeout). - -send_eof(ConnectionManager, ChannelId) -> - call(ConnectionManager, {eof, ChannelId}). - -%%==================================================================== -%% gen_server callbacks -%%==================================================================== - -%%-------------------------------------------------------------------- -%% Function: init(Args) -> {ok, State} | -%% {ok, State, Timeout} | -%% ignore | -%% {stop, Reason} -%% Description: Initiates the server -%%-------------------------------------------------------------------- -init([server, _Socket, Opts]) -> - process_flag(trap_exit, true), - Cache = ssh_channel:cache_create(), - {ok, #state{role = server, - connection_state = #connection{channel_cache = Cache, - channel_id_seed = 0, - port_bindings = [], - requests = []}, - opts = Opts, - connected = false}}; - -init([client, Opts]) -> - process_flag(trap_exit, true), - {links, [Parent]} = process_info(self(), links), - Cache = ssh_channel:cache_create(), - Address = proplists:get_value(address, Opts), - Port = proplists:get_value(port, Opts), - SocketOpts = proplists:get_value(socket_opts, Opts), - Options = proplists:get_value(ssh_opts, Opts), - ChannelPid = proplists:get_value(channel_pid, Opts), - self() ! - {start_connection, client, [Parent, Address, Port, SocketOpts, Options]}, - TimerRef = get_idle_time(Options), - - {ok, #state{role = client, - client = ChannelPid, - connection_state = #connection{channel_cache = Cache, - channel_id_seed = 0, - port_bindings = [], - connection_supervisor = Parent, - requests = []}, - opts = Opts, - idle_timer_ref = TimerRef, - connected = false}}. - -%%-------------------------------------------------------------------- -%% Function: %% handle_call(Request, From, State) -> {reply, Reply, State} | -%% {reply, Reply, State, Timeout} | -%% {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, Reply, State} | -%% {stop, Reason, State} -%% Description: Handling call messages -%%-------------------------------------------------------------------- -handle_call({request, ChannelPid, ChannelId, Type, Data}, From, State0) -> - {{replies, Replies}, State} = handle_request(ChannelPid, - ChannelId, Type, Data, - true, From, State0), - %% Sends message to the connection handler process, reply to - %% channel is sent later when reply arrives from the connection - %% handler. - lists:foreach(fun send_msg/1, Replies), - SshOpts = proplists:get_value(ssh_opts, State0#state.opts), - case proplists:get_value(idle_time, SshOpts) of - infinity -> - ok; - _IdleTime -> - erlang:send_after(5000, self(), {check_cache, [], []}) - end, - {noreply, State}; - -handle_call({request, ChannelId, Type, Data}, From, State0) -> - {{replies, Replies}, State} = handle_request(ChannelId, Type, Data, - true, From, State0), - %% Sends message to the connection handler process, reply to - %% channel is sent later when reply arrives from the connection - %% handler. - lists:foreach(fun send_msg/1, Replies), - {noreply, State}; - -%% Message from ssh_connection_handler -handle_call({ssh_msg, Pid, Msg}, From, - #state{connection_state = Connection0, - role = Role, opts = Opts, connected = IsConnected, - client = ClientPid} - = State) -> - - %% To avoid that not all data sent by the other side is processes before - %% possible crash in ssh_connection_handler takes down the connection. - gen_server:reply(From, ok), - ConnectionMsg = decode_ssh_msg(Msg), - try ssh_connection:handle_msg(ConnectionMsg, Connection0, Pid, Role) of - {{replies, Replies}, Connection} -> - lists:foreach(fun send_msg/1, Replies), - {noreply, State#state{connection_state = Connection}}; - {noreply, Connection} -> - {noreply, State#state{connection_state = Connection}}; - {disconnect, {_, Reason}, {{replies, Replies}, Connection}} - when Role == client andalso (not IsConnected) -> - lists:foreach(fun send_msg/1, Replies), - ClientPid ! {self(), not_connected, Reason}, - {stop, {shutdown, normal}, State#state{connection = Connection}}; - {disconnect, Reason, {{replies, Replies}, Connection}} -> - lists:foreach(fun send_msg/1, Replies), - SSHOpts = proplists:get_value(ssh_opts, Opts), - disconnect_fun(Reason, SSHOpts), - {stop, {shutdown, normal}, State#state{connection_state = Connection}} - catch - _:Error -> - {disconnect, Reason, {{replies, Replies}, Connection}} = - ssh_connection:handle_msg( - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, - description = "Internal error", - language = "en"}, Connection0, undefined, - Role), - lists:foreach(fun send_msg/1, Replies), - SSHOpts = proplists:get_value(ssh_opts, Opts), - disconnect_fun(Reason, SSHOpts), - {stop, {shutdown, Error}, State#state{connection_state = Connection}} - end; -handle_call({ssh_msg, Pid, Msg, ErrorMsg}, From, - #state{connection_state = Connection0, - role = Role, opts = Opts, connected = IsConnected, - client = ClientPid} - = State) -> - - %% To avoid that not all data sent by the other side is processes before - %% possible crash in ssh_connection_handler takes down the connection. - gen_server:reply(From, ok), - ConnectionMsg = decode_ssh_msg(Msg), - try ssh_connection:handle_msg(ConnectionMsg, Connection0, Pid, Role) of - {{replies, Replies}, Connection} -> - lists:foreach(fun send_msg/1, Replies), - {noreply, State#state{connection_state = Connection}}; - {noreply, Connection} -> - {noreply, State#state{connection_state = Connection}}; - {disconnect, {_, Reason}, {{replies, Replies}, Connection}} - when Role == client andalso (not IsConnected) -> - lists:foreach(fun send_msg/1, Replies), - ClientPid ! {self(), not_connected, {Reason, ErrorMsg}}, - {stop, {shutdown, normal}, State#state{connection = Connection}}; - {disconnect, Reason, {{replies, Replies}, Connection}} -> - lists:foreach(fun send_msg/1, Replies), - SSHOpts = proplists:get_value(ssh_opts, Opts), - disconnect_fun(Reason, SSHOpts), - {stop, {shutdown, normal}, State#state{connection_state = Connection}} - catch - _:Error -> - {disconnect, Reason, {{replies, Replies}, Connection}} = - ssh_connection:handle_msg( - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, - description = "Internal error", - language = "en"}, Connection0, undefined, - Role), - lists:foreach(fun send_msg/1, Replies), - SSHOpts = proplists:get_value(ssh_opts, Opts), - disconnect_fun(Reason, SSHOpts), - {stop, {shutdown, Error}, State#state{connection_state = Connection}} - end; -handle_call({global_request, Pid, _, _, _} = Request, From, - #state{connection_state = - #connection{channel_cache = Cache}} = State0) -> - State1 = handle_global_request(Request, State0), - Channel = ssh_channel:cache_find(Pid, Cache), - State = add_request(true, Channel#channel.local_id, From, State1), - {noreply, State}; - -handle_call({data, ChannelId, Type, Data}, From, - #state{connection_state = #connection{channel_cache = _Cache} - = Connection0, - connection = ConnectionPid} = State) -> - channel_data(ChannelId, Type, Data, Connection0, ConnectionPid, From, - State); - -handle_call({eof, ChannelId}, _From, - #state{connection = Pid, connection_state = - #connection{channel_cache = Cache}} = State) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{remote_id = Id, sent_close = false} -> - send_msg({connection_reply, Pid, - ssh_connection:channel_eof_msg(Id)}), - {reply, ok, State}; - _ -> - {reply, {error,closed}, State} - end; - -handle_call({connection_info, Options}, From, - #state{connection = Connection} = State) -> - ssh_connection_handler:connection_info(Connection, From, Options), - %% Reply will be sent by the connection handler by calling - %% ssh_connection_handler:send_msg/1. - {noreply, State}; - -handle_call({channel_info, ChannelId, Options}, From, - #state{connection_state = #connection{channel_cache = Cache}} = State) -> - - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{} = Channel -> - spawn(?MODULE, ssh_channel_info_handler, [Options, Channel, From]), - {noreply, State}; - undefined -> - {reply, []} - end; - -handle_call({info, ChannelPid}, _From, - #state{connection_state = - #connection{channel_cache = Cache}} = State) -> - Result = ssh_channel:cache_foldl( - fun(Channel, Acc) when ChannelPid == all; - Channel#channel.user == ChannelPid -> - [Channel | Acc]; - (_, Acc) -> - Acc - end, [], Cache), - {reply, {ok, Result}, State}; - -handle_call({open, ChannelPid, Type, InitialWindowSize, MaxPacketSize, Data}, - From, #state{connection = Pid, - connection_state = - #connection{channel_cache = Cache}} = State0) -> - erlang:monitor(process, ChannelPid), - {ChannelId, State1} = new_channel_id(State0), - Msg = ssh_connection:channel_open_msg(Type, ChannelId, - InitialWindowSize, - MaxPacketSize, Data), - send_msg({connection_reply, Pid, Msg}), - Channel = #channel{type = Type, - sys = "none", - user = ChannelPid, - local_id = ChannelId, - recv_window_size = InitialWindowSize, - recv_packet_size = MaxPacketSize}, - ssh_channel:cache_update(Cache, Channel), - State = add_request(true, ChannelId, From, State1), - {noreply, remove_timer_ref(State)}; - -handle_call({send_window, ChannelId}, _From, - #state{connection_state = - #connection{channel_cache = Cache}} = State) -> - Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{send_window_size = WinSize, - send_packet_size = Packsize} -> - {ok, {WinSize, Packsize}}; - undefined -> - {error, einval} - end, - {reply, Reply, State}; - -handle_call({recv_window, ChannelId}, _From, - #state{connection_state = #connection{channel_cache = Cache}} - = State) -> - - Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{recv_window_size = WinSize, - recv_packet_size = Packsize} -> - {ok, {WinSize, Packsize}}; - undefined -> - {error, einval} - end, - {reply, Reply, State}; - -%% Replaced by option peer to connection_info/2 keep for now -%% for Backwards compatibility! -handle_call({peer_addr, _ChannelId}, _From, - #state{connection = Pid} = State) -> - Reply = ssh_connection_handler:peer_address(Pid), - {reply, Reply, State}; - -handle_call(opts, _, #state{opts = Opts} = State) -> - {reply, Opts, State}; - -handle_call({close, ChannelId}, _, - #state{connection = Pid, connection_state = - #connection{channel_cache = Cache}} = State) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{remote_id = Id} = Channel -> - send_msg({connection_reply, Pid, - ssh_connection:channel_close_msg(Id)}), - ssh_channel:cache_update(Cache, Channel#channel{sent_close = true}), - SshOpts = proplists:get_value(ssh_opts, State#state.opts), - case proplists:get_value(idle_time, SshOpts) of - infinity -> - ok; - _IdleTime -> - erlang:send_after(5000, self(), {check_cache, [], []}) - end, - {reply, ok, State}; - undefined -> - {reply, ok, State} - end; - -handle_call(stop, _, #state{connection_state = Connection0, - role = Role, - opts = Opts} = State) -> - {disconnect, Reason, {{replies, Replies}, Connection}} = - ssh_connection:handle_msg(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, - description = "User closed down connection", - language = "en"}, Connection0, undefined, - Role), - lists:foreach(fun send_msg/1, Replies), - SSHOpts = proplists:get_value(ssh_opts, Opts), - disconnect_fun(Reason, SSHOpts), - {stop, normal, ok, State#state{connection_state = Connection}}; - -%% API violation make it the violaters problem -%% by ignoring it. The violating process will get -%% a timeout or hang. -handle_call(_, _, State) -> - {noreply, State}. - -%%-------------------------------------------------------------------- -%% Function: handle_cast(Msg, State) -> {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, State} -%% Description: Handling cast messages -%%-------------------------------------------------------------------- -handle_cast({request, ChannelPid, ChannelId, Type, Data}, State0) -> - {{replies, Replies}, State} = handle_request(ChannelPid, ChannelId, - Type, Data, - false, none, State0), - lists:foreach(fun send_msg/1, Replies), - {noreply, State}; - -handle_cast({request, ChannelId, Type, Data}, State0) -> - {{replies, Replies}, State} = handle_request(ChannelId, Type, Data, - false, none, State0), - lists:foreach(fun send_msg/1, Replies), - {noreply, State}; - -handle_cast({reply_request, Status, ChannelId}, #state{connection_state = - #connection{channel_cache = Cache}} = State0) -> - State = case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{remote_id = RemoteId} -> - cm_message({Status, RemoteId}, State0); - undefined -> - State0 - end, - {noreply, State}; - -handle_cast({global_request, _, _, _, _} = Request, State0) -> - State = handle_global_request(Request, State0), - {noreply, State}; - -handle_cast(renegotiate, #state{connection = Pid} = State) -> - ssh_connection_handler:renegotiate(Pid), - {noreply, State}; -handle_cast(renegotiate_data, #state{connection = Pid} = State) -> - ssh_connection_handler:renegotiate_data(Pid), - {noreply, State}; -handle_cast({adjust_window, ChannelId, Bytes}, - #state{connection = Pid, connection_state = - #connection{channel_cache = Cache}} = State) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{recv_window_size = WinSize, remote_id = Id} = Channel -> - ssh_channel:cache_update(Cache, Channel#channel{recv_window_size = - WinSize + Bytes}), - Msg = ssh_connection:channel_adjust_window_msg(Id, Bytes), - send_msg({connection_reply, Pid, Msg}); - undefined -> - ignore - end, - {noreply, State}; - -handle_cast({success, ChannelId}, #state{connection = Pid} = State) -> - Msg = ssh_connection:channel_success_msg(ChannelId), - send_msg({connection_reply, Pid, Msg}), - {noreply, State}; - -handle_cast({failure, ChannelId}, #state{connection = Pid} = State) -> - Msg = ssh_connection:channel_failure_msg(ChannelId), - send_msg({connection_reply, Pid, Msg}), - {noreply, State}. - -%%-------------------------------------------------------------------- -%% Function: handle_info(Info, State) -> {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, State} -%% Description: Handling all non call/cast messages -%%-------------------------------------------------------------------- -handle_info({start_connection, server, - [Address, Port, Socket, Options, SubSysSup]}, - #state{connection_state = CState} = State) -> - {ok, Connection} = ssh_transport:accept(Address, Port, Socket, Options), - Shell = proplists:get_value(shell, Options), - Exec = proplists:get_value(exec, Options), - CliSpec = proplists:get_value(ssh_cli, Options, {ssh_cli, [Shell]}), - ssh_connection_handler:send_event(Connection, socket_control), - erlang:send_after(60000, self(), rekey_data), - {noreply, State#state{connection = Connection, - connection_state = - CState#connection{address = Address, - port = Port, - cli_spec = CliSpec, - options = Options, - exec = Exec, - sub_system_supervisor = SubSysSup - }}}; - -handle_info({start_connection, client, - [Parent, Address, Port, SocketOpts, Options]}, - #state{client = Pid} = State) -> - case (catch ssh_transport:connect(Parent, Address, - Port, SocketOpts, Options)) of - {ok, Connection} -> - erlang:send_after(60000, self(), rekey_data), - erlang:send_after(3600000, self(), rekey), - {noreply, State#state{connection = Connection}}; - Reason -> - Pid ! {self(), not_connected, Reason}, - {stop, {shutdown, normal}, State} - end; -handle_info({check_cache, _ , _}, - #state{connection_state = - #connection{channel_cache = Cache}} = State) -> - {noreply, check_cache(State, Cache)}; -handle_info({ssh_cm, _Sender, Msg}, State0) -> - %% Backwards compatibility! - State = cm_message(Msg, State0), - {noreply, State}; - -%% Nop backwards compatibility -handle_info({same_user, _}, State) -> - {noreply, State}; - -handle_info(ssh_connected, #state{role = client, client = Pid} - = State) -> - Pid ! {self(), is_connected}, - {noreply, State#state{connected = true, opts = handle_password(State#state.opts)}}; - -handle_info(ssh_connected, #state{role = server} = State) -> - {noreply, State#state{connected = true}}; - -%%% Handle that ssh channels user process goes down -handle_info({'DOWN', _Ref, process, ChannelPid, _Reason}, State) -> - handle_down(handle_channel_down(ChannelPid, State)); - -%%% So that terminate will be run when supervisor is shutdown -handle_info({'EXIT', _Sup, Reason}, State) -> - {stop, Reason, State}; -handle_info(rekey, State) -> - renegotiate(self()), - erlang:send_after(3600000, self(), rekey), - {noreply, State}; -handle_info(rekey_data, State) -> - renegotiate_data(self()), - erlang:send_after(60000, self(), rekey_data), - {noreply, State}. -handle_password(Opts) -> - handle_rsa_password(handle_dsa_password(handle_normal_password(Opts))). -handle_normal_password(Opts) -> - case proplists:get_value(ssh_opts, Opts, false) of - false -> - Opts; - SshOpts -> - case proplists:get_value(password, SshOpts, false) of - false -> - Opts; - _Password -> - NewOpts = [{password, undefined}|lists:keydelete(password, 1, SshOpts)], - [{ssh_opts, NewOpts}|lists:keydelete(ssh_opts, 1, Opts)] - end - end. -handle_dsa_password(Opts) -> - case proplists:get_value(ssh_opts, Opts, false) of - false -> - Opts; - SshOpts -> - case proplists:get_value(dsa_pass_phrase, SshOpts, false) of - false -> - Opts; - _Password -> - NewOpts = [{dsa_pass_phrase, undefined}|lists:keydelete(dsa_pass_phrase, 1, SshOpts)], - [{ssh_opts, NewOpts}|lists:keydelete(ssh_opts, 1, Opts)] - end - end. -handle_rsa_password(Opts) -> - case proplists:get_value(ssh_opts, Opts, false) of - false -> - Opts; - SshOpts -> - case proplists:get_value(rsa_pass_phrase, SshOpts, false) of - false -> - Opts; - _Password -> - NewOpts = [{rsa_pass_phrase, undefined}|lists:keydelete(rsa_pass_phrase, 1, SshOpts)], - [{ssh_opts, NewOpts}|lists:keydelete(ssh_opts, 1, Opts)] - end - end. -%%-------------------------------------------------------------------- -%% Function: terminate(Reason, State) -> void() -%% Description: This function is called by a gen_server when it is about to -%% terminate. It should be the opposite of Module:init/1 and do any necessary -%% cleaning up. When it returns, the gen_server terminates with Reason. -%% The return value is ignored. -%%-------------------------------------------------------------------- -terminate(_Reason, #state{role = client, - connection_state = - #connection{connection_supervisor = Supervisor}}) -> - sshc_sup:stop_child(Supervisor); - -terminate(_Reason, #state{role = server, - connection_state = - #connection{sub_system_supervisor = SubSysSup}, - opts = Opts}) -> - Address = proplists:get_value(address, Opts), - Port = proplists:get_value(port, Opts), - SystemSup = ssh_system_sup:system_supervisor(Address, Port), - ssh_system_sup:stop_subsystem(SystemSup, SubSysSup). - -%%-------------------------------------------------------------------- -%% Func: code_change(OldVsn, State, Extra) -> {ok, NewState} -%% Description: Convert process state when code is changed -%%-------------------------------------------------------------------- -code_change(_OldVsn, State, _Extra) -> - {ok, State}. - -%%-------------------------------------------------------------------- -%%% Internal functions -%%-------------------------------------------------------------------- -get_idle_time(SshOptions) -> - case proplists:get_value(idle_time, SshOptions) of - infinity -> - infinity; - _IdleTime -> %% We dont want to set the timeout on first connect - undefined - end. -check_cache(State, Cache) -> - %% Check the number of entries in Cache - case proplists:get_value(size, ets:info(Cache)) of - 0 -> - Opts = proplists:get_value(ssh_opts, State#state.opts), - case proplists:get_value(idle_time, Opts) of - infinity -> - State; - undefined -> - State; - Time -> - case State#state.idle_timer_ref of - undefined -> - TimerRef = erlang:send_after(Time, self(), {'EXIT', [], "Timeout"}), - State#state{idle_timer_ref=TimerRef}; - _ -> - State - end - end; - _ -> - State - end. -remove_timer_ref(State) -> - case State#state.idle_timer_ref of - infinity -> %% If the timer is not activated - State; - undefined -> %% If we already has cancelled the timer - State; - TimerRef -> %% Timer is active - erlang:cancel_timer(TimerRef), - State#state{idle_timer_ref = undefined} - end. -channel_data(Id, Type, Data, Connection0, ConnectionPid, From, State) -> - case ssh_connection:channel_data(Id, Type, Data, Connection0, - ConnectionPid, From) of - {{replies, Replies}, Connection} -> - lists:foreach(fun send_msg/1, Replies), - {noreply, State#state{connection_state = Connection}}; - {noreply, Connection} -> - {noreply, State#state{connection_state = Connection}} - end. - -call(Pid, Msg) -> - call(Pid, Msg, infinity). -call(Pid, Msg, Timeout) -> - try gen_server:call(Pid, Msg, Timeout) of - Result -> - Result - catch - exit:{timeout, _} -> - {error, timeout}; - exit:{normal, _} -> - {error, channel_closed}; - exit:{{shutdown, _}, _} -> - {error, channel_closed}; - exit:{noproc,_} -> - {error, channel_closed} - end. - -cast(Pid, Msg) -> - gen_server:cast(Pid, Msg). - -decode_ssh_msg(BinMsg) when is_binary(BinMsg)-> - ssh_message:decode(BinMsg); -decode_ssh_msg(Msg) -> - Msg. - - -send_msg(Msg) -> - catch do_send_msg(Msg). -do_send_msg({channel_data, Pid, Data}) -> - Pid ! {ssh_cm, self(), Data}; -do_send_msg({channel_requst_reply, From, Data}) -> - gen_server:reply(From, Data); -do_send_msg({connection_reply, Pid, Data}) -> - Msg = ssh_message:encode(Data), - ssh_connection_handler:send(Pid, Msg); -do_send_msg({flow_control, Cache, Channel, From, Msg}) -> - ssh_channel:cache_update(Cache, Channel#channel{flow_control = undefined}), - gen_server:reply(From, Msg); -do_send_msg({flow_control, From, Msg}) -> - gen_server:reply(From, Msg). - -handle_request(ChannelPid, ChannelId, Type, Data, WantReply, From, - #state{connection = Pid, - connection_state = - #connection{channel_cache = Cache}} = State0) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{remote_id = Id} = Channel -> - update_sys(Cache, Channel, Type, ChannelPid), - Msg = ssh_connection:channel_request_msg(Id, Type, - WantReply, Data), - Replies = [{connection_reply, Pid, Msg}], - State = add_request(WantReply, ChannelId, From, State0), - {{replies, Replies}, State}; - undefined -> - {{replies, []}, State0} - end. - -handle_request(ChannelId, Type, Data, WantReply, From, - #state{connection = Pid, - connection_state = - #connection{channel_cache = Cache}} = State0) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{remote_id = Id} -> - Msg = ssh_connection:channel_request_msg(Id, Type, - WantReply, Data), - Replies = [{connection_reply, Pid, Msg}], - State = add_request(WantReply, ChannelId, From, State0), - {{replies, Replies}, State}; - undefined -> - {{replies, []}, State0} - end. - -handle_down({{replies, Replies}, State}) -> - lists:foreach(fun send_msg/1, Replies), - {noreply, State}. - -handle_channel_down(ChannelPid, #state{connection_state = - #connection{channel_cache = Cache}} = - State) -> - ssh_channel:cache_foldl( - fun(Channel, Acc) when Channel#channel.user == ChannelPid -> - ssh_channel:cache_delete(Cache, - Channel#channel.local_id), - Acc; - (_,Acc) -> - Acc - end, [], Cache), - {{replies, []}, check_cache(State, Cache)}. - -update_sys(Cache, Channel, Type, ChannelPid) -> - ssh_channel:cache_update(Cache, - Channel#channel{sys = Type, user = ChannelPid}). - -add_request(false, _ChannelId, _From, State) -> - State; -add_request(true, ChannelId, From, #state{connection_state = - #connection{requests = Requests0} = - Connection} = State) -> - Requests = [{ChannelId, From} | Requests0], - State#state{connection_state = Connection#connection{requests = Requests}}. - -new_channel_id(#state{connection_state = #connection{channel_id_seed = Id} = - Connection} - = State) -> - {Id, State#state{connection_state = - Connection#connection{channel_id_seed = Id + 1}}}. - -handle_global_request({global_request, ChannelPid, - "tcpip-forward" = Type, WantReply, - <> = Data}, - #state{connection = ConnectionPid, - connection_state = - #connection{channel_cache = Cache} - = Connection0} = State) -> - ssh_channel:cache_update(Cache, #channel{user = ChannelPid, - type = "forwarded-tcpip", - sys = none}), - Connection = ssh_connection:bind(IP, Port, ChannelPid, Connection0), - Msg = ssh_connection:global_request_msg(Type, WantReply, Data), - send_msg({connection_reply, ConnectionPid, Msg}), - State#state{connection_state = Connection}; - -handle_global_request({global_request, _Pid, "cancel-tcpip-forward" = Type, - WantReply, <> = Data}, - #state{connection = Pid, - connection_state = Connection0} = State) -> - Connection = ssh_connection:unbind(IP, Port, Connection0), - Msg = ssh_connection:global_request_msg(Type, WantReply, Data), - send_msg({connection_reply, Pid, Msg}), - State#state{connection_state = Connection}; - -handle_global_request({global_request, _Pid, "cancel-tcpip-forward" = Type, - WantReply, Data}, #state{connection = Pid} = State) -> - Msg = ssh_connection:global_request_msg(Type, WantReply, Data), - send_msg({connection_reply, Pid, Msg}), - State. - -cm_message(Msg, State) -> - {noreply, NewState} = handle_cast(Msg, State), - NewState. - -disconnect_fun(Reason, Opts) -> - case proplists:get_value(disconnectfun, Opts) of - undefined -> - ok; - Fun -> - catch Fun(Reason) - end. - -ssh_channel_info_handler(Options, Channel, From) -> - Info = ssh_channel_info(Options, Channel, []), - send_msg({channel_requst_reply, From, Info}). - -ssh_channel_info([], _, Acc) -> - Acc; - -ssh_channel_info([recv_window | Rest], #channel{recv_window_size = WinSize, - recv_packet_size = Packsize - } = Channel, Acc) -> - ssh_channel_info(Rest, Channel, [{recv_window, {{win_size, WinSize}, - {packet_size, Packsize}}} | Acc]); -ssh_channel_info([send_window | Rest], #channel{send_window_size = WinSize, - send_packet_size = Packsize - } = Channel, Acc) -> - ssh_channel_info(Rest, Channel, [{send_window, {{win_size, WinSize}, - {packet_size, Packsize}}} | Acc]); -ssh_channel_info([ _ | Rest], Channel, Acc) -> - ssh_channel_info(Rest, Channel, Acc). - - - diff --git a/lib/ssh/src/ssh_connection_sup.erl b/lib/ssh/src/ssh_connection_sup.erl index b620056310..c5abc8f23b 100644 --- a/lib/ssh/src/ssh_connection_sup.erl +++ b/lib/ssh/src/ssh_connection_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -25,8 +25,9 @@ -behaviour(supervisor). --export([start_link/1, start_handler_child/2, start_manager_child/2, - connection_manager/1]). +%% API +-export([start_link/1]). +-export([start_child/2]). %% Supervisor callback -export([init/1]). @@ -37,83 +38,23 @@ start_link(Args) -> supervisor:start_link(?MODULE, [Args]). -%% Will be called from the manager child process -start_handler_child(Sup, Args) -> - [Spec] = child_specs(handler, Args), - supervisor:start_child(Sup, Spec). - -%% Will be called from the acceptor process -start_manager_child(Sup, Args) -> - [Spec] = child_specs(manager, Args), - supervisor:start_child(Sup, Spec). - -connection_manager(SupPid) -> - try supervisor:which_children(SupPid) of - Children -> - {ok, ssh_connection_manager(Children)} - catch exit:{noproc,_} -> - {ok, undefined} - end. +start_child(Sup, Args) -> + supervisor:start_child(Sup, Args). %%%========================================================================= %%% Supervisor callback %%%========================================================================= -init([Args]) -> - RestartStrategy = one_for_all, +init(_) -> + RestartStrategy = simple_one_for_one, MaxR = 0, MaxT = 3600, - Children = child_specs(Args), - {ok, {{RestartStrategy, MaxR, MaxT}, Children}}. - -%%%========================================================================= -%%% Internal functions -%%%========================================================================= -child_specs(Opts) -> - case proplists:get_value(role, Opts) of - client -> - child_specs(manager, [client | Opts]); - server -> - %% Children started by acceptor process - [] - end. - -% The manager process starts the handler process -child_specs(manager, Opts) -> - [manager_spec(Opts)]; -child_specs(handler, Opts) -> - [handler_spec(Opts)]. - -manager_spec([server = Role, Socket, Opts]) -> - Name = make_ref(), - StartFunc = {ssh_connection_manager, start_link, [[Role, Socket, Opts]]}, - Restart = temporary, - Shutdown = 3600, - Modules = [ssh_connection_manager], - Type = worker, - {Name, StartFunc, Restart, Shutdown, Type, Modules}; - -manager_spec([client = Role | Opts]) -> - Name = make_ref(), - StartFunc = {ssh_connection_manager, start_link, [[Role, Opts]]}, - Restart = temporary, - Shutdown = 3600, - Modules = [ssh_connection_manager], - Type = worker, - {Name, StartFunc, Restart, Shutdown, Type, Modules}. -handler_spec([Role, Socket, Opts]) -> - Name = make_ref(), - StartFunc = {ssh_connection_handler, - start_link, [Role, self(), Socket, Opts]}, - Restart = temporary, - Shutdown = 3600, + Name = undefined, % As simple_one_for_one is used. + StartFunc = {ssh_connection_handler, start_link, []}, + Restart = temporary, % E.g. should not be restarted + Shutdown = 4000, Modules = [ssh_connection_handler], Type = worker, - {Name, StartFunc, Restart, Shutdown, Type, Modules}. -ssh_connection_manager([]) -> - undefined; -ssh_connection_manager([{_, Child, _, [ssh_connection_manager]} | _]) -> - Child; -ssh_connection_manager([_ | Rest]) -> - ssh_connection_manager(Rest). + ChildSpec = {Name, StartFunc, Restart, Shutdown, Type, Modules}, + {ok, {{RestartStrategy, MaxR, MaxT}, [ChildSpec]}}. diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index dc4943ace4..7bd0375521 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -29,7 +29,7 @@ -include("ssh_auth.hrl"). -include("ssh_transport.hrl"). --export([encode/1, decode/1, encode_host_key/1]). +-export([encode/1, decode/1, encode_host_key/1, decode_keyboard_interactive_prompts/2]). encode(#ssh_msg_global_request{ name = Name, @@ -238,6 +238,9 @@ encode(#ssh_msg_kex_dh_gex_group{p = Prime, g = Generator}) -> ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_GROUP, Prime, Generator], [byte, mpint, mpint]); +encode(#ssh_msg_kex_dh_gex_init{e = Public}) -> + ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_INIT, Public], [byte, mpint]); + encode(#ssh_msg_kex_dh_gex_reply{ %% Will be private key encode_host_key extracts only the public part! public_host_key = Key, @@ -468,6 +471,13 @@ decode(<>, Acc) -> + lists:reverse(Acc); +decode_keyboard_interactive_prompts(<>, + Acc) -> + decode_keyboard_interactive_prompts(Bin, [{Prompt, erl_boolean(Bool)} | Acc]). + erl_boolean(0) -> false; erl_boolean(1) -> diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl index 3d469d3c6e..174ca0126b 100644 --- a/lib/ssh/src/ssh_sftpd.erl +++ b/lib/ssh/src/ssh_sftpd.erl @@ -76,7 +76,7 @@ listen(Addr, Port, Options) -> %% Description: Stops the listener %%-------------------------------------------------------------------- stop(Pid) -> - ssh_cli:stop(Pid). + ssh:stop_listener(Pid). %%% DEPRECATED END %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% diff --git a/lib/ssh/src/ssh_subsystem_sup.erl b/lib/ssh/src/ssh_subsystem_sup.erl index cd6defd535..e8855b09ac 100644 --- a/lib/ssh/src/ssh_subsystem_sup.erl +++ b/lib/ssh/src/ssh_subsystem_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -25,7 +25,9 @@ -behaviour(supervisor). --export([start_link/1, connection_supervisor/1, channel_supervisor/1 +-export([start_link/1, + connection_supervisor/1, + channel_supervisor/1 ]). %% Supervisor callback @@ -61,9 +63,9 @@ init([Opts]) -> child_specs(Opts) -> case proplists:get_value(role, Opts) of client -> - [ssh_connectinon_child_spec(Opts)]; + []; server -> - [ssh_connectinon_child_spec(Opts), ssh_channel_child_spec(Opts)] + [ssh_channel_child_spec(Opts), ssh_connectinon_child_spec(Opts)] end. ssh_connectinon_child_spec(Opts) -> @@ -72,9 +74,9 @@ ssh_connectinon_child_spec(Opts) -> Role = proplists:get_value(role, Opts), Name = id(Role, ssh_connection_sup, Address, Port), StartFunc = {ssh_connection_sup, start_link, [Opts]}, - Restart = transient, + Restart = temporary, Shutdown = 5000, - Modules = [ssh_connection_sup], + Modules = [ssh_connection_sup], Type = supervisor, {Name, StartFunc, Restart, Shutdown, Type, Modules}. @@ -84,7 +86,7 @@ ssh_channel_child_spec(Opts) -> Role = proplists:get_value(role, Opts), Name = id(Role, ssh_channel_sup, Address, Port), StartFunc = {ssh_channel_sup, start_link, [Opts]}, - Restart = transient, + Restart = temporary, Shutdown = infinity, Modules = [ssh_channel_sup], Type = supervisor, diff --git a/lib/ssh/src/ssh_system_sup.erl b/lib/ssh/src/ssh_system_sup.erl index 36daf3b1ac..158a829eb0 100644 --- a/lib/ssh/src/ssh_system_sup.erl +++ b/lib/ssh/src/ssh_system_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -40,7 +40,7 @@ -export([init/1]). %%%========================================================================= -%%% API +%%% Internal API %%%========================================================================= start_link(ServerOpts) -> Address = proplists:get_value(address, ServerOpts), @@ -146,7 +146,7 @@ ssh_acceptor_child_spec(ServerOpts) -> ssh_subsystem_child_spec(ServerOpts) -> Name = make_ref(), StartFunc = {ssh_subsystem_sup, start_link, [ServerOpts]}, - Restart = transient, + Restart = temporary, Shutdown = infinity, Modules = [ssh_subsystem_sup], Type = supervisor, diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 45292ca6f0..27723dc870 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -29,7 +29,6 @@ -include("ssh_transport.hrl"). -include("ssh.hrl"). --export([connect/5, accept/4]). -export([versions/2, hello_version_msg/1]). -export([next_seqnum/1, decrypt_first_block/2, decrypt_blocks/3, is_valid_mac/3, @@ -78,52 +77,6 @@ is_valid_mac(Mac, Data, #ssh{recv_mac = Algorithm, yes_no(Ssh, Prompt) -> (Ssh#ssh.io_cb):yes_no(Prompt, Ssh). -connect(ConnectionSup, Address, Port, SocketOpts, Opts) -> - Timeout = proplists:get_value(connect_timeout, Opts, infinity), - {_, Callback, _} = - proplists:get_value(transport, Opts, {tcp, gen_tcp, tcp_closed}), - case do_connect(Callback, Address, Port, SocketOpts, Timeout) of - {ok, Socket} -> - {ok, Pid} = - ssh_connection_sup:start_handler_child(ConnectionSup, - [client, Socket, - [{address, Address}, - {port, Port} | - Opts]]), - Callback:controlling_process(Socket, Pid), - ssh_connection_handler:send_event(Pid, socket_control), - {ok, Pid}; - {error, Reason} -> - {error, Reason} - end. - -do_connect(Callback, Address, Port, SocketOpts, Timeout) -> - Opts = [{active, false} | SocketOpts], - case Callback:connect(Address, Port, Opts, Timeout) of - {error, nxdomain} -> - Callback:connect(Address, Port, lists:delete(inet6, Opts), Timeout); - {error, eafnosupport} -> - Callback:connect(Address, Port, lists:delete(inet6, Opts), Timeout); - {error, enetunreach} -> - Callback:connect(Address, Port, lists:delete(inet6, Opts), Timeout); - Other -> - Other - end. - -accept(Address, Port, Socket, Options) -> - {_, Callback, _} = - proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), - ConnectionSup = - ssh_system_sup:connection_supervisor( - ssh_system_sup:system_supervisor(Address, Port)), - {ok, Pid} = - ssh_connection_sup:start_handler_child(ConnectionSup, - [server, Socket, - [{address, Address}, - {port, Port} | Options]]), - Callback:controlling_process(Socket, Pid), - {ok, Pid}. - format_version({Major,Minor}) -> "SSH-" ++ integer_to_list(Major) ++ "." ++ integer_to_list(Minor) ++ "-Erlang". diff --git a/lib/ssh/src/ssh_xfer.erl b/lib/ssh/src/ssh_xfer.erl index b299868d41..e18e18a9a9 100644 --- a/lib/ssh/src/ssh_xfer.erl +++ b/lib/ssh/src/ssh_xfer.erl @@ -267,7 +267,7 @@ xf_request(XF, Op, Arg) -> list_to_binary(Arg) end, Size = 1+size(Data), - ssh_connection:send(CM, Channel, <>). + ssh_connection:send(CM, Channel, [<>]). xf_send_reply(#ssh_xfer{cm = CM, channel = Channel}, Op, Arg) -> Data = if @@ -277,7 +277,7 @@ xf_send_reply(#ssh_xfer{cm = CM, channel = Channel}, Op, Arg) -> list_to_binary(Arg) end, Size = 1 + size(Data), - ssh_connection:send(CM, Channel, <>). + ssh_connection:send(CM, Channel, [<>]). xf_send_name(XF, ReqId, Name, Attr) -> xf_send_names(XF, ReqId, [{Name, Attr}]). diff --git a/lib/ssh/src/sshc_sup.erl b/lib/ssh/src/sshc_sup.erl index 1d2779de23..e6b4b681a4 100644 --- a/lib/ssh/src/sshc_sup.erl +++ b/lib/ssh/src/sshc_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -61,9 +61,9 @@ init(Args) -> %%%========================================================================= child_spec(_) -> Name = undefined, % As simple_one_for_one is used. - StartFunc = {ssh_connection_sup, start_link, []}, + StartFunc = {ssh_connection_handler, start_link, []}, Restart = temporary, Shutdown = infinity, - Modules = [ssh_connection_sup], + Modules = [ssh_connection_handler], Type = supervisor, {Name, StartFunc, Restart, Shutdown, Type, Modules}. diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index e8f1d5213c..813031eab2 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -255,7 +255,7 @@ idle_time(Config) -> ssh_connection:close(ConnectionRef, Id), receive after 10000 -> - {error,channel_closed} = ssh_connection:session_channel(ConnectionRef, 1000) + {error, closed} = ssh_connection:session_channel(ConnectionRef, 1000) end, ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- @@ -448,10 +448,11 @@ internal_error(Config) when is_list(Config) -> {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, UserDir}, {failfun, fun ssh_test_lib:failfun/2}]), - {error,"Internal error"} = + {error,Error} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, {user_dir, UserDir}, {user_interaction, false}]), + check_error(Error), ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- @@ -564,6 +565,15 @@ openssh_zlib_basic_test(Config) -> %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- +%% Due to timing the error message may or may not be delivered to +%% the "tcp-application" before the socket closed message is recived +check_error("Internal error") -> + ok; +check_error("Connection Lost") -> + ok; +check_error(Error) -> + ct:fail(Error). + basic_test(Config) -> ClientOpts = ?config(client_opts, Config), ServerOpts = ?config(server_opts, Config), -- cgit v1.2.3 From ec86d38d997333bee63c10141da63b68ae1686fc Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 11 Nov 2013 09:52:01 +0100 Subject: ssh: Enhance error handling --- lib/ssh/src/ssh_no_io.erl | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_no_io.erl b/lib/ssh/src/ssh_no_io.erl index 2c8dd92ee2..9f83506cdd 100644 --- a/lib/ssh/src/ssh_no_io.erl +++ b/lib/ssh/src/ssh_no_io.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2010. All Rights Reserved. +%% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -22,18 +22,31 @@ %%% Description: ssh_io replacement that throws on everything -module(ssh_no_io). +-include("ssh_transport.hrl"). -export([yes_no/1, read_password/1, read_line/1, format/2]). yes_no(_Prompt) -> - throw({no_io_allowed, yes_no}). + throw({{no_io_allowed, yes_no}, + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "User interaction is not allowed", + language = "en"}}). read_password(_Prompt) -> - throw({no_io_allowed, read_password}). + throw({{no_io_allowed, read_password}, + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "User interaction is not allowed", + language = "en"}}). read_line(_Prompt) -> - throw({no_io_allowed, read_line}). + throw({{no_io_allowed, read_line}, + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "User interaction is not allowed", + language = "en"}} ). format(_Fmt, _Args) -> - throw({no_io_allowed, format}). + throw({{no_io_allowed, format}, + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "User interaction is not allowed", + language = "en"}}). -- cgit v1.2.3 From dc87366c3e46dffbebe30e04bacc3d1ec299a0f2 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 4 Nov 2013 14:38:42 +0100 Subject: ssh: Eliminate test case failure due to timing issues in test case code --- lib/ssh/test/ssh_connection_SUITE.erl | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 6c781e0e91..f4f0682b40 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -73,6 +73,9 @@ end_per_group(_, Config) -> %%-------------------------------------------------------------------- init_per_testcase(_TestCase, Config) -> + %% To make sure we start clean as it is not certain that + %% end_per_testcase will be run! + ssh:stop(), ssh:start(), Config. @@ -91,7 +94,6 @@ simple_exec(Config) when is_list(Config) -> {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), success = ssh_connection:exec(ConnectionRef, ChannelId0, "echo testing", infinity), - %% receive response to input receive {ssh_cm, ConnectionRef, {data, ChannelId0, 0, <<"testing\n">>}} -> @@ -146,7 +148,6 @@ small_cat(Config) when is_list(Config) -> {ssh_cm, ConnectionRef,{closed, ChannelId0}} -> ok end. - %%-------------------------------------------------------------------- big_cat() -> [{doc,"Use 'cat' to echo large data block back to us."}]. @@ -204,37 +205,33 @@ send_after_exit(Config) when is_list(Config) -> ConnectionRef = ssh_test_lib:connect(?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, {user_interaction, false}]), {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), + Data = <<"I like spaghetti squash">>, %% Shell command "false" will exit immediately success = ssh_connection:exec(ConnectionRef, ChannelId0, "false", infinity), - - timer:sleep(2000), %% Allow incoming eof/close/exit_status ssh messages to be processed - - Data = <<"I like spaghetti squash">>, - case ssh_connection:send(ConnectionRef, ChannelId0, Data, 2000) of - {error, closed} -> ok; - ok -> - ct:fail({expected,{error,closed}}); - {error, timeout} -> - ct:fail({expected,{error,closed}}); - Else -> - ct:fail(Else) - end, - - %% receive close messages receive {ssh_cm, ConnectionRef, {eof, ChannelId0}} -> ok end, receive - {ssh_cm, ConnectionRef, {exit_status, ChannelId0, _}} -> + {ssh_cm, ConnectionRef, {exit_status, ChannelId0, _ExitStatus}} -> ok end, receive {ssh_cm, ConnectionRef,{closed, ChannelId0}} -> ok + end, + case ssh_connection:send(ConnectionRef, ChannelId0, Data, 2000) of + {error, closed} -> ok; + ok -> + ct:fail({expected,{error,closed}, {got, ok}}); + {error, timeout} -> + ct:fail({expected,{error,closed}, {got, {error, timeout}}}); + Else -> + ct:fail(Else) end. + %%-------------------------------------------------------------------- interrupted_send() -> [{doc, "Use a subsystem that echos n char and then sends eof to cause a channel exit partway through a large send."}]. -- cgit v1.2.3 From 24f37acef3e7e33576bcd071569a94de980b6544 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 5 Nov 2013 09:36:26 +0100 Subject: ssh: Make inet option configurable and remove ipv6_disabled option --- lib/ssh/doc/src/ssh.xml | 8 -------- lib/ssh/src/ssh.erl | 27 ++++++--------------------- 2 files changed, 6 insertions(+), 29 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 896b98edc2..b338241685 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -181,10 +181,6 @@

Allow an existing file descriptor to be used (simply passed on to the transport protocol).

 - - -

Determines if SSH shall use IPv6 or not.

-

Provide, in bytes, when rekeying should be initiated, @@ -313,10 +309,6 @@

Allow an existing file-descriptor to be used (simply passed on to the transport protocol).

 - - -

Determines if SSH shall use IPv6 or not (only used when - HostAddress is set to any).

Provide a fun() to implement your own logging when a user fails to authenticate.

diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 9cf10e7a3a..b922a8446b 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -73,10 +73,9 @@ connect(Host, Port, Options, Timeout) -> {error, _Reason} = Error -> Error; {SocketOptions, SshOptions} -> - DisableIpv6 = proplists:get_value(ipv6_disabled, SshOptions, false), {_, Transport, _} = TransportOpts = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), - Inet = inetopt(DisableIpv6), + Inet = proplists:get_value(inet, SshOptions, inet), try Transport:connect(Host, Port, [ {active, false}, Inet | SocketOptions], Timeout) of {ok, Socket} -> Opts = [{user_pid, self()}, {host, Host} | fix_idle_time(SshOptions)], @@ -136,11 +135,11 @@ daemon(HostAddr, Port, Options0) -> _ -> Options0 end, - DisableIpv6 = proplists:get_value(ipv6_disabled, Options0, false), + {Host, Inet, Options} = case HostAddr of any -> {ok, Host0} = inet:gethostname(), - {Host0, inetopt(DisableIpv6), Options1}; + {Host0, proplists:get_value(inet, Options1, inet), Options1}; {_,_,_,_} -> {HostAddr, inet, [{ip, HostAddr} | Options1]}; @@ -415,7 +414,7 @@ handle_ssh_option({failfun, Value} = Opt) when is_function(Value) -> Opt; handle_ssh_option({ipv6_disabled, Value} = Opt) when is_boolean(Value) -> - Opt; + throw({error, {{ipv6_disabled, Opt}, option_no_longer_valid_use_inet_option_instead}}); handle_ssh_option({transport, {Protocol, Cb, ClosTag}} = Opt) when is_atom(Protocol), is_atom(Cb), is_atom(ClosTag) -> @@ -442,10 +441,8 @@ handle_inet_option({active, _} = Opt) -> throw({error, {{eoptions, Opt}, "Ssh has built in flow control, " "and activ is handled internaly user is not allowd" "to specify this option"}}); -handle_inet_option({inet, _} = Opt) -> - throw({error, {{eoptions, Opt},"Is set internaly use ipv6_disabled to" - " enforce iv4 in the server, client will fallback to ipv4 if" - " it can not use ipv6"}}); +handle_inet_option({inet, Value} = Opt) when (Value == inet) or (Value == inet6) -> + Opt; handle_inet_option({reuseaddr, _} = Opt) -> throw({error, {{eoptions, Opt},"Is set internaly user is not allowd" "to specify this option"}}); @@ -468,15 +465,3 @@ handle_pref_algs([H|T], Acc) -> _ -> false end. -%% Has IPv6 been disabled? -inetopt(true) -> - inet; -inetopt(false) -> - case gen_tcp:listen(0, [inet6]) of - {ok, Dummyport} -> - gen_tcp:close(Dummyport), - inet6; - _ -> - inet - end. - -- cgit v1.2.3 From 422ed9ecd9c95c25964381b7ca2888a0320a8ee4 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 6 Nov 2013 10:54:02 +0100 Subject: ssh: Simplify handling of connection attributes (e.i. user and sockname) OTP-11296 --- lib/ssh/doc/src/ssh.xml | 34 +------ lib/ssh/src/Makefile | 1 - lib/ssh/src/ssh.app.src | 1 - lib/ssh/src/ssh.erl | 22 ---- lib/ssh/src/ssh_cli.erl | 80 ++++++++------- lib/ssh/src/ssh_connection_handler.erl | 15 ++- lib/ssh/src/ssh_sup.erl | 15 +-- lib/ssh/src/ssh_userreg.erl | 141 -------------------------- lib/ssh/test/ssh_basic_SUITE.erl | 14 ++- lib/ssh/test/ssh_peername_sockname_server.erl | 8 +- 10 files changed, 68 insertions(+), 263 deletions(-) delete mode 100644 lib/ssh/src/ssh_userreg.erl (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index b338241685..3409681af4 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -198,8 +198,11 @@ Value}] Retrieves information about a connection. - Option = client_version | server_version | peer - Value = term() + Option = client_version | server_version | user | peer | sockname + Value = [option_value()] + option_value() = {{Major::integer(), Minor::integer()}, VersionString::string()} | User::string() | + Peer::{inet:hostname(), {inet::ip_adress(), inet::port_number()}} | + Sockname::{inet::ip_adress(), inet::port_number()} ()

Retrieves information about a connection. @@ -325,19 +328,6 @@ - - peername(ConnectionRef) -> {ok, {Address,Port}} | {error,Error} - - - ConnectionRef = ssh_connection_ref() - Address = ip_address() - Port = integer() - - -

Returns the address and port for the other end of a connection. -

- - shell(Host) -> @@ -358,20 +348,6 @@ - - sockname(ConnectionRef) -> {ok, {Address,Port}} | {error,Error} - - - ConnectionRef = ssh_connection_ref() - Address = ip_address() - Port = integer() - - -

Returns the local address and port number for a connection. -

- - - start() -> start(Type) -> ok | {error, Reason} diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile index caca355955..2ef2859fd7 100644 --- a/lib/ssh/src/Makefile +++ b/lib/ssh/src/Makefile @@ -72,7 +72,6 @@ MODULES= \ ssh_sftpd \ ssh_sftpd_file\ ssh_transport \ - ssh_userreg \ ssh_xfer PUBLIC_HRL_FILES= ssh.hrl ssh_userauth.hrl ssh_xfer.hrl diff --git a/lib/ssh/src/ssh.app.src b/lib/ssh/src/ssh.app.src index 9740b67dca..74d7293be0 100644 --- a/lib/ssh/src/ssh.app.src +++ b/lib/ssh/src/ssh.app.src @@ -34,7 +34,6 @@ ssh_sup, ssh_system_sup, ssh_transport, - ssh_userreg, ssh_xfer]}, {registered, []}, {applications, [kernel, stdlib, crypto, public_key]}, diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index b922a8446b..4e78c4e65a 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -28,8 +28,6 @@ -export([start/0, start/1, stop/0, connect/3, connect/4, close/1, connection_info/2, channel_info/3, daemon/1, daemon/2, daemon/3, - peername/1, - sockname/1, stop_listener/1, stop_listener/2, stop_daemon/1, stop_daemon/2, shell/1, shell/2, shell/3]). @@ -208,26 +206,6 @@ shell(Host, Port, Options) -> Error end. -%%-------------------------------------------------------------------- --spec peername(pid()) -> {ok, {inet:ip_address(), integer()}} | {error, term()}. -%% -%% Description: Returns the peer address of the connection -%%-------------------------------------------------------------------- -peername(ConnectionRef) -> - [{peer, {_Name,{IP,Port}}}] = - ssh_connection_handler:connection_info(ConnectionRef, [peer]), - {ok, {IP,Port}}. - -%%-------------------------------------------------------------------- --spec sockname(pid()) -> {ok, {inet:ip_address(), integer()}} | {error, term()}. -%% -%% Description: Returns the local address of the connection -%%-------------------------------------------------------------------- -sockname(ConnectionRef) -> - [{sockname, Result}] = - ssh_connection_handler:connection_info(ConnectionRef, [sockname]), - Result. - %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl index 69a4d0b247..5cb1e133d3 100644 --- a/lib/ssh/src/ssh_cli.erl +++ b/lib/ssh/src/ssh_cli.erl @@ -62,14 +62,14 @@ init([Shell]) -> %% %% Description: Handles channel messages received on the ssh-connection. %%-------------------------------------------------------------------- -handle_ssh_msg({ssh_cm, _ConnectionManager, +handle_ssh_msg({ssh_cm, _ConnectionHandler, {data, _ChannelId, _Type, Data}}, #state{group = Group} = State) -> List = binary_to_list(Data), to_group(List, Group), {ok, State}; -handle_ssh_msg({ssh_cm, ConnectionManager, +handle_ssh_msg({ssh_cm, ConnectionHandler, {pty, ChannelId, WantReply, {TermName, Width, Height, PixWidth, PixHeight, Modes}}}, State0) -> @@ -82,53 +82,53 @@ handle_ssh_msg({ssh_cm, ConnectionManager, modes = Modes}, buf = empty_buf()}, set_echo(State), - ssh_connection:reply_request(ConnectionManager, WantReply, + ssh_connection:reply_request(ConnectionHandler, WantReply, success, ChannelId), {ok, State}; -handle_ssh_msg({ssh_cm, ConnectionManager, +handle_ssh_msg({ssh_cm, ConnectionHandler, {env, ChannelId, WantReply, _Var, _Value}}, State) -> - ssh_connection:reply_request(ConnectionManager, + ssh_connection:reply_request(ConnectionHandler, WantReply, failure, ChannelId), {ok, State}; -handle_ssh_msg({ssh_cm, ConnectionManager, +handle_ssh_msg({ssh_cm, ConnectionHandler, {window_change, ChannelId, Width, Height, PixWidth, PixHeight}}, #state{buf = Buf, pty = Pty0} = State) -> Pty = Pty0#ssh_pty{width = Width, height = Height, pixel_width = PixWidth, pixel_height = PixHeight}, {Chars, NewBuf} = io_request({window_change, Pty0}, Buf, Pty), - write_chars(ConnectionManager, ChannelId, Chars), + write_chars(ConnectionHandler, ChannelId, Chars), {ok, State#state{pty = Pty, buf = NewBuf}}; -handle_ssh_msg({ssh_cm, ConnectionManager, +handle_ssh_msg({ssh_cm, ConnectionHandler, {shell, ChannelId, WantReply}}, State) -> - NewState = start_shell(ConnectionManager, State), - ssh_connection:reply_request(ConnectionManager, WantReply, + NewState = start_shell(ConnectionHandler, State), + ssh_connection:reply_request(ConnectionHandler, WantReply, success, ChannelId), {ok, NewState#state{channel = ChannelId, - cm = ConnectionManager}}; + cm = ConnectionHandler}}; -handle_ssh_msg({ssh_cm, ConnectionManager, +handle_ssh_msg({ssh_cm, ConnectionHandler, {exec, ChannelId, WantReply, Cmd}}, #state{exec=undefined} = State) -> {Reply, Status} = exec(Cmd), - write_chars(ConnectionManager, + write_chars(ConnectionHandler, ChannelId, io_lib:format("~p\n", [Reply])), - ssh_connection:reply_request(ConnectionManager, WantReply, + ssh_connection:reply_request(ConnectionHandler, WantReply, success, ChannelId), - ssh_connection:exit_status(ConnectionManager, ChannelId, Status), - ssh_connection:send_eof(ConnectionManager, ChannelId), - {stop, ChannelId, State#state{channel = ChannelId, cm = ConnectionManager}}; -handle_ssh_msg({ssh_cm, ConnectionManager, + ssh_connection:exit_status(ConnectionHandler, ChannelId, Status), + ssh_connection:send_eof(ConnectionHandler, ChannelId), + {stop, ChannelId, State#state{channel = ChannelId, cm = ConnectionHandler}}; +handle_ssh_msg({ssh_cm, ConnectionHandler, {exec, ChannelId, WantReply, Cmd}}, State) -> - NewState = start_shell(ConnectionManager, Cmd, State), - ssh_connection:reply_request(ConnectionManager, WantReply, + NewState = start_shell(ConnectionHandler, Cmd, State), + ssh_connection:reply_request(ConnectionHandler, WantReply, success, ChannelId), {ok, NewState#state{channel = ChannelId, - cm = ConnectionManager}}; + cm = ConnectionHandler}}; -handle_ssh_msg({ssh_cm, _ConnectionManager, {eof, _ChannelId}}, State) -> +handle_ssh_msg({ssh_cm, _ConnectionHandler, {eof, _ChannelId}}, State) -> {ok, State}; handle_ssh_msg({ssh_cm, _, {signal, _, _}}, State) -> @@ -156,16 +156,16 @@ handle_ssh_msg({ssh_cm, _, {exit_status, ChannelId, Status}}, State) -> %% %% Description: Handles other channel messages. %%-------------------------------------------------------------------- -handle_msg({ssh_channel_up, ChannelId, ConnectionManager}, +handle_msg({ssh_channel_up, ChannelId, ConnectionHandler}, #state{channel = ChannelId, - cm = ConnectionManager} = State) -> + cm = ConnectionHandler} = State) -> {ok, State}; handle_msg({Group, Req}, #state{group = Group, buf = Buf, pty = Pty, - cm = ConnectionManager, + cm = ConnectionHandler, channel = ChannelId} = State) -> {Chars, NewBuf} = io_request(Req, Buf, Pty), - write_chars(ConnectionManager, ChannelId, Chars), + write_chars(ConnectionHandler, ChannelId, Chars), {ok, State#state{buf = NewBuf}}; handle_msg({'EXIT', Group, _Reason}, #state{group = Group, @@ -396,12 +396,12 @@ move_cursor(From, To, #ssh_pty{width=Width, term=Type}) -> %% %%% write out characters %% %%% make sure that there is data to send %% %%% before calling ssh_connection:send -write_chars(ConnectionManager, ChannelId, Chars) -> +write_chars(ConnectionHandler, ChannelId, Chars) -> case erlang:iolist_size(Chars) of 0 -> ok; _ -> - ssh_connection:send(ConnectionManager, ChannelId, + ssh_connection:send(ConnectionHandler, ChannelId, ?SSH_EXTENDED_DATA_DEFAULT, Chars) end. @@ -431,19 +431,20 @@ bin_to_list(L) when is_list(L) -> bin_to_list(I) when is_integer(I) -> I. -start_shell(ConnectionManager, State) -> +start_shell(ConnectionHandler, State) -> Shell = State#state.shell, + ConnectionInfo = ssh_connection_handler:info(ConnectionHandler, + [peer, user]), ShellFun = case is_function(Shell) of true -> {ok, User} = - ssh_userreg:lookup_user(ConnectionManager), + proplists:get_value(user, ConnectionInfo), case erlang:fun_info(Shell, arity) of {arity, 1} -> fun() -> Shell(User) end; {arity, 2} -> - [{ok, PeerAddr}] = - ssh_connection_handler:info(ConnectionManager, - [peer]), + [{_, PeerAddr}] = + proplists:get_value(peer, ConnectionInfo), fun() -> Shell(User, PeerAddr) end; _ -> Shell @@ -455,12 +456,15 @@ start_shell(ConnectionManager, State) -> Group = group:start(self(), ShellFun, [{echo, Echo}]), State#state{group = Group, buf = empty_buf()}. -start_shell(_ConnectionManager, Cmd, #state{exec={M, F, A}} = State) -> +start_shell(_ConnectionHandler, Cmd, #state{exec={M, F, A}} = State) -> Group = group:start(self(), {M, F, A++[Cmd]}, [{echo, false}]), State#state{group = Group, buf = empty_buf()}; -start_shell(ConnectionManager, Cmd, #state{exec=Shell} = State) when is_function(Shell) -> +start_shell(ConnectionHandler, Cmd, #state{exec=Shell} = State) when is_function(Shell) -> + + ConnectionInfo = ssh_connection_handler:info(ConnectionHandler, + [peer, user]), {ok, User} = - ssh_userreg:lookup_user(ConnectionManager), + proplists:get_value(user, ConnectionInfo), ShellFun = case erlang:fun_info(Shell, arity) of {arity, 1} -> @@ -468,8 +472,8 @@ start_shell(ConnectionManager, Cmd, #state{exec=Shell} = State) when is_function {arity, 2} -> fun() -> Shell(Cmd, User) end; {arity, 3} -> - [{ok, PeerAddr}] = - ssh_connection_handler:connection_info(ConnectionManager, [peer]), + [{_, PeerAddr}] = + proplists:get_value(peer, ConnectionInfo), fun() -> Shell(Cmd, User, PeerAddr) end; _ -> Shell diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 6bff27b860..753569e442 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -54,6 +54,7 @@ role, client, starter, + auth_user, connection_state, latest_channel_id = 0, idle_timer_ref, @@ -402,7 +403,7 @@ userauth(#ssh_msg_service_accept{name = "ssh-userauth"}, State) -> {Msg, Ssh} = ssh_auth:init_userauth_request_msg(Ssh0), send_msg(Msg, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; + {next_state, userauth, next_packet(State#state{auth_user = Ssh#ssh.user, ssh_params = Ssh})}; userauth(#ssh_msg_userauth_request{service = "ssh-connection", method = "none"} = Msg, @@ -423,11 +424,10 @@ userauth(#ssh_msg_userauth_request{service = "ssh-connection", case ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of {authorized, User, {Reply, Ssh}} -> send_msg(Reply, State), - ssh_userreg:register_user(User, Pid), Pid ! ssh_connected, connected_fun(User, Address, Method, Opts), {next_state, connected, - next_packet(State#state{ssh_params = Ssh})}; + next_packet(State#state{auth_user = User, ssh_params = Ssh})}; {not_authorized, {User, Reason}, {Reply, Ssh}} -> retry_fun(User, Reason, Opts), send_msg(Reply, State), @@ -898,7 +898,6 @@ terminate(normal, _, #state{transport_cb = Transport, connection_state = Connection, socket = Socket}) -> terminate_subsytem(Connection), - (catch ssh_userreg:delete_user(self())), (catch Transport:close(Socket)), ok; @@ -1428,13 +1427,13 @@ ssh_info([client_version | Rest], #state{ssh_params = #ssh{c_vsn = IntVsn, ssh_info([server_version | Rest], #state{ssh_params =#ssh{s_vsn = IntVsn, s_version = StringVsn}} = State, Acc) -> ssh_info(Rest, State, [{server_version, {IntVsn, StringVsn}} | Acc]); - ssh_info([peer | Rest], #state{ssh_params = #ssh{peer = Peer}} = State, Acc) -> ssh_info(Rest, State, [{peer, Peer} | Acc]); - ssh_info([sockname | Rest], #state{socket = Socket} = State, Acc) -> - ssh_info(Rest, State, [{sockname,inet:sockname(Socket)}|Acc]); - + {ok, SockName} = inet:sockname(Socket), + ssh_info(Rest, State, [{sockname, SockName}|Acc]); +ssh_info([user | Rest], #state{auth_user = User} = State, Acc) -> + ssh_info(Rest, State, [{user, User}|Acc]); ssh_info([ _ | Rest], State, Acc) -> ssh_info(Rest, State, Acc). diff --git a/lib/ssh/src/ssh_sup.erl b/lib/ssh/src/ssh_sup.erl index f307d1f833..6d2b9c107d 100644 --- a/lib/ssh/src/ssh_sup.erl +++ b/lib/ssh/src/ssh_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2010. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -51,8 +51,7 @@ children() -> Clients = [Service || Service <- Services, is_client(Service)], Servers = [Service || Service <- Services, is_server(Service)], - [server_child_spec(Servers), client_child_spec(Clients), - ssh_userauth_reg_spec()]. + [server_child_spec(Servers), client_child_spec(Clients)]. server_child_spec(Servers) -> Name = sshd_sup, @@ -72,16 +71,6 @@ client_child_spec(Clients) -> Type = supervisor, {Name, StartFunc, Restart, Shutdown, Type, Modules}. -ssh_userauth_reg_spec() -> - Name = ssh_userreg, - StartFunc = {ssh_userreg, start_link, []}, - Restart = transient, - Shutdown = 5000, - Modules = [ssh_userreg], - Type = worker, - {Name, StartFunc, Restart, Shutdown, Type, Modules}. - - is_server({sftpd, _}) -> true; is_server({shelld, _}) -> diff --git a/lib/ssh/src/ssh_userreg.erl b/lib/ssh/src/ssh_userreg.erl deleted file mode 100644 index f901461aea..0000000000 --- a/lib/ssh/src/ssh_userreg.erl +++ /dev/null @@ -1,141 +0,0 @@ -%% -%% %CopyrightBegin% -%% -%% Copyright Ericsson AB 2008-2011. All Rights Reserved. -%% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. -%% -%% %CopyrightEnd% -%% - -%% -%% Description: User register for ssh_cli - --module(ssh_userreg). - --behaviour(gen_server). - -%% API --export([start_link/0, - register_user/2, - lookup_user/1, - delete_user/1]). - -%% gen_server callbacks --export([init/1, - handle_call/3, - handle_cast/2, - handle_info/2, - terminate/2, - code_change/3]). - --record(state, {user_db = []}). - -%%==================================================================== -%% API -%%==================================================================== -%%-------------------------------------------------------------------- -%% Function: start_link() -> {ok,Pid} | ignore | {error,Error} -%% Description: Starts the server -%%-------------------------------------------------------------------- -start_link() -> - gen_server:start_link({local, ?MODULE}, ?MODULE, [], []). - -register_user(User, Cm) -> - gen_server:cast(?MODULE, {register, {User, Cm}}). - -delete_user(Cm) -> - gen_server:cast(?MODULE, {delete, Cm}). - -lookup_user(Cm) -> - gen_server:call(?MODULE, {get_user, Cm}, infinity). - -%%==================================================================== -%% gen_server callbacks -%%==================================================================== - -%%-------------------------------------------------------------------- -%% Function: init(Args) -> {ok, State} | -%% {ok, State, Timeout} | -%% ignore | -%% {stop, Reason} -%% Description: Initiates the server -%%-------------------------------------------------------------------- -init([]) -> - {ok, #state{}}. - -%%-------------------------------------------------------------------- -%% Function: %% handle_call(Request, From, State) -> {reply, Reply, State} | -%% {reply, Reply, State, Timeout} | -%% {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, Reply, State} | -%% {stop, Reason, State} -%% Description: Handling call messages -%%-------------------------------------------------------------------- -handle_call({get_user, Cm}, _From, #state{user_db = Db} = State) -> - User = lookup(Cm, Db), - {reply, {ok, User}, State}. - -%%-------------------------------------------------------------------- -%% Function: handle_cast(Msg, State) -> {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, State} -%% Description: Handling cast messages -%%-------------------------------------------------------------------- -handle_cast({register, UserCm}, State) -> - {noreply, insert(UserCm, State)}; -handle_cast({delete, UserCm}, State) -> - {noreply, delete(UserCm, State)}. - -%%-------------------------------------------------------------------- -%% Function: handle_info(Info, State) -> {noreply, State} | -%% {noreply, State, Timeout} | -%% {stop, Reason, State} -%% Description: Handling all non call/cast messages -%%-------------------------------------------------------------------- -handle_info(_Info, State) -> - {noreply, State}. - -%%-------------------------------------------------------------------- -%% Function: terminate(Reason, State) -> void() -%% Description: This function is called by a gen_server when it is about to -%% terminate. It should be the opposite of Module:init/1 and do any necessary -%% cleaning up. When it returns, the gen_server terminates with Reason. -%% The return value is ignored. -%%-------------------------------------------------------------------- -terminate(_Reason, _State) -> - ok. - -%%-------------------------------------------------------------------- -%% Func: code_change(OldVsn, State, Extra) -> {ok, NewState} -%% Description: Convert process state when code is changed -%%-------------------------------------------------------------------- -code_change(_OldVsn, State, _Extra) -> - {ok, State}. - -%%-------------------------------------------------------------------- -%%% Internal functions -%%-------------------------------------------------------------------- -insert({User, Cm}, #state{user_db = Db} = State) -> - State#state{user_db = [{User, Cm} | Db]}. - -delete(Cm, #state{user_db = Db} = State) -> - State#state{user_db = lists:keydelete(Cm, 2, Db)}. - -lookup(_, []) -> - undefined; -lookup(Cm, [{User, Cm} | _Rest]) -> - User; -lookup(Cm, [_ | Rest]) -> - lookup(Cm, Rest). - diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 813031eab2..b9745dda9c 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -478,7 +478,7 @@ send(Config) when is_list(Config) -> %%-------------------------------------------------------------------- peername_sockname() -> - [{doc, "Test ssh:peername/1 and ssh:sockname/1"}]. + [{doc, "Test ssh:connection_info([peername, sockname])"}]. peername_sockname(Config) when is_list(Config) -> process_flag(trap_exit, true), SystemDir = filename:join(?config(priv_dir, Config), system), @@ -496,13 +496,17 @@ peername_sockname(Config) when is_list(Config) -> {user_interaction, false}]), {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), success = ssh_connection:subsystem(ConnectionRef, ChannelId, "peername_sockname", infinity), - {ok,{HostPeerClient,PortPeerClient}} = ssh:peername(ConnectionRef), - {ok,{HostSockClient,PortSockClient}} = ssh:sockname(ConnectionRef), + [{peer, {_Name, {HostPeerClient,PortPeerClient} = ClientPeer}}] = + ssh:connection_info(ConnectionRef, [peer]), + [{sockname, {HostSockClient,PortSockClient} = ClientSock}] = + ssh:connection_info(ConnectionRef, [sockname]), + ct:pal("Client: ~p ~p", [ClientPeer, ClientSock]), receive {ssh_cm, ConnectionRef, {data, ChannelId, _, Response}} -> {PeerNameSrv,SockNameSrv} = binary_to_term(Response), - {ok,{HostPeerSrv,PortPeerSrv}} = PeerNameSrv, - {ok,{HostSockSrv,PortSockSrv}} = SockNameSrv, + {HostPeerSrv,PortPeerSrv} = PeerNameSrv, + {HostSockSrv,PortSockSrv} = SockNameSrv, + ct:pal("Server: ~p ~p", [PeerNameSrv, SockNameSrv]), host_equal(HostPeerSrv, HostSockClient), PortPeerSrv = PortSockClient, host_equal(HostSockSrv, HostPeerClient), diff --git a/lib/ssh/test/ssh_peername_sockname_server.erl b/lib/ssh/test/ssh_peername_sockname_server.erl index 7664f3ee25..bc505695d3 100644 --- a/lib/ssh/test/ssh_peername_sockname_server.erl +++ b/lib/ssh/test/ssh_peername_sockname_server.erl @@ -34,12 +34,10 @@ init([]) -> {ok, #state{}}. handle_msg({ssh_channel_up, ChannelId, ConnectionManager}, State) -> + [{peer, {_Name, Peer}}] = ssh:connection_info(ConnectionManager, [peer]), + [{sockname, Sock}] = ssh:connection_info(ConnectionManager, [sockname]), ssh_connection:send(ConnectionManager, ChannelId, - term_to_binary( - {catch ssh:peername(ConnectionManager), - catch ssh:sockname(ConnectionManager) - }) - ), + term_to_binary({Peer, Sock})), {ok, State}. handle_ssh_msg({ssh_cm, _, {exit_signal, ChannelId, _, _Error, _}}, -- cgit v1.2.3 From e6631f5a8bbf3218eaed1e973bfb42aa40902667 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 11 Nov 2013 09:54:29 +0100 Subject: ssh: Add option to disallow CLI OTP-10976 --- lib/ssh/doc/src/ssh.xml | 7 ++++--- lib/ssh/src/ssh.erl | 2 ++ lib/ssh/src/ssh_connection.erl | 2 ++ 3 files changed, 8 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 3409681af4..acf31fc0e9 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -248,13 +248,14 @@ + channel_init_args()} | no_cli}]]> - Provides your own cli implementation, i.e. a channel callback + Provides your own CLI implementation, i.e. a channel callback module that implements a shell and command execution. Note that you may customize the shell read-eval-print loop using the option shell which is much less work than implementing - your own cli channel. + your own CLI channel. If set to no_cli you will disable + CLI channels and only subsystem channels will be allowed. diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 4e78c4e65a..2685b1553b 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -401,6 +401,8 @@ handle_ssh_option({subsystems, Value} = Opt) when is_list(Value) -> Opt; handle_ssh_option({ssh_cli, {Cb, _}}= Opt) when is_atom(Cb) -> Opt; +handle_ssh_option({ssh_cli, no_cli} = Opt) -> + Opt; handle_ssh_option({shell, {Module, Function, _}} = Opt) when is_atom(Module), is_atom(Function) -> Opt; diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index d3760f8295..7016f349e8 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -933,6 +933,8 @@ child_spec(Callback, Id, Args, Exec) -> Type = worker, {Name, StartFunc, Restart, Shutdown, Type, [ssh_channel]}. +start_cli(#connection{cli_spec = no_cli}, _) -> + {error, cli_disabled}; start_cli(#connection{cli_spec = {CbModule, Args}, exec = Exec, sub_system_supervisor = SubSysSup}, ChannelId) -> start_channel(CbModule, ChannelId, Args, SubSysSup, Exec). -- cgit v1.2.3 From 32102f1e8225dada7526c9bfee6622f9026ba4cd Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 12 Nov 2013 16:57:29 +0100 Subject: ssh: Quicker shutdown of an ssh dameon OTP-11339 --- lib/ssh/src/ssh_system_sup.erl | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_system_sup.erl b/lib/ssh/src/ssh_system_sup.erl index 158a829eb0..bf3c12a988 100644 --- a/lib/ssh/src/ssh_system_sup.erl +++ b/lib/ssh/src/ssh_system_sup.erl @@ -55,13 +55,12 @@ stop_listener(Address, Port) -> Name = make_name(Address, Port), stop_acceptor(whereis(Name)). -stop_system(SysSup) -> - Name = sshd_sup:system_name(SysSup), - sshd_sup:stop_child(Name). - -stop_system(Address, Port) -> - sshd_sup:stop_child(Address, Port). +stop_system(SysSup) when is_pid(SysSup)-> + exit(SysSup, shutdown). +stop_system(Address, Port) -> + stop_system(system_supervisor(Address, Port)). + system_supervisor(Address, Port) -> Name = make_name(Address, Port), whereis(Name). @@ -121,7 +120,7 @@ restart_acceptor(Address, Port) -> %%%========================================================================= init([ServerOpts]) -> RestartStrategy = one_for_one, - MaxR = 10, + MaxR = 0, MaxT = 3600, Children = child_specs(ServerOpts), {ok, {{RestartStrategy, MaxR, MaxT}, Children}}. -- cgit v1.2.3 From fe6ddb300dbf092b02260a06baf6238f4d81eb14 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 12 Nov 2013 17:08:40 +0100 Subject: ssh: Add CLI test case --- lib/ssh/test/Makefile | 3 +- lib/ssh/test/ssh_basic_SUITE.erl | 47 +++++++++++++++++++++-- lib/ssh/test/ssh_test_cli.erl | 81 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 126 insertions(+), 5 deletions(-) create mode 100644 lib/ssh/test/ssh_test_cli.erl (limited to 'lib/ssh') diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile index 13caafc055..740dbd0235 100644 --- a/lib/ssh/test/Makefile +++ b/lib/ssh/test/Makefile @@ -39,7 +39,8 @@ MODULES= \ ssh_sftpd_erlclient_SUITE \ ssh_connection_SUITE \ ssh_echo_server \ - ssh_peername_sockname_server + ssh_peername_sockname_server \ + ssh_test_cli HRL_FILES_NEEDED_IN_TEST= \ $(ERL_TOP)/lib/ssh/src/ssh.hrl \ diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index b9745dda9c..b3281e433e 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -49,14 +49,18 @@ all() -> close]. groups() -> - [{dsa_key, [], [send, - peername_sockname, - exec, exec_compressed, shell, known_hosts, idle_time, rekey, openssh_zlib_basic_test]}, - {rsa_key, [], [send, exec, exec_compressed, shell, known_hosts, idle_time, rekey, openssh_zlib_basic_test]}, + [{dsa_key, [], basic_tests()}, + {rsa_key, [], basic_tests()}, {dsa_pass_key, [], [pass_phrase]}, {rsa_pass_key, [], [pass_phrase]}, {internal_error, [], [internal_error]} ]. + +basic_tests() -> + [send, peername_sockname, + exec, exec_compressed, shell, cli, known_hosts, + idle_time, rekey, openssh_zlib_basic_test]. + %%-------------------------------------------------------------------- init_per_suite(Config) -> case catch crypto:start() of @@ -302,6 +306,41 @@ shell(Config) when is_list(Config) -> do_shell(IO, Shell) end. +%%-------------------------------------------------------------------- +cli() -> + [{doc, ""}]. +cli(Config) when is_list(Config) -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + + {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, + {password, "morot"}, + {ssh_cli, {ssh_test_cli, [cli]}}, + {subsystems, []}, + {failfun, fun ssh_test_lib:failfun/2}]), + ct:sleep(500), + + ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, false}, + {user_dir, UserDir}]), + + {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + ssh_connection:shell(ConnectionRef, ChannelId), + ok = ssh_connection:send(ConnectionRef, ChannelId, <<"q">>), + receive + {ssh_cm, ConnectionRef, + {data,0,0, <<"\r\nYou are accessing a dummy, type \"q\" to exit\r\n\n">>}} -> + ok = ssh_connection:send(ConnectionRef, ChannelId, <<"q">>) + end, + + receive + {ssh_cm, ConnectionRef,{closed, ChannelId}} -> + ok + end. + %%-------------------------------------------------------------------- daemon_already_started() -> [{doc, "Test that get correct error message if you try to start a daemon", diff --git a/lib/ssh/test/ssh_test_cli.erl b/lib/ssh/test/ssh_test_cli.erl new file mode 100644 index 0000000000..cd9ad5f2ff --- /dev/null +++ b/lib/ssh/test/ssh_test_cli.erl @@ -0,0 +1,81 @@ +-module(ssh_test_cli). + +-export([init/1, terminate/2, handle_ssh_msg/2, handle_msg/2]). + +-record(state, { + type, + id, + ref, + port + }). + +init([Type]) -> + {ok, #state{type = Type}}. + +handle_msg({ssh_channel_up, Id, Ref}, S) -> + User = get_ssh_user(Ref), + ok = ssh_connection:send(Ref, + Id, + << "\r\nYou are accessing a dummy, type \"q\" to exit\r\n\n" >>), + Port = run_portprog(User, S#state.type), + {ok, S#state{port = Port, id = Id, ref = Ref}}; + +handle_msg({Port, {data, Data}}, S = #state{port = Port}) -> + ok = ssh_connection:send(S#state.ref, S#state.id, Data), + {ok, S}; +handle_msg({Port, {exit_status, Exit}}, S = #state{port = Port}) -> + if + S#state.type =:= cli -> + ok = ssh_connection:send(S#state.ref, S#state.id, << "\r\n" >>); + true -> + ok + end, + ok = ssh_connection:exit_status(S#state.ref, S#state.id, Exit), + {stop, S#state.id, S#state{port = undefined}}; +handle_msg({'EXIT', Port, _}, S = #state{port = Port}) -> + ok = ssh_connection:exit_status(S#state.ref, S#state.id, 0), + {stop, S#state.id, S#state{port = undefined}}; +handle_msg(_Msg, S) -> + {ok, S}. + +handle_ssh_msg({ssh_cm, Ref, {data, Id, _Type, <<"q">>}}, S) -> + ssh_connection:send_eof(Ref, Id), + {stop, Id, S}; +handle_ssh_msg({ssh_cm, _Ref, {data, _Id, _Type, Data}}, S) -> + true = port_command(S#state.port, Data), + {ok, S}; +handle_ssh_msg({ssh_cm, _, {eof, _}}, S) -> + {ok, S}; +handle_ssh_msg({ssh_cm, Ref, {env, Id, WantReply, _Var, _Value}}, S) -> + ok = ssh_connection:reply_request(Ref, WantReply, success, Id), + {ok, S}; +handle_ssh_msg({ssh_cm, Ref, {pty, Id, WantReply, _Terminal_jox}}, S) -> + ok = ssh_connection:reply_request(Ref, WantReply, success, Id), + {ok, S}; +handle_ssh_msg({ssh_cm, Ref, {shell, Id, WantReply}}, S) -> + ok = ssh_connection:reply_request(Ref, WantReply, success, Id), + {ok, S}; +handle_ssh_msg({ssh_cm, _, {signal, _, _}}, S) -> + %% Ignore signals according to RFC 4254 section 6.9. + {ok, S}; +handle_ssh_msg({ssh_cm, _, + {window_change, _Id, _Width, _Height, _Pixw, _PixH}}, S) -> + {ok, S}; +handle_ssh_msg({ssh_cm, _, {exit_signal, Id, _, _, _}}, + S) -> + {stop, Id, S}. + +terminate(_Why, _S) -> + nop. + +run_portprog(User, cli) -> + Pty_bin = os:find_executable("cat"), + open_port({spawn_executable, Pty_bin}, + [stream, {cd, "/tmp"}, {env, [{"USER", User}]}, + {args, []}, binary, + exit_status, use_stdio, stderr_to_stdout]). + +get_ssh_user(Ref) -> + [{user, User}] = ssh:connection_info(Ref, [user]), + User. + -- cgit v1.2.3 From 7efe1b6dd3215261777b5f335b4f92dfca7cea42 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 13 Nov 2013 10:56:13 +0100 Subject: ssh: Logging fun and document enhancement --- lib/ssh/doc/src/ssh.xml | 17 ++++++++--------- lib/ssh/doc/src/ssh_client_key_api.xml | 6 ++++-- lib/ssh/doc/src/ssh_server_key_api.xml | 4 +++- lib/ssh/src/ssh_connection_handler.erl | 22 +++++++++++++++------- 4 files changed, 30 insertions(+), 19 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index acf31fc0e9..c1a51d57fc 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -53,8 +53,7 @@ returned by ssh:daemon/[1,2,3]

ssh_connection_ref() - opaque to the user returned by ssh:connect/3

-

ip_address() - {N1,N2,N3,N4} % IPv4 | - {K1,K2,K3,K4,K5,K6,K7,K8} % IPv6

+

ip_address() - inet::ip_address()

subsystem_spec() = {subsystem_name(), {channel_callback(), channel_init_args()}}

subsystem_name() = string()

@@ -296,7 +295,7 @@ user. From a security perspective this option makes the server very vulnerable.

 - boolean()}]]> + boolean()}]]>

Provide a function for password validation. This is called with user and password as strings, and should return @@ -313,17 +312,17 @@

Allow an existing file-descriptor to be used (simply passed on to the transport protocol).

 - + _}]]> -

Provide a fun() to implement your own logging when a user fails to authenticate.

+

Provide a fun to implement your own logging when a user fails to authenticate.

 - + _}]]> -

Provide a fun() to implement your own logging when a user authenticates to the server.

+

Provide a fun to implement your own logging when a user authenticates to the server.

 - + _}]]> -

Provide a fun() to implement your own logging when a user disconnects from the server.

+

Provide a fun to implement your own logging when a user disconnects from the server.

 diff --git a/lib/ssh/doc/src/ssh_client_key_api.xml b/lib/ssh/doc/src/ssh_client_key_api.xml index b9b1ec4efa..2fa06f8bf1 100644 --- a/lib/ssh/doc/src/ssh_client_key_api.xml +++ b/lib/ssh/doc/src/ssh_client_key_api.xml @@ -41,12 +41,14 @@

Type definitions that are used more than once in this module and/or abstractions to indicate the intended use of the data - type:

+ type. For more details on public key data types + see the public_key user's guide. +

boolean() = true | false

string() = [byte()]

public_key() = #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term()

-

private_key() = #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term()

+

private_key() = #'RSAPrivateKey'{} | #'DSAPrivateKey'{} | term()

public_key_algorithm() = 'ssh-rsa'| 'ssh-dss' | atom()

diff --git a/lib/ssh/doc/src/ssh_server_key_api.xml b/lib/ssh/doc/src/ssh_server_key_api.xml index 51e1fc1f2e..ee537f2f60 100644 --- a/lib/ssh/doc/src/ssh_server_key_api.xml +++ b/lib/ssh/doc/src/ssh_server_key_api.xml @@ -40,7 +40,9 @@

Type definitions that are used more than once in this module and/or abstractions to indicate the intended use of the data - type:

+ type. For more details on public key data types + see the public_key user's guide. +

boolean() = true | false

string() = [byte()]

diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 753569e442..7ba2179a76 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -429,7 +429,7 @@ userauth(#ssh_msg_userauth_request{service = "ssh-connection", {next_state, connected, next_packet(State#state{auth_user = User, ssh_params = Ssh})}; {not_authorized, {User, Reason}, {Reply, Ssh}} -> - retry_fun(User, Reason, Opts), + retry_fun(User, Address, Reason, Opts), send_msg(Reply, State), {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} end; @@ -1399,23 +1399,31 @@ connected_fun(User, PeerAddr, Method, Opts) -> catch Fun(User, PeerAddr, Method) end. -retry_fun(_, undefined, _) -> +retry_fun(_, _, undefined, _) -> ok; -retry_fun(User, {error, Reason}, Opts) -> +retry_fun(User, PeerAddr, {error, Reason}, Opts) -> case proplists:get_value(failfun, Opts) of undefined -> ok; Fun -> - catch Fun(User, Reason) + do_retry_fun(Fun, User, PeerAddr, Reason) end; -retry_fun(User, Reason, Opts) -> +retry_fun(User, PeerAddr, Reason, Opts) -> case proplists:get_value(infofun, Opts) of undefined -> ok; - Fun -> - catch Fun(User, Reason) + Fun -> + do_retry_fun(Fun, User, PeerAddr, Reason) + end. + +do_retry_fun(Fun, User, PeerAddr, Reason) -> + case erlang:fun_info(Fun, arity) of + 2 -> %% Backwards compatible + catch Fun(User, Reason); + 3 -> + catch Fun(User, PeerAddr, Reason) end. ssh_info([], _State, Acc) -> -- cgit v1.2.3 From 9fa7a3b3514bee6a7136aeaa80ea4c07f7d8b465 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 25 Nov 2013 10:11:42 +0100 Subject: ssh: Correct arity in ssh_no_io.erl Also remove import statement as it makes code less intuitive --- lib/ssh/src/ssh_io.erl | 5 ++--- lib/ssh/src/ssh_no_io.erl | 10 +++++----- 2 files changed, 7 insertions(+), 8 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_io.erl b/lib/ssh/src/ssh_io.erl index 01fc713569..832b144db9 100644 --- a/lib/ssh/src/ssh_io.erl +++ b/lib/ssh/src/ssh_io.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2012. All Rights Reserved. +%% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -24,7 +24,6 @@ -module(ssh_io). -export([yes_no/2, read_password/2, read_line/2, format/2]). --import(lists, [reverse/1]). -include("ssh.hrl"). read_line(Prompt, Ssh) -> @@ -81,7 +80,7 @@ format(Fmt, Args) -> trim(Line) when is_list(Line) -> - reverse(trim1(reverse(trim1(Line)))); + lists:reverse(trim1(lists:reverse(trim1(Line)))); trim(Other) -> Other. trim1([$\s|Cs]) -> trim(Cs); diff --git a/lib/ssh/src/ssh_no_io.erl b/lib/ssh/src/ssh_no_io.erl index 9f83506cdd..825a0d4af5 100644 --- a/lib/ssh/src/ssh_no_io.erl +++ b/lib/ssh/src/ssh_no_io.erl @@ -24,27 +24,27 @@ -module(ssh_no_io). -include("ssh_transport.hrl"). --export([yes_no/1, read_password/1, read_line/1, format/2]). +-export([yes_no/2, read_password/2, read_line/2, format/2]). -yes_no(_Prompt) -> +yes_no(_, _) -> throw({{no_io_allowed, yes_no}, #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, description = "User interaction is not allowed", language = "en"}}). -read_password(_Prompt) -> +read_password(_, _) -> throw({{no_io_allowed, read_password}, #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, description = "User interaction is not allowed", language = "en"}}). -read_line(_Prompt) -> +read_line(_, _) -> throw({{no_io_allowed, read_line}, #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, description = "User interaction is not allowed", language = "en"}} ). -format(_Fmt, _Args) -> +format(_, _) -> throw({{no_io_allowed, format}, #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, description = "User interaction is not allowed", -- cgit v1.2.3 From e4653d52abd98628fb862a8b01ea804473bdb338 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 22 Nov 2013 14:54:43 +0100 Subject: ssh: Correct close handling Commit 68263a48bfbdac4dc219a91f06af3d535d881850 got close handling slightly wrong, channels did not get their close message. Commit 32102f1e8225dada7526c9bfee6622f9026ba4cd did not work as expected --- lib/ssh/src/ssh_acceptor_sup.erl | 6 +++--- lib/ssh/src/ssh_connection.erl | 1 - lib/ssh/src/ssh_connection_handler.erl | 27 +++++++++++++++++------- lib/ssh/src/ssh_system_sup.erl | 15 ++++++++------ lib/ssh/src/sshd_sup.erl | 11 +++------- lib/ssh/test/ssh_basic_SUITE.erl | 38 +++++++++++++++++++++++++++++----- 6 files changed, 67 insertions(+), 31 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_acceptor_sup.erl b/lib/ssh/src/ssh_acceptor_sup.erl index f37e1fe4ff..2be729d305 100644 --- a/lib/ssh/src/ssh_acceptor_sup.erl +++ b/lib/ssh/src/ssh_acceptor_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2010. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -84,8 +84,8 @@ child_spec(ServerOpts) -> [{active, false}, {reuseaddr, true}] ++ SocketOpts, ServerOpts, Timeout]}, - Restart = permanent, - Shutdown = 3600, + Restart = transient, + Shutdown = brutal_kill, Modules = [ssh_acceptor], Type = worker, {Name, StartFunc, Restart, Shutdown, Type, Modules}. diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index 7016f349e8..03dddae3c8 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -730,7 +730,6 @@ handle_msg(#ssh_msg_request_success{data = Data}, {{replies, [{channel_requst_reply, From, {success, Data}}]}, Connection#connection{requests = Rest}}; -%%% This transport message will also be handled at the connection level handle_msg(#ssh_msg_disconnect{code = Code, description = Description, language = _Lang }, diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 7ba2179a76..3462b98172 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -519,7 +519,8 @@ connected({#ssh_msg_kexinit{}, _Payload} = Event, State) -> #state{}) -> gen_fsm_state_return(). %%-------------------------------------------------------------------- -handle_event(#ssh_msg_disconnect{description = Desc}, _StateName, #state{} = State) -> +handle_event(#ssh_msg_disconnect{description = Desc} = DisconnectMsg, _StateName, #state{} = State) -> + handle_disconnect(DisconnectMsg, State), {stop, {shutdown, Desc}, State}; handle_event(#ssh_msg_ignore{}, StateName, State) -> @@ -850,7 +851,11 @@ handle_info({Protocol, Socket, Data}, Statename, handle_info({CloseTag, _Socket}, _StateName, #state{transport_close_tag = CloseTag, ssh_params = #ssh{role = _Role, opts = _Opts}} = State) -> - {stop, {shutdown, "Connection Lost"}, State}; + DisconnectMsg = + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + description = "Connection closed", + language = "en"}, + handle_disconnect(DisconnectMsg, State); handle_info({timeout, {_, From} = Request}, Statename, #state{connection_state = #connection{requests = Requests} = Connection} = State) -> @@ -1377,10 +1382,16 @@ handle_ssh_packet(Length, StateName, #state{decoded_data_buffer = DecData0, handle_disconnect(DisconnectMsg, State0) end. -handle_disconnect(#ssh_msg_disconnect{description = Desc}, State) -> - {stop, {shutdown, Desc}, State}. -handle_disconnect(#ssh_msg_disconnect{description = Desc}, State, ErrorMsg) -> - {stop, {shutdown, {Desc, ErrorMsg}}, State}. +handle_disconnect(#ssh_msg_disconnect{description = Desc} = Msg, #state{connection_state = Connection0, + role = Role} = State0) -> + {disconnect, _, {{replies, Replies}, Connection}} = ssh_connection:handle_msg(Msg, Connection0, Role), + State = send_replies(Replies, State0), + {stop, {shutdown, Desc}, State#state{connection_state = Connection}}. +handle_disconnect(#ssh_msg_disconnect{description = Desc} = Msg, #state{connection_state = Connection0, + role = Role} = State0, ErrorMsg) -> + {disconnect, _, {{replies, Replies}, Connection}} = ssh_connection:handle_msg(Msg, Connection0, Role), + State = send_replies(Replies, State0), + {stop, {shutdown, {Desc, ErrorMsg}}, State#state{connection_state = Connection}}. counterpart_versions(NumVsn, StrVsn, #ssh{role = server} = Ssh) -> Ssh#ssh{c_vsn = NumVsn , c_version = StrVsn}; @@ -1420,9 +1431,9 @@ retry_fun(User, PeerAddr, Reason, Opts) -> do_retry_fun(Fun, User, PeerAddr, Reason) -> case erlang:fun_info(Fun, arity) of - 2 -> %% Backwards compatible + {arity, 2} -> %% Backwards compatible catch Fun(User, Reason); - 3 -> + {arity, 3} -> catch Fun(User, PeerAddr, Reason) end. diff --git a/lib/ssh/src/ssh_system_sup.erl b/lib/ssh/src/ssh_system_sup.erl index bf3c12a988..848133f838 100644 --- a/lib/ssh/src/ssh_system_sup.erl +++ b/lib/ssh/src/ssh_system_sup.erl @@ -54,13 +54,16 @@ stop_listener(SysSup) -> stop_listener(Address, Port) -> Name = make_name(Address, Port), stop_acceptor(whereis(Name)). - -stop_system(SysSup) when is_pid(SysSup)-> - exit(SysSup, shutdown). + +stop_system(SysSup) -> + Name = sshd_sup:system_name(SysSup), + spawn(fun() -> sshd_sup:stop_child(Name) end), + ok. stop_system(Address, Port) -> - stop_system(system_supervisor(Address, Port)). - + spawn(fun() -> sshd_sup:stop_child(Address, Port) end), + ok. + system_supervisor(Address, Port) -> Name = make_name(Address, Port), whereis(Name). @@ -136,7 +139,7 @@ ssh_acceptor_child_spec(ServerOpts) -> Port = proplists:get_value(port, ServerOpts), Name = id(ssh_acceptor_sup, Address, Port), StartFunc = {ssh_acceptor_sup, start_link, [ServerOpts]}, - Restart = permanent, + Restart = transient, Shutdown = infinity, Modules = [ssh_acceptor_sup], Type = supervisor, diff --git a/lib/ssh/src/sshd_sup.erl b/lib/ssh/src/sshd_sup.erl index 747906b2cf..60222f5172 100644 --- a/lib/ssh/src/sshd_sup.erl +++ b/lib/ssh/src/sshd_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2010. All Rights Reserved. +%% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -58,12 +58,7 @@ start_child(ServerOpts) -> end. stop_child(Name) -> - case supervisor:terminate_child(?MODULE, Name) of - ok -> - supervisor:delete_child(?MODULE, Name); - Error -> - Error - end. + supervisor:terminate_child(?MODULE, Name). stop_child(Address, Port) -> Name = id(Address, Port), @@ -94,7 +89,7 @@ init([Servers]) -> child_spec(Address, Port, ServerOpts) -> Name = id(Address, Port), StartFunc = {ssh_system_sup, start_link, [ServerOpts]}, - Restart = transient, + Restart = temporary, Shutdown = infinity, Modules = [ssh_system_sup], Type = supervisor, diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index b3281e433e..b4e3871efd 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -46,7 +46,7 @@ all() -> daemon_already_started, server_password_option, server_userpassword_option, - close]. + double_close]. groups() -> [{dsa_key, [], basic_tests()}, @@ -57,7 +57,7 @@ groups() -> ]. basic_tests() -> - [send, peername_sockname, + [send, close, peername_sockname, exec, exec_compressed, shell, cli, known_hosts, idle_time, rekey, openssh_zlib_basic_test]. @@ -487,7 +487,7 @@ internal_error(Config) when is_list(Config) -> {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, UserDir}, {failfun, fun ssh_test_lib:failfun/2}]), - {error,Error} = + {error, Error} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, {user_dir, UserDir}, {user_interaction, false}]), @@ -566,9 +566,35 @@ ips(Name) when is_list(Name) -> ordsets:from_list(IPs4++IPs6). %%-------------------------------------------------------------------- + close() -> - [{doc, "Simulate that we try to close an already closed connection"}]. + [{doc, "Client receives close when server closes"}]. close(Config) when is_list(Config) -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + + {Server, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {failfun, fun ssh_test_lib:failfun/2}]), + Client = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user_interaction, false}]), + {ok, ChannelId} = ssh_connection:session_channel(Client, infinity), + + ssh:stop_daemon(Server), + receive + {ssh_cm, Client,{closed, ChannelId}} -> + ok + after 5000 -> + ct:fail(timeout) + end. + +%%-------------------------------------------------------------------- +double_close() -> + [{doc, "Simulate that we try to close an already closed connection"}]. +double_close(Config) when is_list(Config) -> SystemDir = ?config(data_dir, Config), PrivDir = ?config(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth @@ -587,6 +613,8 @@ close(Config) when is_list(Config) -> exit(CM, {shutdown, normal}), ok = ssh:close(CM). +%%-------------------------------------------------------------------- + openssh_zlib_basic_test() -> [{doc, "Test basic connection with openssh_zlib"}]. openssh_zlib_basic_test(Config) -> @@ -612,7 +640,7 @@ openssh_zlib_basic_test(Config) -> %% the "tcp-application" before the socket closed message is recived check_error("Internal error") -> ok; -check_error("Connection Lost") -> +check_error("Connection closed") -> ok; check_error(Error) -> ct:fail(Error). -- cgit v1.2.3 From 95d8bd7377401f663ab5419df02174a42eddea2e Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 29 Nov 2013 15:32:12 +0100 Subject: ssh: Fix long cli delays. (Part of OTP-11339, OTP-10953) A step in fixing the tickets. --- lib/ssh/src/ssh_cli.erl | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl index 5cb1e133d3..2c8e515a14 100644 --- a/lib/ssh/src/ssh_cli.erl +++ b/lib/ssh/src/ssh_cli.erl @@ -161,6 +161,21 @@ handle_msg({ssh_channel_up, ChannelId, ConnectionHandler}, cm = ConnectionHandler} = State) -> {ok, State}; +handle_msg({Group, set_unicode_state, _Arg}, State) -> + Group ! {self(), set_unicode_state, false}, + {ok, State}; + +handle_msg({Group, get_unicode_state}, State) -> + Group ! {self(), get_unicode_state, false}, + {ok, State}; + +handle_msg({Group, tty_geometry}, #state{group = Group, + pty = #ssh_pty{width=Width, + height=Height} + } = State) -> + Group ! {self(),tty_geometry,{Width,Height}}, + {ok,State}; + handle_msg({Group, Req}, #state{group = Group, buf = Buf, pty = Pty, cm = ConnectionHandler, channel = ChannelId} = State) -> -- cgit v1.2.3 From 25237481ccccd3ddfa74582dc267632ad618ba30 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 9 Dec 2013 20:12:33 +0100 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 72 +++++++++++++++++++++++++++++++++++++++++++++++ lib/ssh/vsn.mk | 2 +- 2 files changed, 73 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 041f5e54af..0d88cbda7a 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,78 @@ notes.xml
+
Ssh 3.0 + +
Fixed Bugs and Malfunctions + + +

+ The ssh cli is now faster at close and before new prompt.

+

+ Own Id: OTP-11339 Aux Id: seq12423

+ + +

+ Ssh process structure was redesigned to better map to + what is truly parallel this has solved a lot of strange + timing issues that sometimes would occur, for instance a + process leak could happen when a lot of connections where + taken up and down in parallel in a short period of time. + Also backwards compatible clauses to "original" but never + supported features has been removed.

+

+ Impact: Increases flow efficiency

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-11363

+ + +

+ Fix various typos in erts, kernel and ssh. Thanks to + Martin Hässler.

+

+ Own Id: OTP-11414

+ + +

+ Correct private_key type documentation in + ssh_server_key_api. Thanks to Tristan Sloughter.

+

+ Own Id: OTP-11449

+ + +

+ The functions in ssh_no_io.erl did not mimic the + functions in ssh_io.erl correctly, the arity was + incorrect for some functions which caused ssh to fail in + the wrong way.

+

+ Own Id: OTP-11490

+ + +
+ + +
Improvements and New Features + + +

+ Add option to disallow CLI

+

+ Own Id: OTP-10976

+ + +

+ Add sockname and user to ssh:connection_info/2

+

+ Own Id: OTP-11296

+ + +
+ +
+
Ssh 2.1.8
Improvements and New Features diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 90f09471c9..8186f39888 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 2.1.8 +SSH_VSN = 3.0 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 2a0a8447390c0de8e4729cf6e27b11f90211b955 Mon Sep 17 00:00:00 2001 From: Henrik Nord Date: Thu, 21 Nov 2013 11:00:39 +0100 Subject: fix calculation of variable thanks to Alexander Demidenko --- lib/ssh/src/ssh_cli.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl index 2c8e515a14..41febf9707 100644 --- a/lib/ssh/src/ssh_cli.erl +++ b/lib/ssh/src/ssh_cli.erl @@ -349,7 +349,7 @@ delete_chars(N, {Buf, BufTail, Col}, Tty) when N > 0 -> {Buf, NewBufTail, Col}}; delete_chars(N, {Buf, BufTail, Col}, Tty) -> % N < 0 NewBuf = nthtail(-N, Buf), - NewCol = Col + N, + NewCol = case Col + N of V when V >= 0 -> V; _ -> 0 end, M1 = move_cursor(Col, NewCol, Tty), M2 = move_cursor(NewCol + length(BufTail) - N, NewCol, Tty), {[M1, BufTail, lists:duplicate(-N, $ ) | M2], -- cgit v1.2.3 From f4c9b4a4dddcf1f577df3f4bf58f2f7184cae6b0 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 17 Jan 2014 15:57:21 +0100 Subject: ssh: Adds unicode --- lib/ssh/src/ssh.hrl | 1 + lib/ssh/src/ssh_auth.erl | 7 +++--- lib/ssh/src/ssh_bits.erl | 4 +++ lib/ssh/src/ssh_connection.erl | 28 ++++++++++++++++++++- lib/ssh/src/ssh_message.erl | 4 +-- lib/ssh/src/ssh_sftp.erl | 7 +++--- lib/ssh/src/ssh_sftpd.erl | 18 ++++++------- lib/ssh/src/ssh_xfer.erl | 57 +++++++++++++++++++----------------------- lib/ssh/test/ssh_test_lib.erl | 16 ++++++++++-- 9 files changed, 88 insertions(+), 54 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index 94ced9da6f..0c4d34f89c 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -54,6 +54,7 @@ -define(uint32(X), << ?UINT32(X) >> ). -define(uint64(X), << ?UINT64(X) >> ). -define(string(X), << ?STRING(list_to_binary(X)) >> ). +-define(string_utf8(X), << ?STRING(unicode:characters_to_binary(X)) >> ). -define(binary(X), << ?STRING(X) >>). -define(SSH_CIPHER_NONE, 0). diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 1fa3df847f..409a1db6d5 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -83,7 +83,7 @@ password_msg([#ssh{opts = Opts, io_cb = IoCb, method = "password", data = <>}, + ?STRING(unicode:characters_to_binary(Password))>>}, Ssh) end. @@ -190,8 +190,7 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, data = Data}, _, #ssh{opts = Opts} = Ssh) -> <<_:8, ?UINT32(Sz), BinPwd:Sz/binary>> = Data, - Password = binary_to_list(BinPwd), - + Password = unicode:characters_to_list(BinPwd), case check_password(User, Password, Opts) of true -> {authorized, User, @@ -352,7 +351,7 @@ verify_sig(SessionId, User, Service, Alg, KeyBlob, SigWLen, Opts) -> build_sig_data(SessionId, User, Service, KeyBlob, Alg) -> Sig = [?binary(SessionId), ?SSH_MSG_USERAUTH_REQUEST, - ?string(User), + ?string_utf8(User), ?string(Service), ?binary(<<"publickey">>), ?TRUE, diff --git a/lib/ssh/src/ssh_bits.erl b/lib/ssh/src/ssh_bits.erl index 2b0241cb83..8aaff93b9f 100644 --- a/lib/ssh/src/ssh_bits.erl +++ b/lib/ssh/src/ssh_bits.erl @@ -116,6 +116,10 @@ enc(Xs, [string|Ts], Offset) -> X0 = hd(Xs), Y = ?string(X0), [Y | enc(tl(Xs),Ts,Offset+size(Y))]; +enc(Xs, [string_utf8|Ts], Offset) -> + X0 = hd(Xs), + Y = ?string_utf8(X0), + [Y | enc(tl(Xs),Ts,Offset+size(Y))]; enc(Xs, [binary|Ts], Offset) -> X0 = hd(Xs), Y = ?binary(X0), diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index 03dddae3c8..b377614949 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -271,10 +271,36 @@ cancel_tcpip_forward(ConnectionHandler, BindIP, Port) -> %%-------------------------------------------------------------------- %%% Internal API %%-------------------------------------------------------------------- +l2b(L) when is_integer(hd(L)) -> + try list_to_binary(L) + of + B -> B + catch + _:_ -> + unicode:characters_to_binary(L) + end; +l2b([H|T]) -> + << (l2b(H))/binary, (l2b(T))/binary >>; +l2b(B) when is_binary(B) -> + B; +l2b([]) -> + <<>>. + + + channel_data(ChannelId, DataType, Data, Connection, From) when is_list(Data)-> channel_data(ChannelId, DataType, - list_to_binary(Data), Connection, From); +%% list_to_binary(Data), Connection, From); + l2b(Data), Connection, From); + %% try list_to_binary(Data) + %% of + %% B -> B + %% catch + %% _:_ -> io:format('BAD BINARY: ~p~n',[Data]), + %% unicode:characters_to_binary(Data) + %% end, + %% Connection, From); channel_data(ChannelId, DataType, Data, #connection{channel_cache = Cache} = Connection, diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 7bd0375521..01a0988718 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -120,7 +120,7 @@ encode(#ssh_msg_userauth_request{ data = Data }) -> ssh_bits:encode([?SSH_MSG_USERAUTH_REQUEST, User, Service, Method, Data], - [byte, string, string, string, '...']); + [byte, string_utf8, string, string, '...']); encode(#ssh_msg_userauth_failure{ authentications = Auths, partial_success = Bool @@ -135,7 +135,7 @@ encode(#ssh_msg_userauth_banner{ language = Lang }) -> ssh_bits:encode([?SSH_MSG_USERAUTH_BANNER, Banner, Lang], - [byte, string, string]); + [byte, string_utf8, string]); encode(#ssh_msg_userauth_pk_ok{ algorithm_name = Alg, diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl index 10167a9223..0ea2366ac7 100644 --- a/lib/ssh/src/ssh_sftp.erl +++ b/lib/ssh/src/ssh_sftp.erl @@ -352,7 +352,7 @@ write_file(Pid, Name, List) -> write_file(Pid, Name, List, ?FILEOP_TIMEOUT). write_file(Pid, Name, List, FileOpTimeout) when is_list(List) -> - write_file(Pid, Name, list_to_binary(List), FileOpTimeout); + write_file(Pid, Name, unicode:characters_to_binary(List), FileOpTimeout); write_file(Pid, Name, Bin, FileOpTimeout) -> case open(Pid, Name, [write, binary], FileOpTimeout) of {ok, Handle} -> @@ -514,7 +514,7 @@ do_handle_call({pread,Async,Handle,At,Length}, From, State) -> case get_mode(Handle, State2) of binary -> {{ok,Data}, State2}; text -> - {{ok,binary_to_list(Data)}, State2} + {{ok,unicode:characters_to_list(Data)}, State2} end; (Rep, State2) -> {Rep, State2} @@ -535,8 +535,7 @@ do_handle_call({read,Async,Handle,Length}, From, State) -> fun({ok,Data}, State2) -> case get_mode(Handle, State2) of binary -> {{ok,Data}, State2}; - text -> - {{ok,binary_to_list(Data)}, State2} + text -> {{ok,binary_to_list(Data)}, State2} end; (Rep, State2) -> {Rep, State2} end); diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl index 174ca0126b..213b5c714d 100644 --- a/lib/ssh/src/ssh_sftpd.erl +++ b/lib/ssh/src/ssh_sftpd.erl @@ -214,8 +214,7 @@ handle_op(?SSH_FXP_INIT, Version, B, State) when is_binary(B) -> handle_op(?SSH_FXP_REALPATH, ReqId, <>, State0) -> - RelPath0 = binary_to_list(RPath), - RelPath = relate_file_name(RelPath0, State0, _Canonicalize=false), + RelPath = relate_file_name(RPath, State0, _Canonicalize=false), {Res, State} = resolve_symlinks(RelPath, State0), case Res of {ok, AbsPath} -> @@ -231,7 +230,7 @@ handle_op(?SSH_FXP_OPENDIR, ReqId, <>, State0 = #state{xf = #ssh_xfer{vsn = Vsn}, file_handler = FileMod, file_state = FS0}) -> - RelPath = binary_to_list(RPath), + RelPath = unicode:characters_to_list(RPath), AbsPath = relate_file_name(RelPath, State0), XF = State0#state.xf, @@ -312,9 +311,8 @@ handle_op(?SSH_FXP_WRITE, ReqId, ?SSH_FX_INVALID_HANDLE), State end; -handle_op(?SSH_FXP_READLINK, ReqId, <>, +handle_op(?SSH_FXP_READLINK, ReqId, <>, State = #state{file_handler = FileMod, file_state = FS0}) -> - RelPath = binary_to_list(BPath), AbsPath = relate_file_name(RelPath, State), {Res, FS1} = FileMod:read_link(AbsPath, FS0), case Res of @@ -524,10 +522,10 @@ close_our_file({_,Fd}, FileMod, FS0) -> %%% stat: do the stat stat(Vsn, ReqId, Data, State, F) when Vsn =< 3-> <> = Data, - stat(ReqId, binary_to_list(BPath), State, F); + stat(ReqId, unicode:characters_to_list(BPath), State, F); stat(Vsn, ReqId, Data, State, F) when Vsn >= 4-> <> = Data, - stat(ReqId, binary_to_list(BPath), State, F). + stat(ReqId, unicode:characters_to_list(BPath), State, F). fstat(Vsn, ReqId, Data, State) when Vsn =< 3-> <> = Data, @@ -609,13 +607,13 @@ decode_4_acess([]) -> open(Vsn, ReqId, Data, State) when Vsn =< 3 -> <> = Data, - Path = binary_to_list(BPath), + Path = unicode:characters_to_list(BPath), Flags = ssh_xfer:decode_open_flags(Vsn, PFlags), do_open(ReqId, State, Path, Flags); open(Vsn, ReqId, Data, State) when Vsn >= 4 -> <> = Data, - Path = binary_to_list(BPath), + Path = unicode:characters_to_list(BPath), FlagBits = ssh_xfer:decode_open_flags(Vsn, PFlags), AcessBits = ssh_xfer:decode_ace_mask(Access), %% TODO: This is to make sure the Access flags are not ignored @@ -712,7 +710,7 @@ relate_file_name(File, State) -> relate_file_name(File, State, _Canonicalize=true). relate_file_name(File, State, Canonicalize) when is_binary(File) -> - relate_file_name(binary_to_list(File), State, Canonicalize); + relate_file_name(unicode:characters_to_list(File), State, Canonicalize); relate_file_name(File, #state{cwd = CWD, root = ""}, Canonicalize) -> relate_filename_to_path(File, CWD, Canonicalize); relate_file_name(File, #state{root = Root}, Canonicalize) -> diff --git a/lib/ssh/src/ssh_xfer.erl b/lib/ssh/src/ssh_xfer.erl index e18e18a9a9..63d01fd9de 100644 --- a/lib/ssh/src/ssh_xfer.erl +++ b/lib/ssh/src/ssh_xfer.erl @@ -72,7 +72,6 @@ protocol_version_request(XF) -> open(XF, ReqID, FileName, Access, Flags, Attrs) -> Vsn = XF#ssh_xfer.vsn, - FileName1 = unicode:characters_to_binary(FileName), MBits = if Vsn >= 5 -> M = encode_ace_mask(Access), ?uint32(M); @@ -82,7 +81,7 @@ open(XF, ReqID, FileName, Access, Flags, Attrs) -> F = encode_open_flags(Flags), xf_request(XF,?SSH_FXP_OPEN, [?uint32(ReqID), - ?binary(FileName1), + ?string_utf8(FileName), MBits, ?uint32(F), encode_ATTR(Vsn,Attrs)]). @@ -90,7 +89,7 @@ open(XF, ReqID, FileName, Access, Flags, Attrs) -> opendir(XF, ReqID, DirName) -> xf_request(XF, ?SSH_FXP_OPENDIR, [?uint32(ReqID), - ?string(DirName)]). + ?string_utf8(DirName)]). close(XF, ReqID, Handle) -> @@ -127,13 +126,11 @@ write(XF,ReqID, Handle, Offset, Data) -> remove(XF, ReqID, File) -> xf_request(XF, ?SSH_FXP_REMOVE, [?uint32(ReqID), - ?string(File)]). + ?string_utf8(File)]). %% Rename a file/directory -rename(XF, ReqID, Old, New, Flags) -> +rename(XF, ReqID, OldPath, NewPath, Flags) -> Vsn = XF#ssh_xfer.vsn, - OldPath = unicode:characters_to_binary(Old), - NewPath = unicode:characters_to_binary(New), FlagBits = if Vsn >= 5 -> F0 = encode_rename_flags(Flags), @@ -143,30 +140,27 @@ rename(XF, ReqID, Old, New, Flags) -> end, xf_request(XF, ?SSH_FXP_RENAME, [?uint32(ReqID), - ?binary(OldPath), - ?binary(NewPath), + ?string_utf8(OldPath), + ?string_utf8(NewPath), FlagBits]). %% Create directory mkdir(XF, ReqID, Path, Attrs) -> - Path1 = unicode:characters_to_binary(Path), xf_request(XF, ?SSH_FXP_MKDIR, [?uint32(ReqID), - ?binary(Path1), + ?string_utf8(Path), encode_ATTR(XF#ssh_xfer.vsn, Attrs)]). %% Remove a directory rmdir(XF, ReqID, Dir) -> - Dir1 = unicode:characters_to_binary(Dir), xf_request(XF, ?SSH_FXP_RMDIR, [?uint32(ReqID), - ?binary(Dir1)]). + ?string_utf8(Dir)]). %% Stat file stat(XF, ReqID, Path, Flags) -> - Path1 = unicode:characters_to_binary(Path), Vsn = XF#ssh_xfer.vsn, AttrFlags = if Vsn >= 5 -> F = encode_attr_flags(Vsn, Flags), @@ -176,13 +170,12 @@ stat(XF, ReqID, Path, Flags) -> end, xf_request(XF, ?SSH_FXP_STAT, [?uint32(ReqID), - ?binary(Path1), + ?string_utf8(Path), AttrFlags]). %% Stat file - follow symbolic links lstat(XF, ReqID, Path, Flags) -> - Path1 = unicode:characters_to_binary(Path), Vsn = XF#ssh_xfer.vsn, AttrFlags = if Vsn >= 5 -> F = encode_attr_flags(Vsn, Flags), @@ -192,7 +185,7 @@ lstat(XF, ReqID, Path, Flags) -> end, xf_request(XF, ?SSH_FXP_LSTAT, [?uint32(ReqID), - ?binary(Path1), + ?string_utf8(Path), AttrFlags]). %% Stat open file @@ -211,10 +204,9 @@ fstat(XF, ReqID, Handle, Flags) -> %% Modify file attributes setstat(XF, ReqID, Path, Attrs) -> - Path1 = unicode:characters_to_binary(Path), xf_request(XF, ?SSH_FXP_SETSTAT, [?uint32(ReqID), - ?binary(Path1), + ?string_utf8(Path), encode_ATTR(XF#ssh_xfer.vsn, Attrs)]). @@ -227,10 +219,9 @@ fsetstat(XF, ReqID, Handle, Attrs) -> %% Read a symbolic link readlink(XF, ReqID, Path) -> - Path1 = unicode:characters_to_binary(Path), xf_request(XF, ?SSH_FXP_READLINK, [?uint32(ReqID), - ?binary(Path1)]). + ?string_utf8(Path)]). %% Create a symbolic link @@ -244,10 +235,9 @@ symlink(XF, ReqID, LinkPath, TargetPath) -> %% Convert a path into a 'canonical' form realpath(XF, ReqID, Path) -> - Path1 = unicode:characters_to_binary(Path), xf_request(XF, ?SSH_FXP_REALPATH, [?uint32(ReqID), - ?binary(Path1)]). + ?string_utf8(Path)]). extended(XF, ReqID, Request, Data) -> xf_request(XF, ?SSH_FXP_EXTENDED, @@ -296,7 +286,10 @@ xf_send_names(#ssh_xfer{cm = CM, channel = Channel, vsn = Vsn}, Count = length(NamesAndAttrs), {Data, Len} = encode_names(Vsn, NamesAndAttrs), Size = 1 + 4 + 4 + Len, - ToSend = [<>, + ToSend = [<>, Data], ssh_connection:send(CM, Channel, ToSend). @@ -818,25 +811,27 @@ decode_names(_Vsn, 0, _Data) -> decode_names(Vsn, I, <>) when Vsn =< 3 -> - Name = binary_to_list(FileName), + Name = unicode:characters_to_list(FileName), {A, Tail2} = decode_ATTR(Vsn, Tail), [{Name, A} | decode_names(Vsn, I-1, Tail2)]; decode_names(Vsn, I, <>) when Vsn >= 4 -> - Name = binary_to_list(FileName), + Name = unicode:characters_to_list(FileName), {A, Tail2} = decode_ATTR(Vsn, Tail), [{Name, A} | decode_names(Vsn, I-1, Tail2)]. encode_names(Vsn, NamesAndAttrs) -> lists:mapfoldl(fun(N, L) -> encode_name(Vsn, N, L) end, 0, NamesAndAttrs). -encode_name(Vsn, {Name,Attr}, Len) when Vsn =< 3 -> +encode_name(Vsn, {NameUC,Attr}, Len) when Vsn =< 3 -> + Name = binary_to_list(unicode:characters_to_binary(NameUC)), NLen = length(Name), EncAttr = encode_ATTR(Vsn, Attr), ALen = size(EncAttr), NewLen = Len + NLen*2 + 4 + 4 + ALen, {[<>, Name, <>, Name, EncAttr], NewLen}; -encode_name(Vsn, {Name,Attr}, Len) when Vsn >= 4 -> +encode_name(Vsn, {NameUC,Attr}, Len) when Vsn >= 4 -> + Name = binary_to_list(unicode:characters_to_binary(NameUC)), NLen = length(Name), EncAttr = encode_ATTR(Vsn, Attr), ALen = size(EncAttr), @@ -851,9 +846,9 @@ encode_acl_items([ACE|As]) -> Type = encode_ace_type(ACE#ssh_xfer_ace.type), Flag = encode_ace_flag(ACE#ssh_xfer_ace.flag), Mask = encode_ace_mask(ACE#ssh_xfer_ace.mask), - Who = list_to_binary(ACE#ssh_xfer_ace.who), + Who = ACE#ssh_xfer_ace.who, [?uint32(Type), ?uint32(Flag), ?uint32(Mask), - ?binary(Who) | encode_acl_items(As)]; + ?string_utf8(Who) | encode_acl_items(As)]; encode_acl_items([]) -> []. @@ -872,7 +867,7 @@ decode_acl_items(I, < Count = length(Exts), diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 6ed3dfa68c..00c25bf394 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -63,8 +63,13 @@ daemon(Host, Port, Options) -> Error end. + + start_shell(Port, IOServer, UserDir) -> - spawn_link(?MODULE, init_shell, [Port, IOServer, [{user_dir, UserDir}]]). + start_shell(Port, IOServer, UserDir, []). + +start_shell(Port, IOServer, UserDir, Options) -> + spawn_link(?MODULE, init_shell, [Port, IOServer, [{user_dir, UserDir}|Options]]). start_shell(Port, IOServer) -> spawn_link(?MODULE, init_shell, [Port, IOServer, []]). @@ -91,18 +96,23 @@ loop_io_server(TestCase, Buff0) -> {input, TestCase, Line} -> loop_io_server(TestCase, Buff0 ++ [Line]); {io_request, From, ReplyAs, Request} -> +%%ct:pal("~p",[{io_request, From, ReplyAs, Request}]), {ok, Reply, Buff} = io_request(Request, TestCase, From, ReplyAs, Buff0), +%%ct:pal("io_request(~p)-->~p",[Request,{ok, Reply, Buff}]), io_reply(From, ReplyAs, Reply), loop_io_server(TestCase, Buff); {'EXIT',_, _} -> - erlang:display('EXIT'), + erlang:display('ssh_test_lib:loop_io_server/2 EXIT'), ok end. io_request({put_chars, Chars}, TestCase, _, _, Buff) -> reply(TestCase, Chars), {ok, ok, Buff}; +io_request({put_chars, unicode, Chars}, TestCase, _, _, Buff) when is_binary(Chars) -> + reply(TestCase, Chars), + {ok, ok, Buff}; io_request({put_chars, Enc, Chars}, TestCase, _, _, Buff) -> reply(TestCase, unicode:characters_to_binary(Chars,Enc,latin1)), {ok, ok, Buff}; @@ -120,11 +130,13 @@ io_request({get_line, _Enc,_}, _, _, _, [Line | Buff]) -> io_reply(_, _, []) -> ok; io_reply(From, ReplyAs, Reply) -> +%%ct:pal("io_reply ~p sending ~p ! ~p",[self(),From, {io_reply, ReplyAs, Reply}]), From ! {io_reply, ReplyAs, Reply}. reply(_, []) -> ok; reply(TestCase, Result) -> +%%ct:pal("reply ~p sending ~p ! ~p",[self(), TestCase, Result]), TestCase ! Result. receive_exec_result(Msg) -> -- cgit v1.2.3 From a0d2b4866851c5e3337fd41b854ea7595c594fa2 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 17 Jan 2014 15:59:32 +0100 Subject: ssh: Adds uncode test suite --- lib/ssh/test/ssh_unicode_SUITE.erl | 590 +++++++++++++++++++++ lib/ssh/test/ssh_unicode_SUITE_data/sftp.txt | 1 + .../sftp\347\221\236\347\202\271.txt" | 1 + .../test/ssh_unicode_SUITE_data/ssh_host_dsa_key | 13 + .../ssh_unicode_SUITE_data/ssh_host_dsa_key.pub | 11 + 5 files changed, 616 insertions(+) create mode 100644 lib/ssh/test/ssh_unicode_SUITE.erl create mode 100644 lib/ssh/test/ssh_unicode_SUITE_data/sftp.txt create mode 100644 "lib/ssh/test/ssh_unicode_SUITE_data/sftp\347\221\236\347\202\271.txt" create mode 100644 lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key create mode 100644 lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key.pub (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_unicode_SUITE.erl b/lib/ssh/test/ssh_unicode_SUITE.erl new file mode 100644 index 0000000000..a896a425b9 --- /dev/null +++ b/lib/ssh/test/ssh_unicode_SUITE.erl @@ -0,0 +1,590 @@ +%% Next line needed to enable utf8-strings in Erlang: +%% -*- coding: utf-8 -*- + +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2005-2013. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% gerl +fnu +%% ct:run_test([{suite,"ssh_unicode_SUITE"}, {logdir,"LOG"}]). + +-module(ssh_unicode_SUITE). + +%% Note: This directive should only be used in test suites. +-compile(export_all). + +-include_lib("common_test/include/ct.hrl"). +-include_lib("kernel/include/file.hrl"). + +% Default timetrap timeout +-define(default_timeout, ?t:minutes(1)). + +-define(USER, "Ã¥ke高兴"). +-define(PASSWD, "ärlig日本ã˜ã‚“"). +-define('sftp.txt', "sftp瑞点.txt"). +-define('test.txt', "testãƒãƒ³ã‚¹.txt"). +-define('link_test.txt', "link_test語.txt"). + +-define(bindata, unicode:characters_to_binary("foobar Ã¥ 一二三四ã„ã¡ã«ã•ã‚“ã¡") ). + +-define(NEWLINE, <<"\r\n">>). + +%%-------------------------------------------------------------------- +%% Common Test interface functions ----------------------------------- +%%-------------------------------------------------------------------- + +%% suite() -> +%% [{ct_hooks,[ts_install_cth]}]. + +all() -> + [{group, sftp}, + {group, shell} + ]. + + +init_per_suite(Config) -> + case {file:native_name_encoding(), (catch crypto:start())} of + {utf8, ok} -> + ssh:start(), + Config; + {utf8, _} -> + {skip,"Could not start crypto!"}; + _ -> + {skip,"Not unicode filename enabled emulator"} + end. + +end_per_suite(Config) -> + ssh:stop(), + crypto:stop(), + Config. + +%%-------------------------------------------------------------------- +groups() -> + [{shell, [], [shell_no_unicode, shell_unicode_string]}, + {sftp, [], [open_close_file, open_close_dir, read_file, read_dir, + write_file, rename_file, mk_rm_dir, remove_file, links, + retrieve_attributes, set_attributes, async_read, async_read_bin, + async_write + %% , position, pos_read, pos_write + ]}]. + +init_per_group(Group, Config) when Group==sftp + ; Group==shell -> + PrivDir = ?config(priv_dir, Config), + SysDir = ?config(data_dir, Config), + Sftpd = + ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, PrivDir}, + {user_passwords, [{?USER, ?PASSWD}]}]), + [{group,Group}, {sftpd, Sftpd} | Config]; + +init_per_group(Group, Config) -> + [{group,Group} | Config]. + + +end_per_group(erlang_server, Config) -> + Config; +end_per_group(_, Config) -> + Config. + +%%-------------------------------------------------------------------- +init_per_testcase(_Case, Config) -> + prep(Config), + TmpConfig0 = lists:keydelete(watchdog, 1, Config), + TmpConfig = lists:keydelete(sftp, 1, TmpConfig0), + Dog = ct:timetrap(?default_timeout), + + case ?config(group, Config) of + sftp -> + {_Pid, Host, Port} = ?config(sftpd, Config), + {ok, ChannelPid, Connection} = + ssh_sftp:start_channel(Host, Port, + [{user, ?USER}, + {password, ?PASSWD}, + {user_interaction, false}, + {silently_accept_hosts, true}]), + Sftp = {ChannelPid, Connection}, + [{sftp, Sftp}, {watchdog, Dog} | TmpConfig]; + shell -> + UserDir = ?config(priv_dir, Config), + process_flag(trap_exit, true), + {_Pid, _Host, Port} = ?config(sftpd, Config), + ct:sleep(500), + IO = ssh_test_lib:start_io_server(), + Shell = ssh_test_lib:start_shell(Port, IO, UserDir, + [{silently_accept_hosts, true}, + {user,?USER},{password,?PASSWD}]), +%%ct:pal("IO=~p, Shell=~p, self()=~p",[IO,Shell,self()]), + wait_for_erlang_first_line([{io,IO}, {shell,Shell} | Config]) + end. + + +wait_for_erlang_first_line(Config) -> + receive + {'EXIT', _, _} -> + {fail,no_ssh_connection}; + <<"Eshell ",_/binary>> = ErlShellStart -> +%% ct:pal("Erlang shell start: ~p~n", [ErlShellStart]), + Config; + Other -> + ct:pal("Unexpected answer from ssh server: ~p",[Other]), + {fail,unexpected_answer} + after 10000 -> + ct:pal("No answer from ssh-server"), + {fail,timeout} + end. + + + +end_per_testcase(rename_file, Config) -> + PrivDir = ?config(priv_dir, Config), + NewFileName = filename:join(PrivDir, ?'test.txt'), + file:delete(NewFileName), + end_per_testcase(Config); +end_per_testcase(_TC, Config) -> + end_per_testcase(Config). + +end_per_testcase(Config) -> + catch exit(?config(shell,Config), kill), + case ?config(sftp, Config) of + {Sftp, Connection} -> + ssh_sftp:stop_channel(Sftp), + ssh:close(Connection); + _ -> + ok + end. + +%%-------------------------------------------------------------------- +%% Test Cases -------------------------------------------------------- + +-define(chk_expected(Received,Expected), + (fun(R_,E_) when R_==E_ -> ok; + (R_,E_) -> ct:pal("Expected: ~p~nReceived: ~p~n", [E_,R_]), + E_ = R_ + end)(Received,Expected)). + +-define(receive_chk(Ref,Expected), + (fun(E__) -> + receive + {async_reply, Ref, Received} when Received==E__ -> + ?chk_expected(Received, E__); + {async_reply, Ref, Received} when Received=/=E__ -> + ct:pal("Expected: ~p~nReceived: ~p~n", [E__,Received]), + E__ = Received; + Msg -> + ct:pal("Expected (Ref=~p): ~p", [Ref,E__]), + ct:fail(Msg) + end + end)(Expected)). + +%%-------------------------------------------------------------------- + + +open_close_file() -> + [{doc, "Test API functions open/3 and close/2"}]. +open_close_file(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, ?'sftp.txt'), + {Sftp, _} = ?config(sftp, Config), + + lists:foreach( + fun(Mode) -> + ct:log("Mode: ~p",[Mode]), + %% list_dir(PrivDir), + ok = open_close_file(Sftp, FileName, Mode) + end, + [ + [read], + [write], + [write, creat], + [write, trunc], + [append], + [read, binary] + ]). + +open_close_file(Server, File, Mode) -> + {ok, Handle} = ssh_sftp:open(Server, File, Mode), + ok = ssh_sftp:close(Server, Handle). + +%%-------------------------------------------------------------------- +open_close_dir() -> + [{doc, "Test API functions opendir/2 and close/2"}]. +open_close_dir(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + {Sftp, _} = ?config(sftp, Config), + FileName = filename:join(PrivDir, ?'sftp.txt'), + + {ok, Handle} = ssh_sftp:opendir(Sftp, PrivDir), + ok = ssh_sftp:close(Sftp, Handle), + {error, _} = ssh_sftp:opendir(Sftp, FileName). + +%%-------------------------------------------------------------------- +read_file() -> + [{doc, "Test API funtion read_file/2"}]. +read_file(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, ?'sftp.txt'), + {Sftp, _} = ?config(sftp, Config), + ?chk_expected(ssh_sftp:read_file(Sftp,FileName), file:read_file(FileName)). + +%%-------------------------------------------------------------------- +read_dir() -> + [{doc,"Test API function list_dir/2"}]. +read_dir(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + {Sftp, _} = ?config(sftp, Config), + {ok, Files} = ssh_sftp:list_dir(Sftp, PrivDir), + ct:pal("sftp list dir: ~ts~n", [Files]). + +%%-------------------------------------------------------------------- +write_file() -> + [{doc, "Test API function write_file/2"}]. +write_file(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, ?'sftp.txt'), + {Sftp, _} = ?config(sftp, Config), + ok = ssh_sftp:write_file(Sftp, FileName, [?bindata]), + ?chk_expected(file:read_file(FileName), {ok,?bindata}). + +%%-------------------------------------------------------------------- +remove_file() -> + [{doc,"Test API function delete/2"}]. +remove_file(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, ?'sftp.txt'), + {Sftp, _} = ?config(sftp, Config), + + {ok, Files} = ssh_sftp:list_dir(Sftp, PrivDir), + true = lists:member(filename:basename(FileName), Files), + ok = ssh_sftp:delete(Sftp, FileName), + {ok, NewFiles} = ssh_sftp:list_dir(Sftp, PrivDir), + false = lists:member(filename:basename(FileName), NewFiles), + {error, _} = ssh_sftp:delete(Sftp, FileName). +%%-------------------------------------------------------------------- +rename_file() -> + [{doc, "Test API function rename_file/2"}]. +rename_file(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, ?'sftp.txt'), + NewFileName = filename:join(PrivDir, ?'test.txt'), + + {Sftp, _} = ?config(sftp, Config), + {ok, Files} = ssh_sftp:list_dir(Sftp, PrivDir), + ct:pal("FileName: ~ts~nFiles: ~ts~n", [FileName, [[$\n,$ ,F]||F<-Files] ]), + true = lists:member(filename:basename(FileName), Files), + false = lists:member(filename:basename(NewFileName), Files), + ok = ssh_sftp:rename(Sftp, FileName, NewFileName), + {ok, NewFiles} = ssh_sftp:list_dir(Sftp, PrivDir), + ct:pal("FileName: ~ts, Files: ~ts~n", [FileName, [[$\n,F]||F<-NewFiles] ]), + + false = lists:member(filename:basename(FileName), NewFiles), + true = lists:member(filename:basename(NewFileName), NewFiles). + +%%-------------------------------------------------------------------- +mk_rm_dir() -> + [{doc,"Test API functions make_dir/2, del_dir/2"}]. +mk_rm_dir(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + {Sftp, _} = ?config(sftp, Config), + + DirName = filename:join(PrivDir, "test"), + ok = ssh_sftp:make_dir(Sftp, DirName), + ok = ssh_sftp:del_dir(Sftp, DirName), + NewDirName = filename:join(PrivDir, "foo/bar"), + {error, _} = ssh_sftp:make_dir(Sftp, NewDirName), + {error, _} = ssh_sftp:del_dir(Sftp, PrivDir). + +%%-------------------------------------------------------------------- +links() -> + [{doc,"Tests API function make_symlink/3"}]. +links(Config) when is_list(Config) -> + case os:type() of + {win32, _} -> + {skip, "Links are not fully supported by windows"}; + _ -> + {Sftp, _} = ?config(sftp, Config), + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, ?'sftp.txt'), + LinkFileName = filename:join(PrivDir, ?'link_test.txt'), + + ok = ssh_sftp:make_symlink(Sftp, LinkFileName, FileName), + {ok, FileName} = ssh_sftp:read_link(Sftp, LinkFileName) + end. + +%%-------------------------------------------------------------------- +retrieve_attributes() -> + [{doc, "Test API function read_file_info/3"}]. +retrieve_attributes(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, ?'sftp.txt'), + + {Sftp, _} = ?config(sftp, Config), + {ok, FileInfo} = ssh_sftp:read_file_info(Sftp, FileName), + {ok, NewFileInfo} = file:read_file_info(FileName), + + %% TODO comparison. There are some differences now is that ok? + ct:pal("SFTP: ~p~nFILE: ~p~n", [FileInfo, NewFileInfo]). + +%%-------------------------------------------------------------------- +set_attributes() -> + [{doc,"Test API function write_file_info/3"}]. +set_attributes(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, ?'test.txt'), + + {Sftp, _} = ?config(sftp, Config), + {ok,Fd} = file:open(FileName, write), + io:put_chars(Fd,"foo"), + ok = ssh_sftp:write_file_info(Sftp, FileName, #file_info{mode=8#400}), + {error, eacces} = file:write_file(FileName, "hello again"), + ssh_sftp:write_file_info(Sftp, FileName, #file_info{mode=8#600}), + ok = file:write_file(FileName, "hello again"). + +%%-------------------------------------------------------------------- + +async_read() -> + [{doc,"Test API aread/3"}]. +async_read(Config) when is_list(Config) -> + do_async_read(Config, false). + +async_read_bin() -> + [{doc,"Test API aread/3"}]. +async_read_bin(Config) when is_list(Config) -> + do_async_read(Config, true). + +do_async_read(Config, BinaryFlag) -> + {Sftp, _} = ?config(sftp, Config), + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, ?'sftp.txt'), + {ok,ExpDataBin} = file:read_file(FileName), + ExpData = case BinaryFlag of + true -> ExpDataBin; + false -> binary_to_list(ExpDataBin) + end, + {ok, Handle} = ssh_sftp:open(Sftp, FileName, [read|case BinaryFlag of + true -> [binary]; + false -> [] + end]), + {async, Ref} = ssh_sftp:aread(Sftp, Handle, 20), + ?receive_chk(Ref, {ok,ExpData}). + +%%-------------------------------------------------------------------- +async_write() -> + [{doc,"Test API awrite/3"}]. +async_write(Config) when is_list(Config) -> + {Sftp, _} = ?config(sftp, Config), + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, ?'test.txt'), + {ok, Handle} = ssh_sftp:open(Sftp, FileName, [write]), + Expected = ?bindata, + {async, Ref} = ssh_sftp:awrite(Sftp, Handle, Expected), + + receive + {async_reply, Ref, ok} -> + {ok, Data} = file:read_file(FileName), + ?chk_expected(Data, Expected); + Msg -> + ct:fail(Msg) + end. + +%%-------------------------------------------------------------------- + +position() -> + [{doc, "Test API functions position/3"}]. +position(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, ?'test.txt'), + {Sftp, _} = ?config(sftp, Config), + + Data = list_to_binary("1234567890"), + ssh_sftp:write_file(Sftp, FileName, [Data]), + {ok, Handle} = ssh_sftp:open(Sftp, FileName, [read]), + + {ok, 3} = ssh_sftp:position(Sftp, Handle, {bof, 3}), + {ok, "4"} = ssh_sftp:read(Sftp, Handle, 1), + + {ok, 10} = ssh_sftp:position(Sftp, Handle, eof), + eof = ssh_sftp:read(Sftp, Handle, 1), + + {ok, 6} = ssh_sftp:position(Sftp, Handle, {bof, 6}), + {ok, "7"} = ssh_sftp:read(Sftp, Handle, 1), + + {ok, 9} = ssh_sftp:position(Sftp, Handle, {cur, 2}), + {ok, "0"} = ssh_sftp:read(Sftp, Handle, 1), + + {ok, 0} = ssh_sftp:position(Sftp, Handle, bof), + {ok, "1"} = ssh_sftp:read(Sftp, Handle, 1), + + {ok, 1} = ssh_sftp:position(Sftp, Handle, cur), + {ok, "2"} = ssh_sftp:read(Sftp, Handle, 1). + +%%-------------------------------------------------------------------- +pos_read() -> + [{doc,"Test API functions pread/3 and apread/3"}]. +pos_read(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, ?'test.txt'), + {Sftp, _} = ?config(sftp, Config), + Data = ?bindata, + ssh_sftp:write_file(Sftp, FileName, [Data]), + + {ok, Handle} = ssh_sftp:open(Sftp, FileName, [read]), + {async, Ref} = ssh_sftp:apread(Sftp, Handle, {bof,5}, 4), + + ?receive_chk(Ref, {ok,binary_part(Data,5,4)}), + ?chk_expected(ssh_sftp:pread(Sftp,Handle,{bof,4},4), {ok,binary_part(Data,4,4)}). + + +%%-------------------------------------------------------------------- +pos_write() -> + [{doc,"Test API functions pwrite/4 and apwrite/4"}]. +pos_write(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, ?'test.txt'), + {Sftp, _} = ?config(sftp, Config), + + {ok, Handle} = ssh_sftp:open(Sftp, FileName, [write]), + + Data = unicode:characters_to_list("å†è§"), + ssh_sftp:write_file(Sftp, FileName, [Data]), + + NewData = unicode:characters_to_list(" ã•ã‚ˆã†ãªã‚‰"), + {async, Ref} = ssh_sftp:apwrite(Sftp, Handle, {bof, 2}, NewData), + ?receive_chk(Ref, ok), + + ok = ssh_sftp:pwrite(Sftp, Handle, eof, unicode:characters_to_list(" adjö ")), + + ?chk_expected(ssh_sftp:read_file(Sftp,FileName), + {ok,unicode:characters_to_binary("å†è§ ã•ã‚ˆã†ãªã‚‰ adjö ")}). + +%%-------------------------------------------------------------------- +sftp_nonexistent_subsystem() -> + [{doc, "Try to execute sftp subsystem on a server that does not support it"}]. +sftp_nonexistent_subsystem(Config) when is_list(Config) -> + {_,Host, Port} = ?config(sftpd, Config), + {error,"server failed to start sftp subsystem"} = + ssh_sftp:start_channel(Host, Port, + [{user_interaction, false}, + {user, ?USER}, + {password, ?PASSWD}, + {silently_accept_hosts, true}]). + +%%-------------------------------------------------------------------- +shell_no_unicode(Config) -> + do_shell(?config(io,Config), + [new_prompt, + {type,"io:format(\"hej ~p~n\",[42])."}, + {expect,"hej 42"} + ]). + +%%-------------------------------------------------------------------- +shell_unicode_string(Config) -> + do_shell(?config(io,Config), + [new_prompt, + {type,"io:format(\"ã“ã«ã¡ã‚~ts~n\",[\"四二\"])."}, + {expect,"ã“ã«ã¡ã‚四二"}, + {expect,"ok"} + ]). + +%%-------------------------------------------------------------------- +%% Internal functions ------------------------------------------------ +%%-------------------------------------------------------------------- +prep(Config) -> + PrivDir = ?config(priv_dir, Config), + TestFile = filename:join(PrivDir, ?'sftp.txt'), + TestFile1 = filename:join(PrivDir, ?'test.txt'), + TestLink = filename:join(PrivDir, ?'link_test.txt'), + + file:delete(TestFile), + file:delete(TestFile1), + file:delete(TestLink), + + %% Initial config + DataDir = ?config(data_dir, Config), + FileName = filename:join(DataDir, ?'sftp.txt'), + {ok,_BytesCopied} = file:copy(FileName, TestFile), + Mode = 8#00400 bor 8#00200 bor 8#00040, % read & write owner, read group + {ok, FileInfo} = file:read_file_info(TestFile), + ok = file:write_file_info(TestFile, + FileInfo#file_info{mode = Mode}). + + +%% list_dir(Dir) -> +%% ct:pal("prep/1: ls(~p):~n~p~n~ts",[Dir, file:list_dir(Dir), +%% begin +%% {ok,DL} = file:list_dir(Dir), +%% [[$\n|FN] || FN <- DL] +%% end]). + + +%%-------------------------------------------------------------------- +do_shell(IO, List) -> do_shell(IO, 0, List). + +do_shell(IO, N, [new_prompt|More]) -> + do_shell(IO, N+1, More); + +do_shell(IO, N, Ops=[{Order,Arg}|More]) -> + receive + X = <<"\r\n">> -> +%% ct:pal("Skip newline ~p",[X]), + do_shell(IO, N, Ops); + + < ">> when (P1-$0)==N -> + do_shell_prompt(IO, N, Order, Arg, More); + + < ">> when (P1-$0)*10 + (P2-$0) == N -> + do_shell_prompt(IO, N, Order, Arg, More); + + Err when element(1,Err)==error -> + ct:fail("do_shell error: ~p~n",[Err]); + + RecBin when Order==expect ; Order==expect_echo -> +%% ct:pal("received ~p",[RecBin]), + RecStr = string:strip(unicode:characters_to_list(RecBin)), + ExpStr = string:strip(Arg), + case lists:prefix(ExpStr, RecStr) of + true when Order==expect -> + ct:pal("Matched ~ts",[RecStr]), + do_shell(IO, N, More); + true when Order==expect_echo -> + ct:pal("Matched echo ~ts",[RecStr]), + do_shell(IO, N, More); + false -> + ct:fail("*** Expected ~p, but got ~p",[string:strip(ExpStr),RecStr]) + end + after 10000 -> + case Order of + expect -> ct:fail("timeout, expected ~p",[string:strip(Arg)]); + type -> ct:fail("timeout, no prompt") + end + end; + +do_shell(_, _, []) -> + ok. + + +do_shell_prompt(IO, N, type, Str, More) -> +%% ct:pal("Matched prompt ~p to trigger sending of next line to server",[N]), + IO ! {input, self(), Str++"\r\n"}, + ct:pal("Promt '~p> ', Sent ~ts",[N,Str++"\r\n"]), + do_shell(IO, N, [{expect_echo,Str}|More]); % expect echo of the sent line +do_shell_prompt(IO, N, Op, Str, More) -> +%% ct:pal("Matched prompt ~p",[N]), + do_shell(IO, N, [{Op,Str}|More]). + +%%-------------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_unicode_SUITE_data/sftp.txt b/lib/ssh/test/ssh_unicode_SUITE_data/sftp.txt new file mode 100644 index 0000000000..3eaaddca21 --- /dev/null +++ b/lib/ssh/test/ssh_unicode_SUITE_data/sftp.txt @@ -0,0 +1 @@ +åäöÅÄÖ瑞語 diff --git "a/lib/ssh/test/ssh_unicode_SUITE_data/sftp\347\221\236\347\202\271.txt" "b/lib/ssh/test/ssh_unicode_SUITE_data/sftp\347\221\236\347\202\271.txt" new file mode 100644 index 0000000000..3eaaddca21 --- /dev/null +++ "b/lib/ssh/test/ssh_unicode_SUITE_data/sftp\347\221\236\347\202\271.txt" @@ -0,0 +1 @@ +åäöÅÄÖ瑞語 diff --git a/lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key new file mode 100644 index 0000000000..51ab6fbd88 --- /dev/null +++ b/lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK +wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q +diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA +l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X +skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF +Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP +ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah +/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U +ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W +Lv62jKcdskxNyz2NQoBx +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key.pub new file mode 100644 index 0000000000..4dbb1305b0 --- /dev/null +++ b/lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key.pub @@ -0,0 +1,11 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j +YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2 +KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU +aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI +fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT +MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh +DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48 +wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2 +/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg== +---- END SSH2 PUBLIC KEY ---- -- cgit v1.2.3 From fad418cd6b17e2c4509a282b95e87742317e543f Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 20 Jan 2014 16:12:26 +0100 Subject: ssh: Update documentation --- lib/ssh/doc/src/ssh.xml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 679ef9bc19..ee41e17da4 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -38,6 +38,8 @@ Supported SSH version is 2.0 Supported MAC algorithms: hmac-sha1 Supported encryption algorithms: aes128-cb and 3des-cbc + Supports unicode filenames if the emulator does so for the current os + Supports unicode in shell and cli
-- cgit v1.2.3 From e5d1f059f833a00c896b61788c0d6395a4fda8c6 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 21 Jan 2014 17:48:48 +0100 Subject: ssh: minor doc correction about unicode --- lib/ssh/doc/src/ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index ee41e17da4..89d8be850e 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -38,7 +38,7 @@ Supported SSH version is 2.0 Supported MAC algorithms: hmac-sha1 Supported encryption algorithms: aes128-cb and 3des-cbc - Supports unicode filenames if the emulator does so for the current os + Supports unicode filenames if the emulator and the underlaying OS supports it. See the DESCRIPTION section in file for information about this subject Supports unicode in shell and cli -- cgit v1.2.3 From 3b373f83f64f89464a648fe608e87e805ec32547 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 21 Jan 2014 17:49:30 +0100 Subject: ssh: prepare vsn.mk for release --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 8186f39888..9ffc59dbaf 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.0 +SSH_VSN = 3.0.1 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 0925058a5fdf90de95122b934d995f609a075594 Mon Sep 17 00:00:00 2001 From: Hans Svensson Date: Thu, 23 Jan 2014 10:16:12 +0100 Subject: lib/ssh - Replace reverse(tl(reverse(L))) with lists:droplast/1 --- lib/ssh/src/ssh_sftpd.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl index 174ca0126b..50cbdd5e45 100644 --- a/lib/ssh/src/ssh_sftpd.erl +++ b/lib/ssh/src/ssh_sftpd.erl @@ -675,7 +675,7 @@ resolve_symlinks_2(["." | RestPath], State0, LinkCnt, AccPath) -> resolve_symlinks_2([".." | RestPath], State0, LinkCnt, AccPath) -> %% Remove the last path component AccPathComps0 = filename:split(AccPath), - Path = case lists:reverse(tl(lists:reverse(AccPathComps0))) of + Path = case lists:droplast(AccPathComps0))) of [] -> ""; AccPathComps -> -- cgit v1.2.3 From b246e47d53d4b738fe47df1d7bf71138a8501e02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20Wei=C3=9Fl?= Date: Mon, 27 Jan 2014 00:43:00 +0100 Subject: ssh: Fix dialyzer type specs and documentation Similar to d9ebfb8. The wrong specs were leading to dialyzer warnings like this in our application since R16B03: The pattern 'ok' can never match the type {'error',_}. The pattern {'error', {'already_started', 'ssh'}} can never match the type 'ok'. The pattern {'error', _} can never match the type {'open_error',_,string(),string()}. --- lib/ssh/doc/src/ssh.xml | 5 ++++- lib/ssh/src/ssh.erl | 6 +++--- lib/ssh/src/ssh_connection_handler.erl | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index c1a51d57fc..3a16eb29fa 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -365,8 +365,11 @@ - stop() -> ok + stop() -> ok | {error, Reason} Stops the SSH application. + + Reason = term() +

Stops the SSH application. See also application(3)

diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 2685b1553b..891f9cc030 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -32,8 +32,8 @@ shell/1, shell/2, shell/3]). %%-------------------------------------------------------------------- --spec start() -> ok. --spec start(permanent | transient | temporary) -> ok. +-spec start() -> ok | {error, term()}. +-spec start(permanent | transient | temporary) -> ok | {error, term()}. %% %% Description: Starts the ssh application. Default type %% is temporary. see application(3) @@ -51,7 +51,7 @@ start(Type) -> application:start(ssh, Type). %%-------------------------------------------------------------------- --spec stop() -> ok. +-spec stop() -> ok | {error, term()}. %% %% Description: Stops the ssh application. %%-------------------------------------------------------------------- diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 3462b98172..070a2db5a8 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -157,7 +157,7 @@ init([Role, Socket, SshOpts]) -> %%-------------------------------------------------------------------- -spec open_channel(pid(), string(), iodata(), integer(), integer(), - timeout()) -> {open, channel_id()} | {open_error, term(), string(), string()}. + timeout()) -> {open, channel_id()} | {error, term()}. %%-------------------------------------------------------------------- open_channel(ConnectionHandler, ChannelType, ChannelSpecificData, InitialWindowSize, -- cgit v1.2.3 From 302954c0641ba679fb33a003c0a665b7b4a79a0e Mon Sep 17 00:00:00 2001 From: Lukas Larsson Date: Mon, 27 Jan 2014 16:14:10 +0100 Subject: 17.0 anchor and broken links fixes --- lib/ssh/doc/src/ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 89d8be850e..5d5f2e5b91 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -38,7 +38,7 @@ Supported SSH version is 2.0 Supported MAC algorithms: hmac-sha1 Supported encryption algorithms: aes128-cb and 3des-cbc - Supports unicode filenames if the emulator and the underlaying OS supports it. See the DESCRIPTION section in file for information about this subject + Supports unicode filenames if the emulator and the underlaying OS supports it. See the DESCRIPTION section in file for information about this subject Supports unicode in shell and cli -- cgit v1.2.3 From 05f492a4745ab0862da0eca9d60a372c9eb01c9a Mon Sep 17 00:00:00 2001 From: Tuncer Ayaz Date: Thu, 12 Dec 2013 12:29:38 +0100 Subject: Fix incorrect proplists type reference ssh and public_key were referring to proplists:proplists/0 which does not exist. Fix by using the correct type proplists:proplist/0. --- lib/ssh/src/ssh.erl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 2685b1553b..9f571adba2 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -59,8 +59,8 @@ stop() -> application:stop(ssh). %%-------------------------------------------------------------------- --spec connect(string(), integer(), proplists:proplists()) -> {ok, pid()} | {error, term()}. --spec connect(string(), integer(), proplists:proplists(), timeout()) -> {ok, pid()} | {error, term()}. +-spec connect(string(), integer(), proplists:proplist()) -> {ok, pid()} | {error, term()}. +-spec connect(string(), integer(), proplists:proplist(), timeout()) -> {ok, pid()} | {error, term()}. %% %% Description: Starts an ssh connection. %%-------------------------------------------------------------------- -- cgit v1.2.3 From 16aae9d538c8ed3c47a021c7ab10ff9f99231b7e Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 28 Jan 2014 14:26:21 +0100 Subject: ssh: The server ssh_cli does not delay tty_geometry requests in case no tty is allocated --- lib/ssh/src/ssh_cli.erl | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl index 41febf9707..77453e8fd7 100644 --- a/lib/ssh/src/ssh_cli.erl +++ b/lib/ssh/src/ssh_cli.erl @@ -170,10 +170,19 @@ handle_msg({Group, get_unicode_state}, State) -> {ok, State}; handle_msg({Group, tty_geometry}, #state{group = Group, - pty = #ssh_pty{width=Width, - height=Height} + pty = Pty } = State) -> - Group ! {self(),tty_geometry,{Width,Height}}, + case Pty of + #ssh_pty{width=Width,height=Height} -> + Group ! {self(),tty_geometry,{Width,Height}}; + _ -> + %% This is a dirty fix of the problem with the otp ssh:shell + %% client. That client will not allocate a tty, but someone + %% asks for the tty_geometry just before every erlang prompt. + %% If that question is not answered, there is a 2 sec timeout + %% Until the prompt is seen by the user at the client side ... + Group ! {self(),tty_geometry,{0,0}} + end, {ok,State}; handle_msg({Group, Req}, #state{group = Group, buf = Buf, pty = Pty, -- cgit v1.2.3 From 55222b92e84960c66fcd1a220c54917f3dfbda2e Mon Sep 17 00:00:00 2001 From: Hans Svensson Date: Thu, 23 Jan 2014 10:18:37 +0100 Subject: lib/mnesia/test/ - Replace reverse(tl(reverse(L))) with lists:droplast/1 --- lib/ssh/src/ssh_sftpd.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl index 50cbdd5e45..2bc68e62bb 100644 --- a/lib/ssh/src/ssh_sftpd.erl +++ b/lib/ssh/src/ssh_sftpd.erl @@ -675,7 +675,7 @@ resolve_symlinks_2(["." | RestPath], State0, LinkCnt, AccPath) -> resolve_symlinks_2([".." | RestPath], State0, LinkCnt, AccPath) -> %% Remove the last path component AccPathComps0 = filename:split(AccPath), - Path = case lists:droplast(AccPathComps0))) of + Path = case lists:droplast(AccPathComps0) of [] -> ""; AccPathComps -> -- cgit v1.2.3 From a6e276c39becc11c5be5d45aaa019dd484b881c5 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 4 Feb 2014 14:19:34 +0100 Subject: Fix that result on stderr sent back to ssh:exec had length info present --- lib/ssh/src/ssh_message.erl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 01a0988718..fa4397b2f5 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -315,8 +315,8 @@ decode(<>) -> +decode(<>) -> #ssh_msg_channel_extended_data{ recipient_channel = Recipient, data_type_code = DataType, -- cgit v1.2.3 From f101ec080228d25be20c1f8e3473e4ca1b661ab4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 5 Feb 2014 17:07:38 +0100 Subject: ssh: fix 'known_hosts' bug in ssh_file --- lib/ssh/src/ssh_file.erl | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl index 21cdedc156..5692138a8a 100644 --- a/lib/ssh/src/ssh_file.erl +++ b/lib/ssh/src/ssh_file.erl @@ -65,7 +65,7 @@ is_auth_key(Key, User,Opts) -> %% Used by client is_host_key(Key, PeerName, Algorithm, Opts) -> - case lookup_host_key(PeerName, Algorithm, Opts) of + case lookup_host_key(Key, PeerName, Algorithm, Opts) of {ok, Key} -> true; _ -> @@ -121,9 +121,9 @@ decode_ssh_file(Pem, Password) -> %% return {ok, Key(s)} or {error, not_found} %% -lookup_host_key(Host, Alg, Opts) -> +lookup_host_key(KeyToMatch, Host, Alg, Opts) -> Host1 = replace_localhost(Host), - do_lookup_host_key(Host1, Alg, Opts). + do_lookup_host_key(KeyToMatch, Host1, Alg, Opts). add_host_key(Host, Key, Opts) -> @@ -204,10 +204,10 @@ replace_localhost("localhost") -> replace_localhost(Host) -> Host. -do_lookup_host_key(Host, Alg, Opts) -> +do_lookup_host_key(KeyToMatch, Host, Alg, Opts) -> case file:open(file_name(user, "known_hosts", Opts), [read, binary]) of {ok, Fd} -> - Res = lookup_host_key_fd(Fd, Host, Alg), + Res = lookup_host_key_fd(Fd, KeyToMatch, Host, Alg), file:close(Fd), {ok, Res}; {error, enoent} -> {error, not_found}; @@ -228,16 +228,16 @@ identity_pass_phrase('ssh-rsa') -> identity_pass_phrase("ssh-rsa") -> rsa_pass_phrase. -lookup_host_key_fd(Fd, Host, KeyType) -> +lookup_host_key_fd(Fd, KeyToMatch, Host, KeyType) -> case io:get_line(Fd, '') of eof -> {error, not_found}; Line -> case ssh_decode_line(Line, known_hosts) of [{Key, Attributes}] -> - handle_host(Fd, Host, proplists:get_value(hostnames, Attributes), Key, KeyType); + handle_host(Fd, KeyToMatch, Host, proplists:get_value(hostnames, Attributes), Key, KeyType); [] -> - lookup_host_key_fd(Fd, Host, KeyType) + lookup_host_key_fd(Fd, KeyToMatch, Host, KeyType) end end. @@ -248,13 +248,13 @@ ssh_decode_line(Line, Type) -> [] end. -handle_host(Fd, Host, HostList, Key, KeyType) -> +handle_host(Fd, KeyToMatch, Host, HostList, Key, KeyType) -> Host1 = host_name(Host), - case lists:member(Host1, HostList) and key_match(Key, KeyType) of - true -> + case lists:member(Host1, HostList) andalso key_match(Key, KeyType) of + true when KeyToMatch == Key -> Key; - false -> - lookup_host_key_fd(Fd, Host, KeyType) + _ -> + lookup_host_key_fd(Fd, KeyToMatch, Host, KeyType) end. host_name(Atom) when is_atom(Atom) -> -- cgit v1.2.3 From dd9475eb43438eff962ef7fbc13e5fe5e0638ac4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 13 Feb 2014 14:42:58 +0100 Subject: ssh: Fixes memory crash --- lib/ssh/src/ssh_message.erl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index fa4397b2f5..95016a9832 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -424,8 +424,9 @@ decode(<>) -> #ssh_msg_kex_dh_gex_request_old{ n = N }; -decode(<>) -> +decode(<>) -> #ssh_msg_kex_dh_gex_group{ p = Prime, g = Generator -- cgit v1.2.3 From b2dc0478ddaef9898b6672a469c06aee63e9f830 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 12 Feb 2014 13:48:54 +0100 Subject: ssh: Changed order of decode clauses to temp fix decode error --- lib/ssh/src/ssh_message.erl | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 95016a9832..8d6c77c0ed 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -380,27 +380,30 @@ decode(<>) -> + #ssh_msg_userauth_info_request{ + name = Name, + instruction = Inst, + language_tag = Lang, + num_prompts = NumPromtps, + data = Data}; + +%%% Unhandled message, also masked by same 1:st byte value as ?SSH_MSG_USERAUTH_INFO_REQUEST: decode(<>) -> #ssh_msg_userauth_pk_ok{ algorithm_name = Alg, key_blob = KeyBlob }; +%%% Unhandled message, also masked by same 1:st byte value as ?SSH_MSG_USERAUTH_INFO_REQUEST: decode(<>) -> #ssh_msg_userauth_passwd_changereq{ prompt = Prompt, languge = Lang }; -decode(<>) -> - #ssh_msg_userauth_info_request{ - name = Name, - instruction = Inst, - language_tag = Lang, - num_prompts = NumPromtps, - data = Data}; decode(<>) -> #ssh_msg_userauth_info_response{ -- cgit v1.2.3 From 0ce8bca286c0d283e8ef833ce73284d717c1c161 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 4 Feb 2014 14:19:34 +0100 Subject: Fix that result on stderr sent back to ssh:exec had length info present --- lib/ssh/src/ssh_message.erl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 7bd0375521..2cb33eff32 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -315,8 +315,8 @@ decode(<>) -> +decode(<>) -> #ssh_msg_channel_extended_data{ recipient_channel = Recipient, data_type_code = DataType, -- cgit v1.2.3 From 0179e67a2df1ee12b35eb0220f05fdf3b03cbba2 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 13 Feb 2014 14:42:58 +0100 Subject: ssh: Fixes memory crash --- lib/ssh/src/ssh_message.erl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 2cb33eff32..219360bb08 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -424,8 +424,9 @@ decode(<>) -> #ssh_msg_kex_dh_gex_request_old{ n = N }; -decode(<>) -> +decode(<>) -> #ssh_msg_kex_dh_gex_group{ p = Prime, g = Generator -- cgit v1.2.3 From b59ec053b2c8f7b75cce7448705da96a5fcc849a Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 12 Feb 2014 13:48:54 +0100 Subject: ssh: Changed order of decode clauses to temp fix decode error --- lib/ssh/src/ssh_message.erl | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 219360bb08..a63881db64 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -380,27 +380,30 @@ decode(<>) -> + #ssh_msg_userauth_info_request{ + name = Name, + instruction = Inst, + language_tag = Lang, + num_prompts = NumPromtps, + data = Data}; + +%%% Unhandled message, also masked by same 1:st byte value as ?SSH_MSG_USERAUTH_INFO_REQUEST: decode(<>) -> #ssh_msg_userauth_pk_ok{ algorithm_name = Alg, key_blob = KeyBlob }; +%%% Unhandled message, also masked by same 1:st byte value as ?SSH_MSG_USERAUTH_INFO_REQUEST: decode(<>) -> #ssh_msg_userauth_passwd_changereq{ prompt = Prompt, languge = Lang }; -decode(<>) -> - #ssh_msg_userauth_info_request{ - name = Name, - instruction = Inst, - language_tag = Lang, - num_prompts = NumPromtps, - data = Data}; decode(<>) -> #ssh_msg_userauth_info_response{ -- cgit v1.2.3 From 096fd73c8e2779b0f07be4ef649991d8cd32c075 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 5 Feb 2014 17:07:38 +0100 Subject: ssh: fix 'known_hosts' bug in ssh_file --- lib/ssh/src/ssh_file.erl | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl index 21cdedc156..5692138a8a 100644 --- a/lib/ssh/src/ssh_file.erl +++ b/lib/ssh/src/ssh_file.erl @@ -65,7 +65,7 @@ is_auth_key(Key, User,Opts) -> %% Used by client is_host_key(Key, PeerName, Algorithm, Opts) -> - case lookup_host_key(PeerName, Algorithm, Opts) of + case lookup_host_key(Key, PeerName, Algorithm, Opts) of {ok, Key} -> true; _ -> @@ -121,9 +121,9 @@ decode_ssh_file(Pem, Password) -> %% return {ok, Key(s)} or {error, not_found} %% -lookup_host_key(Host, Alg, Opts) -> +lookup_host_key(KeyToMatch, Host, Alg, Opts) -> Host1 = replace_localhost(Host), - do_lookup_host_key(Host1, Alg, Opts). + do_lookup_host_key(KeyToMatch, Host1, Alg, Opts). add_host_key(Host, Key, Opts) -> @@ -204,10 +204,10 @@ replace_localhost("localhost") -> replace_localhost(Host) -> Host. -do_lookup_host_key(Host, Alg, Opts) -> +do_lookup_host_key(KeyToMatch, Host, Alg, Opts) -> case file:open(file_name(user, "known_hosts", Opts), [read, binary]) of {ok, Fd} -> - Res = lookup_host_key_fd(Fd, Host, Alg), + Res = lookup_host_key_fd(Fd, KeyToMatch, Host, Alg), file:close(Fd), {ok, Res}; {error, enoent} -> {error, not_found}; @@ -228,16 +228,16 @@ identity_pass_phrase('ssh-rsa') -> identity_pass_phrase("ssh-rsa") -> rsa_pass_phrase. -lookup_host_key_fd(Fd, Host, KeyType) -> +lookup_host_key_fd(Fd, KeyToMatch, Host, KeyType) -> case io:get_line(Fd, '') of eof -> {error, not_found}; Line -> case ssh_decode_line(Line, known_hosts) of [{Key, Attributes}] -> - handle_host(Fd, Host, proplists:get_value(hostnames, Attributes), Key, KeyType); + handle_host(Fd, KeyToMatch, Host, proplists:get_value(hostnames, Attributes), Key, KeyType); [] -> - lookup_host_key_fd(Fd, Host, KeyType) + lookup_host_key_fd(Fd, KeyToMatch, Host, KeyType) end end. @@ -248,13 +248,13 @@ ssh_decode_line(Line, Type) -> [] end. -handle_host(Fd, Host, HostList, Key, KeyType) -> +handle_host(Fd, KeyToMatch, Host, HostList, Key, KeyType) -> Host1 = host_name(Host), - case lists:member(Host1, HostList) and key_match(Key, KeyType) of - true -> + case lists:member(Host1, HostList) andalso key_match(Key, KeyType) of + true when KeyToMatch == Key -> Key; - false -> - lookup_host_key_fd(Fd, Host, KeyType) + _ -> + lookup_host_key_fd(Fd, KeyToMatch, Host, KeyType) end. host_name(Atom) when is_atom(Atom) -> -- cgit v1.2.3 From 0b032d01637d039d508fa331c51ba24e8ae7f94e Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 28 Jan 2014 14:26:21 +0100 Subject: ssh: The server ssh_cli does not delay tty_geometry requests in case no tty is allocated --- lib/ssh/src/ssh_cli.erl | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl index 2c8e515a14..a53521c236 100644 --- a/lib/ssh/src/ssh_cli.erl +++ b/lib/ssh/src/ssh_cli.erl @@ -170,10 +170,19 @@ handle_msg({Group, get_unicode_state}, State) -> {ok, State}; handle_msg({Group, tty_geometry}, #state{group = Group, - pty = #ssh_pty{width=Width, - height=Height} + pty = Pty } = State) -> - Group ! {self(),tty_geometry,{Width,Height}}, + case Pty of + #ssh_pty{width=Width,height=Height} -> + Group ! {self(),tty_geometry,{Width,Height}}; + _ -> + %% This is a dirty fix of the problem with the otp ssh:shell + %% client. That client will not allocate a tty, but someone + %% asks for the tty_geometry just before every erlang prompt. + %% If that question is not answered, there is a 2 sec timeout + %% Until the prompt is seen by the user at the client side ... + Group ! {self(),tty_geometry,{0,0}} + end, {ok,State}; handle_msg({Group, Req}, #state{group = Group, buf = Buf, pty = Pty, -- cgit v1.2.3 From 8071fde6f55056ef75b9b9836a6d75afa7e92ea2 Mon Sep 17 00:00:00 2001 From: Henrik Nord Date: Thu, 21 Nov 2013 11:00:39 +0100 Subject: fix calculation of variable thanks to Alexander Demidenko --- lib/ssh/src/ssh_cli.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl index a53521c236..77453e8fd7 100644 --- a/lib/ssh/src/ssh_cli.erl +++ b/lib/ssh/src/ssh_cli.erl @@ -358,7 +358,7 @@ delete_chars(N, {Buf, BufTail, Col}, Tty) when N > 0 -> {Buf, NewBufTail, Col}}; delete_chars(N, {Buf, BufTail, Col}, Tty) -> % N < 0 NewBuf = nthtail(-N, Buf), - NewCol = Col + N, + NewCol = case Col + N of V when V >= 0 -> V; _ -> 0 end, M1 = move_cursor(Col, NewCol, Tty), M2 = move_cursor(NewCol + length(BufTail) - N, NewCol, Tty), {[M1, BufTail, lists:duplicate(-N, $ ) | M2], -- cgit v1.2.3 From 15e1ff76c9b14bb281c1e2438be6f49e1df2edaa Mon Sep 17 00:00:00 2001 From: Tobias Schlager Date: Tue, 18 Feb 2014 12:12:21 +0100 Subject: Fix non-library appup files according to issue #240 Fix the appup files of runtime_tools and os_mon with wildcard version regexps. inets, odbc and ssh regexps have been corrected to match as originally intended. --- lib/ssh/src/ssh.appup.src | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 32f7cc470b..df34a5a3ff 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -1,7 +1,7 @@ -%% +%% -*- erlang -*- %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2013. All Rights Reserved. +%% Copyright Ericsson AB 2004-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -19,13 +19,13 @@ {"%VSN%", [ - {<<"2.1\\.*">>, [{restart_application, ssh}]}, - {<<"2.0\\.*">>, [{restart_application, ssh}]}, - {<<"1\\.*">>, [{restart_application, ssh}]} + {<<"2\\.1\\..*">>, [{restart_application, ssh}]}, + {<<"2\\.0\\..*">>, [{restart_application, ssh}]}, + {<<"1\\..*">>, [{restart_application, ssh}]} ], [ - {<<"2.1\\.*">>,[{restart_application, ssh}]}, - {<<"2.0\\.*">>, [{restart_application, ssh}]}, - {<<"1\\.*">>, [{restart_application, ssh}]} + {<<"2\\.1\\..*">>,[{restart_application, ssh}]}, + {<<"2\\.0\\..*">>, [{restart_application, ssh}]}, + {<<"1\\..*">>, [{restart_application, ssh}]} ] }. -- cgit v1.2.3 From 841addf5d64a3b4775cd1d0a5aa4bf04ec4ef95e Mon Sep 17 00:00:00 2001 From: Tobias Schlager Date: Tue, 18 Feb 2014 12:33:31 +0100 Subject: Add test suites performing app and appup file checks Add the mentioned test suites for *all* library and touched non-library applications. --- lib/ssh/test/ssh_basic_SUITE.erl | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index b4e3871efd..d2e52379fa 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -38,6 +38,7 @@ suite() -> all() -> [app_test, + appup_test, {group, dsa_key}, {group, rsa_key}, {group, dsa_pass_key}, @@ -150,6 +151,11 @@ app_test(Config) when is_list(Config) -> ?t:app_test(ssh), ok. %%-------------------------------------------------------------------- +appup_test() -> + [{doc, "Appup file consistency test."}]. +appup_test(Config) when is_list(Config) -> + ok = ?t:appup_test(ssh). +%%-------------------------------------------------------------------- misc_ssh_options() -> [{doc, "Test that we can set some misc options not tested elsewhere, " "some options not yet present are not decided if we should support or " -- cgit v1.2.3 From 5ba204b97bb101e67e5a65728db2f0a9097aa9bc Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 25 Feb 2014 16:06:01 +0100 Subject: ssh: Prepare for release --- lib/ssh/src/ssh.appup.src | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index df34a5a3ff..9837630597 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,13 +19,15 @@ {"%VSN%", [ + {<<"3\\.0\\..*">>, [{restart_application, ssh}]}, {<<"2\\.1\\..*">>, [{restart_application, ssh}]}, {<<"2\\.0\\..*">>, [{restart_application, ssh}]}, - {<<"1\\..*">>, [{restart_application, ssh}]} + {<<"1\\..*">>, [{restart_application, ssh}]} ], [ - {<<"2\\.1\\..*">>,[{restart_application, ssh}]}, + {<<"3\\.0\\..*">>, [{restart_application, ssh}]}, + {<<"2\\.1\\..*">>, [{restart_application, ssh}]}, {<<"2\\.0\\..*">>, [{restart_application, ssh}]}, - {<<"1\\..*">>, [{restart_application, ssh}]} + {<<"1\\..*">>, [{restart_application, ssh}]} ] }. -- cgit v1.2.3 From 0e3d42aad1d32c6d4fe39407633cfe920c937dea Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 26 Feb 2014 10:12:04 +0100 Subject: ssh: Add appup file corrections --- lib/ssh/src/ssh.appup.src | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 9837630597..1917c95f5a 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,15 +19,9 @@ {"%VSN%", [ - {<<"3\\.0\\..*">>, [{restart_application, ssh}]}, - {<<"2\\.1\\..*">>, [{restart_application, ssh}]}, - {<<"2\\.0\\..*">>, [{restart_application, ssh}]}, - {<<"1\\..*">>, [{restart_application, ssh}]} + {<<".*">>, [{restart_application, ssh}]} ], [ - {<<"3\\.0\\..*">>, [{restart_application, ssh}]}, - {<<"2\\.1\\..*">>, [{restart_application, ssh}]}, - {<<"2\\.0\\..*">>, [{restart_application, ssh}]}, - {<<"1\\..*">>, [{restart_application, ssh}]} + {<<".*">>, [{restart_application, ssh}]} ] }. -- cgit v1.2.3 From 9affa3092500693077f1ca61a544eea886b417b0 Mon Sep 17 00:00:00 2001 From: Siri Hansen Date: Thu, 27 Feb 2014 10:59:59 +0100 Subject: Remove "coding: utf-8" from test files UTF-8 is now the default encoding and should no longer be specified. These have probably been merged from maint earlier and the coding statement was missed. lib/dialyzer/test/opaque_SUITE_data/src/modules/opaque_erl_scan.erl lib/diameter/test/diameter_codec_test.erl lib/ssh/test/ssh_unicode_SUITE.erl --- lib/ssh/test/ssh_unicode_SUITE.erl | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_unicode_SUITE.erl b/lib/ssh/test/ssh_unicode_SUITE.erl index a896a425b9..cc916673b3 100644 --- a/lib/ssh/test/ssh_unicode_SUITE.erl +++ b/lib/ssh/test/ssh_unicode_SUITE.erl @@ -1,10 +1,7 @@ -%% Next line needed to enable utf8-strings in Erlang: -%% -*- coding: utf-8 -*- - %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2013. All Rights Reserved. +%% Copyright Ericsson AB 2005-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in -- cgit v1.2.3 From 22ff87a0c8db877e3ce53b6ff915dcc6a75c5c0c Mon Sep 17 00:00:00 2001 From: Rickard Green Date: Mon, 10 Mar 2014 17:15:38 +0100 Subject: Introduce runtime_dependencies in .app files Most dependencies introduced are exactly the dependencies to other applications found by xref. That is, there might be real dependencies missing. There might also be pure debug dependencies listed that probably should be removed. Each application has to be manually inspected in order to ensure that all real dependencies are listed. All dependencies introduced are to application versions used in OTP 17.0. This since the previously used version scheme wasn't designed for this, and in order to minimize the work of introducing the dependencies. --- lib/ssh/src/ssh.app.src | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.app.src b/lib/ssh/src/ssh.app.src index 74d7293be0..e0a51b3574 100644 --- a/lib/ssh/src/ssh.app.src +++ b/lib/ssh/src/ssh.app.src @@ -38,6 +38,8 @@ {registered, []}, {applications, [kernel, stdlib, crypto, public_key]}, {env, []}, - {mod, {ssh_app, []}}]}. + {mod, {ssh_app, []}}, + {runtime_dependencies, ["stdlib-2.0","public_key-0.22","kernel-3.0", + "erts-6.0","crypto-3.3"]}]}. -- cgit v1.2.3 From 36f21cf34357c2c6ae357dd4edc063e438f7161c Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 25 Mar 2014 14:58:01 +0100 Subject: ssh: Fix dialyzer warning for arg Data in ssh_connection_handler:send/4 --- lib/ssh/src/ssh_connection_handler.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 070a2db5a8..d7fff14f92 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -206,7 +206,7 @@ global_request(ConnectionHandler, Type, false = Reply, Data) -> send_all_state_event(ConnectionHandler, {global_request, self(), Type, Reply, Data}). %%-------------------------------------------------------------------- --spec send(pid(), channel_id(), integer(), iolist(), timeout()) -> +-spec send(pid(), channel_id(), integer(), iodata(), timeout()) -> ok | {error, timeout} | {error, closed}. %%-------------------------------------------------------------------- send(ConnectionHandler, ChannelId, Type, Data, Timeout) -> -- cgit v1.2.3 From 2da14af988d563b5c53f42334e990f4c9021dd7a Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 26 Mar 2014 16:30:50 +0100 Subject: ssh: Added option negotiation_timeout for ssh:daemon This option is for closing a connection where the client connects, but then do nothing except keeping server resources. --- lib/ssh/doc/src/ssh.xml | 7 +++++++ lib/ssh/src/ssh.erl | 6 +++++- lib/ssh/src/ssh_acceptor.erl | 5 ++++- 3 files changed, 16 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index eaf96d0230..45bc62d8dd 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -304,6 +304,13 @@ if the password is valid and otherwise.

+ + + +

Max time in milliseconds for the authentication negotiation. The default value is 2 minutes. +

+ +

Module implementing the behaviour ssh_server_key_api. diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index d50d5a0cb3..6f21ff843f 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -1,4 +1,4 @@ -%% +% %% %CopyrightBegin% %% %% Copyright Ericsson AB 2004-2013. All Rights Reserved. @@ -332,6 +332,8 @@ handle_option([{idle_time, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{rekey_limit, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{negotiation_timeout, _} = Opt|Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, [handle_inet_option(Opt) | SocketOptions], SshOptions). @@ -360,6 +362,8 @@ handle_ssh_option({pref_public_key_algs, Value} = Opt) when is_list(Value), leng end; handle_ssh_option({connect_timeout, Value} = Opt) when is_integer(Value); Value == infinity -> Opt; +handle_ssh_option({negotiation_timeout, Value} = Opt) when is_integer(Value); Value == infinity -> + Opt; handle_ssh_option({user, Value} = Opt) when is_list(Value) -> Opt; handle_ssh_option({dsa_pass_phrase, Value} = Opt) when is_list(Value) -> diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index 91905b2eaf..e57b07cee8 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -84,11 +84,14 @@ handle_connection(_Callback, Address, Port, Options, Socket) -> SystemSup = ssh_system_sup:system_supervisor(Address, Port), {ok, SubSysSup} = ssh_system_sup:start_subsystem(SystemSup, Options), ConnectionSup = ssh_subsystem_sup:connection_supervisor(SubSysSup), + Timeout = proplists:get_value(negotiation_timeout, + proplists:get_value(ssh_opts, Options, []), + 2*60*1000), ssh_connection_handler:start_connection(server, Socket, [{supervisors, [{system_sup, SystemSup}, {subsystem_sup, SubSysSup}, {connection_sup, ConnectionSup}]} - | Options], infinity). + | Options], Timeout). handle_error(timeout) -> ok; -- cgit v1.2.3 From fb908b7ceccaef70a46bb14db8da3e6e373a9810 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 26 Mar 2014 17:24:51 +0100 Subject: ssh: added daemon option 'parallel_login', default false --- lib/ssh/doc/src/ssh.xml | 10 ++++++++++ lib/ssh/src/ssh.erl | 6 ++++++ lib/ssh/src/ssh_connection_handler.erl | 12 ++++++++++-- 3 files changed, 26 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 45bc62d8dd..7fbd70c87e 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -311,6 +311,16 @@

+ + +

If set to false (the default value), only one login is handled a time. If set to true, an unlimited logins will be allowed simultanously. Note that this affects only the connections with authentication in progress, not the already authenticated connections. +

+ +

Do not enable parallel_logins without protecting the server by other means like a firewall. If set to true, there is no protection against dos attacs.

+ + + +

Module implementing the behaviour ssh_server_key_api. diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 6f21ff843f..de6e8cc421 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -334,6 +334,10 @@ handle_option([{rekey_limit, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{negotiation_timeout, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{parallel_login, _} = Opt|Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([parallel_login|Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option({parallel_login,true}) | SshOptions]); handle_option([Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, [handle_inet_option(Opt) | SocketOptions], SshOptions). @@ -364,6 +368,8 @@ handle_ssh_option({connect_timeout, Value} = Opt) when is_integer(Value); Value Opt; handle_ssh_option({negotiation_timeout, Value} = Opt) when is_integer(Value); Value == infinity -> Opt; +handle_ssh_option({parallel_login, Value} = Opt) when Value==true ; Value==false -> + Opt; handle_ssh_option({user, Value} = Opt) when is_list(Value) -> Opt; handle_ssh_option({dsa_pass_phrase, Value} = Opt) when is_list(Value) -> diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index d7fff14f92..322da50f21 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -110,8 +110,16 @@ start_connection(server = Role, Socket, Options, Timeout) -> {ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]), {_, Callback, _} = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), socket_control(Socket, Pid, Callback), - Ref = erlang:monitor(process, Pid), - handshake(Pid, Ref, Timeout) + case proplists:get_value(parallel_login, Opts, false) of + true -> + spawn(fun() -> + Ref = erlang:monitor(process, Pid), + handshake(Pid, Ref, Timeout) + end); + false -> + Ref = erlang:monitor(process, Pid), + handshake(Pid, Ref, Timeout) + end catch exit:{noproc, _} -> {error, ssh_not_started}; -- cgit v1.2.3 From 0f3f3ee36fe8824c6de165b9091353c1bc058a02 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 25 Mar 2014 11:01:08 +0100 Subject: ssh: Fix bug in failfun (was not always called) --- lib/ssh/src/ssh_auth.erl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 409a1db6d5..45fd907383 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -196,7 +196,7 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, {authorized, User, ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh)}; false -> - {not_authorized, {User, {passwd, Password}}, + {not_authorized, {User, {error,"Bad user or password"}}, ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ authentications = "", partial_success = false}, Ssh)} @@ -228,7 +228,7 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, ssh_transport:ssh_packet( #ssh_msg_userauth_success{}, Ssh)}; false -> - {not_authorized, {User, {error, "Invalid signature"}}, + {not_authorized, {User, undefined}, ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ authentications="publickey,password", partial_success = false}, Ssh)} -- cgit v1.2.3 From 4d00c9bff26d97f9b2b142809d9f7af21d2f748c Mon Sep 17 00:00:00 2001 From: Josh Adams Date: Sun, 6 Apr 2014 20:06:17 -0500 Subject: Fix typo in SSH docs --- lib/ssh/doc/src/using_ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index 4d73366f5e..66ac4613f4 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -33,7 +33,7 @@ all needed applications (crypto, public_key and ssh). All examples are run in an Erlang shell, or in a bash shell using openssh to illustrate how the erlang ssh application can be used. The - exampels are run as the user otptest on a local network where the + examples are run as the user otptest on a local network where the user is authorized to login in over ssh to the host "tarlop". If nothing else is stated it is persumed that the otptest user has an entry in tarlop's authorized_keys file (may log in via ssh without -- cgit v1.2.3 From 77429024600102d8d2c7fee3810ff1c45a99f497 Mon Sep 17 00:00:00 2001 From: Josh Adams Date: Sun, 6 Apr 2014 20:29:20 -0500 Subject: Fix typo in authorized_keys filename --- lib/ssh/doc/src/using_ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index 66ac4613f4..9ab71260d3 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -88,7 +88,7 @@ [...] -

Create the file /tmp/otptest_user/.ssh/authrized_keys and add the content +

Create the file /tmp/otptest_user/.ssh/authorized_keys and add the content of /tmp/otptest_user/.ssh/id_rsa.pub Now we can do

-- cgit v1.2.3 From f719d0fe308f00b85f92c29d7cdf9b0dc20d98a2 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 7 Apr 2014 19:52:48 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 140 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 0d88cbda7a..bce02966ae 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,146 @@ notes.xml
+
Ssh 3.0.1 + +
Fixed Bugs and Malfunctions + + +

+ Fixes the problem that ssh_cli in some cases could delay + the prompt if a tty was not requested by the client.

+

+ Own Id: OTP-10732

+ + +

+ The variable NewCol is now correctly calculated allowing + for tab-completion of function calls even when preceded + with blank space (Thanks to Alexander Demidenko)

+

+ Own Id: OTP-11566

+ + +

+ Fix incorrect dialyzer spec and types, also enhance + documentation.

+

+ Thanks to Ayaz Tuncer.

+

+ Own Id: OTP-11627

+ + +

+ Fixed a bug when ssh:exec executes a linux command on a + linux ssh daemon. If the result is sent back from + standard error, the length information was not stripped + off correctly.

+

+ Own Id: OTP-11667

+ + +

+ Fixed a bug with the ssh file 'known_hosts' which made + the file grow with many equal entries.

+

+ Own Id: OTP-11671

+ + +

+ Some local implementations of removing the last element + from a list are replaced by lists:droplast/1. Note + that this requires at least stdlib-2.0, which is + the stdlib version delivered in OTP 17.0. (Thanks to Hans + Svensson)

+

+ Own Id: OTP-11678

+ + +

+ Bug fix for ssh:daemon/2,3 so that the failfun is + called when it should.

+

+ Own Id: OTP-11680

+ + +

+ Fixed bug which crashed ssh when SSH_MSG_KEX_DH_GEX_GROUP + is received. This could cause a vm-crash for eheap_alloc + during garbage collect.

+

+ Own Id: OTP-11696 Aux Id: 12547, 12532

+ + +

+ Fixes a bug that breaks keyboard-interactive + authentication. Thanks to Simon Cornish for reporting and + suggesting a fix.

+

+ Own Id: OTP-11698

+ + +

+ dialyzer specs are now correct for ssh:start/0, + ssh:start/1, ssh:stop/0 and + ssh_connection_handler:open_channel/5. (Thanks to + Johannes Weißl )

+

+ Own Id: OTP-11705

+ + +

+ Application upgrade (appup) files are corrected for the + following applications:

+

+ asn1, common_test, compiler, crypto, debugger, + dialyzer, edoc, eldap, erl_docgen, et, eunit, gs, hipe, + inets, observer, odbc, os_mon, otp_mibs, parsetools, + percept, public_key, reltool, runtime_tools, ssh, + syntax_tools, test_server, tools, typer, webtool, wx, + xmerl

+

+ A new test utility for testing appup files is added to + test_server. This is now used by most applications in + OTP.

+

+ (Thanks to Tobias Schlager)

+

+ Own Id: OTP-11744

+ + +

+ Fixed dialyzer warning for ssh_connection:send.

+

+ Own Id: OTP-11821

+ + +

+ ssh:daemon/2,3 : Added options + negotiation_timeout and parallel_login to + tune the authentication behaviour.

+

+ Own Id: OTP-11823

+ + +
+ + +
Improvements and New Features + + +

+ Ssh now fully supports unicode filenames, filecontents, + shell and cli. Please note that the underlying os and + emulator must also give support for unicode. You may want + to start the emulator with "erl +fnu" on Linux.

+

+ Own Id: OTP-10953

+ + +
+ +
+
Ssh 3.0
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 59dad3e9bfe0a3d724484d93ad09a7b41de8dab4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 23 Apr 2014 22:00:06 +0200 Subject: ssh: remove confusing info in some reports --- lib/ssh/src/ssh_connection_handler.erl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 322da50f21..06866392da 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1482,8 +1482,7 @@ ssh_channel_info([ _ | Rest], Channel, Acc) -> log_error(Reason) -> Report = io_lib:format("Erlang ssh connection handler failed with reason: " - "~p ~n, Stacktace: ~p ~n" - "please report this to erlang-bugs@erlang.org \n", + "~p ~n, Stacktrace: ~p ~n", [Reason, erlang:get_stacktrace()]), error_logger:error_report(Report), "Internal error". -- cgit v1.2.3 From 1700332e03168d577eb64b93fcae876a6ad9db3d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 23 Apr 2014 21:45:27 +0200 Subject: ssh: Add max_session parameter to ssh:daemon --- lib/ssh/doc/src/ssh.xml | 21 ++++++++++++--- lib/ssh/src/ssh.erl | 4 +++ lib/ssh/src/ssh_acceptor.erl | 47 +++++++++++++++++++++++++-------- lib/ssh/test/ssh_basic_SUITE.erl | 56 ++++++++++++++++++++++++++++++++++++++-- 4 files changed, 111 insertions(+), 17 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 7fbd70c87e..57aab09cc6 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -307,18 +307,31 @@ -

Max time in milliseconds for the authentication negotiation. The default value is 2 minutes. +

Max time in milliseconds for the authentication negotiation. The default value is 2 minutes. If the client fails to login within this time, the connection is closed. +

+ + + + +

The maximum number of simultaneous sessions that are accepted at any time for this daemon. This includes sessions that are being authorized. So if set to N, and N clients have connected but not started the login process, the N+1 connection attempt will be aborted. If N connections are authenticated and still logged in, no more loggins will be accepted until one of the existing ones log out. +

+

The counter is per listening port, so if two daemons are started, one with {max_sessions,N} and the other with {max_sessions,M} there will be in total N+M connections accepted for the whole ssh server. +

+

Note that if parallel_login is false, only one client at a time may be in the authentication phase. +

+

As default, the option is not set. This means that the number is not limited.

-

If set to false (the default value), only one login is handled a time. If set to true, an unlimited logins will be allowed simultanously. Note that this affects only the connections with authentication in progress, not the already authenticated connections. +

If set to false (the default value), only one login is handled a time. If set to true, an unlimited number of login attempts will be allowed simultanously. +

+

If the max_sessions option is set to N and parallel_login is set to true, the max number of simultaneous login attempts at any time is limited to N-K where K is the number of authenticated connections present at this daemon.

-

Do not enable parallel_logins without protecting the server by other means like a firewall. If set to true, there is no protection against dos attacs.

+

Do not enable parallel_logins without protecting the server by other means, for example the max_sessions option or a firewall configuration. If set to true, there is no protection against DOS attacks.

 - diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index de6e8cc421..75081b7a61 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -332,6 +332,8 @@ handle_option([{idle_time, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{rekey_limit, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{max_sessions, _} = Opt|Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{negotiation_timeout, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{parallel_login, _} = Opt|Rest], SocketOptions, SshOptions) -> @@ -366,6 +368,8 @@ handle_ssh_option({pref_public_key_algs, Value} = Opt) when is_list(Value), leng end; handle_ssh_option({connect_timeout, Value} = Opt) when is_integer(Value); Value == infinity -> Opt; +handle_ssh_option({max_sessions, Value} = Opt) when is_integer(Value), Value>0 -> + Opt; handle_ssh_option({negotiation_timeout, Value} = Opt) when is_integer(Value); Value == infinity -> Opt; handle_ssh_option({parallel_login, Value} = Opt) when Value==true ; Value==false -> diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index e57b07cee8..7302196674 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -80,18 +80,36 @@ acceptor_loop(Callback, Port, Address, Opts, ListenSocket, AcceptTimeout) -> ListenSocket, AcceptTimeout) end. -handle_connection(_Callback, Address, Port, Options, Socket) -> +handle_connection(Callback, Address, Port, Options, Socket) -> SystemSup = ssh_system_sup:system_supervisor(Address, Port), - {ok, SubSysSup} = ssh_system_sup:start_subsystem(SystemSup, Options), - ConnectionSup = ssh_subsystem_sup:connection_supervisor(SubSysSup), - Timeout = proplists:get_value(negotiation_timeout, - proplists:get_value(ssh_opts, Options, []), - 2*60*1000), - ssh_connection_handler:start_connection(server, Socket, - [{supervisors, [{system_sup, SystemSup}, - {subsystem_sup, SubSysSup}, - {connection_sup, ConnectionSup}]} - | Options], Timeout). + SSHopts = proplists:get_value(ssh_opts, Options, []), + MaxSessions = proplists:get_value(max_sessions,SSHopts,infinity), + case number_of_connections(SystemSup) < MaxSessions of + true -> + {ok, SubSysSup} = ssh_system_sup:start_subsystem(SystemSup, Options), + ConnectionSup = ssh_subsystem_sup:connection_supervisor(SubSysSup), + Timeout = proplists:get_value(negotiation_timeout, SSHopts, 2*60*1000), + ssh_connection_handler:start_connection(server, Socket, + [{supervisors, [{system_sup, SystemSup}, + {subsystem_sup, SubSysSup}, + {connection_sup, ConnectionSup}]} + | Options], Timeout); + false -> + Callback:close(Socket), + IPstr = if is_tuple(Address) -> inet:ntoa(Address); + true -> Address + end, + Str = try io_lib:format('~s:~p',[IPstr,Port]) + catch _:_ -> "port "++integer_to_list(Port) + end, + error_logger:info_report("Ssh login attempt to "++Str++" denied due to option " + "max_sessions limits to "++ io_lib:write(MaxSessions) ++ + " sessions." + ), + {error,max_sessions} + end. + + handle_error(timeout) -> ok; @@ -117,3 +135,10 @@ handle_error(Reason) -> String = lists:flatten(io_lib:format("Accept error: ~p", [Reason])), error_logger:error_report(String), exit({accept_failed, String}). + + +number_of_connections(SystemSup) -> + length([X || + {R,X,supervisor,[ssh_subsystem_sup]} <- supervisor:which_children(SystemSup), + is_reference(R) + ]). diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index d2e52379fa..a8b64b1425 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -47,21 +47,26 @@ all() -> daemon_already_started, server_password_option, server_userpassword_option, - double_close]. + double_close, + {group, hardening_tests} + ]. groups() -> [{dsa_key, [], basic_tests()}, {rsa_key, [], basic_tests()}, {dsa_pass_key, [], [pass_phrase]}, {rsa_pass_key, [], [pass_phrase]}, - {internal_error, [], [internal_error]} + {internal_error, [], [internal_error]}, + {hardening_tests, [], [max_sessions]} ]. + basic_tests() -> [send, close, peername_sockname, exec, exec_compressed, shell, cli, known_hosts, idle_time, rekey, openssh_zlib_basic_test]. + %%-------------------------------------------------------------------- init_per_suite(Config) -> case catch crypto:start() of @@ -74,6 +79,8 @@ end_per_suite(_Config) -> ssh:stop(), crypto:stop(). %%-------------------------------------------------------------------- +init_per_group(hardening_tests, Config) -> + init_per_group(dsa_key, Config); init_per_group(dsa_key, Config) -> DataDir = ?config(data_dir, Config), PrivDir = ?config(priv_dir, Config), @@ -103,6 +110,8 @@ init_per_group(internal_error, Config) -> init_per_group(_, Config) -> Config. +end_per_group(hardening_tests, Config) -> + end_per_group(dsa_key, Config); end_per_group(dsa_key, Config) -> PrivDir = ?config(priv_dir, Config), ssh_test_lib:clean_dsa(PrivDir), @@ -638,6 +647,49 @@ openssh_zlib_basic_test(Config) -> ok = ssh:close(ConnectionRef), ssh:stop_daemon(Pid). +%%-------------------------------------------------------------------- + +max_sessions(Config) -> + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + MaxSessions = 2, + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {user_passwords, [{"carni", "meat"}]}, + {parallel_login, true}, + {max_sessions, MaxSessions} + ]), + + Connect = fun() -> + R=ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user_interaction, false}, + {user, "carni"}, + {password, "meat"} + ]), + ct:log("Connection ~p up",[R]) + end, + + try [Connect() || _ <- lists:seq(1,MaxSessions)] + of + _ -> + ct:pal("Expect Info Report:",[]), + try Connect() + of + _ConnectionRef -> + ssh:stop_daemon(Pid), + {fail,"Too many connections accepted"} + catch + error:{badmatch,{error,"Connection closed"}} -> + ssh:stop_daemon(Pid), + ok + end + catch + error:{badmatch,{error,"Connection closed"}} -> + ssh:stop_daemon(Pid), + {fail,"Too few connections accepted"} + end. + %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- -- cgit v1.2.3 From 3af70a78b6b84ed1e503d4b8d249ae9e8147eba2 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 24 Apr 2014 15:21:55 +0200 Subject: ssh: Doc change on max_session param --- lib/ssh/doc/src/ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 57aab09cc6..5a141ced3c 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -315,7 +315,7 @@

The maximum number of simultaneous sessions that are accepted at any time for this daemon. This includes sessions that are being authorized. So if set to N, and N clients have connected but not started the login process, the N+1 connection attempt will be aborted. If N connections are authenticated and still logged in, no more loggins will be accepted until one of the existing ones log out.

-

The counter is per listening port, so if two daemons are started, one with {max_sessions,N} and the other with {max_sessions,M} there will be in total N+M connections accepted for the whole ssh server. +

The counter is per listening port, so if two daemons are started, one with {max_sessions,N} and the other with {max_sessions,M} there will be in total N+M connections accepted for the whole ssh application.

Note that if parallel_login is false, only one client at a time may be in the authentication phase.

-- cgit v1.2.3 From 4525bc59822acf0dfffa1edc64125c180d29e59e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Valim?= Date: Mon, 7 Apr 2014 10:44:48 +0200 Subject: Support binary standard_input in ssh_io --- lib/ssh/src/ssh_io.erl | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_io.erl b/lib/ssh/src/ssh_io.erl index 832b144db9..35336bce8b 100644 --- a/lib/ssh/src/ssh_io.erl +++ b/lib/ssh/src/ssh_io.erl @@ -81,6 +81,8 @@ format(Fmt, Args) -> trim(Line) when is_list(Line) -> lists:reverse(trim1(lists:reverse(trim1(Line)))); +trim(Line) when is_binary(Line) -> + trim(unicode:characters_to_list(Line)); trim(Other) -> Other. trim1([$\s|Cs]) -> trim(Cs); -- cgit v1.2.3 From 77ab185507c597112dd5039176ed5d9c65e84632 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 5 May 2014 16:42:14 +0200 Subject: ssh: test case for connect_timeout in ssh:connect --- lib/ssh/test/ssh_basic_SUITE.erl | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index a8b64b1425..f9814dd09e 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -48,6 +48,7 @@ all() -> server_password_option, server_userpassword_option, double_close, + ssh_connect_timeout, {group, hardening_tests} ]. @@ -628,6 +629,27 @@ double_close(Config) when is_list(Config) -> exit(CM, {shutdown, normal}), ok = ssh:close(CM). +%%-------------------------------------------------------------------- +ssh_connect_timeout() -> + [{doc, "Test connect_timeout option in ssh:connect/4"}]. +ssh_connect_timeout(_Config) -> + ConnTimeout = 2000, + {error,{faked_transport,connect,TimeoutToTransport}} = + ssh:connect("localhost", 12345, + [{transport,{tcp,?MODULE,tcp_closed}}, + {connect_timeout,ConnTimeout}], + 1000), + case TimeoutToTransport of + ConnTimeout -> ok; + Other -> + ct:log("connect_timeout is ~p but transport received ~p",[ConnTimeout,Other]), + {fail,"ssh:connect/4 wrong connect_timeout received in transport"} + end. + +%% Help for the test above +connect(_Host, _Port, _Opts, Timeout) -> + {error, {faked_transport,connect,Timeout}}. + %%-------------------------------------------------------------------- openssh_zlib_basic_test() -> -- cgit v1.2.3 From 36d05de60f767d6931b76b13060d73789c16e7aa Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 5 May 2014 10:36:34 +0200 Subject: ssh: Use correct timeout value for the connection timeout --- lib/ssh/src/ssh.erl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 75081b7a61..240de69eff 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -1,7 +1,7 @@ % %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2013. All Rights Reserved. +%% Copyright Ericsson AB 2004-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -73,8 +73,9 @@ connect(Host, Port, Options, Timeout) -> {SocketOptions, SshOptions} -> {_, Transport, _} = TransportOpts = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), + ConnectionTimeout = proplists:get_value(connect_timeout, Options, infinity), Inet = proplists:get_value(inet, SshOptions, inet), - try Transport:connect(Host, Port, [ {active, false}, Inet | SocketOptions], Timeout) of + try Transport:connect(Host, Port, [ {active, false}, Inet | SocketOptions], ConnectionTimeout) of {ok, Socket} -> Opts = [{user_pid, self()}, {host, Host} | fix_idle_time(SshOptions)], ssh_connection_handler:start_connection(client, Socket, Opts, Timeout); -- cgit v1.2.3 From c4c40e2554a8b90adeea1ac38f36a0e9a51fac9d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 6 May 2014 12:23:11 +0200 Subject: ssh: test case for timeout in 4th arg of ssh:connect --- lib/ssh/test/ssh_basic_SUITE.erl | 59 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index f9814dd09e..37a307d783 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -650,6 +650,65 @@ ssh_connect_timeout(_Config) -> connect(_Host, _Port, _Opts, Timeout) -> {error, {faked_transport,connect,Timeout}}. + +%%-------------------------------------------------------------------- +ssh_connect_arg4_timeout() -> + [{doc, "Test fourth argument in ssh:connect/4"}]. +ssh_connect_arg4_timeout(_Config) -> + Timeout = 1000, + Parent = self(), + %% start the server + Server = spawn(fun() -> + {ok,Sl} = gen_tcp:listen(0,[]), + {ok,{_,Port}} = inet:sockname(Sl), + Parent ! {port,self(),Port}, + Rsa = gen_tcp:accept(Sl), + ct:log("Server gen_tcp:accept got ~p",[Rsa]), + receive after 2*Timeout -> ok end %% let client timeout first + end), + + %% Get listening port + Port = receive + {port,Server,ServerPort} -> ServerPort + end, + + %% try to connect with a timeout, but "supervise" it + Client = spawn(fun() -> + T0 = now(), + Rc = ssh:connect("localhost",Port,[],Timeout), + ct:log("Client ssh:connect got ~p",[Rc]), + Parent ! {done,self(),Rc,T0} + end), + + %% Wait for client reaction on the connection try: + receive + {done, Client, {error,_E}, T0} -> + Msp = ms_passed(T0, now()), + exit(Server,hasta_la_vista___baby), + Low = 0.9*Timeout, + High = 1.1*Timeout, + ct:log("Timeout limits: ~p--~p, timeout was ~p, expected ~p",[Low,High,Msp,Timeout]), + if + Low ok; + true -> {fail, "timeout not within limits"} + end; + {done, Client, {ok,_Ref}, _T0} -> + {fail,"ssh-connected ???"} + after + 5000 -> + exit(Server,hasta_la_vista___baby), + exit(Client,hasta_la_vista___baby), + {fail, "Didn't timeout"} + end. + + +%% Help function +%% N2-N1 +ms_passed(N1={_,_,M1}, N2={_,_,M2}) -> + {0,{0,Min,Sec}} = calendar:time_difference(calendar:now_to_local_time(N1), + calendar:now_to_local_time(N2)), + 1000 * (Min*60 + Sec + (M2-M1)/1000000). + %%-------------------------------------------------------------------- openssh_zlib_basic_test() -> -- cgit v1.2.3 From 659213c7facb71410fe990d5099abf3019c58b3e Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 9 May 2014 14:45:15 +0200 Subject: ssh: Update vsn.mk --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 9ffc59dbaf..c8cac3e852 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.0.1 +SSH_VSN = 3.1 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From e123ced89eda3dba0ddc30dbbaab5716adee886a Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 23 Apr 2014 21:45:27 +0200 Subject: ssh: Add max_session parameter to ssh:daemon --- lib/ssh/doc/src/ssh.xml | 21 ++++++++++++--- lib/ssh/src/ssh.erl | 4 +++ lib/ssh/src/ssh_acceptor.erl | 47 +++++++++++++++++++++++++-------- lib/ssh/test/ssh_basic_SUITE.erl | 56 ++++++++++++++++++++++++++++++++++++++-- 4 files changed, 111 insertions(+), 17 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 7fbd70c87e..5a141ced3c 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -307,18 +307,31 @@ -

Max time in milliseconds for the authentication negotiation. The default value is 2 minutes. +

Max time in milliseconds for the authentication negotiation. The default value is 2 minutes. If the client fails to login within this time, the connection is closed. +

+ + + + +

The maximum number of simultaneous sessions that are accepted at any time for this daemon. This includes sessions that are being authorized. So if set to N, and N clients have connected but not started the login process, the N+1 connection attempt will be aborted. If N connections are authenticated and still logged in, no more loggins will be accepted until one of the existing ones log out. +

+

The counter is per listening port, so if two daemons are started, one with {max_sessions,N} and the other with {max_sessions,M} there will be in total N+M connections accepted for the whole ssh application. +

+

Note that if parallel_login is false, only one client at a time may be in the authentication phase. +

+

As default, the option is not set. This means that the number is not limited.

-

If set to false (the default value), only one login is handled a time. If set to true, an unlimited logins will be allowed simultanously. Note that this affects only the connections with authentication in progress, not the already authenticated connections. +

If set to false (the default value), only one login is handled a time. If set to true, an unlimited number of login attempts will be allowed simultanously. +

+

If the max_sessions option is set to N and parallel_login is set to true, the max number of simultaneous login attempts at any time is limited to N-K where K is the number of authenticated connections present at this daemon.

-

Do not enable parallel_logins without protecting the server by other means like a firewall. If set to true, there is no protection against dos attacs.

+

Do not enable parallel_logins without protecting the server by other means, for example the max_sessions option or a firewall configuration. If set to true, there is no protection against DOS attacks.

 - diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index de6e8cc421..75081b7a61 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -332,6 +332,8 @@ handle_option([{idle_time, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{rekey_limit, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{max_sessions, _} = Opt|Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{negotiation_timeout, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{parallel_login, _} = Opt|Rest], SocketOptions, SshOptions) -> @@ -366,6 +368,8 @@ handle_ssh_option({pref_public_key_algs, Value} = Opt) when is_list(Value), leng end; handle_ssh_option({connect_timeout, Value} = Opt) when is_integer(Value); Value == infinity -> Opt; +handle_ssh_option({max_sessions, Value} = Opt) when is_integer(Value), Value>0 -> + Opt; handle_ssh_option({negotiation_timeout, Value} = Opt) when is_integer(Value); Value == infinity -> Opt; handle_ssh_option({parallel_login, Value} = Opt) when Value==true ; Value==false -> diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index e57b07cee8..7302196674 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -80,18 +80,36 @@ acceptor_loop(Callback, Port, Address, Opts, ListenSocket, AcceptTimeout) -> ListenSocket, AcceptTimeout) end. -handle_connection(_Callback, Address, Port, Options, Socket) -> +handle_connection(Callback, Address, Port, Options, Socket) -> SystemSup = ssh_system_sup:system_supervisor(Address, Port), - {ok, SubSysSup} = ssh_system_sup:start_subsystem(SystemSup, Options), - ConnectionSup = ssh_subsystem_sup:connection_supervisor(SubSysSup), - Timeout = proplists:get_value(negotiation_timeout, - proplists:get_value(ssh_opts, Options, []), - 2*60*1000), - ssh_connection_handler:start_connection(server, Socket, - [{supervisors, [{system_sup, SystemSup}, - {subsystem_sup, SubSysSup}, - {connection_sup, ConnectionSup}]} - | Options], Timeout). + SSHopts = proplists:get_value(ssh_opts, Options, []), + MaxSessions = proplists:get_value(max_sessions,SSHopts,infinity), + case number_of_connections(SystemSup) < MaxSessions of + true -> + {ok, SubSysSup} = ssh_system_sup:start_subsystem(SystemSup, Options), + ConnectionSup = ssh_subsystem_sup:connection_supervisor(SubSysSup), + Timeout = proplists:get_value(negotiation_timeout, SSHopts, 2*60*1000), + ssh_connection_handler:start_connection(server, Socket, + [{supervisors, [{system_sup, SystemSup}, + {subsystem_sup, SubSysSup}, + {connection_sup, ConnectionSup}]} + | Options], Timeout); + false -> + Callback:close(Socket), + IPstr = if is_tuple(Address) -> inet:ntoa(Address); + true -> Address + end, + Str = try io_lib:format('~s:~p',[IPstr,Port]) + catch _:_ -> "port "++integer_to_list(Port) + end, + error_logger:info_report("Ssh login attempt to "++Str++" denied due to option " + "max_sessions limits to "++ io_lib:write(MaxSessions) ++ + " sessions." + ), + {error,max_sessions} + end. + + handle_error(timeout) -> ok; @@ -117,3 +135,10 @@ handle_error(Reason) -> String = lists:flatten(io_lib:format("Accept error: ~p", [Reason])), error_logger:error_report(String), exit({accept_failed, String}). + + +number_of_connections(SystemSup) -> + length([X || + {R,X,supervisor,[ssh_subsystem_sup]} <- supervisor:which_children(SystemSup), + is_reference(R) + ]). diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index d2e52379fa..a8b64b1425 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -47,21 +47,26 @@ all() -> daemon_already_started, server_password_option, server_userpassword_option, - double_close]. + double_close, + {group, hardening_tests} + ]. groups() -> [{dsa_key, [], basic_tests()}, {rsa_key, [], basic_tests()}, {dsa_pass_key, [], [pass_phrase]}, {rsa_pass_key, [], [pass_phrase]}, - {internal_error, [], [internal_error]} + {internal_error, [], [internal_error]}, + {hardening_tests, [], [max_sessions]} ]. + basic_tests() -> [send, close, peername_sockname, exec, exec_compressed, shell, cli, known_hosts, idle_time, rekey, openssh_zlib_basic_test]. + %%-------------------------------------------------------------------- init_per_suite(Config) -> case catch crypto:start() of @@ -74,6 +79,8 @@ end_per_suite(_Config) -> ssh:stop(), crypto:stop(). %%-------------------------------------------------------------------- +init_per_group(hardening_tests, Config) -> + init_per_group(dsa_key, Config); init_per_group(dsa_key, Config) -> DataDir = ?config(data_dir, Config), PrivDir = ?config(priv_dir, Config), @@ -103,6 +110,8 @@ init_per_group(internal_error, Config) -> init_per_group(_, Config) -> Config. +end_per_group(hardening_tests, Config) -> + end_per_group(dsa_key, Config); end_per_group(dsa_key, Config) -> PrivDir = ?config(priv_dir, Config), ssh_test_lib:clean_dsa(PrivDir), @@ -638,6 +647,49 @@ openssh_zlib_basic_test(Config) -> ok = ssh:close(ConnectionRef), ssh:stop_daemon(Pid). +%%-------------------------------------------------------------------- + +max_sessions(Config) -> + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + MaxSessions = 2, + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {user_passwords, [{"carni", "meat"}]}, + {parallel_login, true}, + {max_sessions, MaxSessions} + ]), + + Connect = fun() -> + R=ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user_interaction, false}, + {user, "carni"}, + {password, "meat"} + ]), + ct:log("Connection ~p up",[R]) + end, + + try [Connect() || _ <- lists:seq(1,MaxSessions)] + of + _ -> + ct:pal("Expect Info Report:",[]), + try Connect() + of + _ConnectionRef -> + ssh:stop_daemon(Pid), + {fail,"Too many connections accepted"} + catch + error:{badmatch,{error,"Connection closed"}} -> + ssh:stop_daemon(Pid), + ok + end + catch + error:{badmatch,{error,"Connection closed"}} -> + ssh:stop_daemon(Pid), + {fail,"Too few connections accepted"} + end. + %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- -- cgit v1.2.3 From d841653fbfeb185349db42527a9774f91f153573 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 5 May 2014 10:36:34 +0200 Subject: ssh: Use correct timeout value for the connection timeout --- lib/ssh/src/ssh.erl | 5 ++- lib/ssh/test/ssh_basic_SUITE.erl | 82 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 75081b7a61..240de69eff 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -1,7 +1,7 @@ % %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2013. All Rights Reserved. +%% Copyright Ericsson AB 2004-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -73,8 +73,9 @@ connect(Host, Port, Options, Timeout) -> {SocketOptions, SshOptions} -> {_, Transport, _} = TransportOpts = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), + ConnectionTimeout = proplists:get_value(connect_timeout, Options, infinity), Inet = proplists:get_value(inet, SshOptions, inet), - try Transport:connect(Host, Port, [ {active, false}, Inet | SocketOptions], Timeout) of + try Transport:connect(Host, Port, [ {active, false}, Inet | SocketOptions], ConnectionTimeout) of {ok, Socket} -> Opts = [{user_pid, self()}, {host, Host} | fix_idle_time(SshOptions)], ssh_connection_handler:start_connection(client, Socket, Opts, Timeout); diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index a8b64b1425..8217e643c1 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -48,6 +48,8 @@ all() -> server_password_option, server_userpassword_option, double_close, + ssh_connect_timeout, + ssh_connect_arg4_timeout, {group, hardening_tests} ]. @@ -628,6 +630,86 @@ double_close(Config) when is_list(Config) -> exit(CM, {shutdown, normal}), ok = ssh:close(CM). +%%-------------------------------------------------------------------- +ssh_connect_timeout() -> + [{doc, "Test connect_timeout option in ssh:connect/4"}]. +ssh_connect_timeout(_Config) -> + ConnTimeout = 2000, + {error,{faked_transport,connect,TimeoutToTransport}} = + ssh:connect("localhost", 12345, + [{transport,{tcp,?MODULE,tcp_closed}}, + {connect_timeout,ConnTimeout}], + 1000), + case TimeoutToTransport of + ConnTimeout -> ok; + Other -> + ct:log("connect_timeout is ~p but transport received ~p",[ConnTimeout,Other]), + {fail,"ssh:connect/4 wrong connect_timeout received in transport"} + end. + +%% Help for the test above +connect(_Host, _Port, _Opts, Timeout) -> + {error, {faked_transport,connect,Timeout}}. + + +%%-------------------------------------------------------------------- +ssh_connect_arg4_timeout() -> + [{doc, "Test fourth argument in ssh:connect/4"}]. +ssh_connect_arg4_timeout(_Config) -> + Timeout = 1000, + Parent = self(), + %% start the server + Server = spawn(fun() -> + {ok,Sl} = gen_tcp:listen(0,[]), + {ok,{_,Port}} = inet:sockname(Sl), + Parent ! {port,self(),Port}, + Rsa = gen_tcp:accept(Sl), + ct:log("Server gen_tcp:accept got ~p",[Rsa]), + receive after 2*Timeout -> ok end %% let client timeout first + end), + + %% Get listening port + Port = receive + {port,Server,ServerPort} -> ServerPort + end, + + %% try to connect with a timeout, but "supervise" it + Client = spawn(fun() -> + T0 = now(), + Rc = ssh:connect("localhost",Port,[],Timeout), + ct:log("Client ssh:connect got ~p",[Rc]), + Parent ! {done,self(),Rc,T0} + end), + + %% Wait for client reaction on the connection try: + receive + {done, Client, {error,_E}, T0} -> + Msp = ms_passed(T0, now()), + exit(Server,hasta_la_vista___baby), + Low = 0.9*Timeout, + High = 1.1*Timeout, + ct:log("Timeout limits: ~p--~p, timeout was ~p, expected ~p",[Low,High,Msp,Timeout]), + if + Low ok; + true -> {fail, "timeout not within limits"} + end; + {done, Client, {ok,_Ref}, _T0} -> + {fail,"ssh-connected ???"} + after + 5000 -> + exit(Server,hasta_la_vista___baby), + exit(Client,hasta_la_vista___baby), + {fail, "Didn't timeout"} + end. + + +%% Help function +%% N2-N1 +ms_passed(N1={_,_,M1}, N2={_,_,M2}) -> + {0,{0,Min,Sec}} = calendar:time_difference(calendar:now_to_local_time(N1), + calendar:now_to_local_time(N2)), + 1000 * (Min*60 + Sec + (M2-M1)/1000000). + %%-------------------------------------------------------------------- openssh_zlib_basic_test() -> -- cgit v1.2.3 From b21d30d84e1790107aaa8cc7b39eb1095dea1fca Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 26 May 2014 11:07:56 +0200 Subject: ssh: Prepare for release --- lib/ssh/src/ssh.appup.src | 4 ++++ lib/ssh/vsn.mk | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 1917c95f5a..42eb2167e0 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,9 +19,13 @@ {"%VSN%", [ + {"3.0.1", [{load_module, ssh, soft_purge, soft_purge, []}, + {load_module, ssh_acceptor, soft_purge, soft_purge, []}]}, {<<".*">>, [{restart_application, ssh}]} ], [ + {"3.0.1", [{load_module, ssh, soft_purge, soft_purge, []}, + {load_module, ssh_acceptor, soft_purge, soft_purge, []}]}, {<<".*">>, [{restart_application, ssh}]} ] }. diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 9ffc59dbaf..40ed27d8f5 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.0.1 +SSH_VSN = 3.0.2 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 3c1cd8121a9aeab7d13fc8de863b7cfabedcc3be Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 27 May 2014 13:42:28 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index bce02966ae..f455ec1eba 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,36 @@ notes.xml
+
Ssh 3.0.2 + +
Fixed Bugs and Malfunctions + + +

+ Fixed timeout bug in ssh:connect.

+

+ Own Id: OTP-11908

+ + +
+ + +
Improvements and New Features + + +

+ Option max_sessions added to + ssh:daemon/{2,3}. This option, if set, limits the + number of simultaneous connections accepted by the + daemon.

+

+ Own Id: OTP-11885

+ + +
+ +
+
Ssh 3.0.1
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 8f4da4c7695bf00ebf94e111b0c7d08baa32405a Mon Sep 17 00:00:00 2001 From: Alex Wilson Date: Tue, 10 Jun 2014 15:39:01 +1000 Subject: SSH: add support for aes128-ctr and hmac-sha2-256 This cipher and hmac are RECOMMENDED as per RFC4344 and RFC6668. RFC4344 notes that aes128-ctr is likely to be promoted to REQUIRED in the near future. Some distros of Linux and Illumos are already shipping with aes128-cbc and 3des-cbc disabled by default due to security concerns around chosen-plaintext attacks and other information leaks. Without this patch, OTP SSH cannot connect to these SSH servers in their default configuration. --- lib/ssh/src/ssh_transport.erl | 66 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 53 insertions(+), 13 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 27723dc870..805114f792 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -118,10 +118,10 @@ kexinit_messsage(client, Random, Compression, HostKeyAlgs) -> cookie = Random, kex_algorithms = ["diffie-hellman-group1-sha1"], server_host_key_algorithms = HostKeyAlgs, - encryption_algorithms_client_to_server = ["aes128-cbc","3des-cbc"], - encryption_algorithms_server_to_client = ["aes128-cbc","3des-cbc"], - mac_algorithms_client_to_server = ["hmac-sha1"], - mac_algorithms_server_to_client = ["hmac-sha1"], + encryption_algorithms_client_to_server = ["aes128-ctr","aes128-cbc","3des-cbc"], + encryption_algorithms_server_to_client = ["aes128-ctr","aes128-cbc","3des-cbc"], + mac_algorithms_client_to_server = ["hmac-sha2-256","hmac-sha1"], + mac_algorithms_server_to_client = ["hmac-sha2-256","hmac-sha1"], compression_algorithms_client_to_server = Compression, compression_algorithms_server_to_client = Compression, languages_client_to_server = [], @@ -133,10 +133,10 @@ kexinit_messsage(server, Random, Compression, HostKeyAlgs) -> cookie = Random, kex_algorithms = ["diffie-hellman-group1-sha1"], server_host_key_algorithms = HostKeyAlgs, - encryption_algorithms_client_to_server = ["aes128-cbc","3des-cbc"], - encryption_algorithms_server_to_client = ["aes128-cbc","3des-cbc"], - mac_algorithms_client_to_server = ["hmac-sha1"], - mac_algorithms_server_to_client = ["hmac-sha1"], + encryption_algorithms_client_to_server = ["aes128-ctr","aes128-cbc","3des-cbc"], + encryption_algorithms_server_to_client = ["aes128-ctr","aes128-cbc","3des-cbc"], + mac_algorithms_client_to_server = ["hmac-sha2-256","hmac-sha1"], + mac_algorithms_server_to_client = ["hmac-sha2-256","hmac-sha1"], compression_algorithms_client_to_server = Compression, compression_algorithms_server_to_client = Compression, languages_client_to_server = [], @@ -636,7 +636,21 @@ encrypt_init(#ssh{encrypt = 'aes128-cbc', role = server} = Ssh) -> <> = hash(Ssh, "D", 128), {ok, Ssh#ssh{encrypt_keys = K, encrypt_block_size = 16, - encrypt_ctx = IV}}. + encrypt_ctx = IV}}; +encrypt_init(#ssh{encrypt = 'aes128-ctr', role = client} = Ssh) -> + IV = hash(Ssh, "A", 128), + <> = hash(Ssh, "C", 128), + State = crypto:stream_init(aes_ctr, K, IV), + {ok, Ssh#ssh{encrypt_keys = K, + encrypt_block_size = 16, + encrypt_ctx = State}}; +encrypt_init(#ssh{encrypt = 'aes128-ctr', role = server} = Ssh) -> + IV = hash(Ssh, "B", 128), + <> = hash(Ssh, "D", 128), + State = crypto:stream_init(aes_ctr, K, IV), + {ok, Ssh#ssh{encrypt_keys = K, + encrypt_block_size = 16, + encrypt_ctx = State}}. encrypt_final(Ssh) -> {ok, Ssh#ssh{encrypt = none, @@ -658,7 +672,11 @@ encrypt(#ssh{encrypt = 'aes128-cbc', encrypt_ctx = IV0} = Ssh, Data) -> Enc = crypto:block_encrypt(aes_cbc128, K,IV0,Data), IV = crypto:next_iv(aes_cbc, Enc), - {Ssh#ssh{encrypt_ctx = IV}, Enc}. + {Ssh#ssh{encrypt_ctx = IV}, Enc}; +encrypt(#ssh{encrypt = 'aes128-ctr', + encrypt_ctx = State0} = Ssh, Data) -> + {State, Enc} = crypto:stream_encrypt(State0,Data), + {Ssh#ssh{encrypt_ctx = State}, Enc}. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -690,7 +708,21 @@ decrypt_init(#ssh{decrypt = 'aes128-cbc', role = server} = Ssh) -> hash(Ssh, "C", 128)}, <> = KD, {ok, Ssh#ssh{decrypt_keys = K, decrypt_ctx = IV, - decrypt_block_size = 16}}. + decrypt_block_size = 16}}; +decrypt_init(#ssh{decrypt = 'aes128-ctr', role = client} = Ssh) -> + IV = hash(Ssh, "B", 128), + <> = hash(Ssh, "D", 128), + State = crypto:stream_init(aes_ctr, K, IV), + {ok, Ssh#ssh{decrypt_keys = K, + decrypt_block_size = 16, + decrypt_ctx = State}}; +decrypt_init(#ssh{decrypt = 'aes128-ctr', role = server} = Ssh) -> + IV = hash(Ssh, "A", 128), + <> = hash(Ssh, "C", 128), + State = crypto:stream_init(aes_ctr, K, IV), + {ok, Ssh#ssh{decrypt_keys = K, + decrypt_block_size = 16, + decrypt_ctx = State}}. decrypt_final(Ssh) -> @@ -711,7 +743,11 @@ decrypt(#ssh{decrypt = 'aes128-cbc', decrypt_keys = Key, decrypt_ctx = IV0} = Ssh, Data) -> Dec = crypto:block_decrypt(aes_cbc128, Key,IV0,Data), IV = crypto:next_iv(aes_cbc, Data), - {Ssh#ssh{decrypt_ctx = IV}, Dec}. + {Ssh#ssh{decrypt_ctx = IV}, Dec}; +decrypt(#ssh{decrypt = 'aes128-ctr', + decrypt_ctx = State0} = Ssh, Data) -> + {State, Enc} = crypto:stream_decrypt(State0,Data), + {Ssh#ssh{decrypt_ctx = State}, Enc}. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% Compression @@ -846,7 +882,9 @@ mac('hmac-sha1-96', Key, SeqNum, Data) -> mac('hmac-md5', Key, SeqNum, Data) -> crypto:hmac(md5, Key, [<>, Data]); mac('hmac-md5-96', Key, SeqNum, Data) -> - crypto:hmac(md5, Key, [<>, Data], mac_digest_size('hmac-md5-96')). + crypto:hmac(md5, Key, [<>, Data], mac_digest_size('hmac-md5-96')); +mac('hmac-sha2-256', Key, SeqNum, Data) -> + crypto:hmac(sha256, Key, [<>, Data]). %% return N hash bytes (HASH) hash(SSH, Char, Bits) -> @@ -911,12 +949,14 @@ mac_key_size('hmac-sha1') -> 20*8; mac_key_size('hmac-sha1-96') -> 20*8; mac_key_size('hmac-md5') -> 16*8; mac_key_size('hmac-md5-96') -> 16*8; +mac_key_size('hmac-sha2-256')-> 32*8; mac_key_size(none) -> 0. mac_digest_size('hmac-sha1') -> 20; mac_digest_size('hmac-sha1-96') -> 12; mac_digest_size('hmac-md5') -> 20; mac_digest_size('hmac-md5-96') -> 12; +mac_digest_size('hmac-sha2-256') -> 32; mac_digest_size(none) -> 0. peer_name({Host, _}) -> -- cgit v1.2.3 From f7ca16604b567d19078a3edb7c9ba84ffa33a2dc Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 4 Jun 2014 12:32:00 +0200 Subject: ssh: Handle inet and inet6 option correctly --- lib/ssh/doc/src/ssh.xml | 6 ++++- lib/ssh/src/ssh.erl | 26 ++++++++++++++++----- lib/ssh/test/ssh_basic_SUITE.erl | 50 ++++++++++++++++++++++++++++++++-------- 3 files changed, 66 insertions(+), 16 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 5a141ced3c..876eba598a 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -4,7 +4,7 @@
- 20042013 + 20042014 Ericsson AB. All Rights Reserved. @@ -97,6 +97,8 @@ ssh_connection:session_channel/[2, 4].

Options are:

+ + IP version to use.

Sets the user directory i.e. the directory containing @@ -230,6 +232,8 @@ port.

Options are:

+ + IP version to use when the host address is specified as any. Provides specifications for handling of subsystems. The diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 240de69eff..bf7ba0be7f 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -74,8 +74,7 @@ connect(Host, Port, Options, Timeout) -> {_, Transport, _} = TransportOpts = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), ConnectionTimeout = proplists:get_value(connect_timeout, Options, infinity), - Inet = proplists:get_value(inet, SshOptions, inet), - try Transport:connect(Host, Port, [ {active, false}, Inet | SocketOptions], ConnectionTimeout) of + try Transport:connect(Host, Port, [ {active, false} | SocketOptions], ConnectionTimeout) of {ok, Socket} -> Opts = [{user_pid, self()}, {host, Host} | fix_idle_time(SshOptions)], ssh_connection_handler:start_connection(client, Socket, Opts, Timeout); @@ -256,8 +255,8 @@ do_start_daemon(Host, Port, Options, SocketOptions) -> handle_options(Opts) -> try handle_option(proplists:unfold(Opts), [], []) of - {_,_} = Options -> - Options + {Inet, Ssh} -> + {handle_ip(Inet), Ssh} catch throw:Error -> Error @@ -436,8 +435,9 @@ handle_inet_option({active, _} = Opt) -> throw({error, {{eoptions, Opt}, "Ssh has built in flow control, " "and activ is handled internaly user is not allowd" "to specify this option"}}); -handle_inet_option({inet, Value} = Opt) when (Value == inet) or (Value == inet6) -> - Opt; + +handle_inet_option({inet, Value}) when (Value == inet) or (Value == inet6) -> + Value; handle_inet_option({reuseaddr, _} = Opt) -> throw({error, {{eoptions, Opt},"Is set internaly user is not allowd" "to specify this option"}}); @@ -460,3 +460,17 @@ handle_pref_algs([H|T], Acc) -> _ -> false end. + +handle_ip(Inet) -> %% Default to ipv4 + case lists:member(inet, Inet) of + true -> + Inet; + false -> + case lists:member(inet6, Inet) of + true -> + Inet; + false -> + [inet | Inet] + end + end. + diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index ba38c1da40..bf7fb4c73e 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -66,7 +66,8 @@ groups() -> basic_tests() -> [send, close, peername_sockname, exec, exec_compressed, shell, cli, known_hosts, - idle_time, rekey, openssh_zlib_basic_test]. + idle_time, rekey, openssh_zlib_basic_test, + misc_ssh_options, inet_option]. %%-------------------------------------------------------------------- @@ -175,16 +176,47 @@ misc_ssh_options(Config) when is_list(Config) -> SystemDir = filename:join(?config(priv_dir, Config), system), UserDir = ?config(priv_dir, Config), - CMiscOpt0 = [{connecect_timeout, 1000}, {ip_v6_disabled, false}, {user_dir, UserDir}], - CMiscOpt1 = [{connecect_timeout, infinity}, {ip_v6_disabled, true}, {user_dir, UserDir}], - SMiscOpt0 = [{ip_v6_disabled, false}, {user_dir, UserDir}, {system_dir, SystemDir}], - SMiscOpt1 = [{ip_v6_disabled, true}, {user_dir, UserDir}, {system_dir, SystemDir}], + CMiscOpt0 = [{connect_timeout, 1000}, {user_dir, UserDir}], + CMiscOpt1 = [{connect_timeout, infinity}, {user_dir, UserDir}], + SMiscOpt0 = [{user_dir, UserDir}, {system_dir, SystemDir}], + SMiscOpt1 = [{user_dir, UserDir}, {system_dir, SystemDir}], + + basic_test([{client_opts, CMiscOpt0}, {server_opts, SMiscOpt0}]), + basic_test([{client_opts, CMiscOpt1}, {server_opts, SMiscOpt1}]). + +%%-------------------------------------------------------------------- +inet_option() -> + [{doc, "Test configuring IPv4"}]. +inet_option(Config) when is_list(Config) -> + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), - ClientOpts = ?config(client_opts, Config), - ServerOpts = ?config(server_opts, Config), + ClientOpts = [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user_interaction, false}], + ServerOpts = [{system_dir, SystemDir}, + {user_dir, UserDir}, + {failfun, fun ssh_test_lib:failfun/2}], + + basic_test([{client_opts, [{inet, inet} | ClientOpts]}, + {server_opts, [{inet, inet} | ServerOpts]}]). - basic_test([{client_opts, CMiscOpt0 ++ ClientOpts}, {server_opts, SMiscOpt0 ++ ServerOpts}]), - basic_test([{client_opts, CMiscOpt1 ++ ClientOpts}, {server_opts, SMiscOpt1 ++ ServerOpts}]). +%%-------------------------------------------------------------------- +inet6_option() -> + [{doc, "Test configuring IPv6"}]. +inet6_option(Config) when is_list(Config) -> + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + + ClientOpts = [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user_interaction, false}], + ServerOpts = [{system_dir, SystemDir}, + {user_dir, UserDir}, + {failfun, fun ssh_test_lib:failfun/2}], + + basic_test([{client_opts, [{inet, inet6} | ClientOpts]}, + {server_opts, [{inet, inet6} | ServerOpts]}]). %%-------------------------------------------------------------------- exec() -> -- cgit v1.2.3 From a7b3d5fae1f69dfaec1b7548728d3210ffaa7949 Mon Sep 17 00:00:00 2001 From: Marcus Arendt Date: Thu, 12 Jun 2014 14:36:24 +0200 Subject: Fix spelling mistakes --- lib/ssh/src/ssh.erl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index bf7ba0be7f..743c01a42c 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -432,14 +432,14 @@ handle_ssh_option(Opt) -> throw({error, {eoptions, Opt}}). handle_inet_option({active, _} = Opt) -> - throw({error, {{eoptions, Opt}, "Ssh has built in flow control, " - "and activ is handled internaly user is not allowd" + throw({error, {{eoptions, Opt}, "SSH has built in flow control, " + "and active is handled internally, user is not allowed" "to specify this option"}}); handle_inet_option({inet, Value}) when (Value == inet) or (Value == inet6) -> Value; handle_inet_option({reuseaddr, _} = Opt) -> - throw({error, {{eoptions, Opt},"Is set internaly user is not allowd" + throw({error, {{eoptions, Opt},"Is set internally, user is not allowed" "to specify this option"}}); %% Option verified by inet handle_inet_option(Opt) -> -- cgit v1.2.3 From c17d8929bbc7b8ada43ca174a74ba672c393a987 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 11 Jun 2014 15:41:14 +0200 Subject: ssh: Accept disconnect msgs without language tag --- lib/ssh/src/ssh_message.erl | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 8d6c77c0ed..e855f3cb08 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -461,6 +461,15 @@ decode(<>) -> + #ssh_msg_disconnect{ + code = Code, + description = unicode:characters_to_list(Desc), + language = <<"en">> + }; + decode(<>) -> #ssh_msg_newkeys{}; -- cgit v1.2.3 From 3c37eaa0fe0841d035d99d622c234253aadf7e3d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 11 Jun 2014 15:46:00 +0200 Subject: ssh: Prepare for release --- lib/ssh/src/ssh.appup.src | 16 ++++++++++++++-- lib/ssh/vsn.mk | 2 +- 2 files changed, 15 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 42eb2167e0..8269f89e40 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,13 +19,25 @@ {"%VSN%", [ + {"3.0.2", [{load_module, ssh_message, soft_purge, soft_purge, []}, + {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, + {load_module, ssh_io, soft_purge, soft_purge, []}]}, {"3.0.1", [{load_module, ssh, soft_purge, soft_purge, []}, - {load_module, ssh_acceptor, soft_purge, soft_purge, []}]}, + {load_module, ssh_acceptor, soft_purge, soft_purge, []}, + {load_module, ssh_message, soft_purge, soft_purge, []}, + {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, + {load_module, ssh_io, soft_purge, soft_purge, []}]}, {<<".*">>, [{restart_application, ssh}]} ], [ + {"3.0.2", [{load_module, ssh_message, soft_purge, soft_purge, []}, + {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, + {load_module, ssh_io, soft_purge, soft_purge, []}]}, {"3.0.1", [{load_module, ssh, soft_purge, soft_purge, []}, - {load_module, ssh_acceptor, soft_purge, soft_purge, []}]}, + {load_module, ssh_acceptor, soft_purge, soft_purge, []}, + {load_module, ssh_message, soft_purge, soft_purge, []}, + {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, + {load_module, ssh_io, soft_purge, soft_purge, []}]}, {<<".*">>, [{restart_application, ssh}]} ] }. diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 40ed27d8f5..8d1a7ae54f 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.0.2 +SSH_VSN = 3.0.3 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 1e4f0d453d8f5c658de9c9173a0118d909ef87a9 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 13 Jun 2014 15:15:59 +0200 Subject: ssh: Minor message encode/decode bugfixes SSH_MSG_IGNORE SSH_MSG_UNIMPLEMENTED --- lib/ssh/src/ssh_message.erl | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index e855f3cb08..76b57cb995 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -255,7 +255,7 @@ encode(#ssh_msg_ignore{data = Data}) -> ssh_bits:encode([?SSH_MSG_IGNORE, Data], [byte, string]); encode(#ssh_msg_unimplemented{sequence = Seq}) -> - ssh_bits:encode([?SSH_MSG_IGNORE, Seq], [byte, uint32]); + ssh_bits:encode([?SSH_MSG_UNIMPLEMENTED, Seq], [byte, uint32]); encode(#ssh_msg_debug{always_display = Bool, message = Msg, @@ -390,13 +390,6 @@ decode(<>) -> - #ssh_msg_userauth_pk_ok{ - algorithm_name = Alg, - key_blob = KeyBlob - }; - %%% Unhandled message, also masked by same 1:st byte value as ?SSH_MSG_USERAUTH_INFO_REQUEST: decode(<>) -> @@ -405,6 +398,13 @@ decode(<>) -> + #ssh_msg_userauth_pk_ok{ + algorithm_name = Alg, + key_blob = KeyBlob + }; + decode(<>) -> #ssh_msg_userauth_info_response{ num_responses = Num, @@ -473,7 +473,7 @@ decode(<>) -> #ssh_msg_newkeys{}; -decode(<>) -> +decode(<>) -> #ssh_msg_ignore{data = Data}; decode(<>) -> -- cgit v1.2.3 From 77da984614ae462912a1896ba1bb73c798ffd4f8 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Thu, 19 Jun 2014 13:47:21 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 84d5e5c86e..0dbec7527a 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,48 @@ notes.xml
+
Ssh 3.0.3 + +
Fixed Bugs and Malfunctions + + +

+ Removed mail address from error reports and corrected + spelling error (Stacktace -> stacktrace)

+

+ Own Id: OTP-11883 Aux Id: seq12586

+ + +

+ Decode/encode fixes in SSH_MSG_IGNORE and + SSH_MSG_UNIMPLEMENTED.

+

+ Own Id: OTP-11983

+ + +
+ + +
Improvements and New Features + + +

+ Accepts that some older OpenSSH clients sends incorrect + disconnect messages.

+

+ Own Id: OTP-11972

+ + +

+ Handle inet and inet6 option correctly

+

+ Own Id: OTP-11976

+ + +
+ +
+
Ssh 3.0.2
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 58bf8106866b6f8845f925a96c57c66c18700cca Mon Sep 17 00:00:00 2001 From: "Matwey V. Kornilov" Date: Tue, 17 Jun 2014 21:44:01 +0400 Subject: Cleanup behaviour modules in ssh Behaviour modules were not cleanuped. --- lib/ssh/src/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile index 2ef2859fd7..53c755d3cb 100644 --- a/lib/ssh/src/Makefile +++ b/lib/ssh/src/Makefile @@ -115,7 +115,7 @@ $(TARGET_FILES): $(BEHAVIOUR_TARGET_FILES) debug opt: $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) clean: - rm -f $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) + rm -f $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) $(BEHAVIOUR_TARGET_FILES) rm -f errs core *~ $(APP_TARGET): $(APP_SRC) ../vsn.mk -- cgit v1.2.3 From 375e6da4a0daa6592a418ecb53afa37aa186f38f Mon Sep 17 00:00:00 2001 From: "Michael K. Schmidt" Date: Tue, 22 Jul 2014 15:59:15 -0500 Subject: Fix SSH CLI when using custom "shell" option Also address compatibility issue with PuTTY --- lib/ssh/src/ssh_cli.erl | 12 +++++----- lib/ssh/src/ssh_connection.erl | 5 ++-- lib/ssh/test/ssh_connection_SUITE.erl | 45 ++++++++++++++++++++++++++++++++++- 3 files changed, 52 insertions(+), 10 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl index 77453e8fd7..18841e3d2d 100644 --- a/lib/ssh/src/ssh_cli.erl +++ b/lib/ssh/src/ssh_cli.erl @@ -457,17 +457,17 @@ bin_to_list(I) when is_integer(I) -> start_shell(ConnectionHandler, State) -> Shell = State#state.shell, - ConnectionInfo = ssh_connection_handler:info(ConnectionHandler, + ConnectionInfo = ssh_connection_handler:connection_info(ConnectionHandler, [peer, user]), ShellFun = case is_function(Shell) of true -> - {ok, User} = + User = proplists:get_value(user, ConnectionInfo), case erlang:fun_info(Shell, arity) of {arity, 1} -> fun() -> Shell(User) end; {arity, 2} -> - [{_, PeerAddr}] = + {_, PeerAddr} = proplists:get_value(peer, ConnectionInfo), fun() -> Shell(User, PeerAddr) end; _ -> @@ -485,9 +485,9 @@ start_shell(_ConnectionHandler, Cmd, #state{exec={M, F, A}} = State) -> State#state{group = Group, buf = empty_buf()}; start_shell(ConnectionHandler, Cmd, #state{exec=Shell} = State) when is_function(Shell) -> - ConnectionInfo = ssh_connection_handler:info(ConnectionHandler, + ConnectionInfo = ssh_connection_handler:connection_info(ConnectionHandler, [peer, user]), - {ok, User} = + User = proplists:get_value(user, ConnectionInfo), ShellFun = case erlang:fun_info(Shell, arity) of @@ -496,7 +496,7 @@ start_shell(ConnectionHandler, Cmd, #state{exec=Shell} = State) when is_function {arity, 2} -> fun() -> Shell(Cmd, User) end; {arity, 3} -> - [{_, PeerAddr}] = + {_, PeerAddr} = proplists:get_value(peer, ConnectionInfo), fun() -> Shell(Cmd, User, PeerAddr) end; _ -> diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index b377614949..33849f4527 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -782,9 +782,8 @@ handle_cli_msg(#connection{channel_cache = Cache} = Connection, erlang:monitor(process, Pid), Channel = Channel0#channel{user = Pid}, ssh_channel:cache_update(Cache, Channel), - Reply = {connection_reply, - channel_success_msg(RemoteId)}, - {{replies, [{channel_data, Pid, Reply0}, Reply]}, Connection}; + {Reply, Connection1} = reply_msg(Channel, Connection, Reply0), + {{replies, [Reply]}, Connection1}; _Other -> Reply = {connection_reply, channel_failure_msg(RemoteId)}, diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index f4f0682b40..0b057f10de 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -37,7 +37,8 @@ suite() -> all() -> [ {group, openssh_payload}, - interrupted_send + interrupted_send, + start_shell ]. groups() -> [{openssh_payload, [], [simple_exec, @@ -275,6 +276,39 @@ interrupted_send(Config) when is_list(Config) -> ssh:close(ConnectionRef), ssh:stop_daemon(Pid). +%%-------------------------------------------------------------------- +start_shell() -> + [{doc, "Start a shell"}]. + +start_shell(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {shell, fun(U, H) -> start_our_shell(U, H) end} ]), + + ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, true}, + {user_dir, UserDir}]), + + {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), + ok = ssh_connection:shell(ConnectionRef,ChannelId0), + + receive + {ssh_cm,ConnectionRef, {data, ChannelId, 0, <<"Enter command\r\n">>}} -> + ok + after 5000 -> + ct:fail("CLI Timeout") + end, + + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). + %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- @@ -308,3 +342,12 @@ collect_data(ConnectionRef, ChannelId, Acc) -> after 5000 -> timeout end. + +%%%------------------------------------------------------------------- +% This is taken from the ssh example code. +start_our_shell(_User, _Peer) -> + spawn(fun() -> + io:format("Enter command\n") + %% Don't actually loop, just exit + end). + -- cgit v1.2.3 From 9c6e4ca932f82aeacc10e76b6d1adb3a944c8d7a Mon Sep 17 00:00:00 2001 From: Alex Wilson Date: Fri, 1 Aug 2014 21:24:43 +1000 Subject: SSH: documentation update for new algos --- lib/ssh/doc/src/ssh.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 5a141ced3c..a20d0794c4 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -36,8 +36,8 @@ SSH requires the crypto and public_key applications. Supported SSH version is 2.0 - Supported MAC algorithms: hmac-sha1 - Supported encryption algorithms: aes128-cb and 3des-cbc + Supported MAC algorithms: hmac-sha2-256 and hmac-sha1 + Supported encryption algorithms: aes128-ctr, aes128-cb and 3des-cbc Supports unicode filenames if the emulator and the underlaying OS supports it. See the DESCRIPTION section in file for information about this subject Supports unicode in shell and cli -- cgit v1.2.3 From 513e091ffc89cd27afe2a0dbe367ba135daeb594 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 1 Aug 2014 14:44:05 +0200 Subject: ssh: Negotiation_timeout testcase --- lib/ssh/test/ssh_basic_SUITE.erl | 98 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 97 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index bf7fb4c73e..35fca21021 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -59,7 +59,11 @@ groups() -> {dsa_pass_key, [], [pass_phrase]}, {rsa_pass_key, [], [pass_phrase]}, {internal_error, [], [internal_error]}, - {hardening_tests, [], [max_sessions]} + {hardening_tests, [], [ssh_connect_nonegtimeout_connected_parallel, + ssh_connect_nonegtimeout_connected_sequential, + ssh_connect_negtimeout_parallel, + ssh_connect_negtimeout_sequential, + max_sessions]} ]. @@ -742,6 +746,98 @@ ms_passed(N1={_,_,M1}, N2={_,_,M2}) -> calendar:now_to_local_time(N2)), 1000 * (Min*60 + Sec + (M2-M1)/1000000). +%%-------------------------------------------------------------------- +ssh_connect_negtimeout_parallel(Config) -> ssh_connect_negtimeout(Config,true). +ssh_connect_negtimeout_sequential(Config) -> ssh_connect_negtimeout(Config,false). + +ssh_connect_negtimeout(Config, Parallel) -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + NegTimeOut = 2000, % ms + ct:log("Parallel: ~p",[Parallel]), + + {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, + {parallel_login, Parallel}, + {negotiation_timeout, NegTimeOut}, + {failfun, fun ssh_test_lib:failfun/2}]), + + {ok,Socket} = gen_tcp:connect(Host, Port, []), + ct:pal("And now sleeping 1.2*NegTimeOut (~p ms)...", [round(1.2 * NegTimeOut)]), + receive after round(1.2 * NegTimeOut) -> ok end, + + case inet:sockname(Socket) of + {ok,_} -> ct:fail("Socket not closed"); + {error,_} -> ok + end. + +%%-------------------------------------------------------------------- +ssh_connect_nonegtimeout_connected_parallel() -> + [{doc, "Test that ssh connection does not timeout if the connection is established (parallel)"}]. +ssh_connect_nonegtimeout_connected_parallel(Config) -> + ssh_connect_nonegtimeout_connected(Config, true). + +ssh_connect_nonegtimeout_connected_sequential() -> + [{doc, "Test that ssh connection does not timeout if the connection is established (non-parallel)"}]. +ssh_connect_nonegtimeout_connected_sequential(Config) -> + ssh_connect_nonegtimeout_connected(Config, false). + + +ssh_connect_nonegtimeout_connected(Config, Parallel) -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + NegTimeOut = 20000, % ms + ct:log("Parallel: ~p",[Parallel]), + + {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, + {parallel_login, Parallel}, + {negotiation_timeout, NegTimeOut}, + {failfun, fun ssh_test_lib:failfun/2}]), + ct:sleep(500), + + IO = ssh_test_lib:start_io_server(), + Shell = ssh_test_lib:start_shell(Port, IO, UserDir), + receive + {'EXIT', _, _} -> + ct:fail(no_ssh_connection); + ErlShellStart -> + ct:pal("---Erlang shell start: ~p~n", [ErlShellStart]), + one_shell_op(IO, NegTimeOut), + one_shell_op(IO, NegTimeOut), + ct:pal("And now sleeping 1.2*NegTimeOut (~p ms)...", [round(1.2 * NegTimeOut)]), + receive after round(1.2 * NegTimeOut) -> ok end, + one_shell_op(IO, NegTimeOut) + end, + exit(Shell, kill). + + +one_shell_op(IO, TimeOut) -> + ct:pal("One shell op: Waiting for prompter"), + receive + ErlPrompt0 -> ct:log("Erlang prompt: ~p~n", [ErlPrompt0]) + after TimeOut -> ct:fail("Timeout waiting for promter") + end, + + IO ! {input, self(), "2*3*7.\r\n"}, + receive + Echo0 -> ct:log("Echo: ~p ~n", [Echo0]) + after TimeOut -> ct:fail("Timeout waiting for echo") + end, + + receive + ?NEWLINE -> ct:log("NEWLINE received", []) + after TimeOut -> + receive Any1 -> ct:log("Bad NEWLINE: ~p",[Any1]) + after 0 -> ct:fail("Timeout waiting for NEWLINE") + end + end, + + receive + Result0 -> ct:log("Result: ~p~n", [Result0]) + after TimeOut -> ct:fail("Timeout waiting for result") + end. + %%-------------------------------------------------------------------- openssh_zlib_basic_test() -> -- cgit v1.2.3 From 314b504f088352a253a92224fc36f3514f83e0f8 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 4 Aug 2014 16:03:55 +0200 Subject: ssh: negotiation_timeout bug fixed --- lib/ssh/src/ssh_connection_handler.erl | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 06866392da..86804c4436 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -104,21 +104,11 @@ start_connection(client = Role, Socket, Options, Timeout) -> start_connection(server = Role, Socket, Options, Timeout) -> try - Sups = proplists:get_value(supervisors, Options), - ConnectionSup = proplists:get_value(connection_sup, Sups), - Opts = [{supervisors, Sups}, {user_pid, self()} | proplists:get_value(ssh_opts, Options, [])], - {ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]), - {_, Callback, _} = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), - socket_control(Socket, Pid, Callback), - case proplists:get_value(parallel_login, Opts, false) of + case proplists:get_value(parallel_login, Options, false) of true -> - spawn(fun() -> - Ref = erlang:monitor(process, Pid), - handshake(Pid, Ref, Timeout) - end); + spawn(fun() -> start_server_connection(Role, Socket, Options, Timeout) end); false -> - Ref = erlang:monitor(process, Pid), - handshake(Pid, Ref, Timeout) + start_server_connection(Role, Socket, Options, Timeout) end catch exit:{noproc, _} -> @@ -127,6 +117,18 @@ start_connection(server = Role, Socket, Options, Timeout) -> {error, Error} end. + +start_server_connection(server = Role, Socket, Options, Timeout) -> + Sups = proplists:get_value(supervisors, Options), + ConnectionSup = proplists:get_value(connection_sup, Sups), + Opts = [{supervisors, Sups}, {user_pid, self()} | proplists:get_value(ssh_opts, Options, [])], + {ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]), + {_, Callback, _} = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), + socket_control(Socket, Pid, Callback), + Ref = erlang:monitor(process, Pid), + handshake(Pid, Ref, Timeout). + + start_link(Role, Socket, Options) -> {ok, proc_lib:spawn_link(?MODULE, init, [[Role, Socket, Options]])}. -- cgit v1.2.3 From 93cd479df2aedd97c609599f6c92b19093210433 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 11 Aug 2014 12:14:43 +0200 Subject: ssh: Updated vsn.mk --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 8d1a7ae54f..9bef10a366 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.0.3 +SSH_VSN = 3.0.4 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From ad1ad5b1d9d95e0835a9dc0ca648ecedae9d796b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 29 Jul 2014 15:55:04 +0200 Subject: ssh: Add testcases for max_sessions option Now checks that if we have max_session sessions we could close one session and open a new one. That is checked both for parallel and non-parallel logins. --- lib/ssh/test/ssh_basic_SUITE.erl | 97 ++++++++++++++++++++++++++++++---------- 1 file changed, 74 insertions(+), 23 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 35fca21021..9242731924 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -53,7 +53,7 @@ all() -> {group, hardening_tests} ]. -groups() -> +groups() -> [{dsa_key, [], basic_tests()}, {rsa_key, [], basic_tests()}, {dsa_pass_key, [], [pass_phrase]}, @@ -63,7 +63,11 @@ groups() -> ssh_connect_nonegtimeout_connected_sequential, ssh_connect_negtimeout_parallel, ssh_connect_negtimeout_sequential, - max_sessions]} + max_sessions_ssh_connect_parallel, + max_sessions_ssh_connect_sequential, + max_sessions_sftp_start_channel_parallel, + max_sessions_sftp_start_channel_sequential + ]} ]. @@ -859,40 +863,87 @@ openssh_zlib_basic_test(Config) -> %%-------------------------------------------------------------------- -max_sessions(Config) -> +max_sessions_ssh_connect_parallel(Config) -> + max_sessions(Config, true, connect_fun(ssh__connect,Config)). +max_sessions_ssh_connect_sequential(Config) -> + max_sessions(Config, false, connect_fun(ssh__connect,Config)). + +max_sessions_sftp_start_channel_parallel(Config) -> + max_sessions(Config, true, connect_fun(ssh_sftp__start_channel, Config)). +max_sessions_sftp_start_channel_sequential(Config) -> + max_sessions(Config, false, connect_fun(ssh_sftp__start_channel, Config)). + + +%%%---- helpers: +connect_fun(ssh__connect, Config) -> + fun(Host,Port) -> + ssh_test_lib:connect(Host, Port, + [{silently_accept_hosts, true}, + {user_dir, ?config(priv_dir,Config)}, + {user_interaction, false}, + {user, "carni"}, + {password, "meat"} + ]) + %% ssh_test_lib returns R when ssh:connect returns {ok,R} + end; +connect_fun(ssh_sftp__start_channel, _Config) -> + fun(Host,Port) -> + {ok,_Pid,ConnRef} = + ssh_sftp:start_channel(Host, Port, + [{silently_accept_hosts, true}, + {user, "carni"}, + {password, "meat"} + ]), + ConnRef + end. + + +max_sessions(Config, ParallelLogin, Connect) when is_function(Connect,2) -> SystemDir = filename:join(?config(priv_dir, Config), system), UserDir = ?config(priv_dir, Config), - MaxSessions = 2, - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + MaxSessions = 5, + {Pid, Host, Port} = ssh_test_lib:daemon([ + {system_dir, SystemDir}, {user_dir, UserDir}, {user_passwords, [{"carni", "meat"}]}, - {parallel_login, true}, + {parallel_login, ParallelLogin}, {max_sessions, MaxSessions} ]), - Connect = fun() -> - R=ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user_dir, UserDir}, - {user_interaction, false}, - {user, "carni"}, - {password, "meat"} - ]), - ct:log("Connection ~p up",[R]) - end, - - try [Connect() || _ <- lists:seq(1,MaxSessions)] + try [Connect(Host,Port) || _ <- lists:seq(1,MaxSessions)] of - _ -> - ct:pal("Expect Info Report:",[]), - try Connect() + Connections -> + %% Step 1 ok: could set up max_sessions connections + ct:log("Connections up: ~p",[Connections]), + [_|_] = Connections, + + %% Now try one more than alowed: + ct:pal("Info Report might come here...",[]), + try Connect(Host,Port) of - _ConnectionRef -> + _ConnectionRef1 -> ssh:stop_daemon(Pid), {fail,"Too many connections accepted"} catch error:{badmatch,{error,"Connection closed"}} -> - ssh:stop_daemon(Pid), - ok + %% Step 2 ok: could not set up max_sessions+1 connections + %% This is expected + %% Now stop one connection and try to open one more + ok = ssh:close(hd(Connections)), + try Connect(Host,Port) + of + _ConnectionRef1 -> + %% Step 3 ok: could set up one more connection after killing one + %% Thats good. + ssh:stop_daemon(Pid), + ok + catch + error:{badmatch,{error,"Connection closed"}} -> + %% Bad indeed. Could not set up one more connection even after killing + %% one existing. Very bad. + ssh:stop_daemon(Pid), + {fail,"Does not decrease # active sessions"} + end end catch error:{badmatch,{error,"Connection closed"}} -> -- cgit v1.2.3 From ccf1e0385fe0877279141acdcb0ac4f43e5596e4 Mon Sep 17 00:00:00 2001 From: Alex Wilson Date: Mon, 18 Aug 2014 13:48:19 +1000 Subject: SSH: add ssh_to_openssh test for ciphers and macs This is only an openssh-client-erlang-server test, because no public API to select ciphers is available for the erlang client yet. --- lib/ssh/test/ssh_to_openssh_SUITE.erl | 100 +++++++++++++++++++++++++++++++++- 1 file changed, 99 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 8b5343cecc..5a3bd21b55 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -54,7 +54,9 @@ groups() -> ]}, {erlang_server, [], [erlang_server_openssh_client_exec, erlang_server_openssh_client_exec_compressed, - erlang_server_openssh_client_pulic_key_dsa]} + erlang_server_openssh_client_pulic_key_dsa, + erlang_server_openssh_client_cipher_suites, + erlang_server_openssh_client_macs]} ]. init_per_suite(Config) -> @@ -220,6 +222,102 @@ erlang_server_openssh_client_exec(Config) when is_list(Config) -> end, ssh:stop_daemon(Pid). +%%-------------------------------------------------------------------- +erlang_server_openssh_client_cipher_suites() -> + [{doc, "Test that we can connect with different cipher suites."}]. + +erlang_server_openssh_client_cipher_suites(Config) when is_list(Config) -> + SystemDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + KnownHosts = filename:join(PrivDir, "known_hosts"), + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {failfun, fun ssh_test_lib:failfun/2}]), + + + ct:sleep(500), + + Ciphers = [{"3des-cbc", true}, + {"aes128-cbc", true}, + {"aes128-ctr", true}, + {"aes256-cbc", false}], + lists:foreach(fun({Cipher, Expect}) -> + Cmd = "ssh -p " ++ integer_to_list(Port) ++ + " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++ + " -c " ++ Cipher ++ " 1+1.", + + ct:pal("Cmd: ~p~n", [Cmd]), + + SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), + + case Expect of + true -> + receive + {SshPort,{data, <<"2\n">>}} -> + ok + after ?TIMEOUT -> + ct:fail("Did not receive answer") + end; + false -> + receive + {SshPort,{data, <<"no matching cipher found", _/binary>>}} -> + ok + after ?TIMEOUT -> + ct:fail("Did not receive no matching cipher message") + end + end + end, Ciphers), + + ssh:stop_daemon(Pid). + +%%-------------------------------------------------------------------- +erlang_server_openssh_client_macs() -> + [{doc, "Test that we can connect with different MACs."}]. + +erlang_server_openssh_client_macs(Config) when is_list(Config) -> + SystemDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + KnownHosts = filename:join(PrivDir, "known_hosts"), + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {failfun, fun ssh_test_lib:failfun/2}]), + + + ct:sleep(500), + + MACs = [{"hmac-sha1", true}, + {"hmac-sha2-256", true}, + {"hmac-md5-96", false}, + {"hmac-ripemd160", false}], + lists:foreach(fun({MAC, Expect}) -> + Cmd = "ssh -p " ++ integer_to_list(Port) ++ + " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++ + " -o MACs=" ++ MAC ++ " 1+1.", + + ct:pal("Cmd: ~p~n", [Cmd]), + + SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), + + case Expect of + true -> + receive + {SshPort,{data, <<"2\n">>}} -> + ok + after ?TIMEOUT -> + ct:fail("Did not receive answer") + end; + false -> + receive + {SshPort,{data, <<"no matching mac found", _/binary>>}} -> + ok + after ?TIMEOUT -> + ct:fail("Did not receive no matching mac message") + end + end + end, MACs), + + ssh:stop_daemon(Pid). + %%-------------------------------------------------------------------- erlang_server_openssh_client_exec_compressed() -> [{doc, "Test that exec command works."}]. -- cgit v1.2.3 From 1b58736ceb84dbed98ef4e8cdbb491a26ecb69d4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 1 Aug 2014 14:44:05 +0200 Subject: ssh: Negotiation_timeout testcase --- lib/ssh/test/ssh_basic_SUITE.erl | 98 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 97 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index bf7fb4c73e..35fca21021 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -59,7 +59,11 @@ groups() -> {dsa_pass_key, [], [pass_phrase]}, {rsa_pass_key, [], [pass_phrase]}, {internal_error, [], [internal_error]}, - {hardening_tests, [], [max_sessions]} + {hardening_tests, [], [ssh_connect_nonegtimeout_connected_parallel, + ssh_connect_nonegtimeout_connected_sequential, + ssh_connect_negtimeout_parallel, + ssh_connect_negtimeout_sequential, + max_sessions]} ]. @@ -742,6 +746,98 @@ ms_passed(N1={_,_,M1}, N2={_,_,M2}) -> calendar:now_to_local_time(N2)), 1000 * (Min*60 + Sec + (M2-M1)/1000000). +%%-------------------------------------------------------------------- +ssh_connect_negtimeout_parallel(Config) -> ssh_connect_negtimeout(Config,true). +ssh_connect_negtimeout_sequential(Config) -> ssh_connect_negtimeout(Config,false). + +ssh_connect_negtimeout(Config, Parallel) -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + NegTimeOut = 2000, % ms + ct:log("Parallel: ~p",[Parallel]), + + {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, + {parallel_login, Parallel}, + {negotiation_timeout, NegTimeOut}, + {failfun, fun ssh_test_lib:failfun/2}]), + + {ok,Socket} = gen_tcp:connect(Host, Port, []), + ct:pal("And now sleeping 1.2*NegTimeOut (~p ms)...", [round(1.2 * NegTimeOut)]), + receive after round(1.2 * NegTimeOut) -> ok end, + + case inet:sockname(Socket) of + {ok,_} -> ct:fail("Socket not closed"); + {error,_} -> ok + end. + +%%-------------------------------------------------------------------- +ssh_connect_nonegtimeout_connected_parallel() -> + [{doc, "Test that ssh connection does not timeout if the connection is established (parallel)"}]. +ssh_connect_nonegtimeout_connected_parallel(Config) -> + ssh_connect_nonegtimeout_connected(Config, true). + +ssh_connect_nonegtimeout_connected_sequential() -> + [{doc, "Test that ssh connection does not timeout if the connection is established (non-parallel)"}]. +ssh_connect_nonegtimeout_connected_sequential(Config) -> + ssh_connect_nonegtimeout_connected(Config, false). + + +ssh_connect_nonegtimeout_connected(Config, Parallel) -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + NegTimeOut = 20000, % ms + ct:log("Parallel: ~p",[Parallel]), + + {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, + {parallel_login, Parallel}, + {negotiation_timeout, NegTimeOut}, + {failfun, fun ssh_test_lib:failfun/2}]), + ct:sleep(500), + + IO = ssh_test_lib:start_io_server(), + Shell = ssh_test_lib:start_shell(Port, IO, UserDir), + receive + {'EXIT', _, _} -> + ct:fail(no_ssh_connection); + ErlShellStart -> + ct:pal("---Erlang shell start: ~p~n", [ErlShellStart]), + one_shell_op(IO, NegTimeOut), + one_shell_op(IO, NegTimeOut), + ct:pal("And now sleeping 1.2*NegTimeOut (~p ms)...", [round(1.2 * NegTimeOut)]), + receive after round(1.2 * NegTimeOut) -> ok end, + one_shell_op(IO, NegTimeOut) + end, + exit(Shell, kill). + + +one_shell_op(IO, TimeOut) -> + ct:pal("One shell op: Waiting for prompter"), + receive + ErlPrompt0 -> ct:log("Erlang prompt: ~p~n", [ErlPrompt0]) + after TimeOut -> ct:fail("Timeout waiting for promter") + end, + + IO ! {input, self(), "2*3*7.\r\n"}, + receive + Echo0 -> ct:log("Echo: ~p ~n", [Echo0]) + after TimeOut -> ct:fail("Timeout waiting for echo") + end, + + receive + ?NEWLINE -> ct:log("NEWLINE received", []) + after TimeOut -> + receive Any1 -> ct:log("Bad NEWLINE: ~p",[Any1]) + after 0 -> ct:fail("Timeout waiting for NEWLINE") + end + end, + + receive + Result0 -> ct:log("Result: ~p~n", [Result0]) + after TimeOut -> ct:fail("Timeout waiting for result") + end. + %%-------------------------------------------------------------------- openssh_zlib_basic_test() -> -- cgit v1.2.3 From f8d1821c0f82386f59f2a7f48bbad8470e322b02 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 4 Aug 2014 16:03:55 +0200 Subject: ssh: negotiation_timeout bug fixed --- lib/ssh/src/ssh_connection_handler.erl | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 06866392da..86804c4436 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -104,21 +104,11 @@ start_connection(client = Role, Socket, Options, Timeout) -> start_connection(server = Role, Socket, Options, Timeout) -> try - Sups = proplists:get_value(supervisors, Options), - ConnectionSup = proplists:get_value(connection_sup, Sups), - Opts = [{supervisors, Sups}, {user_pid, self()} | proplists:get_value(ssh_opts, Options, [])], - {ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]), - {_, Callback, _} = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), - socket_control(Socket, Pid, Callback), - case proplists:get_value(parallel_login, Opts, false) of + case proplists:get_value(parallel_login, Options, false) of true -> - spawn(fun() -> - Ref = erlang:monitor(process, Pid), - handshake(Pid, Ref, Timeout) - end); + spawn(fun() -> start_server_connection(Role, Socket, Options, Timeout) end); false -> - Ref = erlang:monitor(process, Pid), - handshake(Pid, Ref, Timeout) + start_server_connection(Role, Socket, Options, Timeout) end catch exit:{noproc, _} -> @@ -127,6 +117,18 @@ start_connection(server = Role, Socket, Options, Timeout) -> {error, Error} end. + +start_server_connection(server = Role, Socket, Options, Timeout) -> + Sups = proplists:get_value(supervisors, Options), + ConnectionSup = proplists:get_value(connection_sup, Sups), + Opts = [{supervisors, Sups}, {user_pid, self()} | proplists:get_value(ssh_opts, Options, [])], + {ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]), + {_, Callback, _} = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), + socket_control(Socket, Pid, Callback), + Ref = erlang:monitor(process, Pid), + handshake(Pid, Ref, Timeout). + + start_link(Role, Socket, Options) -> {ok, proc_lib:spawn_link(?MODULE, init, [[Role, Socket, Options]])}. -- cgit v1.2.3 From 788e59b860213dfdbe3ee1768150f49fcc1bfeff Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 11 Aug 2014 12:14:43 +0200 Subject: ssh: Updated vsn.mk --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 8d1a7ae54f..9bef10a366 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.0.3 +SSH_VSN = 3.0.4 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From d7eb675a50a1f9fbfe0070ff0d0bfbc1f8ac65ad Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Wed, 20 Aug 2014 14:53:49 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 0dbec7527a..60440d3a80 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,27 @@ notes.xml
+
Ssh 3.0.4 + +
Fixed Bugs and Malfunctions + + +

+ When starting an ssh-daemon giving the option + {parallel_login, true}, the timeout for authentication + negotiation ({negotiation_timeout, integer()}) was never + removed.

+

+ This caused the session to always be terminated after the + timeout if parallel_login was set.

+

+ Own Id: OTP-12057 Aux Id: seq12663

+ + +
+ +
+
Ssh 3.0.3
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 76b79e88aaf4d59e8cb057fe9a075cc27f0c79c8 Mon Sep 17 00:00:00 2001 From: "Michael K. Schmidt" Date: Fri, 22 Aug 2014 15:34:15 -0500 Subject: Test Other Clauses of start_shell start_shell() is called by exec, so test those cases as well. Also add support for passing a fun to exec. --- lib/ssh/src/ssh.erl | 3 +- lib/ssh/test/ssh_connection_SUITE.erl | 81 +++++++++++++++++++++++++++++++++-- 2 files changed, 79 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 743c01a42c..8a8d4bb89e 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -392,7 +392,8 @@ handle_ssh_option({compression, Value} = Opt) when is_atom(Value) -> Opt; handle_ssh_option({exec, {Module, Function, _}} = Opt) when is_atom(Module), is_atom(Function) -> - + Opt; +handle_ssh_option({exec, Function} = Opt) when is_function(Function) -> Opt; handle_ssh_option({auth_methods, Value} = Opt) when is_list(Value) -> Opt; diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 0b057f10de..c115ccee5f 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -38,7 +38,9 @@ all() -> [ {group, openssh_payload}, interrupted_send, - start_shell + start_shell, + start_shell_exec, + start_shell_exec_fun ]. groups() -> [{openssh_payload, [], [simple_exec, @@ -308,7 +310,74 @@ start_shell(Config) when is_list(Config) -> ssh:close(ConnectionRef), ssh:stop_daemon(Pid). +%%-------------------------------------------------------------------- +start_shell_exec() -> + [{doc, "start shell to exec command"}]. + +start_shell_exec(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {exec, {?MODULE,ssh_exec,[]}} ]), + + ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, true}, + {user_dir, UserDir}]), + + {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), + + success = ssh_connection:exec(ConnectionRef, ChannelId0, + "testing", infinity), + receive + {ssh_cm,ConnectionRef, {data, ChannelId, 0, <<"testing\r\n">>}} -> + ok + after 5000 -> + ct:fail("Exec Timeout") + end, + + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). + +%%-------------------------------------------------------------------- +start_shell_exec_fun() -> + [{doc, "start shell to exec command"}]. + +start_shell_exec_fun(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {exec, fun ssh_exec/1}]), + ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, true}, + {user_dir, UserDir}]), + + {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), + + success = ssh_connection:exec(ConnectionRef, ChannelId0, + "testing", infinity), + + receive + {ssh_cm,ConnectionRef, {data, ChannelId, 0, <<"testing\r\n">>}} -> + ok + after 5000 -> + ct:fail("Exec Timeout") + end, + + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- @@ -347,7 +416,11 @@ collect_data(ConnectionRef, ChannelId, Acc) -> % This is taken from the ssh example code. start_our_shell(_User, _Peer) -> spawn(fun() -> - io:format("Enter command\n") - %% Don't actually loop, just exit - end). + io:format("Enter command\n") + %% Don't actually loop, just exit + end). +ssh_exec(Cmd) -> + spawn(fun() -> + io:format(Cmd ++ "\n") + end). -- cgit v1.2.3 From cf53a360685b1a01a5c7fc0e06660ce8d76d96b0 Mon Sep 17 00:00:00 2001 From: Alex Wilson Date: Thu, 28 Aug 2014 11:13:57 +1000 Subject: SSH: only enable ciphers/MACs when they are available in crypto Also adjusts tests to only expect a positive outcome when crypto supports the relevant base ciphers/MACs. --- lib/ssh/src/ssh_transport.erl | 30 ++++++++++++++++++++++-------- lib/ssh/test/ssh_to_openssh_SUITE.erl | 20 +++++++++++++------- 2 files changed, 35 insertions(+), 15 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 805114f792..ea05c849b7 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -113,15 +113,28 @@ key_init(client, Ssh, Value) -> key_init(server, Ssh, Value) -> Ssh#ssh{s_keyinit = Value}. +available_ssh_algos() -> + Supports = crypto:supports(), + CipherAlgos = [{aes_ctr, "aes128-ctr"}, {aes_cbc128, "aes128-cbc"}, {des3_cbc, "3des-cbc"}], + Ciphers = [SshAlgo || + {CryptoAlgo, SshAlgo} <- CipherAlgos, + lists:member(CryptoAlgo, proplists:get_value(ciphers, Supports, []))], + HashAlgos = [{sha256, "hmac-sha2-256"}, {sha, "hmac-sha1"}], + Hashs = [SshAlgo || + {CryptoAlgo, SshAlgo} <- HashAlgos, + lists:member(CryptoAlgo, proplists:get_value(hashs, Supports, []))], + {Ciphers, Hashs}. + kexinit_messsage(client, Random, Compression, HostKeyAlgs) -> + {CipherAlgs, HashAlgs} = available_ssh_algos(), #ssh_msg_kexinit{ cookie = Random, kex_algorithms = ["diffie-hellman-group1-sha1"], server_host_key_algorithms = HostKeyAlgs, - encryption_algorithms_client_to_server = ["aes128-ctr","aes128-cbc","3des-cbc"], - encryption_algorithms_server_to_client = ["aes128-ctr","aes128-cbc","3des-cbc"], - mac_algorithms_client_to_server = ["hmac-sha2-256","hmac-sha1"], - mac_algorithms_server_to_client = ["hmac-sha2-256","hmac-sha1"], + encryption_algorithms_client_to_server = CipherAlgs, + encryption_algorithms_server_to_client = CipherAlgs, + mac_algorithms_client_to_server = HashAlgs, + mac_algorithms_server_to_client = HashAlgs, compression_algorithms_client_to_server = Compression, compression_algorithms_server_to_client = Compression, languages_client_to_server = [], @@ -129,14 +142,15 @@ kexinit_messsage(client, Random, Compression, HostKeyAlgs) -> }; kexinit_messsage(server, Random, Compression, HostKeyAlgs) -> + {CipherAlgs, HashAlgs} = available_ssh_algos(), #ssh_msg_kexinit{ cookie = Random, kex_algorithms = ["diffie-hellman-group1-sha1"], server_host_key_algorithms = HostKeyAlgs, - encryption_algorithms_client_to_server = ["aes128-ctr","aes128-cbc","3des-cbc"], - encryption_algorithms_server_to_client = ["aes128-ctr","aes128-cbc","3des-cbc"], - mac_algorithms_client_to_server = ["hmac-sha2-256","hmac-sha1"], - mac_algorithms_server_to_client = ["hmac-sha2-256","hmac-sha1"], + encryption_algorithms_client_to_server = CipherAlgs, + encryption_algorithms_server_to_client = CipherAlgs, + mac_algorithms_client_to_server = HashAlgs, + mac_algorithms_server_to_client = HashAlgs, compression_algorithms_client_to_server = Compression, compression_algorithms_server_to_client = Compression, languages_client_to_server = [], diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 5a3bd21b55..e003b135b1 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -237,10 +237,14 @@ erlang_server_openssh_client_cipher_suites(Config) when is_list(Config) -> ct:sleep(500), - Ciphers = [{"3des-cbc", true}, - {"aes128-cbc", true}, - {"aes128-ctr", true}, - {"aes256-cbc", false}], + Supports = crypto:supports(), + Ciphers = proplists:get_value(ciphers, Supports), + Tests = [ + {"3des-cbc", lists:member(des3_cbc, Ciphers)}, + {"aes128-cbc", lists:member(aes_cbc128, Ciphers)}, + {"aes128-ctr", lists:member(aes_ctr, Ciphers)}, + {"aes256-cbc", false} + ], lists:foreach(fun({Cipher, Expect}) -> Cmd = "ssh -p " ++ integer_to_list(Port) ++ " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++ @@ -266,7 +270,7 @@ erlang_server_openssh_client_cipher_suites(Config) when is_list(Config) -> ct:fail("Did not receive no matching cipher message") end end - end, Ciphers), + end, Tests), ssh:stop_daemon(Pid). @@ -285,8 +289,10 @@ erlang_server_openssh_client_macs(Config) when is_list(Config) -> ct:sleep(500), - MACs = [{"hmac-sha1", true}, - {"hmac-sha2-256", true}, + Supports = crypto:supports(), + Hashs = proplists:get_value(hashs, Supports), + MACs = [{"hmac-sha1", lists:member(sha, Hashs)}, + {"hmac-sha2-256", lists:member(sha256, Hashs)}, {"hmac-md5-96", false}, {"hmac-ripemd160", false}], lists:foreach(fun({MAC, Expect}) -> -- cgit v1.2.3 From e3a947d06915bde9d11e80b9d6f4e31460a3cf51 Mon Sep 17 00:00:00 2001 From: Marcus Arendt Date: Mon, 1 Sep 2014 16:13:37 +0200 Subject: ssh: check if ssh client supports newer cipher- and MAC-algorithms --- lib/ssh/test/ssh_to_openssh_SUITE.erl | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index e003b135b1..3500bf012b 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -91,6 +91,12 @@ end_per_group(erlang_server, Config) -> end_per_group(_, Config) -> Config. +init_per_testcase(erlang_server_openssh_client_cipher_suites, Config) -> + check_ssh_client_support(Config); + +init_per_testcase(erlang_server_openssh_client_macs, Config) -> + check_ssh_client_support(Config); + init_per_testcase(_TestCase, Config) -> ssh:start(), Config. @@ -537,3 +543,25 @@ receive_hej() -> ct:pal("Extra info: ~p~n", [Info]), receive_hej() end. + +%%-------------------------------------------------------------------- +%%-------------------------------------------------------------------- +%% Check if we have a "newer" ssh client that supports these test cases +%%-------------------------------------------------------------------- +check_ssh_client_support(Config) -> + Port = open_port({spawn, "ssh -Q cipher"}, [exit_status, stderr_to_stdout]), + case check_ssh_client_support2(Port) of + 0 -> % exit status from command (0 == ok) + ssh:start(), + Config; + _ -> + {skip, "test case not supported by ssh client"} + end. + +check_ssh_client_support2(P) -> + receive + {P, {data, _A}} -> + check_ssh_client_support2(P); + {P, {exit_status, E}} -> + E + end. -- cgit v1.2.3 From 5e7c707b1a7e98d75aa9edeaaf3f2b15d7f27110 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 2 Sep 2014 17:05:38 +0200 Subject: ssh: Add simple experimental property test suites --- lib/ssh/test/property_test/README | 12 + .../test/property_test/ssh_eqc_client_server.erl | 602 +++++++++++++++++++++ .../ssh_eqc_client_server_dirs/id_dsa | 13 + .../ssh_eqc_client_server_dirs/id_rsa | 15 + .../ssh_eqc_client_server_dirs/ssh_host_dsa_key | 13 + .../ssh_host_dsa_key.pub | 11 + .../ssh_eqc_client_server_dirs/ssh_host_rsa_key | 16 + .../ssh_host_rsa_key.pub | 5 + .../test/property_test/ssh_eqc_encode_decode.erl | 381 +++++++++++++ lib/ssh/test/property_test/ssh_eqc_subsys.erl | 63 +++ lib/ssh/test/ssh_property_test_SUITE.erl | 109 ++++ 11 files changed, 1240 insertions(+) create mode 100644 lib/ssh/test/property_test/README create mode 100644 lib/ssh/test/property_test/ssh_eqc_client_server.erl create mode 100644 lib/ssh/test/property_test/ssh_eqc_client_server_dirs/id_dsa create mode 100644 lib/ssh/test/property_test/ssh_eqc_client_server_dirs/id_rsa create mode 100644 lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_dsa_key create mode 100644 lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_dsa_key.pub create mode 100644 lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_rsa_key create mode 100644 lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_rsa_key.pub create mode 100644 lib/ssh/test/property_test/ssh_eqc_encode_decode.erl create mode 100644 lib/ssh/test/property_test/ssh_eqc_subsys.erl create mode 100644 lib/ssh/test/ssh_property_test_SUITE.erl (limited to 'lib/ssh') diff --git a/lib/ssh/test/property_test/README b/lib/ssh/test/property_test/README new file mode 100644 index 0000000000..57602bf719 --- /dev/null +++ b/lib/ssh/test/property_test/README @@ -0,0 +1,12 @@ + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%% %%% +%%% WARNING %%% +%%% %%% +%%% This is experimental code which may be changed or removed %%% +%%% anytime without any warning. %%% +%%% %%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +The test in this directory are written assuming that the user has a QuickCheck license. They are to be run manually. Some may be possible to be run with other tools, e.g. PropEr. + diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server.erl b/lib/ssh/test/property_test/ssh_eqc_client_server.erl new file mode 100644 index 0000000000..3a84acebb3 --- /dev/null +++ b/lib/ssh/test/property_test/ssh_eqc_client_server.erl @@ -0,0 +1,602 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2004-2014. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +%% + +-module(ssh_eqc_client_server). + +-compile(export_all). + +-include_lib("common_test/include/ct.hrl"). + +-ifdef(PROPER). +%% Proper is not supported. +-else. + +-include_lib("eqc/include/eqc.hrl"). +-include_lib("eqc/include/eqc_statem.hrl"). +-eqc_group_commands(true). + +-define(SSH_DIR,"ssh_eqc_client_server_dirs"). + +-define(sec, *1000). +-define(min, *60?sec). + +-record(srvr,{ref, + address, + port + }). + +-record(conn,{ref, + srvr_ref + }). + +-record(chan, {ref, + conn_ref, + subsystem, + client_pid + }). + +-record(state,{ + initialized = false, + servers = [], % [#srvr{}] + clients = [], + connections = [], % [#conn{}] + channels = [], % [#chan{}] + data_dir + }). + +%%%=============================================================== +%%% +%%% Specification of addresses, subsystems and such. +%%% + +-define(MAX_NUM_SERVERS, 3). +-define(MAX_NUM_CLIENTS, 3). + +-define(SUBSYSTEMS, ["echo1", "echo2", "echo3", "echo4"]). + +-define(SERVER_ADDRESS, { {127,1,1,1}, inet_port({127,1,1,1}) }). + +-define(SERVER_EXTRA_OPTIONS, [{parallel_login,bool()}] ). + + +%%%================================================================ +%%% +%%% The properties - one sequantial and one parallel with the same model +%%% +%%% Run as +%%% +%%% $ (cd ..; make) +%%% $ erl -pz .. +%%% +%%% eqc:quickcheck( ssh_eqc_client_server:prop_seq() ). +%%% eqc:quickcheck( ssh_eqc_client_server:prop_parallel() ). +%%% eqc:quickcheck( ssh_eqc_client_server:prop_parallel_multi() ). +%%% + + +%% To be called as eqc:quickcheck( ssh_eqc_client_server:prop_seq() ). +prop_seq() -> + do_prop_seq(?SSH_DIR). + +%% To be called from a common_test test suite +prop_seq(CT_Config) -> + do_prop_seq(full_path(?SSH_DIR, CT_Config)). + + +do_prop_seq(DataDir) -> + ?FORALL(Cmds,commands(?MODULE, #state{data_dir=DataDir}), + begin + {H,Sf,Result} = run_commands(?MODULE,Cmds), + present_result(?MODULE, Cmds, {H,Sf,Result}, Result==ok) + end). + +full_path(SSHdir, CT_Config) -> + filename:join(proplists:get_value(property_dir, CT_Config), + SSHdir). +%%%---- +prop_parallel() -> + do_prop_parallel(?SSH_DIR). + +%% To be called from a common_test test suite +prop_parallel(CT_Config) -> + do_prop_parallel(full_path(?SSH_DIR, CT_Config)). + +do_prop_parallel(DataDir) -> + ?FORALL(Cmds,parallel_commands(?MODULE, #state{data_dir=DataDir}), + begin + {H,Sf,Result} = run_parallel_commands(?MODULE,Cmds), + present_result(?MODULE, Cmds, {H,Sf,Result}, Result==ok) + end). + +%%%---- +prop_parallel_multi() -> + do_prop_parallel_multi(?SSH_DIR). + +%% To be called from a common_test test suite +prop_parallel_multi(CT_Config) -> + do_prop_parallel_multi(full_path(?SSH_DIR, CT_Config)). + +do_prop_parallel_multi(DataDir) -> + ?FORALL(Repetitions,?SHRINK(1,[10]), + ?FORALL(Cmds,parallel_commands(?MODULE, #state{data_dir=DataDir}), + ?ALWAYS(Repetitions, + begin + {H,Sf,Result} = run_parallel_commands(?MODULE,Cmds), + present_result(?MODULE, Cmds, {H,Sf,Result}, Result==ok) + end))). + +%%%================================================================ +%%% State machine spec + +%%% called when using commands/1 +initial_state() -> + S = initial_state(#state{}), + S#state{initialized=true}. + +%%% called when using commands/2 +initial_state(S) -> + application:stop(ssh), + ssh:start(), + setup_rsa(S#state.data_dir). + +%%%---------------- +weight(S, ssh_send) -> 5*length([C || C<-S#state.channels, has_subsyst(C)]); +weight(S, ssh_start_subsyst) -> 3*length([C || C<-S#state.channels, no_subsyst(C)]); +weight(S, ssh_close_channel) -> 2*length([C || C<-S#state.channels, has_subsyst(C)]); +weight(S, ssh_open_channel) -> length(S#state.connections); +weight(_S, _) -> 1. + +%%%---------------- +%%% Initialize + +initial_state_pre(S) -> not S#state.initialized. + +initial_state_args(S) -> [S]. + +initial_state_next(S, _, _) -> S#state{initialized=true}. + +%%%---------------- +%%% Start a new daemon +%%% Precondition: not more than ?MAX_NUM_SERVERS started + +ssh_server_pre(S) -> S#state.initialized andalso + length(S#state.servers) < ?MAX_NUM_SERVERS. + +ssh_server_args(S) -> [?SERVER_ADDRESS, S#state.data_dir, ?SERVER_EXTRA_OPTIONS]. + +ssh_server({IP,Port}, DataDir, ExtraOptions) -> + ok(ssh:daemon(IP, Port, + [ + {system_dir, system_dir(DataDir)}, + {user_dir, user_dir(DataDir)}, + {subsystems, [{SS, {ssh_eqc_subsys, [SS]}} || SS <- ?SUBSYSTEMS]} + | ExtraOptions + ])). + +ssh_server_post(_S, _Args, Result) -> is_ok(Result). + +ssh_server_next(S, Result, [{IP,Port},_,_]) -> + S#state{servers=[#srvr{ref = Result, + address = IP, + port = Port} + | S#state.servers]}. + +%%%---------------- +%%% Start a new client +%%% Precondition: not more than ?MAX_NUM_CLIENTS started + +ssh_client_pre(S) -> S#state.initialized andalso + length(S#state.clients) < ?MAX_NUM_CLIENTS. + +ssh_client_args(_S) -> []. + +ssh_client() -> spawn(fun client_init/0). + +ssh_client_next(S, Pid, _) -> S#state{clients=[Pid|S#state.clients]}. + + +client_init() -> client_loop(). + +client_loop() -> + receive + {please_do,Fun,Ref,Pid} -> + Pid ! {my_pleasure, catch Fun(), Ref}, + client_loop() + end. + +do(Pid, Fun) -> do(Pid, Fun, 30?sec). + +do(Pid, Fun, Timeout) when is_function(Fun,0) -> + Pid ! {please_do,Fun,Ref=make_ref(),self()}, + receive + {my_pleasure, Result, Ref} -> Result + after + Timeout -> {error,do_timeout} + end. + +%%%---------------- +%%% Start a new connection +%%% Precondition: deamon exists + +ssh_open_connection_pre(S) -> S#state.servers /= []. + +ssh_open_connection_args(S) -> [oneof(S#state.servers), S#state.data_dir]. + +ssh_open_connection(#srvr{address=Ip, port=Port}, DataDir) -> + ok(ssh:connect(ensure_string(Ip), Port, + [ + {silently_accept_hosts, true}, + {user_dir, user_dir(DataDir)}, + {user_interaction, false} + ])). + +ssh_open_connection_post(_S, _Args, Result) -> is_ok(Result). + +ssh_open_connection_next(S, ConnRef, [#srvr{ref=SrvrRef},_]) -> + S#state{connections=[#conn{ref=ConnRef, srvr_ref=SrvrRef}|S#state.connections]}. + +%%%---------------- +%%% Stop a new connection +%%% Precondition: connection exists + +ssh_close_connection_pre(S) -> S#state.connections /= []. + +ssh_close_connection_args(S) -> [oneof(S#state.connections)]. + +ssh_close_connection(#conn{ref=ConnectionRef}) -> ssh:close(ConnectionRef). + +ssh_close_connection_next(S, _, [Conn=#conn{ref=ConnRef}]) -> + S#state{connections = S#state.connections--[Conn], + channels = [C || C <- S#state.channels, + C#chan.conn_ref /= ConnRef] + }. + +%%%---------------- +%%% Start a new channel without a sub system +%%% Precondition: connection exists + +ssh_open_channel_pre(S) -> S#state.connections /= []. + +ssh_open_channel_args(S) -> [oneof(S#state.connections)]. + +%%% For re-arrangement in parallel tests. +ssh_open_channel_pre(S,[C]) -> lists:member(C,S#state.connections). + +ssh_open_channel(#conn{ref=ConnectionRef}) -> + ok(ssh_connection:session_channel(ConnectionRef, 20?sec)). + +ssh_open_channel_post(_S, _Args, Result) -> is_ok(Result). + +ssh_open_channel_next(S, ChannelRef, [#conn{ref=ConnRef}]) -> + S#state{channels=[#chan{ref=ChannelRef, + conn_ref=ConnRef} + | S#state.channels]}. + +%%%---------------- +%%% Stop a channel +%%% Precondition: a channel exists, with or without a subsystem + +ssh_close_channel_pre(S) -> S#state.channels /= []. + +ssh_close_channel_args(S) -> [oneof(S#state.channels)]. + +ssh_close_channel(#chan{ref=ChannelRef, conn_ref=ConnectionRef}) -> + ssh_connection:close(ConnectionRef, ChannelRef). + +ssh_close_channel_next(S, _, [C]) -> + S#state{channels = [Ci || Ci <- S#state.channels, + sig(C) /= sig(Ci)]}. + + +sig(C) -> {C#chan.ref, C#chan.conn_ref}. + + +%%%---------------- +%%% Start a sub system on a channel +%%% Precondition: A channel without subsystem exists + +ssh_start_subsyst_pre(S) -> lists:any(fun no_subsyst/1, S#state.channels) andalso + S#state.clients /= []. + +ssh_start_subsyst_args(S) -> [oneof(lists:filter(fun no_subsyst/1, S#state.channels)), + oneof(?SUBSYSTEMS), + oneof(S#state.clients) + ]. + +%% For re-arrangement in parallel tests. +ssh_start_subsyst_pre(S, [C|_]) -> lists:member(C,S#state.channels) + andalso no_subsyst(C). + +ssh_start_subsyst(#chan{ref=ChannelRef, conn_ref=ConnectionRef}, SubSystem, Pid) -> + do(Pid, fun()->ssh_connection:subsystem(ConnectionRef, ChannelRef, SubSystem, 120?sec) end). + +ssh_start_subsyst_post(_S, _Args, Result) -> Result==success. + +ssh_start_subsyst_next(S, _Result, [C,SS,Pid|_]) -> + S#state{channels = [C#chan{subsystem=SS, + client_pid=Pid}|(S#state.channels--[C])] }. + +%%%---------------- +%%% Send a message on a channel +%%% Precondition: a channel exists with a subsystem connected + +ssh_send_pre(S) -> lists:any(fun has_subsyst/1, S#state.channels). + +ssh_send_args(S) -> [oneof(lists:filter(fun has_subsyst/1, S#state.channels)), + choose(0,1), + message()]. + +%% For re-arrangement in parallel tests. +ssh_send_pre(S, [C|_]) -> lists:member(C, S#state.channels). + +ssh_send(C=#chan{conn_ref=ConnectionRef, ref=ChannelRef, client_pid=Pid}, Type, Msg) -> + do(Pid, + fun() -> + case ssh_connection:send(ConnectionRef, ChannelRef, Type, modify_msg(C,Msg), 10?sec) of + ok -> + receive + {ssh_cm,ConnectionRef,{data,ChannelRef,Type,Answer}} -> Answer + after 15?sec -> + %% receive + %% Other -> {error,{unexpected,Other}} + %% after 0 -> + {error,receive_timeout} + %% end + end; + Other -> + Other + end + end). + +ssh_send_blocking(_S, _Args) -> + true. + +ssh_send_post(_S, [C,_,Msg], Response) when is_binary(Response) -> + Expected = ssh_eqc_subsys:response(modify_msg(C,Msg), C#chan.subsystem), + case Response of + Expected -> true; + _ -> {send_failed, size(Response), size(Expected)} + end; + +ssh_send_post(_S, _Args, Response) -> + {error,Response}. + + +modify_msg(_, <<>>) -> <<>>; +modify_msg(#chan{subsystem=SS}, Msg) -> <<(list_to_binary(SS))/binary,Msg/binary>>. + +%%%================================================================ +%%% Misc functions + +message() -> + resize(500, binary()). + + %% binary(). + + %% oneof([binary(), + %% ?LET(Size, choose(0,10000), binary(Size)) + %% ]). + +has_subsyst(C) -> C#chan.subsystem /= undefined. + +no_subsyst(C) -> not has_subsyst(C). + + +ok({ok,X}) -> X; +ok({error,Err}) -> {error,Err}. + +is_ok({error,_}) -> false; +is_ok(_) -> true. + +ensure_string({A,B,C,D}) -> lists:flatten(io_lib:format("~w.~w.~w.~w",[A,B,C,D])); +ensure_string(X) -> X. + +%%%---------------------------------------------------------------- +present_result(_Module, Cmds, _Triple, true) -> + aggregate(with_title("Distribution sequential/parallel"), sequential_parallel(Cmds), + aggregate(with_title("Function calls"), cmnd_names(Cmds), + aggregate(with_title("Message sizes"), empty_msgs(Cmds), + aggregate(print_frequencies(), message_sizes(Cmds), + aggregate(title("Length of command sequences",print_frequencies()), num_calls(Cmds), + true))))); + +present_result(Module, Cmds, Triple, false) -> + pretty_commands(Module, Cmds, Triple, [{show_states,true}], false). + + + +cmnd_names(Cs) -> traverse_commands(fun cmnd_name/1, Cs). +cmnd_name(L) -> [F || {set,_Var,{call,_Mod,F,_As}} <- L]. + +empty_msgs(Cs) -> traverse_commands(fun empty_msg/1, Cs). +empty_msg(L) -> [empty || {set,_,{call,_,ssh_send,[_,_,Msg]}} <- L, + size(Msg)==0]. + +message_sizes(Cs) -> traverse_commands(fun message_size/1, Cs). +message_size(L) -> [size(Msg) || {set,_,{call,_,ssh_send,[_,_,Msg]}} <- L]. + +num_calls(Cs) -> traverse_commands(fun num_call/1, Cs). +num_call(L) -> [length(L)]. + +sequential_parallel(Cs) -> + traverse_commands(fun(L) -> dup_module(L, sequential) end, + fun(L) -> [dup_module(L1, mkmod("parallel",num(L1,L))) || L1<-L] end, + Cs). +dup_module(L, ModName) -> lists:duplicate(length(L), ModName). +mkmod(PfxStr,N) -> list_to_atom(PfxStr++"_"++integer_to_list(N)). + +%% Meta functions for the aggregate functions +traverse_commands(Fun, L) when is_list(L) -> Fun(L); +traverse_commands(Fun, {Seq, ParLs}) -> Fun(lists:append([Seq|ParLs])). + +traverse_commands(Fseq, _Fpar, L) when is_list(L) -> Fseq(L); +traverse_commands(Fseq, Fpar, {Seq, ParLs}) -> lists:append([Fseq(Seq)|Fpar(ParLs)]). + +%%%---------------- +%% PrintMethod([{term(), int()}]) -> any(). +print_frequencies() -> print_frequencies(10). + +print_frequencies(Ngroups) -> fun([]) -> io:format('Empty list!~n',[]); + (L ) -> print_frequencies(L,Ngroups,0,element(1,lists:last(L))) + end. + +print_frequencies(Ngroups, MaxValue) -> fun(L) -> print_frequencies(L,Ngroups,0,MaxValue) end. + +print_frequencies(L, N, Min, Max) when N>Max -> print_frequencies(L++[{N,0}], N, Min, N); +print_frequencies(L, N, Min, Max) -> +%%io:format('L=~p~n',[L]), + try + IntervalUpperLimits = + lists:reverse( + [Max | tl(lists:reverse(lists:seq(Min,Max,round((Max-Min)/N))))] + ), + {Acc0,_} = lists:mapfoldl(fun(Upper,Lower) -> + {{{Lower,Upper},0}, Upper+1} + end, hd(IntervalUpperLimits), tl(IntervalUpperLimits)), + Fs0 = get_frequencies(L, Acc0), + SumVal = lists:sum([V||{_,V}<-Fs0]), + Fs = with_percentage(Fs0, SumVal), + Mean = mean(L), + Median = median(L), + Npos_value = num_digits(SumVal), + Npos_range = num_digits(Max), + io:format("Range~*s: ~s~n",[2*Npos_range-2,"", "Number in range"]), + io:format("~*c:~*c~n",[2*Npos_range+3,$-, max(16,Npos_value+10),$- ]), + [begin + io:format("~*w - ~*w: ~*w ~5.1f%",[Npos_range,Rlow, + Npos_range,Rhigh, + Npos_value,Val, + Percent]), + [io:format(" <-- mean=~.1f",[Mean]) || in_interval(Mean, Interval)], + [io:format(" <-- median=" ++ + if + is_float(Median) -> "~.1f"; + true -> "~p" + end, [Median]) || in_interval(Median, Interval)], + io:nl() + end + || {Interval={Rlow,Rhigh},Val,Percent} <- Fs], + io:format('~*c ~*c~n',[2*Npos_range,32,Npos_value+2,$-]), + io:format('~*c ~*w~n',[2*Npos_range,32,Npos_value,SumVal]) + %%,io:format('L=~p~n',[L]) + catch + C:E -> + io:format('*** Faild printing (~p:~p) for~n~p~n',[C,E,L]) + end. + +get_frequencies([{I,Num}|T], [{{Lower,Upper},Cnt}|Acc]) when Lower= + get_frequencies(T, [{{Lower,Upper},Cnt+Num}|Acc]); +get_frequencies(L=[{I,_Num}|_], [Ah={{_Lower,Upper},_Cnt}|Acc]) when I>Upper -> + [Ah | get_frequencies(L,Acc)]; +get_frequencies([], Acc) -> + Acc. + +with_percentage(Fs, Sum) -> + [{Rng,Val,100*Val/Sum} || {Rng,Val} <- Fs]. + + +title(Str, Fun) -> + fun(L) -> + io:format('~s~n',[Str]), + Fun(L) + end. + +num_digits(I) -> 1+trunc(math:log(I)/math:log(10)). + +num(Elem, List) -> length(lists:takewhile(fun(E) -> E /= Elem end, List)) + 1. + +%%%---- Just for naming an operation for readability +is_odd(I) -> (I rem 2) == 1. + +in_interval(Value, {Rlow,Rhigh}) -> + try + Rlow= false + end. + +%%%================================================================ +%%% Statistical functions + +%%%---- Mean value +mean(L = [X|_]) when is_number(X) -> + lists:sum(L) / length(L); +mean(L = [{_Value,_Weight}|_]) -> + SumOfWeights = lists:sum([W||{_,W}<-L]), + WeightedSum = lists:sum([W*V||{V,W}<-L]), + WeightedSum / SumOfWeights; +mean(_) -> + undefined. + +%%%---- Median +median(L = [X|_]) when is_number(X) -> + case is_odd(length(L)) of + true -> + hd(lists:nthtail(length(L) div 2, L)); + false -> + %% 1) L has at least on element (the when test). + %% 2) Length is even. + %% => Length >= 2 + [M1,M2|_] = lists:nthtail((length(L) div 2)-1, L), + (M1+M2) / 2 + end; +%% integer Weights... +median(L = [{_Value,_Weight}|_]) -> + median( lists:append([lists:duplicate(W,V) || {V,W} <- L]) ); +median(_) -> + undefined. + +%%%================================================================ +%%% The rest is taken and modified from ssh_test_lib.erl +inet_port(IpAddress)-> + {ok, Socket} = gen_tcp:listen(0, [{ip,IpAddress},{reuseaddr,true}]), + {ok, Port} = inet:port(Socket), + gen_tcp:close(Socket), + Port. + +setup_rsa(Dir) -> + erase_dir(system_dir(Dir)), + erase_dir(user_dir(Dir)), + file:make_dir(system_dir(Dir)), + file:make_dir(user_dir(Dir)), + + file:copy(data_dir(Dir,"id_rsa"), user_dir(Dir,"id_rsa")), + file:copy(data_dir(Dir,"ssh_host_rsa_key"), system_dir(Dir,"ssh_host_rsa_key")), + file:copy(data_dir(Dir,"ssh_host_rsa_key"), system_dir(Dir,"ssh_host_rsa_key.pub")), + ssh_test_lib:setup_rsa_known_host(data_dir(Dir), user_dir(Dir)), + ssh_test_lib:setup_rsa_auth_keys(data_dir(Dir), user_dir(Dir)). + +data_dir(Dir, File) -> filename:join(Dir, File). +system_dir(Dir, File) -> filename:join([Dir, "system", File]). +user_dir(Dir, File) -> filename:join([Dir, "user", File]). + +data_dir(Dir) -> Dir. +system_dir(Dir) -> system_dir(Dir,""). +user_dir(Dir) -> user_dir(Dir,""). + +erase_dir(Dir) -> + case file:list_dir(Dir) of + {ok,Files} -> lists:foreach(fun(F) -> file:delete(filename:join(Dir,F)) end, + Files); + _ -> ok + end, + file:del_dir(Dir). + +-endif. diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/id_dsa b/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/id_dsa new file mode 100644 index 0000000000..d306f8b26e --- /dev/null +++ b/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/id_dsa @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ +APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod +/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP +kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW +JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD +OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt ++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e +uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX +Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE +ZU8w8Q+H7z0j+a+70x2iAw== +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/id_rsa b/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/id_rsa new file mode 100644 index 0000000000..9d7e0dd5fb --- /dev/null +++ b/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/id_rsa @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQD1OET+3O/Bvj/dtjxDTXmj1oiJt4sIph5kGy0RfjoPrZfaS+CU +DhakCmS6t2ivxWFgtpKWaoGMZMJqWj6F6ZsumyFl3FPBtujwY/35cgifrI9Ns4Tl +zR1uuengNBmV+WRQ5cd9F2qS6Z8aDQihzt0r8JUqLcK+VQbrmNzboCCQQwIDAQAB +AoGAPQEyqPTt8JUT7mRXuaacjFXiweAXhp9NEDpyi9eLOjtFe9lElZCrsUOkq47V +TGUeRKEm9qSodfTbKPoqc8YaBJGJPhUaTAcha+7QcDdfHBvIsgxvU7ePVnlpXRp3 +CCUEMPhlnx6xBoTYP+fRU0e3+xJIPVyVCqX1jAdUMkzfRoECQQD6ux7B1QJAIWyK +SGkbDUbBilNmzCFNgIpOP6PA+bwfi5d16diTpra5AX09keQABAo/KaP1PdV8Vg0p +z4P3A7G3AkEA+l+AKG6m0kQTTBMJDqOdVPYwe+5GxunMaqmhokpEbuGsrZBl5Dvd +WpcBjR7jmenrhKZRIuA+Fz5HPo/UQJPl1QJBAKxstDkeED8j/S2XoFhPKAJ+6t39 +sUVICVTIZQeXdmzHJXCcUSkw8+WEhakqw/3SyW0oaK2FSWQJFWJUZ+8eJj8CQEh3 +xeduB5kKnS9CvzdeghZqX6QvVosSdtlUmfUYW/BgH5PpHKTP8wTaeld3XldZTpMJ +dKiMkUw2+XYROVUrubUCQD+Na1LhULlpn4ISEtIEfqpdlUhxDgO15Wg8USmsng+x +ICliVOSQtwaZjm8kwaFt0W7XnpnDxbRs37vIEbIMWak= +-----END RSA PRIVATE KEY----- diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_dsa_key b/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_dsa_key new file mode 100644 index 0000000000..51ab6fbd88 --- /dev/null +++ b/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_dsa_key @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK +wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q +diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA +l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X +skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF +Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP +ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah +/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U +ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W +Lv62jKcdskxNyz2NQoBx +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_dsa_key.pub b/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_dsa_key.pub new file mode 100644 index 0000000000..4dbb1305b0 --- /dev/null +++ b/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_dsa_key.pub @@ -0,0 +1,11 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j +YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2 +KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU +aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI +fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT +MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh +DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48 +wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2 +/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg== +---- END SSH2 PUBLIC KEY ---- diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_rsa_key b/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_rsa_key new file mode 100644 index 0000000000..79968bdd7d --- /dev/null +++ b/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_rsa_key @@ -0,0 +1,16 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8semM4q843337 +zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RWRWzjaxSB +6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4QIDAQAB +AoGANmvJzJO5hkLuvyDZHKfAnGTtpifcR1wtSa9DjdKUyn8vhKF0mIimnbnYQEmW +NUUb3gXCZLi9PvkpRSVRrASDOZwcjoU/Kvww163vBUVb2cOZfFhyn6o2Sk88Tt++ +udH3hdjpf9i7jTtUkUe+QYPsia+wgvvrmn4QrahLAH86+kECQQDx5gFeXTME3cnW +WMpFz3PPumduzjqgqMMWEccX4FtQkMX/gyGa5UC7OHFyh0N/gSWvPbRHa8A6YgIt +n8DO+fh5AkEAzbqX4DOn8NY6xJIi42q7l/2jIA0RkB6P7YugW5NblhqBZ0XDnpA5 +sMt+rz+K07u9XZtxgh1xi7mNfwY6lEAMqQJBAJBEauCKmRj35Z6OyeQku59SPsnY ++SJEREVvSNw2lH9SOKQQ4wPsYlTGbvKtNVZgAcen91L5MmYfeckYE/fdIZECQQCt +64zxsTnM1I8iFxj/gP/OYlJBikrKt8udWmjaghzvLMEw+T2DExJyb9ZNeT53+UMB +m6O+B/4xzU/djvp+0hbhAkAemIt+rA5kTmYlFndhpvzkSSM8a2EXsO4XIPgGWCTT +tQKS/tTly0ADMjN/TVy11+9d6zcqadNVuHXHGtR4W0GR +-----END RSA PRIVATE KEY----- + diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_rsa_key.pub b/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_rsa_key.pub new file mode 100644 index 0000000000..75d2025c71 --- /dev/null +++ b/lib/ssh/test/property_test/ssh_eqc_client_server_dirs/ssh_host_rsa_key.pub @@ -0,0 +1,5 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8 +semM4q843337zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RW +RWzjaxSB6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4Q== +---- END SSH2 PUBLIC KEY ---- diff --git a/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl b/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl new file mode 100644 index 0000000000..6ddf2c9972 --- /dev/null +++ b/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl @@ -0,0 +1,381 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2004-2014. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +%% + +-module(ssh_eqc_encode_decode). + +-compile(export_all). + +-ifndef(EQC). +-ifndef(PROPER). +-define(EQC,true). +%%-define(PROPER,true). +-endif. +-endif. + +-ifdef(EQC). +-include_lib("eqc/include/eqc.hrl"). +-define(MOD_eqc,eqc). +-else. +-ifdef(PROPER). +-include_lib("proper/include/proper.hrl"). +-define(MOD_eqc,proper). +-endif. +-endif. + + +%%% Properties: + +prop_ssh_decode() -> + ?FORALL(Msg, ssh_msg(), + try ssh_message:decode(Msg) + of + _ -> true + catch + C:E -> io:format('~p:~p~n',[C,E]), + false + end + ). + + +%%% This fails because ssh_message is not symmetric in encode and decode regarding data types +prop_ssh_decode_encode() -> + ?FORALL(Msg, ssh_msg(), + Msg == ssh_message:encode(ssh_message:decode(Msg)) + ). + + +%%%================================================================ +%%% +%%% Scripts to generate message generators +%%% + +%% awk '/^( |\t)+byte( |\t)+SSH/,/^( |\t)*$/{print}' rfc425?.txt | sed 's/^\( \|\\t\)*//' > msgs.txt + +%% awk '/^byte( |\t)+SSH/{print $2","}' < msgs.txt + +%% awk 'BEGIN{print "%%%---- BEGIN GENERATED";prev=0} END{print " >>.\n%%%---- END GENERATED"} /^byte( |\t)+SSH/{if (prev==1) print " >>.\n"; prev=1; printf "%c%s%c",39,$2,39; print "()->\n < gen.txt + +%%%================================================================ +%%% +%%% Generators +%%% + +ssh_msg() -> ?LET(M,oneof( +[[msg_code('SSH_MSG_CHANNEL_CLOSE'),gen_uint32()], + [msg_code('SSH_MSG_CHANNEL_DATA'),gen_uint32(),gen_string( )], + [msg_code('SSH_MSG_CHANNEL_EOF'),gen_uint32()], + [msg_code('SSH_MSG_CHANNEL_EXTENDED_DATA'),gen_uint32(),gen_uint32(),gen_string( )], + [msg_code('SSH_MSG_CHANNEL_FAILURE'),gen_uint32()], + [msg_code('SSH_MSG_CHANNEL_OPEN'),gen_string("direct-tcpip"),gen_uint32(),gen_uint32(),gen_uint32(),gen_string( ),gen_uint32(),gen_string( ),gen_uint32()], + [msg_code('SSH_MSG_CHANNEL_OPEN'),gen_string("forwarded-tcpip"),gen_uint32(),gen_uint32(),gen_uint32(),gen_string( ),gen_uint32(),gen_string( ),gen_uint32()], + [msg_code('SSH_MSG_CHANNEL_OPEN'),gen_string("session"),gen_uint32(),gen_uint32(),gen_uint32()], + [msg_code('SSH_MSG_CHANNEL_OPEN'),gen_string("x11"),gen_uint32(),gen_uint32(),gen_uint32(),gen_string( ),gen_uint32()], + [msg_code('SSH_MSG_CHANNEL_OPEN'),gen_string( ),gen_uint32(),gen_uint32(),gen_uint32()], + [msg_code('SSH_MSG_CHANNEL_OPEN_CONFIRMATION'),gen_uint32(),gen_uint32(),gen_uint32(),gen_uint32()], + [msg_code('SSH_MSG_CHANNEL_OPEN_FAILURE'),gen_uint32(),gen_uint32(),gen_string( ),gen_string( )], + [msg_code('SSH_MSG_CHANNEL_REQUEST'),gen_uint32(),gen_string("env"),gen_boolean(),gen_string( ),gen_string( )], + [msg_code('SSH_MSG_CHANNEL_REQUEST'),gen_uint32(),gen_string("exec"),gen_boolean(),gen_string( )], + [msg_code('SSH_MSG_CHANNEL_REQUEST'),gen_uint32(),gen_string("exit-signal"),0,gen_string( ),gen_boolean(),gen_string( ),gen_string( )], + [msg_code('SSH_MSG_CHANNEL_REQUEST'),gen_uint32(),gen_string("exit-status"),0,gen_uint32()], + [msg_code('SSH_MSG_CHANNEL_REQUEST'),gen_uint32(),gen_string("pty-req"),gen_boolean(),gen_string( ),gen_uint32(),gen_uint32(),gen_uint32(),gen_uint32(),gen_string( )], + [msg_code('SSH_MSG_CHANNEL_REQUEST'),gen_uint32(),gen_string("shell"),gen_boolean()], + [msg_code('SSH_MSG_CHANNEL_REQUEST'),gen_uint32(),gen_string("signal"),0,gen_string( )], + [msg_code('SSH_MSG_CHANNEL_REQUEST'),gen_uint32(),gen_string("subsystem"),gen_boolean(),gen_string( )], + [msg_code('SSH_MSG_CHANNEL_REQUEST'),gen_uint32(),gen_string("window-change"),0,gen_uint32(),gen_uint32(),gen_uint32(),gen_uint32()], + [msg_code('SSH_MSG_CHANNEL_REQUEST'),gen_uint32(),gen_string("x11-req"),gen_boolean(),gen_boolean(),gen_string( ),gen_string( ),gen_uint32()], + [msg_code('SSH_MSG_CHANNEL_REQUEST'),gen_uint32(),gen_string("xon-xoff"),0,gen_boolean()], + [msg_code('SSH_MSG_CHANNEL_REQUEST'),gen_uint32(),gen_string( ),gen_boolean()], + [msg_code('SSH_MSG_CHANNEL_SUCCESS'),gen_uint32()], + [msg_code('SSH_MSG_CHANNEL_WINDOW_ADJUST'),gen_uint32(),gen_uint32()], +%%Assym [msg_code('SSH_MSG_DEBUG'),gen_boolean(),gen_string( ),gen_string( )], + [msg_code('SSH_MSG_DISCONNECT'),gen_uint32(),gen_string( ),gen_string( )], +%%Assym [msg_code('SSH_MSG_GLOBAL_REQUEST'),gen_string("cancel-tcpip-forward"),gen_boolean(),gen_string( ),gen_uint32()], +%%Assym [msg_code('SSH_MSG_GLOBAL_REQUEST'),gen_string("tcpip-forward"),gen_boolean(),gen_string( ),gen_uint32()], +%%Assym [msg_code('SSH_MSG_GLOBAL_REQUEST'),gen_string( ),gen_boolean()], + [msg_code('SSH_MSG_IGNORE'),gen_string( )], + %% [msg_code('SSH_MSG_KEXDH_INIT'),gen_mpint()], + %% [msg_code('SSH_MSG_KEXDH_REPLY'),gen_string( ),gen_mpint(),gen_string( )], + %% [msg_code('SSH_MSG_KEXINIT'),gen_byte(16),gen_name_list(),gen_name_list(),gen_name_list(),gen_name_list(),gen_name_list(),gen_name_list(),gen_name_list(),gen_name_list(),gen_name_list(),gen_name_list(),gen_boolean(),gen_uint32()], + [msg_code('SSH_MSG_KEX_DH_GEX_GROUP'),gen_mpint(),gen_mpint()], + [msg_code('SSH_MSG_NEWKEYS')], + [msg_code('SSH_MSG_REQUEST_FAILURE')], + [msg_code('SSH_MSG_REQUEST_SUCCESS')], + [msg_code('SSH_MSG_REQUEST_SUCCESS'),gen_uint32()], + [msg_code('SSH_MSG_SERVICE_ACCEPT'),gen_string( )], + [msg_code('SSH_MSG_SERVICE_REQUEST'),gen_string( )], + [msg_code('SSH_MSG_UNIMPLEMENTED'),gen_uint32()], + [msg_code('SSH_MSG_USERAUTH_BANNER'),gen_string( ),gen_string( )], + [msg_code('SSH_MSG_USERAUTH_FAILURE'),gen_name_list(),gen_boolean()], + [msg_code('SSH_MSG_USERAUTH_PASSWD_CHANGEREQ'),gen_string( ),gen_string( )], + [msg_code('SSH_MSG_USERAUTH_PK_OK'),gen_string( ),gen_string( )], + [msg_code('SSH_MSG_USERAUTH_SUCCESS')] +] + +), list_to_binary(M)). + + +%%%================================================================ +%%% +%%% Generator +%%% + +do() -> + io_lib:format('[~s~n]', + [write_gen( + files(["rfc4254.txt", + "rfc4253.txt", + "rfc4419.txt", + "rfc4252.txt", + "rfc4256.txt"]))]). + + +write_gen(L) when is_list(L) -> + string:join(lists:map(fun write_gen/1, L), ",\n "); +write_gen({MsgName,Args}) -> + lists:flatten(["[",generate_args([MsgName|Args]),"]"]). + +generate_args(As) -> string:join([generate_arg(A) || A <- As], ","). + +generate_arg({<<"string">>, <<"\"",B/binary>>}) -> + S = get_string($",B), + ["gen_string(\"",S,"\")"]; +generate_arg({<<"string">>, _}) -> "gen_string( )"; +generate_arg({<<"byte[",B/binary>>, _}) -> + io_lib:format("gen_byte(~p)",[list_to_integer(get_string($],B))]); +generate_arg({<<"byte">> ,_}) -> "gen_byte()"; +generate_arg({<<"uint16">>,_}) -> "gen_uint16()"; +generate_arg({<<"uint32">>,_}) -> "gen_uint32()"; +generate_arg({<<"uint64">>,_}) -> "gen_uint64()"; +generate_arg({<<"mpint">>,_}) -> "gen_mpint()"; +generate_arg({<<"name-list">>,_}) -> "gen_name_list()"; +generate_arg({<<"boolean">>,<<"FALSE">>}) -> "0"; +generate_arg({<<"boolean">>,<<"TRUE">>}) -> "1"; +generate_arg({<<"boolean">>,_}) -> "gen_boolean()"; +generate_arg({<<"....">>,_}) -> ""; %% FIXME +generate_arg(Name) when is_binary(Name) -> + lists:flatten(["msg_code('",binary_to_list(Name),"')"]). + + +gen_boolean() -> choose(0,1). + +gen_byte() -> choose(0,255). + +gen_uint16() -> gen_byte(2). + +gen_uint32() -> gen_byte(4). + +gen_uint64() -> gen_byte(8). + +gen_byte(N) when N>0 -> [gen_byte() || _ <- lists:seq(1,N)]. + +gen_char() -> choose($a,$z). + +gen_mpint() -> ?LET(Size, choose(1,20), + ?LET(Str, vector(Size, gen_byte()), + gen_string( strip_0s(Str) ) + )). + +strip_0s([0|T]) -> strip_0s(T); +strip_0s(X) -> X. + + +gen_string() -> + ?LET(Size, choose(0,10), + ?LET(Vector,vector(Size, gen_char()), + gen_string(Vector) + )). + +gen_string(S) when is_binary(S) -> gen_string(binary_to_list(S)); +gen_string(S) when is_list(S) -> uint32_to_list(length(S)) ++ S. + +gen_name_list() -> + ?LET(NumNames, choose(0,10), + ?LET(L, [gen_name() || _ <- lists:seq(1,NumNames)], + gen_string( string:join(L,"," ) ) + )). + +gen_name() -> gen_string(). + +uint32_to_list(I) -> binary_to_list(<>). + +%%%---- +get_string(Delim, B) -> + binary_to_list( element(1, split_binary(B, count_string_chars(Delim,B,0))) ). + +count_string_chars(Delim, <>, Acc) -> Acc; +count_string_chars(Delim, <<_,B/binary>>, Acc) -> count_string_chars(Delim, B, Acc+1). + + +-define(MSG_CODE(Name,Num), +msg_code(Name) -> Num; +msg_code(Num) -> Name +). + +?MSG_CODE('SSH_MSG_USERAUTH_REQUEST', 50); +?MSG_CODE('SSH_MSG_USERAUTH_FAILURE', 51); +?MSG_CODE('SSH_MSG_USERAUTH_SUCCESS', 52); +?MSG_CODE('SSH_MSG_USERAUTH_BANNER', 53); +?MSG_CODE('SSH_MSG_USERAUTH_PK_OK', 60); +?MSG_CODE('SSH_MSG_USERAUTH_PASSWD_CHANGEREQ', 60); +?MSG_CODE('SSH_MSG_DISCONNECT', 1); +?MSG_CODE('SSH_MSG_IGNORE', 2); +?MSG_CODE('SSH_MSG_UNIMPLEMENTED', 3); +?MSG_CODE('SSH_MSG_DEBUG', 4); +?MSG_CODE('SSH_MSG_SERVICE_REQUEST', 5); +?MSG_CODE('SSH_MSG_SERVICE_ACCEPT', 6); +?MSG_CODE('SSH_MSG_KEXINIT', 20); +?MSG_CODE('SSH_MSG_NEWKEYS', 21); +?MSG_CODE('SSH_MSG_GLOBAL_REQUEST', 80); +?MSG_CODE('SSH_MSG_REQUEST_SUCCESS', 81); +?MSG_CODE('SSH_MSG_REQUEST_FAILURE', 82); +?MSG_CODE('SSH_MSG_CHANNEL_OPEN', 90); +?MSG_CODE('SSH_MSG_CHANNEL_OPEN_CONFIRMATION', 91); +?MSG_CODE('SSH_MSG_CHANNEL_OPEN_FAILURE', 92); +?MSG_CODE('SSH_MSG_CHANNEL_WINDOW_ADJUST', 93); +?MSG_CODE('SSH_MSG_CHANNEL_DATA', 94); +?MSG_CODE('SSH_MSG_CHANNEL_EXTENDED_DATA', 95); +?MSG_CODE('SSH_MSG_CHANNEL_EOF', 96); +?MSG_CODE('SSH_MSG_CHANNEL_CLOSE', 97); +?MSG_CODE('SSH_MSG_CHANNEL_REQUEST', 98); +?MSG_CODE('SSH_MSG_CHANNEL_SUCCESS', 99); +?MSG_CODE('SSH_MSG_CHANNEL_FAILURE', 100); +?MSG_CODE('SSH_MSG_USERAUTH_INFO_REQUEST', 60); +?MSG_CODE('SSH_MSG_USERAUTH_INFO_RESPONSE', 61); +?MSG_CODE('SSH_MSG_KEX_DH_GEX_REQUEST_OLD', 30); +?MSG_CODE('SSH_MSG_KEX_DH_GEX_REQUEST', 34); +?MSG_CODE('SSH_MSG_KEX_DH_GEX_GROUP', 31); +?MSG_CODE('SSH_MSG_KEX_DH_GEX_INIT', 32); +?MSG_CODE('SSH_MSG_KEX_DH_GEX_REPLY', 33). + +%%%============================================================================= +%%%============================================================================= +%%%============================================================================= + +files(Fs) -> + Defs = lists:usort(lists:flatten(lists:map(fun file/1, Fs))), + DefinedIDs = lists:usort([binary_to_list(element(1,D)) || D <- Defs]), + WantedIDs = lists:usort(wanted_messages()), + Missing = WantedIDs -- DefinedIDs, + case Missing of + [] -> ok; + _ -> io:format('%% Warning: missing ~p~n', [Missing]) + end, + Defs. + + +file(F) -> + {ok,B} = file:read_file(F), + hunt_msg_def(B). + + +hunt_msg_def(<<"\n",B/binary>>) -> some_hope(skip_blanks(B)); +hunt_msg_def(<<_, B/binary>>) -> hunt_msg_def(B); +hunt_msg_def(<<>>) -> []. + +some_hope(<<"byte ", B/binary>>) -> try_message(skip_blanks(B)); +some_hope(B) -> hunt_msg_def(B). + +try_message(B = <<"SSH_MSG_",_/binary>>) -> + {ID,Rest} = get_id(B), + case lists:member(binary_to_list(ID), wanted_messages()) of + true -> + {Lines,More} = get_def_lines(skip_blanks(Rest), []), + [{ID,lists:reverse(Lines)} | hunt_msg_def(More)]; + false -> + hunt_msg_def(Rest) + end; +try_message(B) -> hunt_msg_def(B). + + +skip_blanks(<<32, B/binary>>) -> skip_blanks(B); +skip_blanks(<< 9, B/binary>>) -> skip_blanks(B); +skip_blanks(B) -> B. + +get_def_lines(B0 = <<"\n",B/binary>>, Acc) -> + {ID,Rest} = get_id(skip_blanks(B)), + case {size(ID), skip_blanks(Rest)} of + {0,<<"....",More/binary>>} -> + {Text,LineEnd} = get_to_eol(skip_blanks(More)), + get_def_lines(LineEnd, [{<<"....">>,Text}|Acc]); + {0,_} -> + {Acc,B0}; + {_,Rest1} -> + {Text,LineEnd} = get_to_eol(Rest1), + get_def_lines(LineEnd, [{ID,Text}|Acc]) + end; +get_def_lines(B, Acc) -> + {Acc,B}. + + +get_to_eol(B) -> split_binary(B, count_to_eol(B,0)). + +count_to_eol(<<"\n",_/binary>>, Acc) -> Acc; +count_to_eol(<<>>, Acc) -> Acc; +count_to_eol(<<_,B/binary>>, Acc) -> count_to_eol(B,Acc+1). + + +get_id(B) -> split_binary(B, count_id_chars(B,0)). + +count_id_chars(<>, Acc) when $A= count_id_chars(B,Acc+1); +count_id_chars(<>, Acc) when $a= count_id_chars(B,Acc+1); +count_id_chars(<>, Acc) when $0= count_id_chars(B,Acc+1); +count_id_chars(<<"_",B/binary>>, Acc) -> count_id_chars(B,Acc+1); +count_id_chars(<<"-",B/binary>>, Acc) -> count_id_chars(B,Acc+1); %% e.g name-list +count_id_chars(<<"[",B/binary>>, Acc) -> count_id_chars(B,Acc+1); %% e.g byte[16] +count_id_chars(<<"]",B/binary>>, Acc) -> count_id_chars(B,Acc+1); %% e.g byte[16] +count_id_chars(_, Acc) -> Acc. + +wanted_messages() -> + ["SSH_MSG_CHANNEL_CLOSE", + "SSH_MSG_CHANNEL_DATA", + "SSH_MSG_CHANNEL_EOF", + "SSH_MSG_CHANNEL_EXTENDED_DATA", + "SSH_MSG_CHANNEL_FAILURE", + "SSH_MSG_CHANNEL_OPEN", + "SSH_MSG_CHANNEL_OPEN_CONFIRMATION", + "SSH_MSG_CHANNEL_OPEN_FAILURE", + "SSH_MSG_CHANNEL_REQUEST", + "SSH_MSG_CHANNEL_SUCCESS", + "SSH_MSG_CHANNEL_WINDOW_ADJUST", + "SSH_MSG_DEBUG", + "SSH_MSG_DISCONNECT", + "SSH_MSG_GLOBAL_REQUEST", + "SSH_MSG_IGNORE", + "SSH_MSG_KEXDH_INIT", + "SSH_MSG_KEXDH_REPLY", + "SSH_MSG_KEXINIT", + "SSH_MSG_KEX_DH_GEX_GROUP", + "SSH_MSG_KEX_DH_GEX_REQUEST", + "SSH_MSG_KEX_DH_GEX_REQUEST_OLD", + "SSH_MSG_NEWKEYS", + "SSH_MSG_REQUEST_FAILURE", + "SSH_MSG_REQUEST_SUCCESS", + "SSH_MSG_SERVICE_ACCEPT", + "SSH_MSG_SERVICE_REQUEST", + "SSH_MSG_UNIMPLEMENTED", + "SSH_MSG_USERAUTH_BANNER", + "SSH_MSG_USERAUTH_FAILURE", +%% hard args "SSH_MSG_USERAUTH_INFO_REQUEST", +%% "SSH_MSG_USERAUTH_INFO_RESPONSE", + "SSH_MSG_USERAUTH_PASSWD_CHANGEREQ", + "SSH_MSG_USERAUTH_PK_OK", +%%rfc4252 p12 error "SSH_MSG_USERAUTH_REQUEST", + "SSH_MSG_USERAUTH_SUCCESS"]. + diff --git a/lib/ssh/test/property_test/ssh_eqc_subsys.erl b/lib/ssh/test/property_test/ssh_eqc_subsys.erl new file mode 100644 index 0000000000..e4b6af166f --- /dev/null +++ b/lib/ssh/test/property_test/ssh_eqc_subsys.erl @@ -0,0 +1,63 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2004-2014. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +%% + +-module(ssh_eqc_subsys). + +-behaviour(ssh_daemon_channel). + +-export([init/1, handle_msg/2, handle_ssh_msg/2, terminate/2]). + +-export([response/2]). + +-record(state, {id, + cm, + subsyst + }). + +init([SS]) -> + {ok, #state{subsyst=SS}}. + +handle_msg({ssh_channel_up, ChannelId, ConnectionManager}, State) -> + {ok, State#state{id = ChannelId, + cm = ConnectionManager}}. + +handle_ssh_msg({ssh_cm, CM, {data, ChannelId, Type, Data}}, S) -> + ssh_connection:send(CM, ChannelId, Type, response(Data,S)), + {ok, S}; + +handle_ssh_msg({ssh_cm, _ConnectionManager, {eof, _ChannelId}}, State) -> + {ok, State}; + +handle_ssh_msg({ssh_cm, _, {signal, _, _}}, State) -> + %% Ignore signals according to RFC 4254 section 6.9. + {ok, State}; + +handle_ssh_msg({ssh_cm, _, {exit_signal, ChannelId, _, _Error, _}}, State) -> + {stop, ChannelId, State}; + +handle_ssh_msg({ssh_cm, _, {exit_status, ChannelId, _Status}}, State) -> + {stop, ChannelId, State}. + +terminate(_Reason, _State) -> + ok. + + +response(Msg, #state{subsyst=SS}) -> response(Msg, SS); +response(Msg, SS) -> <<"Resp: ",Msg/binary,(list_to_binary(SS))/binary>>. diff --git a/lib/ssh/test/ssh_property_test_SUITE.erl b/lib/ssh/test/ssh_property_test_SUITE.erl new file mode 100644 index 0000000000..c6c63d7367 --- /dev/null +++ b/lib/ssh/test/ssh_property_test_SUITE.erl @@ -0,0 +1,109 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2004-2014. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +%% + +%%% Run like this: +%%% ct:run_test([{suite,"ssh_property_test_SUITE"}, {logdir,"/ldisk/OTP/LOG"}]). + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%% %%% +%%% WARNING %%% +%%% %%% +%%% This is experimental code which may be changed or removed %%% +%%% anytime without any warning. %%% +%%% %%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +-module(ssh_property_test_SUITE). + +-compile(export_all). + +-include_lib("common_test/include/ct.hrl"). + +all() -> [{group, messages}, + {group, client_server} + ]. + +groups() -> + [{messages, [], [decode, + decode_encode]}, + {client_server, [], [client_server_sequential, + client_server_parallel, + client_server_parallel_multi]} + ]. + + +%%% First prepare Config and compile the property tests for the found tool: +init_per_suite(Config) -> + ct_property_test:init_per_suite(Config). + +%%% One group in this suite happens to support only QuickCheck, so skip it +%%% if we run proper. +init_per_group(client_server, Config) -> + case ?config(property_test_tool,Config) of + proper -> + {skip, "PropEr is not supported"}; + eqc -> + Config + end; +init_per_group(_, Config) -> + Config. + +end_per_group(_, Config) -> + Config. + +%%% Always skip the testcase that is not quite in phase with the +%%% ssh_message.erl code +init_per_testcase(decode_encode, _) -> {skip, "Fails - testcase is not ok"}; +init_per_testcase(_TestCase, Config) -> Config. + +end_per_testcase(_TestCase, Config) -> Config. + +%%%================================================================ +%%% Test suites +%%% +decode(Config) -> + ct_property_test:quickcheck( + ssh_eqc_encode_decode:prop_ssh_decode(), + Config + ). + +decode_encode(Config) -> + ct_property_test:quickcheck( + ssh_eqc_encode_decode:prop_ssh_decode_encode(), + Config + ). + +client_server_sequential(Config) -> + ct_property_test:quickcheck( + ssh_eqc_client_server:prop_seq(Config), + Config + ). + +client_server_parallel(Config) -> + ct_property_test:quickcheck( + ssh_eqc_client_server:prop_parallel(Config), + Config + ). + +client_server_parallel_multi(Config) -> + ct_property_test:quickcheck( + ssh_eqc_client_server:prop_parallel_multi(Config), + Config + ). -- cgit v1.2.3 From 4539832db35db2f4a426529f342b2ade7d6d03fb Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 3 Sep 2014 09:14:01 +0200 Subject: ssh: update vsn.mk --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 9bef10a366..73bf73971f 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.0.4 +SSH_VSN = 3.0.5 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 32573a29bae633f9af09d7958d49f1d06daebd18 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 5 Sep 2014 15:42:55 +0200 Subject: ssh: update for triq tests --- lib/ssh/test/property_test/ssh_eqc_client_server.erl | 5 +++++ lib/ssh/test/property_test/ssh_eqc_encode_decode.erl | 16 ++++++++++++++++ lib/ssh/test/ssh_property_test_SUITE.erl | 6 ++---- 3 files changed, 23 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server.erl b/lib/ssh/test/property_test/ssh_eqc_client_server.erl index 3a84acebb3..cf895ae85e 100644 --- a/lib/ssh/test/property_test/ssh_eqc_client_server.erl +++ b/lib/ssh/test/property_test/ssh_eqc_client_server.erl @@ -27,6 +27,10 @@ -ifdef(PROPER). %% Proper is not supported. -else. +-ifdef(TRIQ). +%% Proper is not supported. +-else. + -include_lib("eqc/include/eqc.hrl"). -include_lib("eqc/include/eqc_statem.hrl"). @@ -600,3 +604,4 @@ erase_dir(Dir) -> file:del_dir(Dir). -endif. +-endif. diff --git a/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl b/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl index 6ddf2c9972..34630bdc91 100644 --- a/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl +++ b/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl @@ -22,20 +22,36 @@ -compile(export_all). +-proptest(eqc). +-proptest([triq,proper]). + +-include_lib("ct_property_test.hrl"). + -ifndef(EQC). -ifndef(PROPER). +-ifndef(TRIQ). -define(EQC,true). %%-define(PROPER,true). +%%-define(TRIQ,true). +-endif. -endif. -endif. -ifdef(EQC). -include_lib("eqc/include/eqc.hrl"). -define(MOD_eqc,eqc). + -else. -ifdef(PROPER). -include_lib("proper/include/proper.hrl"). -define(MOD_eqc,proper). + +-else. +-ifdef(TRIQ). +-define(MOD_eqc,triq). +-include_lib("triq/include/triq.hrl"). + +-endif. -endif. -endif. diff --git a/lib/ssh/test/ssh_property_test_SUITE.erl b/lib/ssh/test/ssh_property_test_SUITE.erl index c6c63d7367..ffad8ebbb7 100644 --- a/lib/ssh/test/ssh_property_test_SUITE.erl +++ b/lib/ssh/test/ssh_property_test_SUITE.erl @@ -57,10 +57,8 @@ init_per_suite(Config) -> %%% if we run proper. init_per_group(client_server, Config) -> case ?config(property_test_tool,Config) of - proper -> - {skip, "PropEr is not supported"}; - eqc -> - Config + eqc -> Config; + X -> {skip, lists:concat([X," is not supported"])} end; init_per_group(_, Config) -> Config. -- cgit v1.2.3 From 950d808c97a4c5b579f4f1cc16b95f2d419d3505 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 15 Sep 2014 12:02:14 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 50 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 60440d3a80..0b587db810 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,56 @@ notes.xml
+
Ssh 3.0.5 + +
Fixed Bugs and Malfunctions + + +

+ When starting an ssh-daemon giving the option + {parallel_login, true}, the timeout for authentication + negotiation ({negotiation_timeout, integer()}) was never + removed.

+

+ This caused the session to always be terminated after the + timeout if parallel_login was set.

+

+ Own Id: OTP-12057 Aux Id: seq12663

+ + +
+ + +
Improvements and New Features + + +

+ Warning: this is experimental and may disappear or change + without previous warning.

+

+ Experimental support for running Quickcheck and PropEr + tests from common_test suites is added to common_test. + See the reference manual for the new module + ct_property_testing.

+

+ Experimental property tests are added under + lib/{inet,ssh}/test/property_test. They can be run + directly or from the commont_test suites + inet/ftp_property_test_SUITE.erl and + ssh/test/ssh_property_test_SUITE.erl.

+

+ See the code in the test directories and the man + page for details.

+

+ (Thanks to Tuncer Ayaz for a patch adding Triq)

+

+ Own Id: OTP-12119

+ + +
+ +
+
Ssh 3.0.4
Fixed Bugs and Malfunctions -- cgit v1.2.3 From f536f86ebe3face7164c63d7455389968be94203 Mon Sep 17 00:00:00 2001 From: Thomas Arts Date: Thu, 11 Sep 2014 10:12:11 +0200 Subject: Passing global var to QuickCheck statemachine The data_dir used by the tests is given at runtime. This has as a disadvantage that the generate test has a hardcoded data_dir in it (ssh_eqc_client_server_dirs below): [{set,{var,1}, {call,ssh_eqc_client_server,initial_state, [{state,false,[],[],[],[],"ssh_eqc_client_server_dirs"}]}}, {set,{var,2}, {call,ssh_eqc_client_server,ssh_server, [{{127,1,1,1}, {call,ssh_eqc_client_server,inet_port,[{127,1,1,1}]}}, "ssh_eqc_client_server_dirs", [{parallel_login,true}]]}}, Re-running this tests on another machine works, since the path is relative, but if it were absolute, it would have been hard. Instead, we may use a symbolic representation of the data_dir and fill it in each time one runs the property, thus even when one does a check or recheck. The key to this is to use a variable in the test and bind the variable in the place where one runs the commands by using the environment variable feature of run_commands. Conflicts: lib/ssh/test/property_test/ssh_eqc_client_server.erl --- .../test/property_test/ssh_eqc_client_server.erl | 25 +++++++++++----------- 1 file changed, 12 insertions(+), 13 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server.erl b/lib/ssh/test/property_test/ssh_eqc_client_server.erl index cf895ae85e..40782cd034 100644 --- a/lib/ssh/test/property_test/ssh_eqc_client_server.erl +++ b/lib/ssh/test/property_test/ssh_eqc_client_server.erl @@ -105,9 +105,9 @@ prop_seq(CT_Config) -> do_prop_seq(DataDir) -> - ?FORALL(Cmds,commands(?MODULE, #state{data_dir=DataDir}), + ?FORALL(Cmds,commands(?MODULE), begin - {H,Sf,Result} = run_commands(?MODULE,Cmds), + {H,Sf,Result} = run_commands(?MODULE,Cmds,[{data_dir,DataDir}]), present_result(?MODULE, Cmds, {H,Sf,Result}, Result==ok) end). @@ -123,9 +123,9 @@ prop_parallel(CT_Config) -> do_prop_parallel(full_path(?SSH_DIR, CT_Config)). do_prop_parallel(DataDir) -> - ?FORALL(Cmds,parallel_commands(?MODULE, #state{data_dir=DataDir}), + ?FORALL(Cmds,parallel_commands(?MODULE), begin - {H,Sf,Result} = run_parallel_commands(?MODULE,Cmds), + {H,Sf,Result} = run_parallel_commands(?MODULE,Cmds,[{data_dir,DataDir}]), present_result(?MODULE, Cmds, {H,Sf,Result}, Result==ok) end). @@ -139,10 +139,10 @@ prop_parallel_multi(CT_Config) -> do_prop_parallel_multi(DataDir) -> ?FORALL(Repetitions,?SHRINK(1,[10]), - ?FORALL(Cmds,parallel_commands(?MODULE, #state{data_dir=DataDir}), + ?FORALL(Cmds,parallel_commands(?MODULE), ?ALWAYS(Repetitions, begin - {H,Sf,Result} = run_parallel_commands(?MODULE,Cmds), + {H,Sf,Result} = run_parallel_commands(?MODULE,Cmds,[{data_dir,DataDir}]), present_result(?MODULE, Cmds, {H,Sf,Result}, Result==ok) end))). @@ -151,14 +151,13 @@ do_prop_parallel_multi(DataDir) -> %%% called when using commands/1 initial_state() -> - S = initial_state(#state{}), - S#state{initialized=true}. + #state{}. %%% called when using commands/2 -initial_state(S) -> +initial_state(DataDir) -> application:stop(ssh), ssh:start(), - setup_rsa(S#state.data_dir). + setup_rsa(DataDir). %%%---------------- weight(S, ssh_send) -> 5*length([C || C<-S#state.channels, has_subsyst(C)]); @@ -172,7 +171,7 @@ weight(_S, _) -> 1. initial_state_pre(S) -> not S#state.initialized. -initial_state_args(S) -> [S]. +initial_state_args(S) -> [{var,data_dir}]. initial_state_next(S, _, _) -> S#state{initialized=true}. @@ -183,7 +182,7 @@ initial_state_next(S, _, _) -> S#state{initialized=true}. ssh_server_pre(S) -> S#state.initialized andalso length(S#state.servers) < ?MAX_NUM_SERVERS. -ssh_server_args(S) -> [?SERVER_ADDRESS, S#state.data_dir, ?SERVER_EXTRA_OPTIONS]. +ssh_server_args(S) -> [?SERVER_ADDRESS, {var,data_dir}, ?SERVER_EXTRA_OPTIONS]. ssh_server({IP,Port}, DataDir, ExtraOptions) -> ok(ssh:daemon(IP, Port, @@ -241,7 +240,7 @@ do(Pid, Fun, Timeout) when is_function(Fun,0) -> ssh_open_connection_pre(S) -> S#state.servers /= []. -ssh_open_connection_args(S) -> [oneof(S#state.servers), S#state.data_dir]. +ssh_open_connection_args(S) -> [oneof(S#state.servers), {var,data_dir}]. ssh_open_connection(#srvr{address=Ip, port=Port}, DataDir) -> ok(ssh:connect(ensure_string(Ip), Port, -- cgit v1.2.3 From fccdd825e41006b36137cebf4b2059682f82c2eb Mon Sep 17 00:00:00 2001 From: Thomas Arts Date: Thu, 11 Sep 2014 19:52:21 +0200 Subject: No side effects in function arguments We want to be able to see tests with eqc_gen:sample, we also want to be able to re-run tests. Side effects are no good idea if these goals need to be met. Therefore, we replace the side effect to ask for a port by making a symbolic call of this. Nicer solutions are possible, but at least we can now re-run the test case, and therefore shrink. --- lib/ssh/test/property_test/ssh_eqc_client_server.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server.erl b/lib/ssh/test/property_test/ssh_eqc_client_server.erl index 40782cd034..3fc7a15dd0 100644 --- a/lib/ssh/test/property_test/ssh_eqc_client_server.erl +++ b/lib/ssh/test/property_test/ssh_eqc_client_server.erl @@ -75,7 +75,7 @@ -define(SUBSYSTEMS, ["echo1", "echo2", "echo3", "echo4"]). --define(SERVER_ADDRESS, { {127,1,1,1}, inet_port({127,1,1,1}) }). +-define(SERVER_ADDRESS, { {127,1,1,1}, {call, ?MODULE, inet_port, [{127,1,1,1}]} }). -define(SERVER_EXTRA_OPTIONS, [{parallel_login,bool()}] ). -- cgit v1.2.3 From 14418409c971cf20f5db35f8ff33713b1924c20a Mon Sep 17 00:00:00 2001 From: Thomas Arts Date: Thu, 11 Sep 2014 20:28:23 +0200 Subject: Reduce the total testing time for the properties to 20 seconds We need to make a global budget for testing on CI server and then define for each property how much it may use of that time. Probably in auxiliary file, such that it can be computed from what has changed in the repo. --- lib/ssh/test/property_test/ssh_eqc_client_server.erl | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server.erl b/lib/ssh/test/property_test/ssh_eqc_client_server.erl index 3fc7a15dd0..669aa5b5e0 100644 --- a/lib/ssh/test/property_test/ssh_eqc_client_server.erl +++ b/lib/ssh/test/property_test/ssh_eqc_client_server.erl @@ -32,6 +32,10 @@ -else. +%% Limit the testing time on CI server... this needs to be improved in % from total budget. +-define(TESTINGTIME(Prop), eqc:testing_time(30,Prop)). + + -include_lib("eqc/include/eqc.hrl"). -include_lib("eqc/include/eqc_statem.hrl"). -eqc_group_commands(true). @@ -97,7 +101,7 @@ %% To be called as eqc:quickcheck( ssh_eqc_client_server:prop_seq() ). prop_seq() -> - do_prop_seq(?SSH_DIR). + ?TESTINGTIME(do_prop_seq(?SSH_DIR)). %% To be called from a common_test test suite prop_seq(CT_Config) -> @@ -116,7 +120,7 @@ full_path(SSHdir, CT_Config) -> SSHdir). %%%---- prop_parallel() -> - do_prop_parallel(?SSH_DIR). + ?TESTINGTIME(do_prop_parallel(?SSH_DIR)). %% To be called from a common_test test suite prop_parallel(CT_Config) -> @@ -131,7 +135,7 @@ do_prop_parallel(DataDir) -> %%%---- prop_parallel_multi() -> - do_prop_parallel_multi(?SSH_DIR). + ?TESTINGTIME(do_prop_parallel_multi(?SSH_DIR)). %% To be called from a common_test test suite prop_parallel_multi(CT_Config) -> @@ -171,7 +175,7 @@ weight(_S, _) -> 1. initial_state_pre(S) -> not S#state.initialized. -initial_state_args(S) -> [{var,data_dir}]. +initial_state_args(_) -> [{var,data_dir}]. initial_state_next(S, _, _) -> S#state{initialized=true}. @@ -182,7 +186,7 @@ initial_state_next(S, _, _) -> S#state{initialized=true}. ssh_server_pre(S) -> S#state.initialized andalso length(S#state.servers) < ?MAX_NUM_SERVERS. -ssh_server_args(S) -> [?SERVER_ADDRESS, {var,data_dir}, ?SERVER_EXTRA_OPTIONS]. +ssh_server_args(_) -> [?SERVER_ADDRESS, {var,data_dir}, ?SERVER_EXTRA_OPTIONS]. ssh_server({IP,Port}, DataDir, ExtraOptions) -> ok(ssh:daemon(IP, Port, -- cgit v1.2.3 From 822ed67fc53746ffe3b76ca03f88cee72977f5d0 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 17 Sep 2014 17:05:13 +0200 Subject: Add timeout to a property test (Thanks John & Tobias @ QuviQ) --- lib/ssh/test/property_test/ssh_eqc_client_server.erl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server.erl b/lib/ssh/test/property_test/ssh_eqc_client_server.erl index 669aa5b5e0..3030fff38b 100644 --- a/lib/ssh/test/property_test/ssh_eqc_client_server.erl +++ b/lib/ssh/test/property_test/ssh_eqc_client_server.erl @@ -251,8 +251,9 @@ ssh_open_connection(#srvr{address=Ip, port=Port}, DataDir) -> [ {silently_accept_hosts, true}, {user_dir, user_dir(DataDir)}, - {user_interaction, false} - ])). + {user_interaction, false}, + {connect_timeout, 2000} + ], 2000)). ssh_open_connection_post(_S, _Args, Result) -> is_ok(Result). -- cgit v1.2.3 From d4d7231a24c697085ddf89fcdfac506b7e732e5c Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 17 Sep 2014 09:36:15 +0200 Subject: ssh: Avoid timeout of init_per_test_case on some platforms Also some code cleanup --- lib/ssh/test/ssh_connection_SUITE.erl | 12 ++++++------ lib/ssh/test/ssh_to_openssh_SUITE.erl | 5 ++++- 2 files changed, 10 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index c115ccee5f..c52b91986b 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -302,7 +302,7 @@ start_shell(Config) when is_list(Config) -> ok = ssh_connection:shell(ConnectionRef,ChannelId0), receive - {ssh_cm,ConnectionRef, {data, ChannelId, 0, <<"Enter command\r\n">>}} -> + {ssh_cm, ConnectionRef, {data, _ChannelId, 0, <<"Enter command\r\n">>}} -> ok after 5000 -> ct:fail("CLI Timeout") @@ -335,8 +335,8 @@ start_shell_exec(Config) when is_list(Config) -> success = ssh_connection:exec(ConnectionRef, ChannelId0, "testing", infinity), receive - {ssh_cm,ConnectionRef, {data, ChannelId, 0, <<"testing\r\n">>}} -> - ok + {ssh_cm, ConnectionRef, {data, _ChannelId, 0, <<"testing\r\n">>}} -> + ok after 5000 -> ct:fail("Exec Timeout") end, @@ -370,8 +370,8 @@ start_shell_exec_fun(Config) when is_list(Config) -> "testing", infinity), receive - {ssh_cm,ConnectionRef, {data, ChannelId, 0, <<"testing\r\n">>}} -> - ok + {ssh_cm, ConnectionRef, {data, _ChannelId, 0, <<"testing\r\n">>}} -> + ok after 5000 -> ct:fail("Exec Timeout") end, diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 3500bf012b..35179adf28 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -564,4 +564,7 @@ check_ssh_client_support2(P) -> check_ssh_client_support2(P); {P, {exit_status, E}} -> E + after 5000 -> + ct:pal("Openssh command timed out ~n"), + -1 end. -- cgit v1.2.3 From 6a7fad099d29929e4b9d311dfeb8ff1d79ec3b5d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 18 Sep 2014 15:54:22 +0200 Subject: ssh_eqc_encode_decode.erl compiles --- lib/ssh/test/property_test/ssh_eqc_encode_decode.erl | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl b/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl index 34630bdc91..57ea2012c1 100644 --- a/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl +++ b/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl @@ -25,8 +25,6 @@ -proptest(eqc). -proptest([triq,proper]). --include_lib("ct_property_test.hrl"). - -ifndef(EQC). -ifndef(PROPER). -ifndef(TRIQ). -- cgit v1.2.3 From df4f9a5d10f920dfa16c8f2c75bc40182296d33e Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 18 Sep 2014 18:35:38 +0200 Subject: Optimizations --- .../test/property_test/ssh_eqc_client_server.erl | 25 ++++++++++++++-------- 1 file changed, 16 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server.erl b/lib/ssh/test/property_test/ssh_eqc_client_server.erl index 3030fff38b..123b48412b 100644 --- a/lib/ssh/test/property_test/ssh_eqc_client_server.erl +++ b/lib/ssh/test/property_test/ssh_eqc_client_server.erl @@ -79,7 +79,9 @@ -define(SUBSYSTEMS, ["echo1", "echo2", "echo3", "echo4"]). --define(SERVER_ADDRESS, { {127,1,1,1}, {call, ?MODULE, inet_port, [{127,1,1,1}]} }). +-define(SERVER_ADDRESS, { {127,1,0,choose(1,254)}, % IP + choose(1024,65535) % Port + }). -define(SERVER_EXTRA_OPTIONS, [{parallel_login,bool()}] ). @@ -109,6 +111,7 @@ prop_seq(CT_Config) -> do_prop_seq(DataDir) -> + setup_rsa(DataDir), ?FORALL(Cmds,commands(?MODULE), begin {H,Sf,Result} = run_commands(?MODULE,Cmds,[{data_dir,DataDir}]), @@ -127,6 +130,7 @@ prop_parallel(CT_Config) -> do_prop_parallel(full_path(?SSH_DIR, CT_Config)). do_prop_parallel(DataDir) -> + setup_rsa(DataDir), ?FORALL(Cmds,parallel_commands(?MODULE), begin {H,Sf,Result} = run_parallel_commands(?MODULE,Cmds,[{data_dir,DataDir}]), @@ -142,6 +146,7 @@ prop_parallel_multi(CT_Config) -> do_prop_parallel_multi(full_path(?SSH_DIR, CT_Config)). do_prop_parallel_multi(DataDir) -> + setup_rsa(DataDir), ?FORALL(Repetitions,?SHRINK(1,[10]), ?FORALL(Cmds,parallel_commands(?MODULE), ?ALWAYS(Repetitions, @@ -160,8 +165,7 @@ initial_state() -> %%% called when using commands/2 initial_state(DataDir) -> application:stop(ssh), - ssh:start(), - setup_rsa(DataDir). + ssh:start(). %%%---------------- weight(S, ssh_send) -> 5*length([C || C<-S#state.channels, has_subsyst(C)]); @@ -183,6 +187,13 @@ initial_state_next(S, _, _) -> S#state{initialized=true}. %%% Start a new daemon %%% Precondition: not more than ?MAX_NUM_SERVERS started +%%% This is a bit funny because we need to pick an IP address and Port to +%%% run the server on, but there is no way to atomically select a free Port! +%%% +%%% Therefore we just grab one IP-Port pair randomly and try to start the ssh server +%%% on that pair. If it fails, we just forget about it and goes on. Yes, it +%%% is a waste of cpu cycles, but at least it works! + ssh_server_pre(S) -> S#state.initialized andalso length(S#state.servers) < ?MAX_NUM_SERVERS. @@ -197,8 +208,10 @@ ssh_server({IP,Port}, DataDir, ExtraOptions) -> | ExtraOptions ])). +ssh_server_post(_S, _Args, {error,eaddrinuse}) -> true; ssh_server_post(_S, _Args, Result) -> is_ok(Result). +ssh_server_next(S, {error,eaddrinuse}, _) -> S; ssh_server_next(S, Result, [{IP,Port},_,_]) -> S#state{servers=[#srvr{ref = Result, address = IP, @@ -573,12 +586,6 @@ median(_) -> %%%================================================================ %%% The rest is taken and modified from ssh_test_lib.erl -inet_port(IpAddress)-> - {ok, Socket} = gen_tcp:listen(0, [{ip,IpAddress},{reuseaddr,true}]), - {ok, Port} = inet:port(Socket), - gen_tcp:close(Socket), - Port. - setup_rsa(Dir) -> erase_dir(system_dir(Dir)), erase_dir(user_dir(Dir)), -- cgit v1.2.3 From e00e62392040ddc328cd0581b4743a4edebe25ab Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 19 Sep 2014 22:26:30 +0200 Subject: ssh: Avoid windows wierdness --- lib/ssh/test/ssh_to_openssh_SUITE.erl | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 35179adf28..41fbd324c4 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -119,15 +119,7 @@ erlang_shell_client_openssh_server(Config) when is_list(Config) -> IO ! {input, self(), "echo Hej\n"}, receive_hej(), IO ! {input, self(), "exit\n"}, - receive - <<"logout">> -> - receive - <<"Connection closed">> -> - ok - end; - Other0 -> - ct:fail({unexpected_msg, Other0}) - end, + receive_logout(), receive {'EXIT', Shell, normal} -> ok; @@ -544,6 +536,21 @@ receive_hej() -> receive_hej() end. +receive_logout() -> + receive + <<"logout">> -> + receive + <<"Connection closed">> -> + ok + end; + <<"TERM environment variable not set.\n">> -> %% Windows work around + receive_logout(); + Other0 -> + ct:fail({unexpected_msg, Other0}) + end. + + + %%-------------------------------------------------------------------- %%-------------------------------------------------------------------- %% Check if we have a "newer" ssh client that supports these test cases -- cgit v1.2.3 From b5f7f202e53b18776afe25eaac2d16bad672d10f Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 22 Sep 2014 14:33:00 +0200 Subject: ssh: ssh-3.0.6 will not support soft ugrade Customer requesting patch will not use soft upgrade and as it will be hard to meet customer deadline and assure quality of soft upgrade we decided to make it an application restart. --- lib/ssh/src/ssh.appup.src | 16 ---------------- lib/ssh/vsn.mk | 2 +- 2 files changed, 1 insertion(+), 17 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 8269f89e40..1917c95f5a 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,25 +19,9 @@ {"%VSN%", [ - {"3.0.2", [{load_module, ssh_message, soft_purge, soft_purge, []}, - {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, - {load_module, ssh_io, soft_purge, soft_purge, []}]}, - {"3.0.1", [{load_module, ssh, soft_purge, soft_purge, []}, - {load_module, ssh_acceptor, soft_purge, soft_purge, []}, - {load_module, ssh_message, soft_purge, soft_purge, []}, - {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, - {load_module, ssh_io, soft_purge, soft_purge, []}]}, {<<".*">>, [{restart_application, ssh}]} ], [ - {"3.0.2", [{load_module, ssh_message, soft_purge, soft_purge, []}, - {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, - {load_module, ssh_io, soft_purge, soft_purge, []}]}, - {"3.0.1", [{load_module, ssh, soft_purge, soft_purge, []}, - {load_module, ssh_acceptor, soft_purge, soft_purge, []}, - {load_module, ssh_message, soft_purge, soft_purge, []}, - {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, - {load_module, ssh_io, soft_purge, soft_purge, []}]}, {<<".*">>, [{restart_application, ssh}]} ] }. diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 73bf73971f..11f30e8d04 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.0.5 +SSH_VSN = 3.0.6 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From b98334b677be774d746037ab81e7e724bfeca5eb Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 17 Sep 2014 17:09:24 +0200 Subject: ssh: Gracefully handle incorrect versions Conflicts: lib/ssh/test/ssh_connection_SUITE.erl --- lib/ssh/src/ssh_connect.hrl | 3 +- lib/ssh/src/ssh_connection_handler.erl | 30 ++++++--- lib/ssh/src/ssh_transport.erl | 27 ++++---- lib/ssh/test/ssh_connection_SUITE.erl | 109 ++++++++++++++++++++++++++++++--- 4 files changed, 138 insertions(+), 31 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connect.hrl b/lib/ssh/src/ssh_connect.hrl index 8421b07167..9307dbbad0 100644 --- a/lib/ssh/src/ssh_connect.hrl +++ b/lib/ssh/src/ssh_connect.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2013. All Rights Reserved. +%% Copyright Ericsson AB 2005-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -26,6 +26,7 @@ -define(DEFAULT_PACKET_SIZE, 32768). -define(DEFAULT_WINDOW_SIZE, 2*?DEFAULT_PACKET_SIZE). -define(DEFAULT_TIMEOUT, 5000). +-define(MAX_PROTO_VERSION, 255). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 86804c4436..68736c3365 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -71,7 +71,8 @@ connection_queue, address, port, - opts + opts, + recbuf }). -type state_name() :: hello | kexinit | key_exchange | new_keys | userauth | connection. @@ -293,28 +294,39 @@ info(ConnectionHandler, ChannelProcess) -> hello(socket_control, #state{socket = Socket, ssh_params = Ssh} = State) -> VsnMsg = ssh_transport:hello_version_msg(string_version(Ssh)), send_msg(VsnMsg, State), - inet:setopts(Socket, [{packet, line}, {active, once}]), - {next_state, hello, State}; + {ok, [{recbuf, Size}]} = inet:getopts(Socket, [recbuf]), + inet:setopts(Socket, [{packet, line}, {active, once}, {recbuf, ?MAX_PROTO_VERSION}]), + {next_state, hello, State#state{recbuf = Size}}; -hello({info_line, _Line},#state{socket = Socket} = State) -> +hello({info_line, _Line},#state{role = client, socket = Socket} = State) -> + %% The server may send info lines before the version_exchange inet:setopts(Socket, [{active, once}]), {next_state, hello, State}; +hello({info_line, _Line},#state{role = server} = State) -> + DisconnectMsg = + #ssh_msg_disconnect{code = + ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Did not receive expected protocol version exchange", + language = "en"}, + handle_disconnect(DisconnectMsg, State); + hello({version_exchange, Version}, #state{ssh_params = Ssh0, - socket = Socket} = State) -> + socket = Socket, + recbuf = Size} = State) -> {NumVsn, StrVsn} = ssh_transport:handle_hello_version(Version), case handle_version(NumVsn, StrVsn, Ssh0) of {ok, Ssh1} -> - inet:setopts(Socket, [{packet,0}, {mode,binary}, {active, once}]), + inet:setopts(Socket, [{packet,0}, {mode,binary}, {active, once}, {recbuf, Size}]), {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh1), send_msg(SshPacket, State), {next_state, kexinit, next_packet(State#state{ssh_params = Ssh, key_exchange_init_msg = KeyInitMsg})}; not_supported -> - DisconnectMsg = + DisconnectMsg = #ssh_msg_disconnect{code = - ?SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED, + ?SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED, description = "Protocol version " ++ StrVsn ++ " not supported", language = "en"}, diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index ea05c849b7..76fa776113 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2013. All Rights Reserved. +%% Copyright Ericsson AB 2004-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -82,16 +82,21 @@ format_version({Major,Minor}) -> integer_to_list(Minor) ++ "-Erlang". handle_hello_version(Version) -> - StrVersion = trim_tail(Version), - case string:tokens(Version, "-") of - [_, "2.0" | _] -> - {{2,0}, StrVersion}; - [_, "1.99" | _] -> - {{2,0}, StrVersion}; - [_, "1.3" | _] -> - {{1,3}, StrVersion}; - [_, "1.5" | _] -> - {{1,5}, StrVersion} + try + StrVersion = trim_tail(Version), + case string:tokens(Version, "-") of + [_, "2.0" | _] -> + {{2,0}, StrVersion}; + [_, "1.99" | _] -> + {{2,0}, StrVersion}; + [_, "1.3" | _] -> + {{1,3}, StrVersion}; + [_, "1.5" | _] -> + {{1,5}, StrVersion} + end + catch + error:_ -> + {undefined, "unknown version"} end. key_exchange_init_msg(Ssh0) -> diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index c115ccee5f..d63b3f2a75 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -31,8 +31,8 @@ %% Common Test interface functions ----------------------------------- %%-------------------------------------------------------------------- -suite() -> - [{ct_hooks,[ts_install_cth]}]. +%% suite() -> +%% [{ct_hooks,[ts_install_cth]}]. all() -> [ @@ -40,7 +40,11 @@ all() -> interrupted_send, start_shell, start_shell_exec, - start_shell_exec_fun + start_shell_exec_fun, + gracefull_invalid_version, + gracefull_invalid_start, + gracefull_invalid_long_start, + gracefull_invalid_long_start_no_nl ]. groups() -> [{openssh_payload, [], [simple_exec, @@ -302,7 +306,7 @@ start_shell(Config) when is_list(Config) -> ok = ssh_connection:shell(ConnectionRef,ChannelId0), receive - {ssh_cm,ConnectionRef, {data, ChannelId, 0, <<"Enter command\r\n">>}} -> + {ssh_cm,ConnectionRef, {data, ChannelId0, 0, <<"Enter command\r\n">>}} -> ok after 5000 -> ct:fail("CLI Timeout") @@ -333,10 +337,10 @@ start_shell_exec(Config) when is_list(Config) -> {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), success = ssh_connection:exec(ConnectionRef, ChannelId0, - "testing", infinity), + "testing", infinity), receive - {ssh_cm,ConnectionRef, {data, ChannelId, 0, <<"testing\r\n">>}} -> - ok + {ssh_cm,ConnectionRef, {data, ChannelId0, 0, <<"testing\r\n">>}} -> + ok after 5000 -> ct:fail("Exec Timeout") end, @@ -370,14 +374,99 @@ start_shell_exec_fun(Config) when is_list(Config) -> "testing", infinity), receive - {ssh_cm,ConnectionRef, {data, ChannelId, 0, <<"testing\r\n">>}} -> - ok + {ssh_cm,ConnectionRef, {data, ChannelId0, 0, <<"testing\r\n">>}} -> + ok after 5000 -> ct:fail("Exec Timeout") end, ssh:close(ConnectionRef), ssh:stop_daemon(Pid). + +%%-------------------------------------------------------------------- + +gracefull_invalid_version(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}]), + + {ok, S} = gen_tcp:connect(Host, Port, []), + ok = gen_tcp:send(S, ["SSH-8.-1","\r\n"]), + receive + Verstring -> + ct:pal("Server version: ~p~n", [Verstring]), + receive + {tcp_closed, S} -> + ok + end + end. + +gracefull_invalid_start(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}]), + + {ok, S} = gen_tcp:connect(Host, Port, []), + ok = gen_tcp:send(S, ["foobar","\r\n"]), + receive + Verstring -> + ct:pal("Server version: ~p~n", [Verstring]), + receive + {tcp_closed, S} -> + ok + end + end. + +gracefull_invalid_long_start(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}]), + + {ok, S} = gen_tcp:connect(Host, Port, []), + ok = gen_tcp:send(S, [lists:duplicate(257, $a), "\r\n"]), + receive + Verstring -> + ct:pal("Server version: ~p~n", [Verstring]), + receive + {tcp_closed, S} -> + ok + end + end. + + +gracefull_invalid_long_start_no_nl(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}]), + + {ok, S} = gen_tcp:connect(Host, Port, []), + ok = gen_tcp:send(S, [lists:duplicate(257, $a), "\r\n"]), + receive + Verstring -> + ct:pal("Server version: ~p~n", [Verstring]), + receive + {tcp_closed, S} -> + ok + end + end. + + %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- -- cgit v1.2.3 From 0fba2ec56dd3557a6ef74a211581dce9827be1a6 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 22 Sep 2014 10:12:39 +0200 Subject: ssh: Add format_status/2 so sensitive data will not be present in logs --- lib/ssh/src/ssh_connection_handler.erl | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 68736c3365..fba278aba7 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -48,7 +48,7 @@ userauth/2, connected/2]). -export([init/1, handle_event/3, - handle_sync_event/4, handle_info/3, terminate/3, code_change/4]). + handle_sync_event/4, handle_info/3, terminate/3, format_status/2, code_change/4]). -record(state, { role, @@ -963,6 +963,36 @@ terminate_subsytem(#connection{system_supervisor = SysSup, terminate_subsytem(_) -> ok. +format_status(normal, [_, State]) -> + [{data, [{"StateData", State}]}]; +format_status(terminate, [_, State]) -> + SshParams0 = (State#state.ssh_params), + SshParams = SshParams0#ssh{c_keyinit = "***", + s_keyinit = "***", + send_mac_key = "***", + send_mac_size = "***", + recv_mac_key = "***", + recv_mac_size = "***", + encrypt_keys = "***", + encrypt_ctx = "***", + decrypt_keys = "***", + decrypt_ctx = "***", + compress_ctx = "***", + decompress_ctx = "***", + shared_secret = "***", + exchanged_hash = "***", + session_id = "***", + keyex_key = "***", + keyex_info = "***", + available_host_keys = "***"}, + [{data, [{"StateData", State#state{decoded_data_buffer = "***", + encoded_data_buffer = "***", + key_exchange_init_msg = "***", + opts = "***", + recbuf = "***", + ssh_params = SshParams + }}]}]. + %%-------------------------------------------------------------------- -spec code_change(OldVsn::term(), state_name(), Oldstate::term(), Extra::term()) -> {ok, state_name(), #state{}}. -- cgit v1.2.3 From 828b5a03825e168d19715ed65876008b9fc00c39 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 17 Sep 2014 16:56:34 +0200 Subject: ssh: Add test case for ssh:stop_listner Conflicts: lib/ssh/test/ssh_connection_SUITE.erl --- lib/ssh/test/ssh_connection_SUITE.erl | 149 ++++++++++++++++++++++++---------- 1 file changed, 106 insertions(+), 43 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index d63b3f2a75..9569120cfc 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -44,7 +44,8 @@ all() -> gracefull_invalid_version, gracefull_invalid_start, gracefull_invalid_long_start, - gracefull_invalid_long_start_no_nl + gracefull_invalid_long_start_no_nl, + stop_listener ]. groups() -> [{openssh_payload, [], [simple_exec, @@ -71,7 +72,7 @@ init_per_group(openssh_payload, _Config) -> {skip,"No openssh deamon"}; {ok, Socket} -> gen_tcp:close(Socket) - end; + end; init_per_group(_, Config) -> Config. @@ -184,10 +185,10 @@ big_cat(Config) when is_list(Config) -> case size(Data) =:= size(Other) of true -> ct:pal("received and sent data are same" - "size but do not match~n",[]); + "size but do not match~n",[]); false -> ct:pal("sent ~p but only received ~p~n", - [size(Data), size(Other)]) + [size(Data), size(Other)]) end, ct:fail(receive_data_mismatch); Else -> @@ -254,10 +255,10 @@ interrupted_send(Config) when is_list(Config) -> {subsystems, [{"echo_n", {ssh_echo_server, [4000000]}}]}]), ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_interaction, false}, - {user_dir, UserDir}]), + {user, "foo"}, + {password, "morot"}, + {user_interaction, false}, + {user_dir, UserDir}]), {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), @@ -292,24 +293,24 @@ start_shell(Config) when is_list(Config) -> file:make_dir(UserDir), SysDir = ?config(data_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, UserDir}, - {password, "morot"}, - {shell, fun(U, H) -> start_our_shell(U, H) end} ]), + {user_dir, UserDir}, + {password, "morot"}, + {shell, fun(U, H) -> start_our_shell(U, H) end} ]), ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_interaction, true}, - {user_dir, UserDir}]), + {user, "foo"}, + {password, "morot"}, + {user_interaction, true}, + {user_dir, UserDir}]), {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), ok = ssh_connection:shell(ConnectionRef,ChannelId0), receive - {ssh_cm,ConnectionRef, {data, ChannelId0, 0, <<"Enter command\r\n">>}} -> - ok + {ssh_cm,ConnectionRef, {data, ChannelId0, 0, <<"Enter command\r\n">>}} -> + ok after 5000 -> - ct:fail("CLI Timeout") + ct:fail("CLI Timeout") end, ssh:close(ConnectionRef), @@ -324,25 +325,25 @@ start_shell_exec(Config) when is_list(Config) -> file:make_dir(UserDir), SysDir = ?config(data_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, UserDir}, - {password, "morot"}, - {exec, {?MODULE,ssh_exec,[]}} ]), + {user_dir, UserDir}, + {password, "morot"}, + {exec, {?MODULE,ssh_exec,[]}} ]), ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_interaction, true}, - {user_dir, UserDir}]), + {user, "foo"}, + {password, "morot"}, + {user_interaction, true}, + {user_dir, UserDir}]), {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), success = ssh_connection:exec(ConnectionRef, ChannelId0, "testing", infinity), receive - {ssh_cm,ConnectionRef, {data, ChannelId0, 0, <<"testing\r\n">>}} -> - ok + {ssh_cm,ConnectionRef, {data, ChannelId, 0, <<"testing\r\n">>}} -> + ok after 5000 -> - ct:fail("Exec Timeout") + ct:fail("Exec Timeout") end, ssh:close(ConnectionRef), @@ -358,26 +359,26 @@ start_shell_exec_fun(Config) when is_list(Config) -> file:make_dir(UserDir), SysDir = ?config(data_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, UserDir}, - {password, "morot"}, - {exec, fun ssh_exec/1}]), + {user_dir, UserDir}, + {password, "morot"}, + {exec, fun ssh_exec/1}]), ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_interaction, true}, - {user_dir, UserDir}]), + {user, "foo"}, + {password, "morot"}, + {user_interaction, true}, + {user_dir, UserDir}]), {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), success = ssh_connection:exec(ConnectionRef, ChannelId0, - "testing", infinity), + "testing", infinity), receive - {ssh_cm,ConnectionRef, {data, ChannelId0, 0, <<"testing\r\n">>}} -> - ok + {ssh_cm,ConnectionRef, {data, ChannelId, 0, <<"testing\r\n">>}} -> + ok after 5000 -> - ct:fail("Exec Timeout") + ct:fail("Exec Timeout") end, ssh:close(ConnectionRef), @@ -390,6 +391,7 @@ gracefull_invalid_version(Config) when is_list(Config) -> UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), SysDir = ?config(data_dir, Config), + {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, {password, "morot"}]), @@ -466,6 +468,67 @@ gracefull_invalid_long_start_no_nl(Config) when is_list(Config) -> end end. +stop_listener() -> + [{doc, "start ssh daemon, setup connections, stop listener, restart listner"}]. + +stop_listener(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + {Pid0, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {exec, fun ssh_exec/1}]), + + ConnectionRef0 = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, true}, + {user_dir, UserDir}]), + + {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef0, infinity), + + ssh:stop_listener(Host, Port), + + {error, _} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, true}, + {user_dir, UserDir}]), + success = ssh_connection:exec(ConnectionRef0, ChannelId0, + "testing", infinity), + receive + {ssh_cm, ConnectionRef0, {data, ChannelId0, 0, <<"testing\r\n">>}} -> + ok + after 5000 -> + ct:fail("Exec Timeout") + end, + + {ok, HostAddr} = inet:getaddr(Host, inet), + case ssh_test_lib:daemon(HostAddr, Port, [{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "potatis"}, + {exec, fun ssh_exec/1}]) of + {Pid1, HostAddr, Port} -> + ConnectionRef1 = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "potatis"}, + {user_interaction, true}, + {user_dir, UserDir}]), + {error, _} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, true}, + {user_dir, UserDir}]), + ssh:close(ConnectionRef0), + ssh:close(ConnectionRef1), + ssh:stop_daemon(Pid0), + ssh:stop_daemon(Pid1); + Error -> + ct:fail({unexpected, Error}) + end. %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ @@ -502,14 +565,14 @@ collect_data(ConnectionRef, ChannelId, Acc) -> end. %%%------------------------------------------------------------------- -% This is taken from the ssh example code. +%% This is taken from the ssh example code. start_our_shell(_User, _Peer) -> spawn(fun() -> - io:format("Enter command\n") - %% Don't actually loop, just exit + io:format("Enter command\n") + %% Don't actually loop, just exit end). ssh_exec(Cmd) -> spawn(fun() -> - io:format(Cmd ++ "\n") + io:format(Cmd ++ "\n") end). -- cgit v1.2.3 From 8ff6dc862d330c62ab520d03e8a26174b4350424 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 23 Sep 2014 17:48:39 +0200 Subject: ssh: Fixed parallel_login bug that made all logins serial --- lib/ssh/src/ssh_connection_handler.erl | 24 ++++++++++++++++-------- lib/ssh/test/ssh_basic_SUITE.erl | 13 ++++++++++--- lib/ssh/test/ssh_test_lib.erl | 3 +++ 3 files changed, 29 insertions(+), 11 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 86804c4436..a1e505961a 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -103,12 +103,22 @@ start_connection(client = Role, Socket, Options, Timeout) -> end; start_connection(server = Role, Socket, Options, Timeout) -> + SSH_Opts = proplists:get_value(ssh_opts, Options, []), try - case proplists:get_value(parallel_login, Options, false) of + case proplists:get_value(parallel_login, SSH_Opts, false) of true -> - spawn(fun() -> start_server_connection(Role, Socket, Options, Timeout) end); + HandshakerPid = + spawn_link(fun() -> + receive + {do_handshake, Pid} -> + handshake(Pid, erlang:monitor(process,Pid), Timeout) + end + end), + ChildPid = start_the_connection_child(HandshakerPid, Role, Socket, Options), + HandshakerPid ! {do_handshake, ChildPid}; false -> - start_server_connection(Role, Socket, Options, Timeout) + ChildPid = start_the_connection_child(self(), Role, Socket, Options), + handshake(ChildPid, erlang:monitor(process,ChildPid), Timeout) end catch exit:{noproc, _} -> @@ -117,16 +127,14 @@ start_connection(server = Role, Socket, Options, Timeout) -> {error, Error} end. - -start_server_connection(server = Role, Socket, Options, Timeout) -> +start_the_connection_child(UserPid, Role, Socket, Options) -> Sups = proplists:get_value(supervisors, Options), ConnectionSup = proplists:get_value(connection_sup, Sups), - Opts = [{supervisors, Sups}, {user_pid, self()} | proplists:get_value(ssh_opts, Options, [])], + Opts = [{supervisors, Sups}, {user_pid, UserPid} | proplists:get_value(ssh_opts, Options, [])], {ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]), {_, Callback, _} = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), socket_control(Socket, Pid, Callback), - Ref = erlang:monitor(process, Pid), - handshake(Pid, Ref, Timeout). + Pid. start_link(Role, Socket, Options) -> diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 9242731924..415cb9fc9c 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -798,12 +798,14 @@ ssh_connect_nonegtimeout_connected(Config, Parallel) -> {parallel_login, Parallel}, {negotiation_timeout, NegTimeOut}, {failfun, fun ssh_test_lib:failfun/2}]), + ct:pal("~p Listen ~p:~p",[_Pid,_Host,Port]), ct:sleep(500), IO = ssh_test_lib:start_io_server(), Shell = ssh_test_lib:start_shell(Port, IO, UserDir), receive - {'EXIT', _, _} -> + Error = {'EXIT', _, _} -> + ct:pal("~p",[Error]), ct:fail(no_ssh_connection); ErlShellStart -> ct:pal("---Erlang shell start: ~p~n", [ErlShellStart]), @@ -898,7 +900,12 @@ connect_fun(ssh_sftp__start_channel, _Config) -> end. -max_sessions(Config, ParallelLogin, Connect) when is_function(Connect,2) -> +max_sessions(Config, ParallelLogin, Connect0) when is_function(Connect0,2) -> + Connect = fun(Host,Port) -> + R = Connect0(Host,Port), + ct:pal("Connect(~p,~p) -> ~p",[Host,Port,R]), + R + end, SystemDir = filename:join(?config(priv_dir, Config), system), UserDir = ?config(priv_dir, Config), MaxSessions = 5, @@ -909,7 +916,7 @@ max_sessions(Config, ParallelLogin, Connect) when is_function(Connect,2) -> {parallel_login, ParallelLogin}, {max_sessions, MaxSessions} ]), - + ct:pal("~p Listen ~p:~p for max ~p sessions",[Pid,Host,Port,MaxSessions]), try [Connect(Host,Port) || _ <- lists:seq(1,MaxSessions)] of Connections -> diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 00c25bf394..b8abf5e80e 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -113,6 +113,9 @@ io_request({put_chars, Chars}, TestCase, _, _, Buff) -> io_request({put_chars, unicode, Chars}, TestCase, _, _, Buff) when is_binary(Chars) -> reply(TestCase, Chars), {ok, ok, Buff}; +io_request({put_chars, unicode, io_lib, format, [Fmt,Args]}, TestCase, _, _, Buff) -> + reply(TestCase, io_lib:format(Fmt,Args)), + {ok, ok, Buff}; io_request({put_chars, Enc, Chars}, TestCase, _, _, Buff) -> reply(TestCase, unicode:characters_to_binary(Chars,Enc,latin1)), {ok, ok, Buff}; -- cgit v1.2.3 From 19aa8b2e1e11f1da4723dbcce427831eca17d54e Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 17 Sep 2014 17:04:34 +0200 Subject: ssh: Adjust supervisor tree to make sure new listning options are honored --- lib/ssh/src/ssh.erl | 18 +++++++++++------- lib/ssh/src/ssh_acceptor_sup.erl | 13 ++++++------- lib/ssh/src/ssh_system_sup.erl | 8 ++++---- 3 files changed, 21 insertions(+), 18 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 8a8d4bb89e..de047d3c83 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -234,22 +234,26 @@ do_start_daemon(Host, Port, Options, SocketOptions) -> {port, Port}, {role, server}, {socket_opts, SocketOptions}, {ssh_opts, Options}]) of - {ok, SysSup} -> - {ok, SysSup}; {error, {already_started, _}} -> {error, eaddrinuse}; - {error, R} -> - {error, R} + Result = {Code, _} when (Code == ok) or (Code == error) -> + Result catch exit:{noproc, _} -> {error, ssh_not_started} end; Sup -> - case ssh_system_sup:restart_acceptor(Host, Port) of + AccPid = ssh_system_sup:acceptor_supervisor(Sup), + case ssh_acceptor_sup:start_child(AccPid, [{address, Host}, + {port, Port}, {role, server}, + {socket_opts, SocketOptions}, + {ssh_opts, Options}]) of + {error, {already_started, _}} -> + {error, eaddrinuse}; {ok, _} -> {ok, Sup}; - _ -> - {error, eaddrinuse} + Other -> + Other end end. diff --git a/lib/ssh/src/ssh_acceptor_sup.erl b/lib/ssh/src/ssh_acceptor_sup.erl index 2be729d305..46fdef07d0 100644 --- a/lib/ssh/src/ssh_acceptor_sup.erl +++ b/lib/ssh/src/ssh_acceptor_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -26,7 +26,7 @@ -module(ssh_acceptor_sup). -behaviour(supervisor). --export([start_link/1, start_child/2, stop_child/2]). +-export([start_link/1, start_child/2, stop_child/3]). %% Supervisor callback -export([init/1]). @@ -45,18 +45,17 @@ start_child(AccSup, ServerOpts) -> {error, already_present} -> Address = proplists:get_value(address, ServerOpts), Port = proplists:get_value(port, ServerOpts), - Name = id(Address, Port), - supervisor:delete_child(?MODULE, Name), + stop_child(AccSup, Address, Port), supervisor:start_child(AccSup, Spec); Reply -> Reply end. -stop_child(Address, Port) -> +stop_child(AccSup, Address, Port) -> Name = id(Address, Port), - case supervisor:terminate_child(?MODULE, Name) of + case supervisor:terminate_child(AccSup, Name) of ok -> - supervisor:delete_child(?MODULE, Name); + supervisor:delete_child(AccSup, Name); Error -> Error end. diff --git a/lib/ssh/src/ssh_system_sup.erl b/lib/ssh/src/ssh_system_sup.erl index 848133f838..660fe8bb65 100644 --- a/lib/ssh/src/ssh_system_sup.erl +++ b/lib/ssh/src/ssh_system_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -173,8 +173,8 @@ ssh_acceptor_sup([_ | Rest]) -> ssh_acceptor_sup(Rest). stop_acceptor(Sup) -> - [Name] = - [SupName || {SupName, _, _, [ssh_acceptor_sup]} <- + [{Name, AcceptorSup}] = + [{SupName, ASup} || {SupName, ASup, _, [ssh_acceptor_sup]} <- supervisor:which_children(Sup)], - supervisor:terminate_child(Sup, Name). + supervisor:terminate_child(AcceptorSup, Name). -- cgit v1.2.3 From 782fbece2e903c09b5293113bcb85f988be6f84c Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 29 Sep 2014 09:00:20 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 50 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 0b587db810..467e2ab27e 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,56 @@ notes.xml +
Ssh 3.0.6 + +
Fixed Bugs and Malfunctions + + +

+ Gracefully handle bad data from the client when expecting + ssh version exchange.

+

+ Own Id: OTP-12157 Aux Id: seq12706

+ + +

+ When restarting an ssh daemon, that was stopped with + ssh:stop_listner/ [1,2] new options given shall replace + old ones.

+

+ Own Id: OTP-12168 Aux Id: seq12711

+ + +
+ + +
Improvements and New Features + + +

+ ssh now has a format_status function to avoid printing + sensitive information in error loggs.

+

+ Own Id: OTP-12030

+ + +
+ + +
Known Bugs and Problems + + +

+ The option parallel_login didn't work with the + value true. All logins were serial.

+

+ Own Id: OTP-12194

+ + +
+ +
+
Ssh 3.0.5
Fixed Bugs and Malfunctions -- cgit v1.2.3 From ebf50edd510a5beafa466741e10437f9ebad4408 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 9 Oct 2014 12:34:24 +0200 Subject: ssh: testcase --- lib/ssh/test/ssh_connection_SUITE.erl | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index d226e5ba03..3c537d719c 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -37,6 +37,7 @@ all() -> [ {group, openssh_payload}, + start_subsystem_on_closed_channel, interrupted_send, start_shell, start_shell_exec, @@ -240,6 +241,32 @@ send_after_exit(Config) when is_list(Config) -> ct:fail(Else) end. +%%-------------------------------------------------------------------- +start_subsystem_on_closed_channel(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {subsystems, [{"echo_n", {ssh_echo_server, [4000000]}}]}]), + + ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, false}, + {user_dir, UserDir}]), + + {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + + ok = ssh_connection:close(ConnectionRef, ChannelId), + + failure = ssh_connection:subsystem(ConnectionRef, ChannelId, "echo_n", infinity), + + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). + %%-------------------------------------------------------------------- interrupted_send() -> [{doc, "Use a subsystem that echos n char and then sends eof to cause a channel exit partway through a large send."}]. -- cgit v1.2.3 From d086394ebd3595d431835af80709977a6c1c7c89 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 9 Oct 2014 12:35:03 +0200 Subject: ssh: Corrected ret val from ssh_connection:subsystem/4. --- lib/ssh/src/ssh_connection.erl | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index 33849f4527..87f37b93ef 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -107,9 +107,15 @@ shell(ConnectionHandler, ChannelId) -> %% Description: Executes a predefined subsystem. %%-------------------------------------------------------------------- subsystem(ConnectionHandler, ChannelId, SubSystem, TimeOut) -> - ssh_connection_handler:request(ConnectionHandler, self(), - ChannelId, "subsystem", - true, [?string(SubSystem)], TimeOut). + case ssh_connection_handler:request(ConnectionHandler, self(), + ChannelId, "subsystem", + true, [?string(SubSystem)], TimeOut) of + success -> success; + failure -> failure; + {error,timeout} -> {error,timeout}; + _ -> failure + end. + %%-------------------------------------------------------------------- -spec send(pid(), channel_id(), iodata()) -> ok | {error, closed}. -- cgit v1.2.3 From b6bbdb3a10e2e6aaa4d346dfe7c8917e52bd1c17 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 6 Oct 2014 16:59:22 +0200 Subject: ssh: Fix option user_interaction to work as expected When password authentication is implemented with ssh keyboard-interactive method and the password is already supplied, so that we do not need to query the user, connections should succeed even though the user_interaction option is set to false. --- lib/ssh/src/ssh_auth.erl | 86 +++++++++++++++++++++------------------------ lib/ssh/src/ssh_io.erl | 6 ++-- lib/ssh/src/ssh_message.erl | 13 +++++-- 3 files changed, 54 insertions(+), 51 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 45fd907383..b4d406ba8d 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -119,8 +119,7 @@ init_userauth_request_msg(#ssh{opts = Opts} = Ssh) -> false -> FirstAlg = proplists:get_value(public_key_alg, Opts, ?PREFERRED_PK_ALG), SecondAlg = other_alg(FirstAlg), - AllowUserInt = proplists:get_value(user_interaction, Opts, true), - Prefs = method_preference(FirstAlg, SecondAlg, AllowUserInt), + Prefs = method_preference(FirstAlg, SecondAlg), ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, userauth_preference = Prefs, userauth_methods = none, @@ -130,15 +129,13 @@ init_userauth_request_msg(#ssh{opts = Opts} = Ssh) -> case length(Algs) =:= 2 of true -> SecondAlg = other_alg(FirstAlg), - AllowUserInt = proplists:get_value(user_interaction, Opts, true), - Prefs = method_preference(FirstAlg, SecondAlg, AllowUserInt), + Prefs = method_preference(FirstAlg, SecondAlg), ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, userauth_preference = Prefs, userauth_methods = none, service = "ssh-connection"}); _ -> - AllowUserInt = proplists:get_value(user_interaction, Opts, true), - Prefs = method_preference(FirstAlg, AllowUserInt), + Prefs = method_preference(FirstAlg), ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, userauth_preference = Prefs, userauth_methods = none, @@ -256,15 +253,12 @@ handle_userauth_info_request( data = Data}, IoCb, #ssh{opts = Opts} = Ssh) -> PromptInfos = decode_keyboard_interactive_prompts(NumPrompts,Data), - Resps = keyboard_interact_get_responses(IoCb, Opts, + Responses = keyboard_interact_get_responses(IoCb, Opts, Name, Instr, PromptInfos), - RespBin = list_to_binary( - lists:map(fun(S) -> <> end, - Resps)), {ok, ssh_transport:ssh_packet( #ssh_msg_userauth_info_response{num_responses = NumPrompts, - data = RespBin}, Ssh)}. + data = Responses}, Ssh)}. handle_userauth_info_response(#ssh_msg_userauth_info_response{}, _Auth) -> @@ -276,25 +270,16 @@ handle_userauth_info_response(#ssh_msg_userauth_info_response{}, %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- -method_preference(Alg1, Alg2, true) -> +method_preference(Alg1, Alg2) -> [{"publickey", ?MODULE, publickey_msg, [Alg1]}, {"publickey", ?MODULE, publickey_msg,[Alg2]}, {"password", ?MODULE, password_msg, []}, {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []} - ]; -method_preference(Alg1, Alg2, false) -> - [{"publickey", ?MODULE, publickey_msg, [Alg1]}, - {"publickey", ?MODULE, publickey_msg,[Alg2]}, - {"password", ?MODULE, password_msg, []} ]. -method_preference(Alg1, true) -> +method_preference(Alg1) -> [{"publickey", ?MODULE, publickey_msg, [Alg1]}, {"password", ?MODULE, password_msg, []}, {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []} - ]; -method_preference(Alg1, false) -> - [{"publickey", ?MODULE, publickey_msg, [Alg1]}, - {"password", ?MODULE, password_msg, []} ]. user_name(Opts) -> @@ -362,35 +347,29 @@ build_sig_data(SessionId, User, Service, KeyBlob, Alg) -> algorithm_string('ssh-rsa') -> "ssh-rsa"; algorithm_string('ssh-dss') -> - "ssh-dss". + "ssh-dss". decode_keyboard_interactive_prompts(_NumPrompts, Data) -> ssh_message:decode_keyboard_interactive_prompts(Data, []). keyboard_interact_get_responses(IoCb, Opts, Name, Instr, PromptInfos) -> NumPrompts = length(PromptInfos), - case proplists:get_value(keyboard_interact_fun, Opts) of - undefined when NumPrompts == 1 -> - %% Special case/fallback for just one prompt - %% (assumed to be the password prompt) - case proplists:get_value(password, Opts) of - undefined -> keyboard_interact(IoCb, Name, Instr, PromptInfos, Opts); - PW -> [PW] - end; - undefined -> - keyboard_interact(IoCb, Name, Instr, PromptInfos, Opts); - KbdInteractFun -> - Prompts = lists:map(fun({Prompt, _Echo}) -> Prompt end, - PromptInfos), - case KbdInteractFun(Name, Instr, Prompts) of - Rs when length(Rs) == NumPrompts -> - Rs; - Rs -> - erlang:error({mismatching_number_of_responses, - {got,Rs}, - {expected,NumPrompts}}) - end - end. + keyboard_interact_get_responses(proplists:get_value(user_interaction, Opts, true), + proplists:get_value(keyboard_interact_fun, Opts), + proplists:get_value(password, Opts, undefined), IoCb, Name, + Instr, PromptInfos, Opts, NumPrompts). + +keyboard_interact_get_responses(_, undefined, Password, _, _, _, _, _, + 1) when Password =/= undefined -> + [Password]; %% Password auth implemented with keyboard-interaction and passwd is known +keyboard_interact_get_responses(_, _, _, _, _, _, _, _, 0) -> + [""]; +keyboard_interact_get_responses(false, undefined, undefined, _, _, _, [Prompt|_], Opts, _) -> + ssh_no_io:read_line(Prompt, Opts); %% Throws error as keyboard interaction is not allowed +keyboard_interact_get_responses(true, undefined, _,IoCb, Name, Instr, PromptInfos, Opts, _) -> + keyboard_interact(IoCb, Name, Instr, PromptInfos, Opts); +keyboard_interact_get_responses(true, Fun, _, Name, Instr, PromptInfos, _, _, NumPrompts) -> + keyboard_interact_fun(Fun, Name, Instr, PromptInfos, NumPrompts). keyboard_interact(IoCb, Name, Instr, Prompts, Opts) -> if Name /= "" -> IoCb:format("~s", [Name]); @@ -404,6 +383,21 @@ keyboard_interact(IoCb, Name, Instr, Prompts, Opts) -> end, Prompts). +keyboard_interact_fun(KbdInteractFun, Name, Instr, PromptInfos, NumPrompts) -> + Prompts = lists:map(fun({Prompt, _Echo}) -> Prompt end, + PromptInfos), + case KbdInteractFun(Name, Instr, Prompts) of + Rs when length(Rs) == NumPrompts -> + Rs; + Rs -> + throw({mismatching_number_of_responses, + {got,Rs}, + {expected, NumPrompts}, + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "User interaction failed", + language = "en"}}) + end. + other_alg('ssh-rsa') -> 'ssh-dss'; other_alg('ssh-dss') -> diff --git a/lib/ssh/src/ssh_io.erl b/lib/ssh/src/ssh_io.erl index 35336bce8b..97e2dee27a 100644 --- a/lib/ssh/src/ssh_io.erl +++ b/lib/ssh/src/ssh_io.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2013. All Rights Reserved. +%% Copyright Ericsson AB 2005-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -73,7 +73,9 @@ read_password(Prompt, Ssh) -> listify(A) when is_atom(A) -> atom_to_list(A); listify(L) when is_list(L) -> - L. + L; +listify(B) when is_binary(B) -> + binary_to_list(B). format(Fmt, Args) -> io:format(Fmt, Args). diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 76b57cb995..891ccec24c 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2013-2013. All Rights Reserved. +%% Copyright Ericsson AB 2013-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -162,8 +162,15 @@ encode(#ssh_msg_userauth_info_request{ encode(#ssh_msg_userauth_info_response{ num_responses = Num, data = Data}) -> - ssh_bits:encode([?SSH_MSG_USERAUTH_INFO_RESPONSE, Num, Data], - [byte, uint32, '...']); + Responses = lists:map(fun("") -> + <<>>; + (Response) -> + ssh_bits:encode([Response], [string]) + end, Data), + Start = ssh_bits:encode([?SSH_MSG_USERAUTH_INFO_RESPONSE, Num], + [byte, uint32]), + iolist_to_binary([Start, Responses]); + encode(#ssh_msg_disconnect{ code = Code, description = Desc, -- cgit v1.2.3 From a6145dc469920f1c09ebcafbeb7722a98dbce96c Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 10 Oct 2014 10:53:23 +0200 Subject: ssh: Add option sftp_vsn --- lib/ssh/doc/src/ssh_sftp.xml | 13 ++++++++++++- lib/ssh/src/ssh_sftp.erl | 35 +++++++++++++++++++++++++---------- lib/ssh/src/ssh_xfer.erl | 8 ++++---- lib/ssh/test/ssh_sftp_SUITE.erl | 24 ++++++++++++++++++++++-- 4 files changed, 63 insertions(+), 17 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index e55d092fe2..f1091e9eca 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -4,7 +4,7 @@
- 20052013 + 20052014 Ericsson AB. All Rights Reserved. @@ -81,6 +81,17 @@

The timeout is passed to the ssh_channel start function, and defaults to infinity.

+ +

+ + +

+ Desired SFTP protocol version. + The actual version will be the minimum of + the desired version and the maximum supported + versions by the SFTP server. +

+

All other options are directly passed to ssh:connect/3 or ignored if a diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl index 0ea2366ac7..721146c509 100644 --- a/lib/ssh/src/ssh_sftp.erl +++ b/lib/ssh/src/ssh_sftp.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2013. All Rights Reserved. +%% Copyright Ericsson AB 2005-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -57,7 +57,8 @@ rep_buf = <<>>, req_id, req_list = [], %% {ReqId, Fun} - inf %% list of fileinf + inf, %% list of fileinf, + opts }). -record(fileinf, @@ -85,10 +86,11 @@ start_channel(Host) when is_list(Host) -> start_channel(Host, []). start_channel(Cm, Opts) when is_pid(Cm) -> Timeout = proplists:get_value(timeout, Opts, infinity), + {_, SftpOpts} = handle_options(Opts, [], []), case ssh_xfer:attach(Cm, []) of {ok, ChannelId, Cm} -> case ssh_channel:start(Cm, ChannelId, - ?MODULE, [Cm, ChannelId, Timeout]) of + ?MODULE, [Cm, ChannelId, SftpOpts]) of {ok, Pid} -> case wait_for_version_negotiation(Pid, Timeout) of ok -> @@ -108,11 +110,12 @@ start_channel(Cm, Opts) when is_pid(Cm) -> start_channel(Host, Opts) -> start_channel(Host, 22, Opts). start_channel(Host, Port, Opts) -> - Timeout = proplists:get_value(timeout, Opts, infinity), - case ssh_xfer:connect(Host, Port, proplists:delete(timeout, Opts)) of + {SshOpts, SftpOpts} = handle_options(Opts, [], []), + Timeout = proplists:get_value(timeout, SftpOpts, infinity), + case ssh_xfer:connect(Host, Port, SshOpts) of {ok, ChannelId, Cm} -> case ssh_channel:start(Cm, ChannelId, ?MODULE, [Cm, - ChannelId, Timeout]) of + ChannelId, SftpOpts]) of {ok, Pid} -> case wait_for_version_negotiation(Pid, Timeout) of ok -> @@ -392,7 +395,8 @@ write_file_loop(Pid, Handle, Pos, Bin, Remain, PacketSz, FileOpTimeout) -> %% %% Description: %%-------------------------------------------------------------------- -init([Cm, ChannelId, Timeout]) -> +init([Cm, ChannelId, Options]) -> + Timeout = proplists:get_value(timeout, Options, infinity), erlang:monitor(process, Cm), case ssh_connection:subsystem(Cm, ChannelId, "sftp", Timeout) of success -> @@ -401,7 +405,8 @@ init([Cm, ChannelId, Timeout]) -> {ok, #state{xf = Xf, req_id = 0, rep_buf = <<>>, - inf = new_inf()}}; + inf = new_inf(), + opts = Options}}; failure -> {stop, "server failed to start sftp subsystem"}; Error -> @@ -707,8 +712,9 @@ handle_ssh_msg({ssh_cm, _, {exit_status, ChannelId, Status}}, State0) -> %% %% Description: Handles channel messages %%-------------------------------------------------------------------- -handle_msg({ssh_channel_up, _, _}, #state{xf = Xf} = State) -> - ssh_xfer:protocol_version_request(Xf), +handle_msg({ssh_channel_up, _, _}, #state{opts = Options, xf = Xf} = State) -> + Version = proplists:get_value(sftp_vsn, Options, ?SSH_SFTP_PROTOCOL_VERSION), + ssh_xfer:protocol_version_request(Xf, Version), {ok, State}; %% Version negotiation timed out @@ -754,6 +760,15 @@ terminate(_Reason, State) -> %%==================================================================== %% Internal functions %%==================================================================== +handle_options([], Sftp, Ssh) -> + {Ssh, Sftp}; +handle_options([{timeout, _} = Opt | Rest], Sftp, Ssh) -> + handle_options(Rest, [Opt | Sftp], Ssh); +handle_options([{sftp_vsn, _} = Opt| Rest], Sftp, Ssh) -> + handle_options(Rest, [Opt | Sftp], Ssh); +handle_options([Opt | Rest], Sftp, Ssh) -> + handle_options(Rest, Sftp, [Opt | Ssh]). + call(Pid, Msg, TimeOut) -> ssh_channel:call(Pid, {{timeout, TimeOut}, Msg}, infinity). diff --git a/lib/ssh/src/ssh_xfer.erl b/lib/ssh/src/ssh_xfer.erl index 63d01fd9de..1881392db8 100644 --- a/lib/ssh/src/ssh_xfer.erl +++ b/lib/ssh/src/ssh_xfer.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2013. All Rights Reserved. +%% Copyright Ericsson AB 2005-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -28,7 +28,7 @@ rename/5, remove/3, mkdir/4, rmdir/3, realpath/3, extended/4, stat/4, fstat/4, lstat/4, setstat/4, readlink/3, fsetstat/4, symlink/4, - protocol_version_request/1, + protocol_version_request/2, xf_reply/2, xf_send_reply/3, xf_send_names/3, xf_send_name/4, xf_send_status/3, xf_send_status/4, xf_send_status/5, @@ -67,8 +67,8 @@ open_xfer(CM, Opts) -> Error end. -protocol_version_request(XF) -> - xf_request(XF, ?SSH_FXP_INIT, <>). +protocol_version_request(XF, Version) -> + xf_request(XF, ?SSH_FXP_INIT, <>). open(XF, ReqID, FileName, Access, Flags, Attrs) -> Vsn = XF#ssh_xfer.vsn, diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 56b1363b7a..4c46a1b1a8 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2013. All Rights Reserved. +%% Copyright Ericsson AB 2005-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -65,7 +65,7 @@ groups() -> [{erlang_server, [], [open_close_file, open_close_dir, read_file, read_dir, write_file, rename_file, mk_rm_dir, remove_file, links, retrieve_attributes, set_attributes, async_read, - async_write, position, pos_read, pos_write]}, + async_write, position, pos_read, pos_write, version_option]}, {openssh_server, [], [open_close_file, open_close_dir, read_file, read_dir, write_file, rename_file, mk_rm_dir, remove_file, links, retrieve_attributes, set_attributes, async_read, @@ -111,6 +111,21 @@ init_per_testcase(sftp_nonexistent_subsystem, Config) -> ]), [{sftpd, Sftpd} | Config]; +init_per_testcase(version_option, Config) -> + prep(Config), + TmpConfig0 = lists:keydelete(watchdog, 1, Config), + TmpConfig = lists:keydelete(sftp, 1, TmpConfig0), + Dog = ct:timetrap(?default_timeout), + {_,Host, Port} = ?config(sftpd, Config), + {ok, ChannelPid, Connection} = + ssh_sftp:start_channel(Host, Port, + [{sftp_vsn, 3}, + {user, ?USER}, + {password, ?PASSWD}, + {user_interaction, false}, + {silently_accept_hosts, true}]), + Sftp = {ChannelPid, Connection}, + [{sftp, Sftp}, {watchdog, Dog} | TmpConfig]; init_per_testcase(Case, Config) -> prep(Config), TmpConfig0 = lists:keydelete(watchdog, 1, Config), @@ -447,6 +462,11 @@ sftp_nonexistent_subsystem(Config) when is_list(Config) -> {silently_accept_hosts, true}]). %%-------------------------------------------------------------------- +version_option() -> + [{doc, "Test API option sftp_vsn"}]. +version_option(Config) when is_list(Config) -> + open_close_dir(Config). +%%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- prep(Config) -> -- cgit v1.2.3 From 61f8ef381882eb0953b1e087d53894b88b356715 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 9 Oct 2014 12:13:01 +0200 Subject: ssh: Prepare for release --- lib/ssh/src/ssh.appup.src | 10 ++++++++++ lib/ssh/vsn.mk | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 1917c95f5a..3cafe2d6be 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,9 +19,19 @@ {"%VSN%", [ + {"3.0.6", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}]}, + {load_module, ssh_xfer, soft_purge, soft_purge, [ssh_connection_handler]}, {<<".*">>, [{restart_application, ssh}]} ], [ + {"3.0.6", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_xfer, soft_purge, soft_purge, [ssh_connection_handler]}]}, {<<".*">>, [{restart_application, ssh}]} ] }. diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 11f30e8d04..866b192101 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.0.6 +SSH_VSN = 3.0.7 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 4e8e9be11bdcf852565fdf3612a6899950ea3f39 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 13 Oct 2014 09:39:01 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 467e2ab27e..3da3ca3ec8 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,38 @@ notes.xml

+
Ssh 3.0.7 + +
Fixed Bugs and Malfunctions + + +

+ Add option sftp_vsn to SFTP

+

+ Own Id: OTP-12227

+ + +
+ + +
Improvements and New Features + + +

+ Fix option user_interaction to work as expected. When + password authentication is implemented with ssh + keyboard-interactive method and the password is already + supplied, so that we do not need to query user, then + connections should succeed even though user_interaction + option is set to false.

+

+ Own Id: OTP-11329 Aux Id: seq12420, seq12335

+ + +
+ +
+
Ssh 3.0.6
Fixed Bugs and Malfunctions -- cgit v1.2.3 From aa53298febf35b45ba28ec925f4cc3cda07d52ee Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 16 Oct 2014 09:19:42 +0200 Subject: ssh: Fixes clause syntax error in ssh.appup.src --- lib/ssh/src/ssh.appup.src | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 3cafe2d6be..42603cc23c 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -22,8 +22,8 @@ {"3.0.6", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}]}, - {load_module, ssh_xfer, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_xfer, soft_purge, soft_purge, [ssh_connection_handler]}]}, {<<".*">>, [{restart_application, ssh}]} ], [ -- cgit v1.2.3 From a4cd7efbbbf174ae283cfac60a8e5492e340e3a6 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 15 Oct 2014 20:33:25 +0200 Subject: ssh: Fix port scanner problems --- lib/ssh/src/ssh_auth.erl | 24 ++++++++++++++++++++++-- lib/ssh/src/ssh_connection_handler.erl | 17 ++++++++++++++++- lib/ssh/src/ssh_message.erl | 5 +++++ 3 files changed, 43 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index b4d406ba8d..45c4d52d7e 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -184,9 +184,8 @@ handle_userauth_request(#ssh_msg_service_request{name = handle_userauth_request(#ssh_msg_userauth_request{user = User, service = "ssh-connection", method = "password", - data = Data}, _, + data = <>}, _, #ssh{opts = Opts} = Ssh) -> - <<_:8, ?UINT32(Sz), BinPwd:Sz/binary>> = Data, Password = unicode:characters_to_list(BinPwd), case check_password(User, Password, Opts) of true -> @@ -199,6 +198,27 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, partial_success = false}, Ssh)} end; +handle_userauth_request(#ssh_msg_userauth_request{user = User, + service = "ssh-connection", + method = "password", + data = <> + }, _, + Ssh) -> + %% Password change without us having sent SSH_MSG_USERAUTH_PASSWD_CHANGEREQ (because we never do) + %% RFC 4252 says: + %% SSH_MSG_USERAUTH_FAILURE without partial success - The password + %% has not been changed. Either password changing was not supported, + %% or the old password was bad. + + {not_authorized, {User, {error,"Password change not supported"}}, + ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ + authentications = "", + partial_success = false}, Ssh)}; + handle_userauth_request(#ssh_msg_userauth_request{user = User, service = "ssh-connection", method = "none"}, _, diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 4fbc5d0ae2..e9d35c4c4c 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -45,7 +45,8 @@ %% gen_fsm callbacks -export([hello/2, kexinit/2, key_exchange/2, new_keys/2, - userauth/2, connected/2]). + userauth/2, connected/2, + error/2]). -export([init/1, handle_event/3, handle_sync_event/4, handle_info/3, terminate/3, format_status/2, code_change/4]). @@ -174,6 +175,13 @@ init([Role, Socket, SshOpts]) -> gen_fsm:enter_loop(?MODULE, [], error, {Error, State0}) end. +%% Temporary fix for the Nessus error. SYN-> <-SYNACK ACK-> RST-> ? +error(_Event, {Error, %%={badmatch,{error,enotconn}}, + State=#state{socket=Socket, + transport_cb=Transport}}) -> + (catch Transport:close(Socket)), + {stop, {shutdown,init,Error}, State}. + %%-------------------------------------------------------------------- -spec open_channel(pid(), string(), iodata(), integer(), integer(), timeout()) -> {open, channel_id()} | {error, term()}. @@ -951,8 +959,14 @@ terminate({shutdown, #ssh_msg_disconnect{} = Msg}, StateName, {SshPacket, Ssh} = ssh_transport:ssh_packet(Msg, Ssh0), send_msg(SshPacket, State), terminate(normal, StateName, State#state{ssh_params = Ssh}); + terminate({shutdown, _}, StateName, State) -> terminate(normal, StateName, State); + +terminate({shutdown,init,Reason}, StateName, State) -> + error_logger:info_report(io_lib:format("Erlang ssh in connection handler init: ~p~n",[Reason])), + terminate(normal, StateName, State); + terminate(Reason, StateName, #state{ssh_params = Ssh0, starter = _Pid, connection_state = Connection} = State) -> terminate_subsytem(Connection), @@ -965,6 +979,7 @@ terminate(Reason, StateName, #state{ssh_params = Ssh0, starter = _Pid, send_msg(SshPacket, State), terminate(normal, StateName, State#state{ssh_params = Ssh}). + terminate_subsytem(#connection{system_supervisor = SysSup, sub_system_supervisor = SubSysSup}) when is_pid(SubSysSup) -> ssh_system_sup:stop_subsystem(SysSup, SubSysSup); diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 891ccec24c..66e7717095 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -505,6 +505,11 @@ erl_boolean(1) -> decode_kex_init(<>, Acc, 0) -> list_to_tuple(lists:reverse([X, erl_boolean(Bool) | Acc])); +decode_kex_init(<>, Acc, 0) -> + %% The mandatory trailing UINT32 is missing. Assume the value it anyhow must have + %% See rfc 4253 7.1 + X = 0, + list_to_tuple(lists:reverse([X, erl_boolean(Bool) | Acc])); decode_kex_init(<>, Acc, N) -> Names = string:tokens(unicode:characters_to_list(Data), ","), decode_kex_init(Rest, [Names | Acc], N -1). -- cgit v1.2.3 From 48083e54b502afb2768066394074d29423162dc8 Mon Sep 17 00:00:00 2001 From: Lukas Larsson Date: Thu, 26 Jun 2014 18:55:47 +0200 Subject: kernel,ssh: Add synchronous user_drv protocol Added a put_chars_sync to the protocol that can be used to talk to user_drv and made group use it. This is needed in order to guarantee that bytes has been pushed to the tty port when doing something like this: io:format("halting\n"),erlang:halt(0). Before this change the halting message could be lost in the message queue of the user_drv process, this is no longer possible. This commit also fixes ssh_cli as that plugs itself in as a user_drv process. OTP-12240 --- lib/ssh/src/ssh_cli.erl | 51 +++++++++++++++++++++++++++++-------------------- 1 file changed, 30 insertions(+), 21 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl index 77453e8fd7..a1abf6c851 100644 --- a/lib/ssh/src/ssh_cli.erl +++ b/lib/ssh/src/ssh_cli.erl @@ -98,7 +98,7 @@ handle_ssh_msg({ssh_cm, ConnectionHandler, Pty = Pty0#ssh_pty{width = Width, height = Height, pixel_width = PixWidth, pixel_height = PixHeight}, - {Chars, NewBuf} = io_request({window_change, Pty0}, Buf, Pty), + {Chars, NewBuf} = io_request({window_change, Pty0}, Buf, Pty, undefined), write_chars(ConnectionHandler, ChannelId, Chars), {ok, State#state{pty = Pty, buf = NewBuf}}; @@ -188,7 +188,7 @@ handle_msg({Group, tty_geometry}, #state{group = Group, handle_msg({Group, Req}, #state{group = Group, buf = Buf, pty = Pty, cm = ConnectionHandler, channel = ChannelId} = State) -> - {Chars, NewBuf} = io_request(Req, Buf, Pty), + {Chars, NewBuf} = io_request(Req, Buf, Pty, Group), write_chars(ConnectionHandler, ChannelId, Chars), {ok, State#state{buf = NewBuf}}; @@ -263,40 +263,49 @@ eval(Error) -> %%% displaying device... %%% We are *not* really unicode aware yet, we just filter away characters %%% beyond the latin1 range. We however handle the unicode binaries... -io_request({window_change, OldTty}, Buf, Tty) -> +io_request({window_change, OldTty}, Buf, Tty, _Group) -> window_change(Tty, OldTty, Buf); -io_request({put_chars, Cs}, Buf, Tty) -> +io_request({put_chars, Cs}, Buf, Tty, _Group) -> put_chars(bin_to_list(Cs), Buf, Tty); -io_request({put_chars, unicode, Cs}, Buf, Tty) -> +io_request({put_chars, unicode, Cs}, Buf, Tty, _Group) -> put_chars(unicode:characters_to_list(Cs,unicode), Buf, Tty); -io_request({insert_chars, Cs}, Buf, Tty) -> +io_request({insert_chars, Cs}, Buf, Tty, _Group) -> insert_chars(bin_to_list(Cs), Buf, Tty); -io_request({insert_chars, unicode, Cs}, Buf, Tty) -> +io_request({insert_chars, unicode, Cs}, Buf, Tty, _Group) -> insert_chars(unicode:characters_to_list(Cs,unicode), Buf, Tty); -io_request({move_rel, N}, Buf, Tty) -> +io_request({move_rel, N}, Buf, Tty, _Group) -> move_rel(N, Buf, Tty); -io_request({delete_chars,N}, Buf, Tty) -> +io_request({delete_chars,N}, Buf, Tty, _Group) -> delete_chars(N, Buf, Tty); -io_request(beep, Buf, _Tty) -> +io_request(beep, Buf, _Tty, _Group) -> {[7], Buf}; %% New in R12 -io_request({get_geometry,columns},Buf,Tty) -> +io_request({get_geometry,columns},Buf,Tty, _Group) -> {ok, Tty#ssh_pty.width, Buf}; -io_request({get_geometry,rows},Buf,Tty) -> +io_request({get_geometry,rows},Buf,Tty, _Group) -> {ok, Tty#ssh_pty.height, Buf}; -io_request({requests,Rs}, Buf, Tty) -> - io_requests(Rs, Buf, Tty, []); -io_request(tty_geometry, Buf, Tty) -> - io_requests([{move_rel, 0}, {put_chars, unicode, [10]}], Buf, Tty, []); +io_request({requests,Rs}, Buf, Tty, Group) -> + io_requests(Rs, Buf, Tty, [], Group); +io_request(tty_geometry, Buf, Tty, Group) -> + io_requests([{move_rel, 0}, {put_chars, unicode, [10]}], + Buf, Tty, [], Group); %{[], Buf}; -io_request(_R, Buf, _Tty) -> + +%% New in 18 +io_request({put_chars_sync, Class, Cs, Reply}, Buf, Tty, Group) -> + %% We handle these asynchronous for now, if we need output guarantees + %% we have to handle these synchronously + Group ! {reply, Reply}, + io_request({put_chars, Class, Cs}, Buf, Tty, Group); + +io_request(_R, Buf, _Tty, _Group) -> {[], Buf}. -io_requests([R|Rs], Buf, Tty, Acc) -> - {Chars, NewBuf} = io_request(R, Buf, Tty), - io_requests(Rs, NewBuf, Tty, [Acc|Chars]); -io_requests([], Buf, _Tty, Acc) -> +io_requests([R|Rs], Buf, Tty, Acc, Group) -> + {Chars, NewBuf} = io_request(R, Buf, Tty, Group), + io_requests(Rs, NewBuf, Tty, [Acc|Chars], Group); +io_requests([], Buf, _Tty, Acc, _Group) -> {Acc, Buf}. %%% return commands for cursor navigation, assume everything is ansi -- cgit v1.2.3 From 545a85827e65c9939b701a87b60adf7a58c373fa Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 17 Oct 2014 11:49:38 +0200 Subject: ssh: reduce amount of printouts --- lib/ssh/src/ssh_connection_handler.erl | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index e9d35c4c4c..678ec89e44 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -176,11 +176,18 @@ init([Role, Socket, SshOpts]) -> end. %% Temporary fix for the Nessus error. SYN-> <-SYNACK ACK-> RST-> ? -error(_Event, {Error, %%={badmatch,{error,enotconn}}, - State=#state{socket=Socket, - transport_cb=Transport}}) -> - (catch Transport:close(Socket)), - {stop, {shutdown,init,Error}, State}. +error(_Event, {Error,State=#state{}}) -> + case Error of + {badmatch,{error,enotconn}} -> + %% {error,enotconn} probably from inet:peername in + %% init_ssh(server,..)/5 called from init/1 + {stop, {shutdown,"TCP connenction to server was prematurely closed by the client"}, State}; + _ -> + {stop, {shutdown,{init,Error}}, State} + end; +error(Event, State) -> + %% State deliberately not checked beeing #state. This is a panic-clause... + {stop, {shutdown,{init,{spurious_error,Event}}}, State}. %%-------------------------------------------------------------------- -spec open_channel(pid(), string(), iodata(), integer(), integer(), @@ -944,6 +951,10 @@ terminate(normal, _, #state{transport_cb = Transport, (catch Transport:close(Socket)), ok; +terminate({shutdown,{init,Reason}}, StateName, State) -> + error_logger:info_report(io_lib:format("Erlang ssh in connection handler init: ~p~n",[Reason])), + terminate(normal, StateName, State); + %% Terminated by supervisor terminate(shutdown, StateName, #state{ssh_params = Ssh0} = State) -> DisconnectMsg = @@ -963,10 +974,6 @@ terminate({shutdown, #ssh_msg_disconnect{} = Msg}, StateName, terminate({shutdown, _}, StateName, State) -> terminate(normal, StateName, State); -terminate({shutdown,init,Reason}, StateName, State) -> - error_logger:info_report(io_lib:format("Erlang ssh in connection handler init: ~p~n",[Reason])), - terminate(normal, StateName, State); - terminate(Reason, StateName, #state{ssh_params = Ssh0, starter = _Pid, connection_state = Connection} = State) -> terminate_subsytem(Connection), -- cgit v1.2.3 From 6351f65ae896274c7ff1cc62561a20b7c37b324c Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 17 Oct 2014 09:53:02 +0200 Subject: ssh: Gracefully handle bad handshake messages --- lib/ssh/src/ssh_connection.erl | 2 +- lib/ssh/src/ssh_connection_handler.erl | 48 ++++++++++++++++++++++++---------- 2 files changed, 35 insertions(+), 15 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index 33849f4527..83bfad7900 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 678ec89e44..c2413e0503 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -565,7 +565,7 @@ connected({#ssh_msg_kexinit{}, _Payload} = Event, State) -> %%-------------------------------------------------------------------- handle_event(#ssh_msg_disconnect{description = Desc} = DisconnectMsg, _StateName, #state{} = State) -> - handle_disconnect(DisconnectMsg, State), + handle_disconnect(peer, DisconnectMsg, State), {stop, {shutdown, Desc}, State}; handle_event(#ssh_msg_ignore{}, StateName, State) -> @@ -1280,13 +1280,23 @@ generate_event(<> = Msg, StateName, generate_event(Msg, StateName, State0, EncData) -> Event = ssh_message:decode(Msg), State = generate_event_new_state(State0, EncData), - case Event of - #ssh_msg_kexinit{} -> - %% We need payload for verification later. - event({Event, Msg}, StateName, State); - _ -> - event(Event, StateName, State) - end. + try + case Event of + #ssh_msg_kexinit{} -> + %% We need payload for verification later. + event({Event, Msg}, StateName, State); + _ -> + event(Event, StateName, State) + end + catch + _:_ -> + DisconnectMsg = + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Encountered unexpected input", + language = "en"}, + handle_disconnect(DisconnectMsg, State) + end. + handle_request(ChannelPid, ChannelId, Type, Data, WantReply, From, @@ -1464,17 +1474,27 @@ handle_ssh_packet(Length, StateName, #state{decoded_data_buffer = DecData0, handle_disconnect(DisconnectMsg, State0) end. -handle_disconnect(#ssh_msg_disconnect{description = Desc} = Msg, #state{connection_state = Connection0, - role = Role} = State0) -> +handle_disconnect(DisconnectMsg, State) -> + handle_disconnect(own, DisconnectMsg, State). + +handle_disconnect(#ssh_msg_disconnect{} = DisconnectMsg, State, Error) -> + handle_disconnect(own, DisconnectMsg, State, Error); +handle_disconnect(Type, #ssh_msg_disconnect{description = Desc} = Msg, #state{connection_state = Connection0, role = Role} = State0) -> {disconnect, _, {{replies, Replies}, Connection}} = ssh_connection:handle_msg(Msg, Connection0, Role), - State = send_replies(Replies, State0), + State = send_replies(disconnect_replies(Type, Msg, Replies), State0), {stop, {shutdown, Desc}, State#state{connection_state = Connection}}. -handle_disconnect(#ssh_msg_disconnect{description = Desc} = Msg, #state{connection_state = Connection0, - role = Role} = State0, ErrorMsg) -> + +handle_disconnect(Type, #ssh_msg_disconnect{description = Desc} = Msg, #state{connection_state = Connection0, + role = Role} = State0, ErrorMsg) -> {disconnect, _, {{replies, Replies}, Connection}} = ssh_connection:handle_msg(Msg, Connection0, Role), - State = send_replies(Replies, State0), + State = send_replies(disconnect_replies(Type, Msg, Replies), State0), {stop, {shutdown, {Desc, ErrorMsg}}, State#state{connection_state = Connection}}. +disconnect_replies(own, Msg, Replies) -> + [{connection_reply, Msg} | Replies]; +disconnect_replies(peer, _, Replies) -> + Replies. + counterpart_versions(NumVsn, StrVsn, #ssh{role = server} = Ssh) -> Ssh#ssh{c_vsn = NumVsn , c_version = StrVsn}; counterpart_versions(NumVsn, StrVsn, #ssh{role = client} = Ssh) -> -- cgit v1.2.3 From c07fd2c3fdc14a9ccf33b604b397e581b4d52893 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 21 Oct 2014 16:59:11 +0200 Subject: ssh: simple info function (ssh_info:print/0). --- lib/ssh/src/Makefile | 1 + lib/ssh/src/ssh_acceptor.erl | 3 +- lib/ssh/src/ssh_channel.erl | 14 +++- lib/ssh/src/ssh_connection_handler.erl | 25 +++++- lib/ssh/src/ssh_info.erl | 144 +++++++++++++++++++++++++++++++++ 5 files changed, 183 insertions(+), 4 deletions(-) create mode 100644 lib/ssh/src/ssh_info.erl (limited to 'lib/ssh') diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile index 2ef2859fd7..04ce750371 100644 --- a/lib/ssh/src/Makefile +++ b/lib/ssh/src/Makefile @@ -65,6 +65,7 @@ MODULES= \ ssh_cli \ ssh_file \ ssh_io \ + ssh_info \ ssh_math \ ssh_message \ ssh_no_io \ diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index 7302196674..2645bee3f6 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -22,7 +22,8 @@ -module(ssh_acceptor). %% Internal application API --export([start_link/5]). +-export([start_link/5, + number_of_connections/1]). %% spawn export -export([acceptor_init/6, acceptor_loop/6]). diff --git a/lib/ssh/src/ssh_channel.erl b/lib/ssh/src/ssh_channel.erl index 508ae637cf..5c24f362b1 100644 --- a/lib/ssh/src/ssh_channel.erl +++ b/lib/ssh/src/ssh_channel.erl @@ -67,7 +67,8 @@ %% Internal application API -export([cache_create/0, cache_lookup/2, cache_update/2, cache_delete/1, cache_delete/2, cache_foldl/3, - cache_find/2]). + cache_find/2, + get_print_info/1]). -record(state, { cm, @@ -190,6 +191,14 @@ init([Options]) -> %% {stop, Reason, State} %% Description: Handling call messages %%-------------------------------------------------------------------- +handle_call(get_print_info, _From, State) -> + Reply = + {{State#state.cm, + State#state.channel_id}, + io_lib:format('CB=~p',[State#state.channel_cb]) + }, + {reply, Reply, State}; + handle_call(Request, From, #state{channel_cb = Module, channel_state = ChannelState} = State) -> try Module:handle_call(Request, From, ChannelState) of @@ -333,6 +342,9 @@ cache_find(ChannelPid, Cache) -> Channel end. +get_print_info(Pid) -> + call(Pid, get_print_info, 1000). + %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index c2413e0503..bb86b719bc 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -41,7 +41,8 @@ global_request/4, send/5, send_eof/2, info/1, info/2, connection_info/2, channel_info/3, adjust_window/3, close/2, stop/1, renegotiate/1, renegotiate_data/1, - start_connection/4]). + start_connection/4, + get_print_info/1]). %% gen_fsm callbacks -export([hello/2, kexinit/2, key_exchange/2, new_keys/2, @@ -255,6 +256,9 @@ send_eof(ConnectionHandler, ChannelId) -> %%-------------------------------------------------------------------- -spec connection_info(pid(), [atom()]) -> proplists:proplist(). %%-------------------------------------------------------------------- +get_print_info(ConnectionHandler) -> + sync_send_all_state_event(ConnectionHandler, get_print_info, 1000). + connection_info(ConnectionHandler, Options) -> sync_send_all_state_event(ConnectionHandler, {connection_info, Options}). @@ -773,6 +777,20 @@ handle_sync_event({recv_window, ChannelId}, _From, StateName, end, {reply, Reply, StateName, next_packet(State)}; +handle_sync_event(get_print_info, _From, StateName, State) -> + Reply = + try + {inet:sockname(State#state.socket), + inet:peername(State#state.socket) + } + of + {{ok,Local}, {ok,Remote}} -> {{Local,Remote},io_lib:format("statename=~p",[StateName])}; + _ -> {{"-",0},"-"} + catch + _:_ -> {{"?",0},"?"} + end, + {reply, Reply, StateName, State}; + handle_sync_event({connection_info, Options}, _From, StateName, State) -> Info = ssh_info(Options, State, []), {reply, Info, StateName, State}; @@ -1183,7 +1201,10 @@ send_all_state_event(FsmPid, Event) -> gen_fsm:send_all_state_event(FsmPid, Event). sync_send_all_state_event(FsmPid, Event) -> - try gen_fsm:sync_send_all_state_event(FsmPid, Event, infinity) + sync_send_all_state_event(FsmPid, Event, infinity). + +sync_send_all_state_event(FsmPid, Event, Timeout) -> + try gen_fsm:sync_send_all_state_event(FsmPid, Event, Timeout) catch exit:{noproc, _} -> {error, closed}; diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl new file mode 100644 index 0000000000..073a9c7d28 --- /dev/null +++ b/lib/ssh/src/ssh_info.erl @@ -0,0 +1,144 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2014. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% +%%---------------------------------------------------------------------- +%% Purpose: Print some info of a running ssh aplication. +%%---------------------------------------------------------------------- + +-module(ssh_info). + +-compile(export_all). + +print() -> + try supervisor:which_children(ssh_sup) + of + _ -> + io:nl(), + print_general(), + io:nl(), + underline("Client part", $=), + print_clients(), + io:nl(), + underline("Server part", $=), + print_servers(), + %% case os:type() of + %% {unix,_} -> + %% io:nl(), + %% underline("Linux part", $=), + %% underline("Listening"), + %% catch io:format(os:cmd("netstat -tpln")), + %% io:nl(), + %% underline("Other"), + %% catch io:format(os:cmd("netstat -tpn")); + %% _ -> ok + %% end, + ok + catch + _:_ -> + io:format("Ssh not found~n",[]) + end. + +%%%================================================================ +print_general() -> + {_Name, Slogan, Ver} = lists:keyfind(ssh,1,application:which_applications()), + underline(io_lib:format("~s ~s", [Slogan, Ver]), $=), + io:format('This printout is generated ~s. ~n',[datetime()]). + +%%%================================================================ +print_clients() -> + try + lists:foreach(fun print_client/1, supervisor:which_children(sshc_sup)) + catch + C:E -> + io:format('***FAILED: ~p:~p~n',[C,E]) + end. + +print_client({undefined,Pid,supervisor,[ssh_connection_handler]}) -> + {{Local,Remote},_Str} = ssh_connection_handler:get_print_info(Pid), + io:format(" Local=~s Remote=~s~n",[fmt_host_port(Local),fmt_host_port(Remote)]); +print_client(Other) -> + io:format(" [[Other 1: ~p]]~n",[Other]). + + +%%%================================================================ +print_servers() -> + try + lists:foreach(fun print_server/1, supervisor:which_children(sshd_sup)) + catch + C:E -> + io:format('***FAILED: ~p:~p~n',[C,E]) + end. + +print_server({{server,ssh_system_sup,LocalHost,LocalPort},Pid,supervisor,[ssh_system_sup]}) when is_pid(Pid) -> + io:format('Local=~s (~p children)~n',[fmt_host_port({LocalHost,LocalPort}), + ssh_acceptor:number_of_connections(Pid)]), + lists:foreach(fun print_system_sup/1, supervisor:which_children(Pid)); +print_server(Other) -> + io:format(" [[Other 2: ~p]]~n",[Other]). + +print_system_sup({Ref,Pid,supervisor,[ssh_subsystem_sup]}) when is_reference(Ref), + is_pid(Pid) -> + lists:foreach(fun print_channels/1, supervisor:which_children(Pid)); +print_system_sup({{ssh_acceptor_sup,LocalHost,LocalPort}, Pid,supervisor, [ssh_acceptor_sup]}) when is_pid(Pid) -> + io:format(" [Acceptor for ~s]~n",[fmt_host_port({LocalHost,LocalPort})]); +print_system_sup(Other) -> + io:format(" [[Other 3: ~p]]~n",[Other]). + +print_channels({{server,ssh_channel_sup,_,_},Pid,supervisor,[ssh_channel_sup]}) when is_pid(Pid) -> + lists:foreach(fun print_channel/1, supervisor:which_children(Pid)); +print_channels(Other) -> + io:format(" [[Other 4: ~p]]~n",[Other]). + + +print_channel({Ref,Pid,worker,[ssh_channel]}) when is_reference(Ref), + is_pid(Pid) -> + {{ConnManager,ChannelID}, Str} = ssh_channel:get_print_info(Pid), + {{Local,Remote},StrM} = ssh_connection_handler:get_print_info(ConnManager), + io:format(' ch ~p: ~s ~s',[ChannelID, StrM, Str]), + io:format(" Local=~s Remote=~s~n",[fmt_host_port(Local),fmt_host_port(Remote)]); +print_channel(Other) -> + io:format(" [[Other 5: ~p]]~n",[Other]). + +%%%================================================================ +underline(Str) -> + underline(Str, $-). + +underline(Str, LineChar) -> + Len = lists:flatlength(Str), + io:format('~s~n',[Str]), + line(Len,LineChar). + +line(Len, Char) -> + io:format('~*c~n', [Len,Char]). + + +datetime() -> + {{YYYY,MM,DD}, {H,M,S}} = calendar:now_to_universal_time(now()), + lists:flatten(io_lib:format('~4w-~2..0w-~2..0w ~2..0w:~2..0w:~2..0w UTC',[YYYY,MM,DD, H,M,S])). + + +fmt_host_port({{A,B,C,D},Port}) -> io_lib:format('~p.~p.~p.~p:~p',[A,B,C,D,Port]); +fmt_host_port({Host,Port}) -> io_lib:format('~s:~p',[Host,Port]). + + + +nyi() -> + io:format('Not yet implemented~n',[]), + nyi. -- cgit v1.2.3 From adaab47c48627ae3971cdefca93d1acb3a1605de Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 21 Oct 2014 17:46:06 +0200 Subject: ssh: avoid terminated but not deleted children to be counted. --- lib/ssh/src/ssh_acceptor.erl | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index 2645bee3f6..6c443eeb9c 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -141,5 +141,6 @@ handle_error(Reason) -> number_of_connections(SystemSup) -> length([X || {R,X,supervisor,[ssh_subsystem_sup]} <- supervisor:which_children(SystemSup), + is_pid(X), is_reference(R) ]). -- cgit v1.2.3 From 9fa393fc78ab769963f804b10c3abf0b4c4f21b7 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 21 Oct 2014 17:55:07 +0200 Subject: ssh: prepare for release --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 866b192101..68544c1d0e 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.0.7 +SSH_VSN = 3.0.8 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 488c1445622709031ec0963657a5821a36c159de Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 23 Sep 2014 18:20:58 +0200 Subject: ssh: Add ptty_alloc/[2,3] --- lib/ssh/doc/src/ssh_connection.xml | 59 +++++++++++++++++++++++++++---- lib/ssh/src/ssh_connect.hrl | 4 +++ lib/ssh/src/ssh_connection.erl | 72 +++++++++++++++++++++++++++----------- 3 files changed, 107 insertions(+), 28 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_connection.xml b/lib/ssh/doc/src/ssh_connection.xml index 72e7252536..ff72cf7ee0 100644 --- a/lib/ssh/doc/src/ssh_connection.xml +++ b/lib/ssh/doc/src/ssh_connection.xml @@ -5,7 +5,7 @@
2008 - 2013 + 2014 Ericsson AB, All Rights Reserved @@ -137,7 +137,7 @@ A pseudo-terminal has been requested for the @@ -148,11 +148,11 @@ drawable area of the window. The Opcode in the TerminalModes list is the mnemonic name, represented as an lowercase erlang atom, defined in - RFC 4254 section 8, - or the opcode if the mnemonic name is not listed in the + RFC 4254 section 8. + It may also be an opcode if the mnemonic name is not listed in the RFC. Example OP code: 53, mnemonic name ECHO erlang atom: - echo. There is currently no API function to generate this - event. + echo.This event is sent as result of calling ssh_connection:ptty_alloc/4 This message will request that the user's default shell @@ -273,7 +273,52 @@ - + + ptty_alloc(ConnectionRef, ChannelId, Options, Timeout) -> success | failure + Send status replies to requests that want such replies. + + ConnectionRef = ssh_connection_ref() + ChannelId = ssh_channel_id() + Options = proplists:proplist() + + +

Sends a SSH Connection Protocol pty_req, to allocate a pseudo tty. + Should be called by a SSH client process. + Options are: +

+ + + {term, string()} + + Defaults to os:getenv("TERM") or "vt100" if it is undefined. + + {width, integer()} + + Defaults to 80 if pixel_width is not defined. + + {height, integer()} + + Defaults to 24 if pixel_height is not defined. + + {pixel_width, integer()} + + Is disregarded if width is defined. + + {pixel_height, integer()} + + Is disregarded if height is defined. + + {pty_opts, [{posix_atom(), integer()}]} + + Option may be an empty list, otherwise + see possible POSIX names in section 8 in RFC 4254. + + + + + + + reply_request(ConnectionRef, WantReply, Status, ChannelId) -> ok Send status replies to requests that want such replies. diff --git a/lib/ssh/src/ssh_connect.hrl b/lib/ssh/src/ssh_connect.hrl index 9307dbbad0..d14f7ce27d 100644 --- a/lib/ssh/src/ssh_connect.hrl +++ b/lib/ssh/src/ssh_connect.hrl @@ -165,6 +165,10 @@ recipient_channel }). +-define(TERMINAL_WIDTH, 80). +-define(TERMINAL_HEIGHT, 24). +-define(DEFAULT_TERMINAL, "vt100"). + -define(TTY_OP_END,0). %% Indicates end of options. -define(VINTR,1). %% Interrupt character; 255 if none. Similarly for the %% other characters. Not all of these characters are diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index 87f37b93ef..593443e11c 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -32,11 +32,11 @@ %% API -export([session_channel/2, session_channel/4, exec/4, shell/2, subsystem/4, send/3, send/4, send/5, - send_eof/2, adjust_window/3, setenv/5, close/2, reply_request/4]). + send_eof/2, adjust_window/3, setenv/5, close/2, reply_request/4, + ptty_alloc/3, ptty_alloc/4]). %% Potential API currently unsupported and not tested --export([open_pty/3, open_pty/7, - open_pty/9, window_change/4, window_change/6, +-export([window_change/4, window_change/6, direct_tcpip/6, direct_tcpip/8, tcpip_forward/3, cancel_tcpip_forward/3, signal/3, exit_status/3]). @@ -189,6 +189,25 @@ reply_request(_,false, _, _) -> ok. %%-------------------------------------------------------------------- +-spec ptty_alloc(pid(), channel_id(), proplists:proplist()) -> success | failiure. +%% +%% +%% Description: Sends a ssh connection protocol pty_req. +%%-------------------------------------------------------------------- +ptty_alloc(ConnectionHandler, Channel, Options) -> + ptty_alloc(ConnectionHandler, Channel, Options, infinity). +ptty_alloc(ConnectionHandler, Channel, Options, TimeOut) -> + {Width, PixWidth} = pty_default_dimensions(width, Options), + {Hight, PixHight} = pty_default_dimensions(hight, Options), + pty_req(ConnectionHandler, Channel, + proplists:get_value(term, Options, default_term()), + proplists:get_value(width, Options, Width), + proplists:get_value(hight, Options, Hight), + proplists:get_value(pixel_widh, Options, PixWidth), + proplists:get_value(pixel_hight, Options, PixHight), + proplists:get_value(pty_opts, Options, []), TimeOut + ). +%%-------------------------------------------------------------------- %% Not yet officialy supported! The following functions are part of the %% initial contributed ssh application. They are untested. Do we want them? %% Should they be documented and tested? @@ -211,23 +230,6 @@ exit_status(ConnectionHandler, Channel, Status) -> ssh_connection_handler:request(ConnectionHandler, Channel, "exit-status", false, [?uint32(Status)], 0). -open_pty(ConnectionHandler, Channel, TimeOut) -> - open_pty(ConnectionHandler, Channel, - os:getenv("TERM"), 80, 24, [], TimeOut). - -open_pty(ConnectionHandler, Channel, Term, Width, Height, PtyOpts, TimeOut) -> - open_pty(ConnectionHandler, Channel, Term, Width, - Height, 0, 0, PtyOpts, TimeOut). - -open_pty(ConnectionHandler, Channel, Term, Width, Height, - PixWidth, PixHeight, PtyOpts, TimeOut) -> - ssh_connection_handler:request(ConnectionHandler, - Channel, "pty-req", true, - [?string(Term), - ?uint32(Width), ?uint32(Height), - ?uint32(PixWidth),?uint32(PixHeight), - encode_pty_opts(PtyOpts)], TimeOut). - direct_tcpip(ConnectionHandler, RemoteHost, RemotePort, OrigIP, OrigPort, Timeout) -> direct_tcpip(ConnectionHandler, RemoteHost, RemotePort, OrigIP, OrigPort, @@ -1080,6 +1082,27 @@ flow_control([_|_], #channel{flow_control = From, flow_control(_,_,_) -> []. +pty_req(ConnectionHandler, Channel, Term, Width, Height, + PixWidth, PixHeight, PtyOpts, TimeOut) -> + ssh_connection_handler:request(ConnectionHandler, + Channel, "pty-req", true, + [?string(Term), + ?uint32(Width), ?uint32(Height), + ?uint32(PixWidth),?uint32(PixHeight), + encode_pty_opts(PtyOpts)], TimeOut). + +pty_default_dimensions(Dimension, Options) -> + case proplists:get_value(Dimension, Options, 0) of + N when is_integer(N), N > 0 -> + {N, 0}; + _ -> + case proplists:get_value(list_to_atom("pixel_" ++ atom_to_list(Dimension)), Options, 0) of + N when is_integer(N), N > 0 -> + {0, N}; + _ -> + {?TERMINAL_WIDTH, 0} + end + end. encode_pty_opts(Opts) -> Bin = list_to_binary(encode_pty_opts2(Opts)), @@ -1277,3 +1300,10 @@ decode_ip(Addr) when is_binary(Addr) -> {ok,A} -> A end. +default_term() -> + case os:getenv("TERM") of + false -> + ?DEFAULT_TERMINAL; + Str when is_list(Str)-> + Str + end. -- cgit v1.2.3 From a5e436a9d8ec8a6fcaf19858749e290666a3b33c Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 20 Oct 2014 11:38:41 +0200 Subject: ssh: Add pty_alloc request to ssh:shell/[1,2,3] --- lib/ssh/src/ssh.erl | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index de047d3c83..eae33e3683 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -194,6 +194,7 @@ shell(Host, Port, Options) -> {ok, ConnectionRef} -> case ssh_connection:session_channel(ConnectionRef, infinity) of {ok,ChannelId} -> + success = ssh_connection:ptty_alloc(ConnectionRef, ChannelId, []), Args = [{channel_cb, ssh_shell}, {init_args,[ConnectionRef, ChannelId]}, {cm, ConnectionRef}, {channel_id, ChannelId}], -- cgit v1.2.3 From 812f99c991409dc97b7d3ab0ef85220e61e2fca5 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 22 Oct 2014 19:09:13 +0200 Subject: ssh: Print supervisor tree (on demand). --- lib/ssh/src/ssh_info.erl | 51 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl index 073a9c7d28..9ed598b3ab 100644 --- a/lib/ssh/src/ssh_info.erl +++ b/lib/ssh/src/ssh_info.erl @@ -38,6 +38,7 @@ print() -> io:nl(), underline("Server part", $=), print_servers(), + io:nl(), %% case os:type() of %% {unix,_} -> %% io:nl(), @@ -49,7 +50,9 @@ print() -> %% catch io:format(os:cmd("netstat -tpn")); %% _ -> ok %% end, - ok + underline("Supervisors", $=), + walk_sups(ssh_sup), + io:nl() catch _:_ -> io:format("Ssh not found~n",[]) @@ -116,6 +119,52 @@ print_channel({Ref,Pid,worker,[ssh_channel]}) when is_reference(Ref), print_channel(Other) -> io:format(" [[Other 5: ~p]]~n",[Other]). +%%%================================================================ +-define(inc(N), (N+4)). + +walk_sups(StartPid) -> + io:format("Start at ~p, ~s.~n",[StartPid,dead_or_alive(StartPid)]), + walk_sups(children(StartPid), _Indent=?inc(0)). + +walk_sups([H={_,Pid,SupOrWorker,_}|T], Indent) -> + indent(Indent), io:format('~200p ~p is ~s~n',[H,Pid,dead_or_alive(Pid)]), + case SupOrWorker of + supervisor -> walk_sups(children(Pid), ?inc(Indent)); + _ -> ok + end, + walk_sups(T, Indent); +walk_sups([], _) -> + ok. + +dead_or_alive(Name) when is_atom(Name) -> + case whereis(Name) of + undefined -> + "**UNDEFINED**"; + Pid -> + dead_or_alive(Pid) + end; +dead_or_alive(Pid) when is_pid(Pid) -> + case process_info(Pid) of + undefined -> "**DEAD**"; + _ -> "alive" + end. + +indent(I) -> io:format('~*c',[I,$ ]). + +children(Pid) -> + Parent = self(), + Helper = spawn(fun() -> + Parent ! {self(),supervisor:which_children(Pid)} + end), + receive + {Helper,L} when is_list(L) -> + L + after + 2000 -> + catch exit(Helper, kill), + [] + end. + %%%================================================================ underline(Str) -> underline(Str, $-). -- cgit v1.2.3 From 6fa193984c0d6e64088f10c1384f7ab28bb4d8c3 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 22 Oct 2014 19:10:03 +0200 Subject: ssh: remove supervisors for crashed connection worker --- lib/ssh/src/ssh_connection_handler.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index bb86b719bc..fa107be1b1 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -173,7 +173,7 @@ init([Role, Socket, SshOpts]) -> State#state{ssh_params = Ssh}) catch _:Error -> - gen_fsm:enter_loop(?MODULE, [], error, {Error, State0}) + gen_fsm:enter_loop(?MODULE, [], error, {Error, State}) end. %% Temporary fix for the Nessus error. SYN-> <-SYNACK ACK-> RST-> ? -- cgit v1.2.3 From e72611ed091d7f99fd63d8af06b82c723c7b2f77 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 22 Oct 2014 19:32:27 +0200 Subject: ssh: fix .app and .appup errors --- lib/ssh/src/ssh.app.src | 1 + lib/ssh/src/ssh.appup.src | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.app.src b/lib/ssh/src/ssh.app.src index e0a51b3574..4ad55b34ca 100644 --- a/lib/ssh/src/ssh.app.src +++ b/lib/ssh/src/ssh.app.src @@ -23,6 +23,7 @@ sshd_sup, ssh_file, ssh_io, + ssh_info, ssh_math, ssh_no_io, ssh_server_key_api, diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 3cafe2d6be..42603cc23c 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -22,8 +22,8 @@ {"3.0.6", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}]}, - {load_module, ssh_xfer, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_xfer, soft_purge, soft_purge, [ssh_connection_handler]}]}, {<<".*">>, [{restart_application, ssh}]} ], [ -- cgit v1.2.3 From e16b4ca3adbfddff9dc6e862419167081438139a Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 15 Oct 2014 12:19:06 +0200 Subject: ssh: Corrected appup --- lib/ssh/src/ssh.appup.src | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 42603cc23c..0808f1a028 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,6 +19,11 @@ {"%VSN%", [ + {"3.0.7", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_xfer, soft_purge, soft_purge, [ssh_connection_handler]}]}, {"3.0.6", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, @@ -27,6 +32,11 @@ {<<".*">>, [{restart_application, ssh}]} ], [ + {"3.0.7", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_xfer, soft_purge, soft_purge, [ssh_connection_handler]}]}, {"3.0.6", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, -- cgit v1.2.3 From b7f24722a7346ae48b2d8d7a29dea9d381e669b7 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 23 Oct 2014 10:11:51 +0200 Subject: ssh: fix ssh.appup.src. --- lib/ssh/src/ssh.appup.src | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 0808f1a028..600c01454c 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -20,11 +20,21 @@ {"%VSN%", [ {"3.0.7", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_acceptor, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_channel, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_connection, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, + {load_module, ssh_info, soft_purge, soft_purge, []}, {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_xfer, soft_purge, soft_purge, [ssh_connection_handler]}]}, {"3.0.6", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_acceptor, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_channel, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_connection, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, + {load_module, ssh_info, soft_purge, soft_purge, []}, {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}, @@ -33,11 +43,21 @@ ], [ {"3.0.7", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_acceptor, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_channel, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_connection, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, + {load_module, ssh_info, soft_purge, soft_purge, []}, {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_xfer, soft_purge, soft_purge, [ssh_connection_handler]}]}, {"3.0.6", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_acceptor, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_channel, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_connection, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, + {load_module, ssh_info, soft_purge, soft_purge, []}, {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}, -- cgit v1.2.3 From 96ae4388211d61b28608f7c31e40d67d1287cc2e Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Thu, 23 Oct 2014 10:53:11 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 3da3ca3ec8..f3db05192e 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,21 @@ notes.xml
+
Ssh 3.0.8 + +
Fixed Bugs and Malfunctions + + +

+ Fixes of login blocking after port scanning.

+

+ Own Id: OTP-12247 Aux Id: seq12726

+ + +
+ +
+
Ssh 3.0.7
Fixed Bugs and Malfunctions -- cgit v1.2.3 From c854951a2bae920f4c1e4fd4073bc2ac69d5a3a9 Mon Sep 17 00:00:00 2001 From: Simon Cornish Date: Fri, 24 Oct 2014 22:58:24 -0700 Subject: Fix ssh_sftp:start_channel timeout The {timeout, Timeout} option passed to ssh_sftp:start_channel is not applied to the early phases of the SSH protocol. For example, if the remote server fails to respond after the "hello" then the call will hang for as long as the server keeps the TCP connection alive. This patch passes the Timeout through to ssh:connect. In case the timeout occurs during these phases, {error, timeout} is returned. --- lib/ssh/src/ssh_sftp.erl | 2 +- lib/ssh/src/ssh_xfer.erl | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl index 721146c509..12479e9121 100644 --- a/lib/ssh/src/ssh_sftp.erl +++ b/lib/ssh/src/ssh_sftp.erl @@ -112,7 +112,7 @@ start_channel(Host, Opts) -> start_channel(Host, Port, Opts) -> {SshOpts, SftpOpts} = handle_options(Opts, [], []), Timeout = proplists:get_value(timeout, SftpOpts, infinity), - case ssh_xfer:connect(Host, Port, SshOpts) of + case ssh_xfer:connect(Host, Port, SshOpts, Timeout) of {ok, ChannelId, Cm} -> case ssh_channel:start(Cm, ChannelId, ?MODULE, [Cm, ChannelId, SftpOpts]) of diff --git a/lib/ssh/src/ssh_xfer.erl b/lib/ssh/src/ssh_xfer.erl index 1881392db8..2743b704f1 100644 --- a/lib/ssh/src/ssh_xfer.erl +++ b/lib/ssh/src/ssh_xfer.erl @@ -23,7 +23,7 @@ -module(ssh_xfer). --export([attach/2, connect/3]). +-export([attach/2, connect/3, connect/4]). -export([open/6, opendir/3, readdir/3, close/3, read/5, write/5, rename/5, remove/3, mkdir/4, rmdir/3, realpath/3, extended/4, stat/4, fstat/4, lstat/4, setstat/4, @@ -58,6 +58,13 @@ connect(Host, Port, Opts) -> Error -> Error end. +connect(Host, Port, Opts, Timeout) -> + case ssh:connect(Host, Port, Opts, Timeout) of + {ok, CM} -> open_xfer(CM, [{timeout, Timeout}|Opts]); + {error, Timeout} -> {error, timeout}; + Error -> Error + end. + open_xfer(CM, Opts) -> TMO = proplists:get_value(timeout, Opts, infinity), case ssh_connection:session_channel(CM, ?XFER_WINDOW_SIZE, ?XFER_PACKET_SIZE, TMO) of -- cgit v1.2.3 From 1629794d4e120d94e360bb2d58485d8d8e1688ed Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 20 Oct 2014 15:31:06 +0200 Subject: ssh: Add basic ptty_alloc tests --- lib/ssh/test/ssh_connection_SUITE.erl | 66 +++++++++++++++++++++++++++++++---- lib/ssh/test/ssh_to_openssh_SUITE.erl | 45 +++++++++++++++--------- 2 files changed, 88 insertions(+), 23 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 3c537d719c..553d0f5720 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -36,7 +36,7 @@ all() -> [ - {group, openssh_payload}, + {group, openssh}, start_subsystem_on_closed_channel, interrupted_send, start_shell, @@ -49,11 +49,19 @@ all() -> stop_listener ]. groups() -> - [{openssh_payload, [], [simple_exec, - small_cat, - big_cat, - send_after_exit - ]}]. + [{openssh, [], payload() ++ ptty()}]. + +payload() -> + [simple_exec, + small_cat, + big_cat, + send_after_exit]. + +ptty() -> + [ptty_alloc_default, + ptty_alloc, + ptty_alloc_pixel]. + %%-------------------------------------------------------------------- init_per_suite(Config) -> case catch crypto:start() of @@ -67,7 +75,7 @@ end_per_suite(_Config) -> crypto:stop(). %%-------------------------------------------------------------------- -init_per_group(openssh_payload, _Config) -> +init_per_group(openssh, _Config) -> case gen_tcp:connect("localhost", 22, []) of {error,econnrefused} -> {skip,"No openssh deamon"}; @@ -241,6 +249,42 @@ send_after_exit(Config) when is_list(Config) -> ct:fail(Else) end. +%%-------------------------------------------------------------------- +ptty_alloc_default() -> + [{doc, "Test sending PTTY alloc message with only defaults."}]. + +ptty_alloc_default(Config) when is_list(Config) -> + ConnectionRef = ssh_test_lib:connect(?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, + {user_interaction, false}]), + {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + success = ssh_connection:ptty_alloc(ConnectionRef, ChannelId, []), + ssh:close(ConnectionRef). + +%%-------------------------------------------------------------------- +ptty_alloc() -> + [{doc, "Test sending PTTY alloc message with width,height options."}]. + +ptty_alloc(Config) when is_list(Config) -> + ConnectionRef = ssh_test_lib:connect(?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, + {user_interaction, false}]), + {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + success = ssh_connection:ptty_alloc(ConnectionRef, ChannelId, + [{term, default_term()}, {width, 70}, {high, 20}]), + ssh:close(ConnectionRef). + + +%%-------------------------------------------------------------------- +ptty_alloc_pixel() -> + [{doc, "Test sending PTTY alloc message pixel options."}]. + +ptty_alloc_pixel(Config) when is_list(Config) -> + ConnectionRef = ssh_test_lib:connect(?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, + {user_interaction, false}]), + {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + success = ssh_connection:ptty_alloc(ConnectionRef, ChannelId, + [{term, default_term()}, {pixel_widh, 630}, {pixel_hight, 470}]), + ssh:close(ConnectionRef). + %%-------------------------------------------------------------------- start_subsystem_on_closed_channel(Config) -> PrivDir = ?config(priv_dir, Config), @@ -603,3 +647,11 @@ ssh_exec(Cmd) -> spawn(fun() -> io:format(Cmd ++ "\n") end). + +default_term() -> + case os:getenv("TERM") of + false -> + "vt100"; + Str when is_list(Str)-> + Str + end. diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 41fbd324c4..af70eeb46c 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -120,13 +120,8 @@ erlang_shell_client_openssh_server(Config) when is_list(Config) -> receive_hej(), IO ! {input, self(), "exit\n"}, receive_logout(), - receive - {'EXIT', Shell, normal} -> - ok; - Other1 -> - ct:fail({unexpected_msg, Other1}) - end. - + receive_normal_exit(Shell). + %-------------------------------------------------------------------- erlang_client_openssh_server_exec() -> [{doc, "Test api function ssh_connection:exec"}]. @@ -529,11 +524,22 @@ erlang_client_openssh_server_nonexistent_subsystem(Config) when is_list(Config) %%-------------------------------------------------------------------- receive_hej() -> receive - <<"Hej\n">> = Hej-> + <<"Hej", _binary>> = Hej -> + ct:pal("Expected result: ~p~n", [Hej]); + <<"Hej\n", _binary>> = Hej -> + ct:pal("Expected result: ~p~n", [Hej]); + <<"Hej\r\n", _/binary>> = Hej -> ct:pal("Expected result: ~p~n", [Hej]); Info -> - ct:pal("Extra info: ~p~n", [Info]), - receive_hej() + Lines = binary:split(Info, [<<"\r\n">>], [global]), + case lists:member(<<"Hej">>, Lines) of + true -> + ct:pal("Expected result found in lines: ~p~n", [Lines]), + ok; + false -> + ct:pal("Extra info: ~p~n", [Info]), + receive_hej() + end end. receive_logout() -> @@ -543,13 +549,20 @@ receive_logout() -> <<"Connection closed">> -> ok end; - <<"TERM environment variable not set.\n">> -> %% Windows work around - receive_logout(); - Other0 -> - ct:fail({unexpected_msg, Other0}) - end. - + Info -> + ct:pal("Extra info when logging out: ~p~n", [Info]), + receive_logout() + end. +receive_normal_exit(Shell) -> + receive + {'EXIT', Shell, normal} -> + ok; + <<"\r\n">> -> + receive_normal_exit(Shell); + Other -> + ct:fail({unexpected_msg, Other}) + end. %%-------------------------------------------------------------------- %%-------------------------------------------------------------------- -- cgit v1.2.3 From a40c6261d97a63c212235f568d91ddef34e44cb6 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 29 Oct 2014 14:43:39 +0100 Subject: ssh: Correct typo of renegotiate that could cause rekeying to fail --- lib/ssh/src/ssh_connection_handler.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index fa107be1b1..8b7c4a5f80 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -624,7 +624,7 @@ handle_event(renegotiate, connected, #state{ssh_params = Ssh0} renegotiate = true})}; handle_event(renegotiate, StateName, State) -> - timer:apply_after(?REKEY_TIMOUT, gen_fsm, send_all_state_event, [self(), renegotiatie]), + timer:apply_after(?REKEY_TIMOUT, gen_fsm, send_all_state_event, [self(), renegotiate]), %% Allready in keyexcahange so ignore {next_state, StateName, State}; -- cgit v1.2.3 From 0f660bdf34f4c04367febffc95bad63ee9016299 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 10 Nov 2014 17:14:01 +0100 Subject: ssh: Add ssh_sftp:open_tar/3,4 which opens a tar file at the server side of a channel. Depends on erl_tar.erl having the function erl_tar:init/3 defined. --- lib/ssh/doc/src/ssh_sftp.xml | 18 + lib/ssh/src/ssh_sftp.erl | 26 +- lib/ssh/test/ssh_sftp_SUITE.erl | 219 +- .../ssh_sftp_SUITE_data/sftp_tar_test_data/big.txt | 16384 +++++++++++++++++++ .../ssh_sftp_SUITE_data/sftp_tar_test_data/d1/f1 | 1 + .../ssh_sftp_SUITE_data/sftp_tar_test_data/d1/f2 | 1 + .../ssh_sftp_SUITE_data/sftp_tar_test_data/f1.txt | 1 + .../ssh_sftp_SUITE_data/sftp_tar_test_data/f2.txt | 1 + 8 files changed, 16615 insertions(+), 36 deletions(-) create mode 100644 lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/big.txt create mode 100644 lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/d1/f1 create mode 100644 lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/d1/f2 create mode 100644 lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/f1.txt create mode 100644 lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/f2.txt (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index f1091e9eca..251f5a4be3 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -194,6 +194,24 @@ can be used for reading directory contents.

+ + + open_tar(ChannelPid, Path) -> + open_tar(ChannelPid, Path, Timeout) -> {ok, Handle} | {error, Reason} + Open a tar file on the server to which ChannelPid is connected and return a handle + + ChannelPid = pid() + Path = string() + Timeout = timeout() + Reason = term() + + +

Opens a handle to a tar file on the server, the handle + can be used for remote tar manipulation as defined by the + erl_tar:init/3 function.

+ + + close(ChannelPid, Handle) -> close(ChannelPid, Handle, Timeout) -> ok | {error, Reason} diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl index 12479e9121..3b80f5326c 100644 --- a/lib/ssh/src/ssh_sftp.erl +++ b/lib/ssh/src/ssh_sftp.erl @@ -33,8 +33,8 @@ -export([start_channel/1, start_channel/2, start_channel/3, stop_channel/1]). --export([open/3, opendir/2, close/2, readdir/2, pread/4, read/3, - open/4, opendir/3, close/3, readdir/3, pread/5, read/4, +-export([open/3, open_tar/3, opendir/2, close/2, readdir/2, pread/4, read/3, + open/4, open_tar/4, opendir/3, close/3, readdir/3, pread/5, read/4, apread/4, aread/3, pwrite/4, write/3, apwrite/4, awrite/3, pwrite/5, write/4, position/3, real_path/2, read_file_info/2, get_file_info/2, @@ -162,6 +162,28 @@ open(Pid, File, Mode) -> open(Pid, File, Mode, FileOpTimeout) -> call(Pid, {open, false, File, Mode}, FileOpTimeout). +open_tar(Pid, File, Mode) -> + open_tar(Pid, File, Mode, ?FILEOP_TIMEOUT). +open_tar(Pid, File, Mode=[write], FileOpTimeout) -> + {ok,R} = open(Pid, File, Mode, FileOpTimeout), + erl_tar:init({Pid,R,FileOpTimeout}, write, + fun(write, {{P,H,T},Data}) -> + Bin = if is_list(Data) -> list_to_binary(Data); + is_binary(Data) -> Data + end, + {ok,{_Window,Packet}} = send_window(P, T), + write_file_loop(P, H, 0, Bin, size(Bin), Packet, T); + (position, {{P,H,T},Pos}) -> + position(P, H, Pos, T); + (close, {P,H,T}) -> + close(P, H, T) + end); +open_tar(_Pid, _File, Mode, _FileOpTimeout) -> + {error,{illegal_mode,Mode}}. + + + + opendir(Pid, Path) -> opendir(Pid, Path, ?FILEOP_TIMEOUT). opendir(Pid, Path, FileOpTimeout) -> diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 4c46a1b1a8..559fa721fd 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -32,6 +32,8 @@ -define(USER, "Alladin"). -define(PASSWD, "Sesame"). +-define(tar_file_name, "sftp_tar_test.tar"). + %%-------------------------------------------------------------------- %% Common Test interface functions ----------------------------------- %%-------------------------------------------------------------------- @@ -63,23 +65,31 @@ end_per_suite(Config) -> %%-------------------------------------------------------------------- groups() -> [{erlang_server, [], [open_close_file, open_close_dir, read_file, read_dir, - write_file, rename_file, mk_rm_dir, remove_file, links, + write_file, write_big_file, rename_file, mk_rm_dir, remove_file, links, retrieve_attributes, set_attributes, async_read, - async_write, position, pos_read, pos_write, version_option]}, + async_write, position, pos_read, pos_write, version_option, + {group,remote_tar_write} + ]}, {openssh_server, [], [open_close_file, open_close_dir, read_file, read_dir, - write_file, rename_file, mk_rm_dir, remove_file, links, + write_file, write_big_file, rename_file, mk_rm_dir, remove_file, links, retrieve_attributes, set_attributes, async_read, - async_write, position, pos_read, pos_write]}]. + async_write, position, pos_read, pos_write, + {group,remote_tar_write}]}, + + {remote_tar_write, [], [create_empty_tar, files_to_tar, big_file_to_tar, files_chunked_to_tar, + directory_to_tar, binaries_to_tar]} + ]. + init_per_group(erlang_server, Config) -> PrivDir = ?config(priv_dir, Config), SysDir = ?config(data_dir, Config), - Sftpd = + Sftpd = {_, HostX, PortX} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, PrivDir}, {user_passwords, [{?USER, ?PASSWD}]}]), - [{group, erlang_server}, {sftpd, Sftpd} | Config]; + [{peer, {fmt_host(HostX),PortX}}, {group, erlang_server}, {sftpd, Sftpd} | Config]; init_per_group(openssh_server, Config) -> Host = ssh_test_lib:hostname(), @@ -87,11 +97,31 @@ init_per_group(openssh_server, Config) -> [{user_interaction, false}, {silently_accept_hosts, true}])) of {ok, _ChannelPid, Connection} -> + [{peer, {_HostName,{IPx,Portx}}}] = ssh:connection_info(Connection,[peer]), ssh:close(Connection), - [{group, openssh_server} | Config]; + [{peer, {fmt_host(IPx),Portx}}, {group, openssh_server} | Config]; _ -> {skip, "No openssh server"} - end. + end; + +init_per_group(remote_tar_write, Config) -> + {Host,Port} = ?config(peer, Config), + ct:log("Server (~p) at ~p:~p",[?config(group,Config),Host,Port]), + {ok, Connection} = + case ?config(group, Config) of + erlang_server -> + ssh:connect(Host, Port, + [{user, ?USER}, + {password, ?PASSWD}, + {user_interaction, false}, + {silently_accept_hosts, true}]); + openssh_server -> + ssh:connect(Host, Port, + [{user_interaction, false}, + {silently_accept_hosts, true}]) + end, + [{remote_tar_write, true}, + {connection, Connection} | Config]. end_per_group(erlang_server, Config) -> Config; @@ -125,34 +155,50 @@ init_per_testcase(version_option, Config) -> {user_interaction, false}, {silently_accept_hosts, true}]), Sftp = {ChannelPid, Connection}, - [{sftp, Sftp}, {watchdog, Dog} | TmpConfig]; -init_per_testcase(Case, Config) -> - prep(Config), - TmpConfig0 = lists:keydelete(watchdog, 1, Config), - TmpConfig = lists:keydelete(sftp, 1, TmpConfig0), + [{sftp,Sftp}, {watchdog, Dog} | TmpConfig]; + +init_per_testcase(Case, Config0) -> + prep(Config0), + Config1 = lists:keydelete(watchdog, 1, Config0), + Config2 = lists:keydelete(sftp, 1, Config1), Dog = ct:timetrap(?default_timeout), - case ?config(group, Config) of - erlang_server -> - {_,Host, Port} = ?config(sftpd, Config), - {ok, ChannelPid, Connection} = - ssh_sftp:start_channel(Host, Port, - [{user, ?USER}, - {password, ?PASSWD}, - {user_interaction, false}, - {silently_accept_hosts, true}]), - Sftp = {ChannelPid, Connection}, - [{sftp, Sftp}, {watchdog, Dog} | TmpConfig]; - openssh_server when Case == links -> - {skip, "known bug in openssh"}; - openssh_server -> - Host = ssh_test_lib:hostname(), - {ok, ChannelPid, Connection} = - ssh_sftp:start_channel(Host, - [{user_interaction, false}, - {silently_accept_hosts, true}]), - Sftp = {ChannelPid, Connection}, - [{sftp, Sftp}, {watchdog, Dog} | TmpConfig] + Config = + case ?config(group,Config2) of + erlang_server -> + {_,Host, Port} = ?config(sftpd, Config2), + {ok, ChannelPid, Connection} = + ssh_sftp:start_channel(Host, Port, + [{user, ?USER}, + {password, ?PASSWD}, + {user_interaction, false}, + {silently_accept_hosts, true}]), + Sftp = {ChannelPid, Connection}, + [{sftp, Sftp}, {watchdog, Dog} | Config2]; + openssh_server when Case == links -> + {skip, "known bug in openssh"}; + openssh_server -> + Host = ssh_test_lib:hostname(), + {ok, ChannelPid, Connection} = + ssh_sftp:start_channel(Host, + [{user_interaction, false}, + {silently_accept_hosts, true}]), + Sftp = {ChannelPid, Connection}, + [{sftp, Sftp}, {watchdog, Dog} | Config2] + end, + + case catch ?config(remote_tar_write,Config) of + %% The 'catch' is for the case of Config={skip,...} + true -> + %% Provide a tar Handle *independent* of the sftp-channel already opened! + %% This Handle will be closed (as well as ChannelPid2) in the testcase + {ok,ChannelPid2} = + ssh_sftp:start_channel(?config(connection,Config)), + {ok,Handle} = + ssh_sftp:open_tar(ChannelPid2, fnp(?tar_file_name,Config), [write]), + [{handle,Handle} | Config]; + _ -> + Config end. end_per_testcase(sftp_nonexistent_subsystem, Config) -> @@ -235,6 +281,18 @@ write_file(Config) when is_list(Config) -> ssh_sftp:write_file(Sftp, FileName, [Data]), {ok, Data} = file:read_file(FileName). +%%-------------------------------------------------------------------- +write_big_file() -> + [{doc, "Test API function write_file/2 with big data"}]. +write_big_file(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, "sftp.txt"), + {Sftp, _} = ?config(sftp, Config), + + Data = list_to_binary(lists:duplicate(750000,"a")), + ssh_sftp:write_file(Sftp, FileName, [Data]), + {ok, Data} = file:read_file(FileName). + %%-------------------------------------------------------------------- remove_file() -> [{doc,"Test API function delete/2"}]. @@ -466,6 +524,55 @@ version_option() -> [{doc, "Test API option sftp_vsn"}]. version_option(Config) when is_list(Config) -> open_close_dir(Config). + +%%-------------------------------------------------------------------- +create_empty_tar(Config) -> + {ChPid,_} = ?config(sftp,Config), + Handle = ?config(handle,Config), + erl_tar:close(Handle), + {ok, #file_info{type=regular}} = + ssh_sftp:read_file_info(ChPid,fnp(?tar_file_name,Config)). + +%%-------------------------------------------------------------------- +files_to_tar(Config) -> + Handle = ?config(handle,Config), + ok = erl_tar:add(Handle, fn("f1.txt",Config), "f1.txt", []), + ok = erl_tar:add(Handle, fn("f2.txt",Config), "f2.txt", []), + ok = erl_tar:close(Handle), + chk_tar(["f1.txt", "f2.txt"], Config). + + +%%-------------------------------------------------------------------- +big_file_to_tar(Config) -> + Handle = ?config(handle,Config), + ok = erl_tar:add(Handle, fn("big.txt",Config), "big.txt", []), + ok = erl_tar:close(Handle), + chk_tar(["big.txt"], Config). + + +%%-------------------------------------------------------------------- +files_chunked_to_tar(Config) -> + Handle = ?config(handle,Config), + ok = erl_tar:add(Handle, fn("f1.txt",Config), "f1.txt", [{chunks,2}]), + ok = erl_tar:add(Handle, fn("big.txt",Config), "big.txt", [{chunks,15000}]), + ok = erl_tar:close(Handle), + chk_tar(["f1.txt", "big.txt"], Config). + +%%-------------------------------------------------------------------- +directory_to_tar(Config) -> + Handle = ?config(handle,Config), + ok = erl_tar:add(Handle, fn("d1",Config), "d1", []), + ok = erl_tar:close(Handle), + chk_tar(["d1/f1", "d1/f2"], Config). + +%%-------------------------------------------------------------------- +binaries_to_tar(Config) -> + Handle = ?config(handle,Config), + Bin = <<"A binary">>, + ok = erl_tar:add(Handle, Bin, "b1", []), + ok = erl_tar:close(Handle), + chk_tar([{"b1",Bin}], Config). + %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- @@ -478,6 +585,7 @@ prep(Config) -> file:delete(TestFile), file:delete(TestFile1), file:delete(TestLink), + file:delete(fnp(?tar_file_name,Config)), %% Initial config DataDir = ?config(data_dir, Config), @@ -487,3 +595,46 @@ prep(Config) -> {ok, FileInfo} = file:read_file_info(TestFile), ok = file:write_file_info(TestFile, FileInfo#file_info{mode = Mode}). + + +chk_tar(Items, Config) -> + %% FIXME: ought to check that no more than expected is present... + {ChPid,_} = ?config(sftp,Config), + ok = file:set_cwd(?config(priv_dir,Config)), + file:make_dir("tar_chk"), % May already exist + ok = file:set_cwd("tar_chk"), + {ok,Data} = ssh_sftp:read_file(ChPid, fnp(?tar_file_name,Config)), + ok = file:write_file(?tar_file_name, Data), + os:cmd("tar xf "++?tar_file_name), + lists:foreach(fun(Item) -> chk_contents(Item,Config) end, + Items). + + +chk_contents({Name,ExpectBin}, _Config) -> + case file:read_file(Name) of + {ok,ExpectBin} -> + ok; + {ok,OtherBin} -> + ct:log("File: ~p~n Got: ~p~nExpect: ~p",[Name,OtherBin,ExpectBin]), + ct:fail("Bad contents in file ~p",[Name]); + Other -> + ct:log("File: ~p~nOther: ~p",[Name,Other]), + ct:fail("Error reading of file ~p",[Name]) + end; +chk_contents(Name, Config) -> + {ok,Bin} = file:read_file(fn(Name,Config)), + chk_contents({Name,Bin}, Config). + + +fn(Name, Config) -> + Dir = ?config(data_dir, Config), + filename:join([Dir,"sftp_tar_test_data",Name]). + +fnp(Name, Config) -> + Dir = ?config(priv_dir, Config), + filename:join([Dir,Name]). + + +fmt_host({A,B,C,D}) -> lists:concat([A,".",B,".",C,".",D]); +fmt_host(S) -> S. + diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/big.txt b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/big.txt new file mode 100644 index 0000000000..f597b69d4c --- /dev/null +++ b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/big.txt @@ -0,0 +1,16384 @@ +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/d1/f1 b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/d1/f1 new file mode 100644 index 0000000000..1bafa9761e --- /dev/null +++ b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/d1/f1 @@ -0,0 +1 @@ +And hi from the subdirectory too! diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/d1/f2 b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/d1/f2 new file mode 100644 index 0000000000..8566adaeef --- /dev/null +++ b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/d1/f2 @@ -0,0 +1 @@ +one more file diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/f1.txt b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/f1.txt new file mode 100644 index 0000000000..137d409d7b --- /dev/null +++ b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/f1.txt @@ -0,0 +1 @@ +Hi there! diff --git a/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/f2.txt b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/f2.txt new file mode 100644 index 0000000000..d18c6b11fc --- /dev/null +++ b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data/f2.txt @@ -0,0 +1 @@ +How are you? -- cgit v1.2.3 From 0c6532f8068d0f748fefd3dd0fb41907f1255844 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 18 Nov 2014 12:16:57 +0100 Subject: ssh: update vsn.mk --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 68544c1d0e..c8cac3e852 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.0.8 +SSH_VSN = 3.1 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 029663735a8358d8b1698e39299b972183e3bf91 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 18 Nov 2014 16:19:19 +0100 Subject: ssh: Gracefully handle bad input --- lib/ssh/src/ssh_connection_handler.erl | 50 ++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 20 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 8b7c4a5f80..fdb9d3b3e6 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1299,9 +1299,9 @@ generate_event(<> = Msg, StateName, end; generate_event(Msg, StateName, State0, EncData) -> - Event = ssh_message:decode(Msg), - State = generate_event_new_state(State0, EncData), try + Event = ssh_message:decode(Msg), + State = generate_event_new_state(State0, EncData), case Event of #ssh_msg_kexinit{} -> %% We need payload for verification later. @@ -1315,7 +1315,7 @@ generate_event(Msg, StateName, State0, EncData) -> #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, description = "Encountered unexpected input", language = "en"}, - handle_disconnect(DisconnectMsg, State) + handle_disconnect(DisconnectMsg, State0) end. @@ -1475,25 +1475,35 @@ handle_ssh_packet(Length, StateName, #state{decoded_data_buffer = DecData0, ssh_params = Ssh0, transport_protocol = _Protocol, socket = _Socket} = State0) -> - {Ssh1, DecData, EncData, Mac} = - ssh_transport:unpack(EncData0, Length, Ssh0), - SshPacket = <>, - case ssh_transport:is_valid_mac(Mac, SshPacket, Ssh1) of - true -> - PacketData = ssh_transport:msg_data(SshPacket), - {Ssh1, Msg} = ssh_transport:decompress(Ssh1, PacketData), - generate_event(Msg, StateName, - State0#state{ssh_params = Ssh1, - %% Important to be set for - %% next_packet - decoded_data_buffer = <<>>}, EncData); - false -> - DisconnectMsg = + try + {Ssh1, DecData, EncData, Mac} = + ssh_transport:unpack(EncData0, Length, Ssh0), + SshPacket = <>, + case ssh_transport:is_valid_mac(Mac, SshPacket, Ssh1) of + true -> + PacketData = ssh_transport:msg_data(SshPacket), + {Ssh1, Msg} = ssh_transport:decompress(Ssh1, PacketData), + generate_event(Msg, StateName, + State0#state{ssh_params = Ssh1, + %% Important to be set for + %% next_packet + decoded_data_buffer = <<>>}, + EncData); + false -> + DisconnectMsg = + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Bad mac", + language = "en"}, + handle_disconnect(DisconnectMsg, State0) + end + catch _:_ -> + Disconnect = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad mac", + description = "Bad input", language = "en"}, - handle_disconnect(DisconnectMsg, State0) - end. + handle_disconnect(Disconnect, State0) + end. + handle_disconnect(DisconnectMsg, State) -> handle_disconnect(own, DisconnectMsg, State). -- cgit v1.2.3 From 3005b2aadb5f756503cf6d05d604d8c64eb2c786 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 1 Dec 2014 10:50:19 +0100 Subject: ssh: crypto framework for ssh_sftp:open_tar added --- lib/ssh/src/ssh_sftp.erl | 324 ++++++++++++++++++++++++++++++---- lib/ssh/test/ssh_sftp_SUITE.erl | 381 +++++++++++++++++++++++++++++++++------- 2 files changed, 613 insertions(+), 92 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl index 3b80f5326c..613f8f25b2 100644 --- a/lib/ssh/src/ssh_sftp.erl +++ b/lib/ssh/src/ssh_sftp.erl @@ -69,6 +69,18 @@ mode }). +-record(bufinf, + { + mode, % read | write (=from or to buffer by user) + crypto_state, + crypto_fun, % For encode or decode depending on the mode field + size = 0, % # bytes "before" the current buffer for the postion call + + chunksize, % The size of the chunks to be sent or received + enc_text_buf = <<>>, % Encrypted text + plain_text_buf = <<>> % Decrypted text + }). + -define(FILEOP_TIMEOUT, infinity). -define(NEXT_REQID(S), @@ -164,24 +176,73 @@ open(Pid, File, Mode, FileOpTimeout) -> open_tar(Pid, File, Mode) -> open_tar(Pid, File, Mode, ?FILEOP_TIMEOUT). -open_tar(Pid, File, Mode=[write], FileOpTimeout) -> - {ok,R} = open(Pid, File, Mode, FileOpTimeout), - erl_tar:init({Pid,R,FileOpTimeout}, write, - fun(write, {{P,H,T},Data}) -> - Bin = if is_list(Data) -> list_to_binary(Data); - is_binary(Data) -> Data - end, - {ok,{_Window,Packet}} = send_window(P, T), - write_file_loop(P, H, 0, Bin, size(Bin), Packet, T); - (position, {{P,H,T},Pos}) -> - position(P, H, Pos, T); - (close, {P,H,T}) -> - close(P, H, T) - end); -open_tar(_Pid, _File, Mode, _FileOpTimeout) -> - {error,{illegal_mode,Mode}}. - - +open_tar(Pid, File, Mode, FileOpTimeout) -> + case {lists:member(write,Mode), + lists:member(read,Mode), + Mode -- [read,write]} of + {true,false,[]} -> + {ok,Handle} = open(Pid, File, [write], FileOpTimeout), + erl_tar:init(Pid, write, + fun(write, {_,Data}) -> + write_to_remote_tar(Pid, Handle, to_bin(Data), FileOpTimeout); + (position, {_,Pos}) -> + position(Pid, Handle, Pos, FileOpTimeout); + (close, _) -> + close(Pid, Handle, FileOpTimeout) + end); + {true,false,[{crypto,{CryptoInitFun,CryptoEncryptFun,CryptoEndFun}}]} -> + {ok,SftpHandle} = open(Pid, File, [write], FileOpTimeout), + BI = #bufinf{mode = write, + crypto_fun = CryptoEncryptFun}, + {ok,BufHandle} = open_buf(Pid, CryptoInitFun, BI, FileOpTimeout), + erl_tar:init(Pid, write, + fun(write, {_,Data}) -> + write_buf(Pid, SftpHandle, BufHandle, to_bin(Data), FileOpTimeout); + (position, {_,Pos}) -> + position_buf(Pid, SftpHandle, BufHandle, Pos, FileOpTimeout); + (close, _) -> + {ok,#bufinf{ + plain_text_buf = PlainBuf0, + enc_text_buf = EncBuf0, + crypto_state = CState0 + }} = call(Pid, {get_bufinf,BufHandle}, FileOpTimeout), + {ok,EncTextTail} = CryptoEndFun(PlainBuf0, CState0), + EncTextBuf = <>, + case write(Pid, SftpHandle, EncTextBuf, FileOpTimeout) of + ok -> + call(Pid, {erase_bufinf,BufHandle}, FileOpTimeout), + close(Pid, SftpHandle, FileOpTimeout); + Other -> + Other + end + end); + {false,true,[]} -> + {ok,Handle} = open(Pid, File, [read,binary], FileOpTimeout), + erl_tar:init(Pid, read, + fun(read2, {_,Len}) -> + read_repeat(Pid, Handle, Len, FileOpTimeout); + (position, {_,Pos}) -> + position(Pid, Handle, Pos, FileOpTimeout); + (close, _) -> + close(Pid, Handle, FileOpTimeout) + end); + {false,true,[{crypto,{CryptoInitFun,CryptoDecryptFun}}]} -> + {ok,SftpHandle} = open(Pid, File, [read,binary], FileOpTimeout), + BI = #bufinf{mode = read, + crypto_fun = CryptoDecryptFun}, + {ok,BufHandle} = open_buf(Pid, CryptoInitFun, BI, FileOpTimeout), + erl_tar:init(Pid, read, + fun(read2, {_,Len}) -> + read_buf(Pid, SftpHandle, BufHandle, Len, FileOpTimeout); + (position, {_,Pos}) -> + position_buf(Pid, SftpHandle, BufHandle, Pos, FileOpTimeout); + (close, _) -> + call(Pid, {erase_bufinf,BufHandle}, FileOpTimeout), + close(Pid, SftpHandle, FileOpTimeout) + end); + _ -> + {error,{illegal_mode,Mode}} + end. opendir(Pid, Path) -> @@ -469,6 +530,15 @@ handle_cast(_,State) -> code_change(_OldVsn, State, _Extra) -> {ok, State}. +do_handle_call({get_bufinf,BufHandle}, _From, S=#state{inf=I0}) -> + {reply, dict:find(BufHandle,I0), S}; + +do_handle_call({put_bufinf,BufHandle,B}, _From, S=#state{inf=I0}) -> + {reply, ok, S#state{inf=dict:store(BufHandle,B,I0)}}; + +do_handle_call({erase_bufinf,BufHandle}, _From, S=#state{inf=I0}) -> + {reply, ok, S#state{inf=dict:erase(BufHandle,I0)}}; + do_handle_call({open, Async,FileName,Mode}, From, #state{xf = XF} = State) -> {Access,Flags,Attrs} = open_mode(XF#ssh_xfer.vsn, Mode), ReqID = State#state.req_id, @@ -573,12 +643,7 @@ do_handle_call({read,Async,Handle,Length}, From, State) -> do_handle_call({pwrite,Async,Handle,At,Data0}, From, State) -> case lseek_position(Handle, At, State) of {ok,Offset} -> - Data = if - is_binary(Data0) -> - Data0; - is_list(Data0) -> - list_to_binary(Data0) - end, + Data = to_bin(Data0), ReqID = State#state.req_id, Size = size(Data), ssh_xfer:write(?XF(State),ReqID,Handle,Offset,Data), @@ -591,12 +656,7 @@ do_handle_call({pwrite,Async,Handle,At,Data0}, From, State) -> do_handle_call({write,Async,Handle,Data0}, From, State) -> case lseek_position(Handle, cur, State) of {ok,Offset} -> - Data = if - is_binary(Data0) -> - Data0; - is_list(Data0) -> - list_to_binary(Data0) - end, + Data = to_bin(Data0), ReqID = State#state.req_id, Size = size(Data), ssh_xfer:write(?XF(State),ReqID,Handle,Offset,Data), @@ -1148,5 +1208,207 @@ lseek_pos({eof, Offset}, _CurOffset, CurSize) end; lseek_pos(_, _, _) -> {error, einval}. - +%%%================================================================ +%%% +to_bin(Data) when is_list(Data) -> list_to_binary(Data); +to_bin(Data) when is_binary(Data) -> Data. + + +read_repeat(Pid, Handle, Len, FileOpTimeout) -> + {ok,{_WindowSz,PacketSz}} = recv_window(Pid, FileOpTimeout), + read_rpt(Pid, Handle, Len, PacketSz, FileOpTimeout, <<>>). + +read_rpt(Pid, Handle, WantedLen, PacketSz, FileOpTimeout, Acc) when WantedLen > 0 -> + case read(Pid, Handle, min(WantedLen,PacketSz), FileOpTimeout) of + {ok, Data} -> + read_rpt(Pid, Handle, WantedLen-size(Data), PacketSz, FileOpTimeout, <>); + eof -> + {ok, Acc}; + Error -> + Error + end; +read_rpt(_Pid, _Handle, WantedLen, _PacketSz, _FileOpTimeout, Acc) when WantedLen >= 0 -> + {ok,Acc}. + + +write_to_remote_tar(_Pid, _SftpHandle, <<>>, _FileOpTimeout) -> + ok; +write_to_remote_tar(Pid, SftpHandle, Bin, FileOpTimeout) -> + {ok,{_Window,Packet}} = send_window(Pid, FileOpTimeout), + write_file_loop(Pid, SftpHandle, 0, Bin, size(Bin), Packet, FileOpTimeout). + +position_buf(Pid, SftpHandle, BufHandle, Pos, FileOpTimeout) -> + {ok,#bufinf{mode = Mode, + plain_text_buf = Buf0, + size = Size}} = call(Pid, {get_bufinf,BufHandle}, FileOpTimeout), + case Pos of + {cur,0} when Mode==write -> + {ok,Size+size(Buf0)}; + + {cur,0} when Mode==read -> + {ok,Size}; + + _ when Mode==read, is_integer(Pos) -> + Skip = Pos-Size, + if + Skip < 0 -> + {error, cannot_rewind}; + Skip == 0 -> + %% Optimization + {ok,Pos}; + Skip > 0 -> + case read_buf(Pid, SftpHandle, BufHandle, Skip, FileOpTimeout) of + %% A bit innefficient to fetch the bufinf again, but there are lots of + %% other more important optimizations waiting.... + {ok,_} -> + {ok,Pos}; + Other -> + Other + end + end; + + _ -> + {error,{not_yet_implemented,{pos,Pos}}} + end. + +read_buf(Pid, SftpHandle, BufHandle, WantedLen, FileOpTimeout) -> + {ok,{_Window,Packet}} = send_window(Pid, FileOpTimeout), + {ok,B0} = call(Pid, {get_bufinf,BufHandle}, FileOpTimeout), + case do_the_read_buf(Pid, SftpHandle, WantedLen, Packet, FileOpTimeout, B0) of + {ok,ResultBin,B} -> + call(Pid, {put_bufinf,BufHandle,B}, FileOpTimeout), + {ok,ResultBin}; + {error,Error} -> + {error,Error}; + {eof,B} -> + call(Pid, {put_bufinf,BufHandle,B}, FileOpTimeout), + eof + end. + +do_the_read_buf(_Pid, _SftpHandle, WantedLen, _Packet, _FileOpTimeout, + B=#bufinf{plain_text_buf=PlainBuf0, + size = Size}) + when size(PlainBuf0) >= WantedLen -> + %% We already have the wanted number of bytes decoded and ready! + <> = PlainBuf0, + {ok,ResultBin,B#bufinf{plain_text_buf=PlainBuf, + size = Size + WantedLen}}; + +do_the_read_buf(Pid, SftpHandle, WantedLen, Packet, FileOpTimeout, + B0=#bufinf{plain_text_buf = PlainBuf0, + enc_text_buf = EncBuf0, + chunksize = undefined + }) + when size(EncBuf0) > 0 -> + %% We have (at least) one decodable byte waiting for decodeing. + {ok,DecodedBin,B} = apply_crypto(EncBuf0, B0), + do_the_read_buf(Pid, SftpHandle, WantedLen, Packet, FileOpTimeout, + B#bufinf{plain_text_buf = <>, + enc_text_buf = <<>> + }); + +do_the_read_buf(Pid, SftpHandle, WantedLen, Packet, FileOpTimeout, + B0=#bufinf{plain_text_buf = PlainBuf0, + enc_text_buf = EncBuf0, + chunksize = ChunkSize0 + }) + when size(EncBuf0) >= ChunkSize0 -> + %% We have (at least) one chunk of decodable bytes waiting for decodeing. + <> = EncBuf0, + {ok,DecodedBin,B} = apply_crypto(ToDecode, B0), + do_the_read_buf(Pid, SftpHandle, WantedLen, Packet, FileOpTimeout, + B#bufinf{plain_text_buf = <>, + enc_text_buf = EncBuf + }); + +do_the_read_buf(Pid, SftpHandle, WantedLen, Packet, FileOpTimeout, B=#bufinf{enc_text_buf = EncBuf0}) -> + %% We must read more bytes and append to the buffer of encoded bytes. + case read(Pid, SftpHandle, Packet, FileOpTimeout) of + {ok,EncryptedBin} -> + do_the_read_buf(Pid, SftpHandle, WantedLen, Packet, FileOpTimeout, + B#bufinf{enc_text_buf = <>}); + eof -> + {eof,B}; + Other -> + Other + end. + + +write_buf(Pid, SftpHandle, BufHandle, PlainBin, FileOpTimeout) -> + {ok,{_Window,Packet}} = send_window(Pid, FileOpTimeout), + {ok,B0=#bufinf{plain_text_buf=PTB}} = call(Pid, {get_bufinf,BufHandle}, FileOpTimeout), + case do_the_write_buf(Pid, SftpHandle, Packet, FileOpTimeout, + B0#bufinf{plain_text_buf = <>}) of + {ok, B} -> + call(Pid, {put_bufinf,BufHandle,B}, FileOpTimeout), + ok; + {error,Error} -> + {error,Error} + end. + +do_the_write_buf(Pid, SftpHandle, Packet, FileOpTimeout, + B=#bufinf{enc_text_buf = EncBuf0, + size = Size}) + when size(EncBuf0) >= Packet -> + <> = EncBuf0, + case write(Pid, SftpHandle, BinToWrite, FileOpTimeout) of + ok -> + do_the_write_buf(Pid, SftpHandle, Packet, FileOpTimeout, + B#bufinf{enc_text_buf = EncBuf, + size = Size + Packet}); + Other -> + Other + end; + +do_the_write_buf(Pid, SftpHandle, Packet, FileOpTimeout, + B0=#bufinf{plain_text_buf = PlainBuf0, + enc_text_buf = EncBuf0, + chunksize = undefined}) + when size(PlainBuf0) > 0 -> + {ok,EncodedBin,B} = apply_crypto(PlainBuf0, B0), + do_the_write_buf(Pid, SftpHandle, Packet, FileOpTimeout, + B#bufinf{plain_text_buf = <<>>, + enc_text_buf = <>}); + +do_the_write_buf(Pid, SftpHandle, Packet, FileOpTimeout, + B0=#bufinf{plain_text_buf = PlainBuf0, + enc_text_buf = EncBuf0, + chunksize = ChunkSize0 + }) + when size(PlainBuf0) >= ChunkSize0 -> + <> = PlainBuf0, + {ok,EncodedBin,B} = apply_crypto(ToEncode, B0), + do_the_write_buf(Pid, SftpHandle, Packet, FileOpTimeout, + B#bufinf{plain_text_buf = PlainBuf, + enc_text_buf = <>}); + +do_the_write_buf(_Pid, _SftpHandle, _Packet, _FileOpTimeout, B) -> + {ok,B}. + +apply_crypto(In, B=#bufinf{crypto_state = CState0, + crypto_fun = F}) -> + case F(In,CState0) of + {ok,EncodedBin,CState} -> + {ok, EncodedBin, B#bufinf{crypto_state=CState}}; + {ok,EncodedBin,CState,ChunkSize} -> + {ok, EncodedBin, B#bufinf{crypto_state=CState, + chunksize=ChunkSize}} + end. + +open_buf(Pid, CryptoInitFun, BufInfo0, FileOpTimeout) -> + case CryptoInitFun() of + {ok,CryptoState} -> + open_buf1(Pid, BufInfo0, FileOpTimeout, CryptoState, undefined); + {ok,CryptoState,ChunkSize} -> + open_buf1(Pid, BufInfo0, FileOpTimeout, CryptoState, ChunkSize); + Other -> + Other + end. + +open_buf1(Pid, BufInfo0, FileOpTimeout, CryptoState, ChunkSize) -> + BufInfo = BufInfo0#bufinf{crypto_state = CryptoState, + chunksize = ChunkSize}, + BufHandle = make_ref(), + call(Pid, {put_bufinf,BufHandle,BufInfo}, FileOpTimeout), + {ok,BufHandle}. diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 559fa721fd..cb74a27638 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -65,19 +65,25 @@ end_per_suite(Config) -> %%-------------------------------------------------------------------- groups() -> [{erlang_server, [], [open_close_file, open_close_dir, read_file, read_dir, - write_file, write_big_file, rename_file, mk_rm_dir, remove_file, links, + write_file, write_big_file, sftp_read_big_file, + rename_file, mk_rm_dir, remove_file, links, retrieve_attributes, set_attributes, async_read, async_write, position, pos_read, pos_write, version_option, - {group,remote_tar_write} - ]}, + {group,remote_tar}]}, + {openssh_server, [], [open_close_file, open_close_dir, read_file, read_dir, - write_file, write_big_file, rename_file, mk_rm_dir, remove_file, links, + write_file, write_big_file, sftp_read_big_file, + rename_file, mk_rm_dir, remove_file, links, retrieve_attributes, set_attributes, async_read, async_write, position, pos_read, pos_write, - {group,remote_tar_write}]}, - - {remote_tar_write, [], [create_empty_tar, files_to_tar, big_file_to_tar, files_chunked_to_tar, - directory_to_tar, binaries_to_tar]} + {group,remote_tar}]}, + + {remote_tar, [], [create_empty_tar, files_to_tar, big_file_to_tar, files_chunked_to_tar, + directory_to_tar, binaries_to_tar, null_crypto_tar, + simple_crypto_tar_small, simple_crypto_tar_big, + read_tar, read_null_crypto_tar, read_crypto_tar, + aes_cbc256_crypto_tar, aes_ctr_stream_crypto_tar + ]} ]. @@ -104,7 +110,7 @@ init_per_group(openssh_server, Config) -> {skip, "No openssh server"} end; -init_per_group(remote_tar_write, Config) -> +init_per_group(remote_tar, Config) -> {Host,Port} = ?config(peer, Config), ct:log("Server (~p) at ~p:~p",[?config(group,Config),Host,Port]), {ok, Connection} = @@ -120,7 +126,7 @@ init_per_group(remote_tar_write, Config) -> [{user_interaction, false}, {silently_accept_hosts, true}]) end, - [{remote_tar_write, true}, + [{remote_tar, true}, {connection, Connection} | Config]. end_per_group(erlang_server, Config) -> @@ -187,16 +193,12 @@ init_per_testcase(Case, Config0) -> [{sftp, Sftp}, {watchdog, Dog} | Config2] end, - case catch ?config(remote_tar_write,Config) of + case catch ?config(remote_tar,Config) of %% The 'catch' is for the case of Config={skip,...} true -> - %% Provide a tar Handle *independent* of the sftp-channel already opened! - %% This Handle will be closed (as well as ChannelPid2) in the testcase - {ok,ChannelPid2} = - ssh_sftp:start_channel(?config(connection,Config)), - {ok,Handle} = - ssh_sftp:open_tar(ChannelPid2, fnp(?tar_file_name,Config), [write]), - [{handle,Handle} | Config]; + %% Provide a ChannelPid independent of the sftp-channel already opened. + {ok,ChPid2} = ssh_sftp:start_channel(?config(connection,Config)), + [{channel_pid2,ChPid2} | Config]; _ -> Config end. @@ -214,6 +216,7 @@ end_per_testcase(_, Config) -> end_per_testcase(Config) -> {Sftp, Connection} = ?config(sftp, Config), ssh_sftp:stop_channel(Sftp), + catch ssh_sftp:stop_channel(?config(channel_pid2, Config)), ssh:close(Connection). %%-------------------------------------------------------------------- @@ -258,6 +261,7 @@ read_file(Config) when is_list(Config) -> FileName = filename:join(PrivDir, "sftp.txt"), {Sftp, _} = ?config(sftp, Config), {ok, Data} = ssh_sftp:read_file(Sftp, FileName), + {ok, Data} = ssh_sftp:read_file(Sftp, FileName), {ok, Data} = file:read_file(FileName). %%-------------------------------------------------------------------- @@ -293,6 +297,19 @@ write_big_file(Config) when is_list(Config) -> ssh_sftp:write_file(Sftp, FileName, [Data]), {ok, Data} = file:read_file(FileName). +%%-------------------------------------------------------------------- +sftp_read_big_file() -> + [{doc, "Test API function read_file/2 with big data"}]. +sftp_read_big_file(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, "sftp.txt"), + {Sftp, _} = ?config(sftp, Config), + + Data = list_to_binary(lists:duplicate(750000,"a")), + ct:log("Data size to write is ~p bytes",[size(Data)]), + ssh_sftp:write_file(Sftp, FileName, [Data]), + {ok, Data} = ssh_sftp:read_file(Sftp, FileName). + %%-------------------------------------------------------------------- remove_file() -> [{doc,"Test API function delete/2"}]. @@ -527,52 +544,246 @@ version_option(Config) when is_list(Config) -> %%-------------------------------------------------------------------- create_empty_tar(Config) -> - {ChPid,_} = ?config(sftp,Config), - Handle = ?config(handle,Config), + ChPid2 = ?config(channel_pid2, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write]), erl_tar:close(Handle), + {ChPid,_} = ?config(sftp,Config), {ok, #file_info{type=regular}} = ssh_sftp:read_file_info(ChPid,fnp(?tar_file_name,Config)). - + %%-------------------------------------------------------------------- files_to_tar(Config) -> - Handle = ?config(handle,Config), - ok = erl_tar:add(Handle, fn("f1.txt",Config), "f1.txt", []), - ok = erl_tar:add(Handle, fn("f2.txt",Config), "f2.txt", []), + ChPid2 = ?config(channel_pid2, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write]), + ok = erl_tar:add(Handle, fn("f1.txt",Config), "f1.txt", [verbose]), + ok = erl_tar:add(Handle, fn("f2.txt",Config), "f2.txt", [verbose]), ok = erl_tar:close(Handle), chk_tar(["f1.txt", "f2.txt"], Config). - %%-------------------------------------------------------------------- big_file_to_tar(Config) -> - Handle = ?config(handle,Config), - ok = erl_tar:add(Handle, fn("big.txt",Config), "big.txt", []), + ChPid2 = ?config(channel_pid2, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write]), + ok = erl_tar:add(Handle, fn("big.txt",Config), "big.txt", [verbose]), ok = erl_tar:close(Handle), chk_tar(["big.txt"], Config). %%-------------------------------------------------------------------- files_chunked_to_tar(Config) -> - Handle = ?config(handle,Config), - ok = erl_tar:add(Handle, fn("f1.txt",Config), "f1.txt", [{chunks,2}]), - ok = erl_tar:add(Handle, fn("big.txt",Config), "big.txt", [{chunks,15000}]), + ChPid2 = ?config(channel_pid2, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write]), + ok = erl_tar:add(Handle, fn("f1.txt",Config), "f1.txt", [verbose,{chunks,2}]), ok = erl_tar:close(Handle), - chk_tar(["f1.txt", "big.txt"], Config). + chk_tar(["f1.txt"], Config). %%-------------------------------------------------------------------- directory_to_tar(Config) -> - Handle = ?config(handle,Config), - ok = erl_tar:add(Handle, fn("d1",Config), "d1", []), + ChPid2 = ?config(channel_pid2, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write]), + ok = erl_tar:add(Handle, fn("d1",Config), "d1", [verbose]), ok = erl_tar:close(Handle), - chk_tar(["d1/f1", "d1/f2"], Config). + chk_tar(["d1"], Config). %%-------------------------------------------------------------------- binaries_to_tar(Config) -> - Handle = ?config(handle,Config), + ChPid2 = ?config(channel_pid2, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write]), Bin = <<"A binary">>, - ok = erl_tar:add(Handle, Bin, "b1", []), + ok = erl_tar:add(Handle, Bin, "b1", [verbose]), ok = erl_tar:close(Handle), chk_tar([{"b1",Bin}], Config). +%%-------------------------------------------------------------------- +null_crypto_tar(Config) -> + ChPid2 = ?config(channel_pid2, Config), + Cinit = fun() -> {ok, no_state, _SendSize=5} end, + Cenc = fun(Bin,CState) -> {ok,Bin,CState,_SendSize=5} end, + Cend = fun(Bin,_CState) -> {ok,Bin} end, + C = {Cinit,Cenc,Cend}, + {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write,{crypto,C}]), + Bin = <<"A binary">>, + ok = erl_tar:add(Handle, Bin, "b1", [verbose]), + ok = erl_tar:add(Handle, fn("f1.txt",Config), "f1.txt", [verbose,{chunks,2}]), + ok = erl_tar:add(Handle, fn("big.txt",Config), "big.txt", [verbose,{chunks,15000}]), + ok = erl_tar:close(Handle), + chk_tar([{"b1",Bin}, "f1.txt", "big.txt"], Config). + +%%-------------------------------------------------------------------- +simple_crypto_tar_small(Config) -> + ChPid2 = ?config(channel_pid2, Config), + Cinit = fun() -> {ok, no_state, _Size=6} end, + Cenc = fun(Bin,CState) -> {ok,stuff(Bin),CState,_SendSize=5} end, + Cdec = fun(Bin,CState) -> {ok,unstuff(Bin),CState,_Size=4} end, + Cend = fun(Bin,_CState) -> {ok,stuff(Bin)} end, + C = {Cinit,Cenc,Cend}, + {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write,{crypto,C}]), + Bin = <<"A binary">>, + ok = erl_tar:add(Handle, Bin, "b1", [verbose]), + ok = erl_tar:add(Handle, fn("f1.txt",Config), "f1.txt", [verbose,{chunks,2}]), + ok = erl_tar:close(Handle), + chk_tar([{"b1",Bin}, "f1.txt"], Config, [{crypto,{Cinit,Cdec}}]). + +%%-------------------------------------------------------------------- +simple_crypto_tar_big(Config) -> + ChPid2 = ?config(channel_pid2, Config), + Cinit = fun() -> {ok, no_state, _SendSize=6} end, + Cenc = fun(Bin,CState) -> {ok,stuff(Bin),CState,_SendSize=5} end, + Cdec = fun(Bin,CState) -> {ok,unstuff(Bin),CState,_SendSize=4} end, + Cend = fun(Bin,_CState) -> {ok,stuff(Bin)} end, + C = {Cinit,Cenc,Cend}, + {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write,{crypto,C}]), + Bin = <<"A binary">>, + ok = erl_tar:add(Handle, Bin, "b1", [verbose]), + ok = erl_tar:add(Handle, fn("f1.txt",Config), "f1.txt", [verbose,{chunks,2}]), + ok = erl_tar:add(Handle, fn("big.txt",Config), "big.txt", [verbose,{chunks,15000}]), + ok = erl_tar:close(Handle), + chk_tar([{"b1",Bin}, "f1.txt", "big.txt"], Config, [{crypto,{Cinit,Cdec}}]). + +stuff(Bin) -> << <> || <> <= Bin >>. + +unstuff(Bin) -> << <> || <> <= Bin >>. + +%%-------------------------------------------------------------------- +read_tar(Config) -> + ChPid2 = ?config(channel_pid2, Config), + NameBins = lists:sort( + [{"b1",<<"A binary">>}, + {"b2",list_to_binary(lists:duplicate(750000,"a"))} + ]), + {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write]), + [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) + || {Name,Bin} <- NameBins], + ok = erl_tar:close(HandleWrite), + + chk_tar(NameBins, Config). + +%%-------------------------------------------------------------------- +read_null_crypto_tar(Config) -> + ChPid2 = ?config(channel_pid2, Config), + NameBins = lists:sort( + [{"b1",<<"A binary">>}, + {"b2",list_to_binary(lists:duplicate(750000,"a"))} + ]), + Cinitw = fun() -> {ok, no_state, _SendSize=5} end, + Cinitr = fun() -> {ok, no_state, _FetchSize=42} end, + Cenc = fun(Bin,CState) -> {ok,Bin,CState,_SendSize=42*42} end, + Cdec = fun(Bin,CState) -> {ok,Bin,CState,_FetchSize=19} end, + Cendw = fun(Bin,_CState) -> {ok,Bin} end, + Cw = {Cinitw,Cenc,Cendw}, + Cr = {Cinitr,Cdec}, + + {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write,{crypto,Cw}]), + [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) + || {Name,Bin} <- NameBins], + ok = erl_tar:close(HandleWrite), + + chk_tar(NameBins, Config, [{crypto,Cr}]). + +%%-------------------------------------------------------------------- +read_crypto_tar(Config) -> + ChPid2 = ?config(channel_pid2, Config), + NameBins = lists:sort( + [{"b1",<<"A binary">>}, + {"b2",list_to_binary(lists:duplicate(750000,"a"))} + ]), + Cinitw = fun() -> {ok, no_state, _SendSize=5} end, + Cinitr = fun() -> {ok, no_state, _FetchSize=42} end, + + Cenc = fun(Bin,CState) -> {ok,stuff(Bin),CState,_SendSize=42*42} end, + Cdec = fun(Bin,CState) -> {ok,unstuff(Bin),CState,_FetchSize=120} end, + Cendw = fun(Bin,_CState) -> {ok,stuff(Bin)} end, + Cw = {Cinitw,Cenc,Cendw}, + Cr = {Cinitr,Cdec}, + + {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write,{crypto,Cw}]), + [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) + || {Name,Bin} <- NameBins], + ok = erl_tar:close(HandleWrite), + + chk_tar(NameBins, Config, [{crypto,Cr}]). + +%%-------------------------------------------------------------------- +aes_cbc256_crypto_tar(Config) -> + ChPid2 = ?config(channel_pid2, Config), + NameBins = lists:sort( + [{"b1",<<"A binary">>}, + {"b2",list_to_binary(lists:duplicate(750000,"a"))}, + {"d1",fn("d1",Config)} % Dir + ]), + Key = <<"This is a 256 bit key. Boring...">>, + Ivec0 = crypto:rand_bytes(16), + DataSize = 1024, % data_size rem 16 = 0 for aes_cbc + + Cinitw = fun() -> {ok, Ivec0, DataSize} end, + Cinitr = fun() -> {ok, Ivec0, DataSize} end, + + Cenc = fun(PlainBin,Ivec) -> + CipherBin = crypto:block_encrypt(aes_cbc256, Key, Ivec, PlainBin), + {ok, CipherBin, crypto:next_iv(aes_cbc,CipherBin), DataSize} + end, + Cdec = fun(CipherBin,Ivec) -> + PlainBin = crypto:block_decrypt(aes_cbc256, Key, Ivec, CipherBin), + {ok, PlainBin, crypto:next_iv(aes_cbc,CipherBin), DataSize} + end, + + Cendw = fun(PlainBin, _) when PlainBin == <<>> -> {ok, <<>>}; + (PlainBin, Ivec) -> + CipherBin = crypto:block_encrypt(aes_cbc256, Key, Ivec, + pad(16,PlainBin)), %% Last chunk + {ok, CipherBin} + end, + + Cw = {Cinitw,Cenc,Cendw}, + {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write,{crypto,Cw}]), + [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) || {Name,Bin} <- NameBins], + ok = erl_tar:close(HandleWrite), + + Cr = {Cinitr,Cdec}, + chk_tar(NameBins, Config, [{crypto,Cr}]). + + +pad(BlockSize, Bin) -> + PadSize = (BlockSize - (size(Bin) rem BlockSize)) rem BlockSize, + list_to_binary( lists:duplicate(PadSize,0) ). + +%%-------------------------------------------------------------------- +aes_ctr_stream_crypto_tar(Config) -> + ChPid2 = ?config(channel_pid2, Config), + NameBins = lists:sort( + [{"b1",<<"A binary">>}, + {"b2",list_to_binary(lists:duplicate(750000,"a"))}, + {"d1",fn("d1",Config)} % Dir + ]), + Key = <<"This is a 256 bit key. Boring...">>, + Ivec0 = crypto:rand_bytes(16), + + Cinitw = Cinitr = fun() -> {ok, crypto:stream_init(aes_ctr,Key,Ivec0)} end, + + Cenc = fun(PlainBin,State) -> + {NewState,CipherBin} = crypto:stream_encrypt(State, PlainBin), + {ok, CipherBin, NewState} + end, + Cdec = fun(CipherBin,State) -> + {NewState,PlainBin} = crypto:stream_decrypt(State, CipherBin), + {ok, PlainBin, NewState} + end, + + Cendw = fun(PlainBin, _) when PlainBin == <<>> -> {ok, <<>>}; + (PlainBin, Ivec) -> + CipherBin = crypto:block_encrypt(aes_cbc256, Key, Ivec, + pad(16,PlainBin)), %% Last chunk + {ok, CipherBin} + end, + + Cw = {Cinitw,Cenc,Cendw}, + {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write,{crypto,Cw}]), + [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) || {Name,Bin} <- NameBins], + ok = erl_tar:close(HandleWrite), + + Cr = {Cinitr,Cdec}, + chk_tar(NameBins, Config, [{crypto,Cr}]). + %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- @@ -597,34 +808,82 @@ prep(Config) -> FileInfo#file_info{mode = Mode}). + chk_tar(Items, Config) -> - %% FIXME: ought to check that no more than expected is present... + chk_tar(Items, Config, []). + +chk_tar(Items, Config, Opts) -> + chk_tar(Items, fnp(?tar_file_name,Config), Config, Opts). + +chk_tar(Items, TarFileName, Config, Opts) when is_list(Opts) -> + tar_size(TarFileName, Config), {ChPid,_} = ?config(sftp,Config), - ok = file:set_cwd(?config(priv_dir,Config)), - file:make_dir("tar_chk"), % May already exist - ok = file:set_cwd("tar_chk"), - {ok,Data} = ssh_sftp:read_file(ChPid, fnp(?tar_file_name,Config)), - ok = file:write_file(?tar_file_name, Data), - os:cmd("tar xf "++?tar_file_name), - lists:foreach(fun(Item) -> chk_contents(Item,Config) end, - Items). - - -chk_contents({Name,ExpectBin}, _Config) -> - case file:read_file(Name) of - {ok,ExpectBin} -> - ok; - {ok,OtherBin} -> - ct:log("File: ~p~n Got: ~p~nExpect: ~p",[Name,OtherBin,ExpectBin]), - ct:fail("Bad contents in file ~p",[Name]); - Other -> - ct:log("File: ~p~nOther: ~p",[Name,Other]), - ct:fail("Error reading of file ~p",[Name]) - end; -chk_contents(Name, Config) -> - {ok,Bin} = file:read_file(fn(Name,Config)), - chk_contents({Name,Bin}, Config). + {ok,HandleRead} = ssh_sftp:open_tar(ChPid, TarFileName, [read|Opts]), + {ok,NameValueList} = erl_tar:extract(HandleRead,[memory,verbose]), + ok = erl_tar:close(HandleRead), + case {lists:sort(expand_items(Items,Config)), lists:sort(NameValueList)} of + {L,L} -> + true; + {Expect,Actual} -> + ct:log("Expect: ~p",[Expect]), ct:log("Actual: ~p",[Actual]), + case erl_tar:table(TarFileName) of + {ok,Names} -> ct:log("names: ~p",[Names]); + Other -> ct:log("~p",[Other]) + end, + ct:log("~s",[analyze_report(Expect, Actual)]), + ct:fail(bad_tar_contents) + end. +analyze_report([E={NameE,BinE}|Es], [A={NameA,BinA}|As]) -> + if + NameE == NameA, + BinE =/= BinA-> + [["Component ",NameE," differs. \n Expected: ",BinE,"\n Actual: ",BinA,"\n\n"] + | analyze_report(Es,As)]; + + NameE < NameA -> + [["Component ",NameE," is missing.\n\n"] + | analyze_report(Es,[A|As])]; + + NameE > NameA -> + [["Component ",NameA," is not expected.\n\n"] + | analyze_report([E|Es],As)]; + true -> + analyze_report(Es, As) + end; +analyze_report([{NameE,_BinE}|Es], []) -> + [["Component ",NameE," missing.\n\n"] | analyze_report(Es,[])]; +analyze_report([], [{NameA,_BinA}|As]) -> + [["Component ",NameA," not expected.\n\n"] | analyze_report([],As)]; +analyze_report([], []) -> + "". + +tar_size(TarFileName, Config) -> + {ChPid,_} = ?config(sftp,Config), + {ok,Data} = ssh_sftp:read_file(ChPid, TarFileName), + io:format('Tar file ~p is~n ~p bytes.~n',[TarFileName, size(Data)]). + +expand_items(Items, Config) -> + lists:flatten( + [case Item of + {_Name,Bin} when is_binary(Bin) -> + Item; + {Name,FileName} when is_list(FileName) -> + read_item_contents(Name, fn(FileName,Config)); + FileName when is_list(FileName) -> + read_item_contents(FileName, fn(FileName,Config)) + end || Item <- Items]). + +read_item_contents(ItemName, FileName) -> + case file:read_file(FileName) of + {ok,Bin} -> + {ItemName, Bin}; + {error,eisdir} -> + {ok,FileNames} = file:list_dir(FileName), + [read_item_contents(filename:join(ItemName,Name), + filename:join(FileName,Name)) + || Name<-FileNames] + end. fn(Name, Config) -> Dir = ?config(data_dir, Config), -- cgit v1.2.3 From c5a526735109a27d919b340148db6a5a99f9ad09 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 25 Nov 2014 10:52:24 +0100 Subject: ssh: Implements and tests erl_tar read from remote host. --- lib/ssh/doc/src/ssh_sftp.xml | 106 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 100 insertions(+), 6 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index 251f5a4be3..ab111562f9 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -196,19 +196,113 @@ - open_tar(ChannelPid, Path) -> - open_tar(ChannelPid, Path, Timeout) -> {ok, Handle} | {error, Reason} - Open a tar file on the server to which ChannelPid is connected and return a handle + open_tar(ChannelPid, Path, Mode) -> + open_tar(ChannelPid, Path, Mode, Timeout) -> {ok, Handle} | {error, Reason} + Opens a tar file on the server to which ChannelPid is connected and returns a handle ChannelPid = pid() Path = string() + Mode = [read] | [write] | [read,EncryptOpt] | [write,DecryptOpt] + EncryptOpt = {crypto,{InitFun,EncryptFun,CloseFun}} + DecryptOpt = {crypto,{InitFun,DecryptFun}} + InitFun = (fun() -> {ok,CryptoState}) | (fun() -> {ok,CryptoState,ChunkSize}) + CryptoState = any() + ChunkSize = undefined | pos_integer() + EncryptFun = (fun(PlainBin,CryptoState) -> EncryptResult) + EncryptResult = {ok,EncryptedBin,CryptoState} | {ok,EncryptedBin,CryptoState,ChunkSize} + PlainBin = binary() + EncryptedBin = binary() + DecryptFun = (fun(EncryptedBin,CryptoState) -> DecryptResult) + DecryptResult = {ok,PlainBin,CryptoState} | {ok,PlainBin,CryptoState,ChunkSize} + CloseFun = (fun(PlainBin,CryptoState) -> {ok,EncryptedBin}) Timeout = timeout() Reason = term() -

Opens a handle to a tar file on the server, the handle - can be used for remote tar manipulation as defined by the - erl_tar:init/3 function.

+

Opens a handle to a tar file on the server associated with ChannelPid. The handle + can be used for remote tar creation and extraction as defined by the + erl_tar:init/3 function. +

+

An example of writing and then reading a tar file:

+ + {ok,HandleWrite} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [write]), + ok = erl_tar:add(HandleWrite, .... ), + ok = erl_tar:add(HandleWrite, .... ), + ... + ok = erl_tar:add(HandleWrite, .... ), + ok = erl_tar:close(HandleWrite), + + %% And for reading + {ok,HandleRead} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [read]), + {ok,NameValueList} = erl_tar:extract(HandleRead,[memory]), + ok = erl_tar:close(HandleRead), + + +

The crypto mode option is applied to the generated stream of bytes just prior to sending + them to the sftp server. This is intended for encryption but could of course be used for other + purposes. +

+

The InitFun is applied once + prior to any other crypto operation. The returned CryptoState is then folded into + repeated applications of the EncryptFun or DecryptFun. The binary returned + from those Funs are sent further to the remote sftp server. Finally - if doing encryption + - the CloseFun is applied to the last piece of data. The CloseFun is + responsible for padding (if needed) and encryption of that last piece. +

+

The ChunkSize defines the size of the PlainBins that EncodeFun is applied + to. If the ChunkSize is undefined the size of the PlainBins varies because + this is inteded for stream crypto while a fixed ChunkSize is intended for block crypto. It + is possible to change the ChunkSizes in the return from the EncryptFun or + DecryptFun. It is in fact possible to change the value between pos_integer() and + undefined. +

+

The write and read example above can be extended with encryption and decryption:

+ + %% First three parameters depending on which crypto type we select: + Key = <<"This is a 256 bit key. abcdefghi">>, + Ivec0 = crypto:rand_bytes(16), + DataSize = 1024, % DataSize rem 16 = 0 for aes_cbc + + %% Initialization of the CryptoState, in this case it is the Ivector. + InitFun = fun() -> {ok, Ivec0, DataSize} end, + + %% How to encrypt: + EncryptFun = + fun(PlainBin,Ivec) -> + EncryptedBin = crypto:block_encrypt(aes_cbc256, Key, Ivec, PlainBin), + {ok, EncryptedBin, crypto:next_iv(aes_cbc,EncryptedBin)} + end, + + %% What to do with the very last block: + CloseFun = + fun(PlainBin, Ivec) -> + EncryptedBin = crypto:block_encrypt(aes_cbc256, Key, Ivec, + pad(16,PlainBin) %% Last chunk + ), + {ok, EncryptedBin} + end, + + Cw = {InitFun,EncryptFun,CloseFun}, + {ok,HandleWrite} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [write,{crypto,Cw}]), + ok = erl_tar:add(HandleWrite, .... ), + ok = erl_tar:add(HandleWrite, .... ), + ... + ok = erl_tar:add(HandleWrite, .... ), + ok = erl_tar:close(HandleWrite), + + %% And for decryption (in this crypto example we could use the same InitFun + %% as for encryption): + DecryptFun = + fun(EncryptedBin,Ivec) -> + PlainBin = crypto:block_decrypt(aes_cbc256, Key, Ivec, EncryptedBin), + {ok, PlainBin, crypto:next_iv(aes_cbc,EncryptedBin)} + end, + + Cr = {InitFun,DecryptFun}, + {ok,HandleRead} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [read,{crypto,Cw}]), + {ok,NameValueList} = erl_tar:extract(HandleRead,[memory]), + ok = erl_tar:close(HandleRead), + -- cgit v1.2.3 From 1e162434068f1d771cb09c06d944b366b46ac39b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 1 Dec 2014 17:19:20 +0100 Subject: ssh: prepares appup file for release --- lib/ssh/src/ssh.appup.src | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 600c01454c..296c4511f6 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,6 +19,11 @@ {"%VSN%", [ + {"3.1", [{load_module, ssh_sftp, soft_purge, soft_purge, [erl_tar,ssh_xfer]}, + {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, + {load_module, ssh, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_xfer, soft_purge, soft_purge, []} + ]}, {"3.0.7", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_acceptor, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_channel, soft_purge, soft_purge, [ssh_connection_handler]}, @@ -42,6 +47,11 @@ {<<".*">>, [{restart_application, ssh}]} ], [ + {"3.1", [{load_module, ssh_sftp, soft_purge, soft_purge, []}, + {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, + {load_module, ssh, soft_purge, soft_purge, []}, + {load_module, ssh_xfer, soft_purge, soft_purge, []} + ]}, {"3.0.7", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_acceptor, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_channel, soft_purge, soft_purge, [ssh_connection_handler]}, -- cgit v1.2.3 From 34184a1be31c573a08ef7c29e4b9f6a9f939d223 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 2 Dec 2014 10:33:51 +0100 Subject: ssh: Fixes wrong version in appup file --- lib/ssh/src/ssh.appup.src | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 296c4511f6..014363e3f1 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,7 +19,7 @@ {"%VSN%", [ - {"3.1", [{load_module, ssh_sftp, soft_purge, soft_purge, [erl_tar,ssh_xfer]}, + {"3.0.8", [{load_module, ssh_sftp, soft_purge, soft_purge, [erl_tar,ssh_xfer]}, {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, {load_module, ssh, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_xfer, soft_purge, soft_purge, []} @@ -47,7 +47,7 @@ {<<".*">>, [{restart_application, ssh}]} ], [ - {"3.1", [{load_module, ssh_sftp, soft_purge, soft_purge, []}, + {"3.0.8", [{load_module, ssh_sftp, soft_purge, soft_purge, []}, {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, {load_module, ssh, soft_purge, soft_purge, []}, {load_module, ssh_xfer, soft_purge, soft_purge, []} -- cgit v1.2.3 From 95995ef984af43bd3cd0b1a4797e69538de2a26d Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 2 Dec 2014 16:00:57 +0100 Subject: ssh: Add soft upgrade for ptty_alloc --- lib/ssh/src/ssh.appup.src | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 014363e3f1..70f1cc487c 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -19,7 +19,8 @@ {"%VSN%", [ - {"3.0.8", [{load_module, ssh_sftp, soft_purge, soft_purge, [erl_tar,ssh_xfer]}, + {"3.0.8", [{load_module, ssh_connection, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_sftp, soft_purge, soft_purge, [erl_tar,ssh_xfer]}, {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, {load_module, ssh, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_xfer, soft_purge, soft_purge, []} @@ -47,7 +48,8 @@ {<<".*">>, [{restart_application, ssh}]} ], [ - {"3.0.8", [{load_module, ssh_sftp, soft_purge, soft_purge, []}, + {"3.0.8", [{load_module, ssh_connection, soft_purge, soft_purge, [ssh_connection_handler]}, + {load_module, ssh_sftp, soft_purge, soft_purge, []}, {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, {load_module, ssh, soft_purge, soft_purge, []}, {load_module, ssh_xfer, soft_purge, soft_purge, []} -- cgit v1.2.3 From 916742c90667dde5ebb62d9e796de517232ad5fe Mon Sep 17 00:00:00 2001 From: Marcus Arendt Date: Fri, 5 Dec 2014 14:49:13 +0100 Subject: Revert "ssh: Corrected ret val from ssh_connection:subsystem/4." This reverts commit d086394ebd3595d431835af80709977a6c1c7c89. --- lib/ssh/src/ssh_connection.erl | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index 593443e11c..01141622d6 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -107,15 +107,9 @@ shell(ConnectionHandler, ChannelId) -> %% Description: Executes a predefined subsystem. %%-------------------------------------------------------------------- subsystem(ConnectionHandler, ChannelId, SubSystem, TimeOut) -> - case ssh_connection_handler:request(ConnectionHandler, self(), - ChannelId, "subsystem", - true, [?string(SubSystem)], TimeOut) of - success -> success; - failure -> failure; - {error,timeout} -> {error,timeout}; - _ -> failure - end. - + ssh_connection_handler:request(ConnectionHandler, self(), + ChannelId, "subsystem", + true, [?string(SubSystem)], TimeOut). %%-------------------------------------------------------------------- -spec send(pid(), channel_id(), iodata()) -> ok | {error, closed}. -- cgit v1.2.3 From c7e5d33b782d72b9ac9150b1c99b758c7888d3f3 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 8 Dec 2014 12:31:29 +0100 Subject: ssh: Fix .app and .appup --- lib/ssh/src/ssh.app.src | 2 +- lib/ssh/src/ssh.appup.src | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.app.src b/lib/ssh/src/ssh.app.src index 4ad55b34ca..bc01c539e0 100644 --- a/lib/ssh/src/ssh.app.src +++ b/lib/ssh/src/ssh.app.src @@ -40,7 +40,7 @@ {applications, [kernel, stdlib, crypto, public_key]}, {env, []}, {mod, {ssh_app, []}}, - {runtime_dependencies, ["stdlib-2.0","public_key-0.22","kernel-3.0", + {runtime_dependencies, ["stdlib-2.3","public_key-0.22","kernel-3.0", "erts-6.0","crypto-3.3"]}]}. diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 70f1cc487c..8b2780259a 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -1,3 +1,4 @@ +bg %% -*- erlang -*- %% %CopyrightBegin% %% @@ -20,7 +21,7 @@ {"%VSN%", [ {"3.0.8", [{load_module, ssh_connection, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_sftp, soft_purge, soft_purge, [erl_tar,ssh_xfer]}, + {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_xfer]}, {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, {load_module, ssh, soft_purge, soft_purge, [ssh_connection_handler]}, {load_module, ssh_xfer, soft_purge, soft_purge, []} -- cgit v1.2.3 From 89f5c0d57132d4513c715f6e3d5e116b9a544c8f Mon Sep 17 00:00:00 2001 From: Marcus Arendt Date: Tue, 9 Dec 2014 10:27:28 +0100 Subject: revert ssh testcase --- lib/ssh/test/ssh_connection_SUITE.erl | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 553d0f5720..85bd2c75d4 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -37,7 +37,7 @@ all() -> [ {group, openssh}, - start_subsystem_on_closed_channel, + {group, openssh_payload}, interrupted_send, start_shell, start_shell_exec, @@ -286,32 +286,7 @@ ptty_alloc_pixel(Config) when is_list(Config) -> ssh:close(ConnectionRef). %%-------------------------------------------------------------------- -start_subsystem_on_closed_channel(Config) -> - PrivDir = ?config(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, UserDir}, - {password, "morot"}, - {subsystems, [{"echo_n", {ssh_echo_server, [4000000]}}]}]), - - ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_interaction, false}, - {user_dir, UserDir}]), - - {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), - - ok = ssh_connection:close(ConnectionRef, ChannelId), - failure = ssh_connection:subsystem(ConnectionRef, ChannelId, "echo_n", infinity), - - ssh:close(ConnectionRef), - ssh:stop_daemon(Pid). - -%%-------------------------------------------------------------------- interrupted_send() -> [{doc, "Use a subsystem that echos n char and then sends eof to cause a channel exit partway through a large send."}]. -- cgit v1.2.3 From dfacc11a1d131b0b0e8b86970fa169ef7ff3c69b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 9 Dec 2014 11:58:28 +0100 Subject: ssh: Fix syntax error in .appup --- lib/ssh/src/ssh.appup.src | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index 8b2780259a..b2b2994eed 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -1,4 +1,3 @@ -bg %% -*- erlang -*- %% %CopyrightBegin% %% -- cgit v1.2.3 From 7f3486a5ddc02a366f2945dfd009c4a2697a2b98 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 9 Dec 2014 15:21:47 +0100 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 94 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index f3db05192e..3aa61aa9ec 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,100 @@ notes.xml +
Ssh 3.1 + +
Fixed Bugs and Malfunctions + + +

+ Make sure the clean rule for ssh, ssl, eunit and otp_mibs + actually removes generated files.

+

+ Own Id: OTP-12200

+ + +

+ Improved Property Tests (Thanks to Thomas, John and + Tobias at QuviQ)

+

+ Own Id: OTP-12256

+ + +

+ Correct typo of renegotiate that could cause rekeying to + fail

+

+ Own Id: OTP-12277 Aux Id: seq12736

+ + +

+ The {timeout, Timeout} option passed to + ssh_sftp:start_channel was not applied to the early + phases of the SSH protocol. This patch passes the Timeout + through to ssh:connect. In case the timeout occurs during + these phases, {error, timeout} is returned. (Thanks to + Simon Cornish)

+

+ Own Id: OTP-12306

+ + +
+ + +
Improvements and New Features + + +

+ Added API functions ptty_alloc/3 and ptty_alloc/4, to + allocate a pseudo tty.

+

+ Own Id: OTP-11542 Aux Id: seq12493, OTP-11631

+ + +

+ Supports tar file creation on other media than file + systems mounted on the local machine.

+

+ The erl_tar api is extended with + erl_tar:init/3 that enables usage of user provided + media storage routines. A ssh-specific set of such + routines is hidden in the new function + ssh_sftp:open_tar/3 to simplify creating a tar + archive on a remote ssh server.

+

+ A chunked file reading option is added to + erl_tar:add/3,4 to save memory on e.g small + embedded systems. The size of the slices read from a file + in that case can be specified.

+

+ Own Id: OTP-12180 Aux Id: seq12715

+ + +

+ Always send SSH_DISCONNECT protocol messages when peer + sends corrupt messages.

+

+ Own Id: OTP-12185

+ + +

+ Hooks for funs that can change binaries sent to remote + sites from erl_tar for renote tar file creation are + added. See ssh_sftp:open_tar/3,4 for details. The + hooks could also be used to read remote tar files that + need transformation before file extraction.

+

+ Those hooks are intended for encryption and decryption of + tar files. Effort is put into memory, disk and network + resource economy.

+

+ Own Id: OTP-12312 Aux Id: OTP-12180

+ + +
+ +
+
Ssh 3.0.8
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 1ea751ec08fcc5d190b0c2bc3dd455a4dc1feb06 Mon Sep 17 00:00:00 2001 From: Marcus Arendt Date: Wed, 10 Dec 2014 09:34:36 +0100 Subject: fix failed conflict resolution --- lib/ssh/test/ssh_connection_SUITE.erl | 1 - 1 file changed, 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 85bd2c75d4..a73573e7fe 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -37,7 +37,6 @@ all() -> [ {group, openssh}, - {group, openssh_payload}, interrupted_send, start_shell, start_shell_exec, -- cgit v1.2.3 From bb7fb3c31d1939ab39fb14322d11a59bc34d8f42 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Tue, 2 Dec 2014 13:31:37 +0300 Subject: Start using os:getenv/2 fun See #535 Signed-off-by: Peter Lemenkov --- lib/ssh/src/ssh_connection.erl | 10 +--------- lib/ssh/test/ssh_connection_SUITE.erl | 12 ++---------- 2 files changed, 3 insertions(+), 19 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index 01141622d6..454a2d943a 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -194,7 +194,7 @@ ptty_alloc(ConnectionHandler, Channel, Options, TimeOut) -> {Width, PixWidth} = pty_default_dimensions(width, Options), {Hight, PixHight} = pty_default_dimensions(hight, Options), pty_req(ConnectionHandler, Channel, - proplists:get_value(term, Options, default_term()), + proplists:get_value(term, Options, os:getenv("TERM", ?DEFAULT_TERMINAL)), proplists:get_value(width, Options, Width), proplists:get_value(hight, Options, Hight), proplists:get_value(pixel_widh, Options, PixWidth), @@ -1293,11 +1293,3 @@ decode_ip(Addr) when is_binary(Addr) -> {error,_} -> Addr; {ok,A} -> A end. - -default_term() -> - case os:getenv("TERM") of - false -> - ?DEFAULT_TERMINAL; - Str when is_list(Str)-> - Str - end. diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 85bd2c75d4..2420f60c5f 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -269,7 +269,7 @@ ptty_alloc(Config) when is_list(Config) -> {user_interaction, false}]), {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), success = ssh_connection:ptty_alloc(ConnectionRef, ChannelId, - [{term, default_term()}, {width, 70}, {high, 20}]), + [{term, os:getenv("TERM", ?DEFAULT_TERMINAL)}, {width, 70}, {high, 20}]), ssh:close(ConnectionRef). @@ -282,7 +282,7 @@ ptty_alloc_pixel(Config) when is_list(Config) -> {user_interaction, false}]), {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), success = ssh_connection:ptty_alloc(ConnectionRef, ChannelId, - [{term, default_term()}, {pixel_widh, 630}, {pixel_hight, 470}]), + [{term, os:getenv("TERM", ?DEFAULT_TERMINAL)}, {pixel_widh, 630}, {pixel_hight, 470}]), ssh:close(ConnectionRef). %%-------------------------------------------------------------------- @@ -622,11 +622,3 @@ ssh_exec(Cmd) -> spawn(fun() -> io:format(Cmd ++ "\n") end). - -default_term() -> - case os:getenv("TERM") of - false -> - "vt100"; - Str when is_list(Str)-> - Str - end. -- cgit v1.2.3 From 75ca7672b5c7bb07196a3a2b294157479ff4f00a Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 15 Dec 2014 09:54:26 +0100 Subject: ssh: Improve errorhandling in ssh_connection.erl If a channel is closed by the peer while using a function with call semantics in ssh_connection.erl return {error, closed}. Document that the functions can return {error, timeout | closed} and not only ssh_request_status() --- lib/ssh/doc/src/ssh_connection.xml | 14 ++++++++------ lib/ssh/src/ssh_connection.erl | 22 ++++++++++++++-------- lib/ssh/src/ssh_connection_handler.erl | 15 ++++++++++++--- lib/ssh/test/ssh_connection_SUITE.erl | 28 +++++++++++++++++++++++++++- 4 files changed, 61 insertions(+), 18 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_connection.xml b/lib/ssh/doc/src/ssh_connection.xml index ff72cf7ee0..5e2926dfa6 100644 --- a/lib/ssh/doc/src/ssh_connection.xml +++ b/lib/ssh/doc/src/ssh_connection.xml @@ -62,6 +62,7 @@

ssh_request_status() = success | failure

event() = {ssh_cm, ssh_connection_ref(), ssh_event_msg()}

ssh_event_msg() = data_events() | status_events() | terminal_events()

+

reason() = timeout | closed

data_events() @@ -218,7 +219,7 @@ - exec(ConnectionRef, ChannelId, Command, TimeOut) -> ssh_request_status() + exec(ConnectionRef, ChannelId, Command, TimeOut) -> ssh_request_status() | {error, reason()} Request that the server start the execution of the given command. ConnectionRef = ssh_connection_ref() @@ -274,7 +275,8 @@ - ptty_alloc(ConnectionRef, ChannelId, Options, Timeout) -> success | failure + ptty_alloc(ConnectionRef, ChannelId, Options) -> + ptty_alloc(ConnectionRef, ChannelId, Options, Timeout) -> > ssh_request_status() | {error, reason()} Send status replies to requests that want such replies. ConnectionRef = ssh_connection_ref() @@ -374,7 +376,7 @@ session_channel(ConnectionRef, Timeout) -> session_channel(ConnectionRef, InitialWindowSize, - MaxPacketSize, Timeout) -> {ok, ssh_channel_id()} | {error, Reason} + MaxPacketSize, Timeout) -> {ok, ssh_channel_id()} | {error, reason()} Opens a channel for a ssh session. ConnectionRef = ssh_connection_ref() @@ -391,7 +393,7 @@ - setenv(ConnectionRef, ChannelId, Var, Value, TimeOut) -> ssh_request_status() + setenv(ConnectionRef, ChannelId, Var, Value, TimeOut) -> ssh_request_status() | {error, reason()} Environment variables may be passed to the shell/command to be started later. @@ -409,7 +411,7 @@ - shell(ConnectionRef, ChannelId) -> ssh_request_status() + shell(ConnectionRef, ChannelId) -> ssh_request_status() | {error, closed} Requests that the user's default shell (typically defined in /etc/passwd in UNIX systems) shall be executed at the server @@ -426,7 +428,7 @@ - subsystem(ConnectionRef, ChannelId, Subsystem, Timeout) -> ssh_request_status() + subsystem(ConnectionRef, ChannelId, Subsystem, Timeout) -> ssh_request_status() | {error, reason()} ConnectionRef = ssh_connection_ref() diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index 01141622d6..c66f810948 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -56,8 +56,8 @@ %%-------------------------------------------------------------------- %%-------------------------------------------------------------------- --spec session_channel(pid(), timeout()) -> {ok, channel_id()} | {error, term()}. --spec session_channel(pid(), integer(), integer(), timeout()) -> {ok, channel_id()} | {error, term()}. +-spec session_channel(pid(), timeout()) -> {ok, channel_id()} | {error, timeout | closed}. +-spec session_channel(pid(), integer(), integer(), timeout()) -> {ok, channel_id()} | {error, timeout | closed}. %% Description: Opens a channel for a ssh session. A session is a %% remote execution of a program. The program may be a shell, an @@ -81,7 +81,8 @@ session_channel(ConnectionHandler, InitialWindowSize, end. %%-------------------------------------------------------------------- --spec exec(pid(), channel_id(), string(), timeout()) -> success | failure. +-spec exec(pid(), channel_id(), string(), timeout()) -> + success | failure | {error, timeout | closed}. %% Description: Will request that the server start the %% execution of the given command. @@ -101,8 +102,8 @@ shell(ConnectionHandler, ChannelId) -> ssh_connection_handler:request(ConnectionHandler, self(), ChannelId, "shell", false, <<>>, 0). %%-------------------------------------------------------------------- --spec subsystem(pid(), channel_id(), string(), timeout()) -> - success | failure | {error, timeout}. +-spec subsystem(pid(), channel_id(), string(), timeout()) -> + success | failure | {error, timeout | closed}. %% %% Description: Executes a predefined subsystem. %%-------------------------------------------------------------------- @@ -142,7 +143,7 @@ send_eof(ConnectionHandler, Channel) -> ssh_connection_handler:send_eof(ConnectionHandler, Channel). %%-------------------------------------------------------------------- --spec adjust_window(pid(), channel_id(), integer()) -> ok. +-spec adjust_window(pid(), channel_id(), integer()) -> ok | {error, closed}. %% %% %% Description: Adjusts the ssh flowcontrol window. @@ -151,7 +152,8 @@ adjust_window(ConnectionHandler, Channel, Bytes) -> ssh_connection_handler:adjust_window(ConnectionHandler, Channel, Bytes). %%-------------------------------------------------------------------- --spec setenv(pid(), channel_id(), string(), string(), timeout()) -> success | failure. +-spec setenv(pid(), channel_id(), string(), string(), timeout()) -> + success | failure | {error, timeout | closed}. %% %% %% Description: Environment variables may be passed to the shell/command to be @@ -183,7 +185,11 @@ reply_request(_,false, _, _) -> ok. %%-------------------------------------------------------------------- --spec ptty_alloc(pid(), channel_id(), proplists:proplist()) -> success | failiure. +-spec ptty_alloc(pid(), channel_id(), proplists:proplist()) -> + success | failiure | {error, closed}. +-spec ptty_alloc(pid(), channel_id(), proplists:proplist(), timeout()) -> + success | failiure | {error, timeout} | {error, closed}. + %% %% %% Description: Sends a ssh connection protocol pty_req. diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index fdb9d3b3e6..915060c426 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -289,8 +289,13 @@ renegotiate_data(ConnectionHandler) -> -spec close(pid(), channel_id()) -> ok. %%-------------------------------------------------------------------- close(ConnectionHandler, ChannelId) -> - sync_send_all_state_event(ConnectionHandler, {close, ChannelId}). - + case sync_send_all_state_event(ConnectionHandler, {close, ChannelId}) of + ok -> + ok; + {error, closed} -> + ok + end. + %%-------------------------------------------------------------------- -spec stop(pid()) -> ok | {error, term()}. %%-------------------------------------------------------------------- @@ -1204,7 +1209,11 @@ sync_send_all_state_event(FsmPid, Event) -> sync_send_all_state_event(FsmPid, Event, infinity). sync_send_all_state_event(FsmPid, Event, Timeout) -> - try gen_fsm:sync_send_all_state_event(FsmPid, Event, Timeout) + try gen_fsm:sync_send_all_state_event(FsmPid, Event, Timeout) of + {closed, _Channel} -> + {error, closed}; + Result -> + Result catch exit:{noproc, _} -> {error, closed}; diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index a73573e7fe..e3871b3feb 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -45,7 +45,8 @@ all() -> gracefull_invalid_start, gracefull_invalid_long_start, gracefull_invalid_long_start_no_nl, - stop_listener + stop_listener, + start_subsystem_on_closed_channel ]. groups() -> [{openssh, [], payload() ++ ptty()}]. @@ -575,6 +576,31 @@ stop_listener(Config) when is_list(Config) -> ct:fail({unexpected, Error}) end. +start_subsystem_on_closed_channel(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {subsystems, [{"echo_n", {ssh_echo_server, [4000000]}}]}]), + + ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, false}, + {user_dir, UserDir}]), + + {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + + ok = ssh_connection:close(ConnectionRef, ChannelId), + + {error, closed} = ssh_connection:subsystem(ConnectionRef, ChannelId, "echo_n", infinity), + + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). + %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- -- cgit v1.2.3 From f445c0008c389ff06741e5d5a18d6c75861598cf Mon Sep 17 00:00:00 2001 From: Marcus Arendt Date: Fri, 19 Dec 2014 12:30:36 +0100 Subject: fix missing include --- lib/ssh/test/ssh_connection_SUITE.erl | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 2420f60c5f..227cfd20fb 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -21,6 +21,7 @@ -module(ssh_connection_SUITE). -include_lib("common_test/include/ct.hrl"). +-include_lib("ssh/src/ssh_connect.hrl"). -compile(export_all). -- cgit v1.2.3 From 2951ef1745730b1c1ca9af6fa0f3a0b70b13ec7e Mon Sep 17 00:00:00 2001 From: Marcus Arendt Date: Tue, 13 Jan 2015 10:56:13 +0100 Subject: fix doc typos found by Rabbe Fogelholm --- lib/ssh/doc/src/ssh.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 9f5d1c003d..d481a75c9a 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -234,11 +234,11 @@ IP version to use when the host address is specified as any. - + Provides specifications for handling of subsystems. The "sftp" subsystem spec can be retrieved by calling - ssh_sftpd:subsystem_spec/1. If the subsystems option in + ssh_sftpd:subsystem_spec/1. If the subsystems option is not present the value of [ssh_sftpd:subsystem_spec([])] will be used. It is of course possible to set the option to the empty list if -- cgit v1.2.3 From ec49235bde9d250238d8fef27125f0e75cf5d322 Mon Sep 17 00:00:00 2001 From: Marcus Arendt Date: Mon, 19 Jan 2015 09:29:37 +0100 Subject: fix spelling --- lib/ssh/doc/src/using_ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index 9ab71260d3..46178d4018 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -79,7 +79,7 @@

The option user_dir defaults to the users ~/.ssh directory

In the following example we generate new keys and host keys as - to be able to run the example without having root privilages

+ to be able to run the example without having root privileges

$bash> ssh-keygen -t rsa -f /tmp/ssh_daemon/ssh_host_rsa_key -- cgit v1.2.3 From b3069dbb63bcdba437157911763073cbd62d40eb Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 21 Jan 2015 15:33:36 +0100 Subject: ssh: Add handling of sftp v3 flags --- lib/ssh/src/ssh_sftpd.erl | 20 ++++++++++++++--- lib/ssh/test/ssh_sftpd_SUITE.erl | 48 ++++++++++++++++++++++++++++++++++++++-- 2 files changed, 63 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl index 52665635f0..5410bd1925 100644 --- a/lib/ssh/src/ssh_sftpd.erl +++ b/lib/ssh/src/ssh_sftpd.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2013. All Rights Reserved. +%% Copyright Ericsson AB 2005-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -558,7 +558,20 @@ stat(ReqId, RelPath, State0=#state{file_handler=FileMod, {error, E} -> send_status({error, E}, ReqId, State1) end. - +%% sftp v3 +decode_4_open_flag(read) -> + [read]; +decode_4_open_flag(write) -> + [write]; +decode_4_open_flag(append) -> + [append]; +decode_4_open_flag(creat) -> + [write]; +decode_4_open_flag(trunc) -> + [write]; +decode_4_open_flag(excl) -> + [read]; +%% sftp newer decode_4_open_flag(create_new) -> [write]; decode_4_open_flag(create_truncate) -> @@ -608,7 +621,8 @@ open(Vsn, ReqId, Data, State) when Vsn =< 3 -> <> = Data, Path = unicode:characters_to_list(BPath), - Flags = ssh_xfer:decode_open_flags(Vsn, PFlags), + FlagBits = ssh_xfer:decode_open_flags(Vsn, PFlags), + Flags = lists:append(lists:umerge([[decode_4_flags(FlagBits)]])), do_open(ReqId, State, Path, Flags); open(Vsn, ReqId, Data, State) when Vsn >= 4 -> < retrieve_attributes, set_attributes, links, - ver3_rename, + ver3_rename, + ver3_open_flags, relpath, sshd_read_file, ver6_basic]. @@ -193,6 +194,39 @@ open_close_file(Config) when is_list(Config) -> ?ACE4_READ_DATA bor ?ACE4_READ_ATTRIBUTES, ?SSH_FXF_OPEN_EXISTING). +ver3_open_flags() -> + [{doc, "Test open flags"}]. +ver3_open_flags(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + FileName = filename:join(PrivDir, "not_exist.txt"), + {Cm, Channel} = ?config(sftp, Config), + ReqId = 0, + + {ok, <>, _} = + open_file_v3(FileName, Cm, Channel, ReqId, + ?SSH_FXF_CREAT bor ?SSH_FXF_TRUNC), + {ok, <>, _} = close(Handle, ReqId, + Cm, Channel), + + NewFileName = filename:join(PrivDir, "not_exist2.txt"), + NewReqId = ReqId + 1, + {ok, <>, _} = + open_file_v3(NewFileName, Cm, Channel, NewReqId, + ?SSH_FXF_CREAT bor ?SSH_FXF_EXCL), + {ok, <>, _} = close(NewHandle, NewReqId, + Cm, Channel), + + NewFileName1 = filename:join(PrivDir, "test.txt"), + NewReqId1 = NewReqId + 1, + {ok, <>, _} = + open_file_v3(NewFileName1, Cm, Channel, NewReqId1, + ?SSH_FXF_READ bor ?SSH_FXF_WRITE bor ?SSH_FXF_APPEND), + {ok, <>, _} = close(NewHandle1, NewReqId1, + Cm, Channel). + %%-------------------------------------------------------------------- open_close_dir() -> [{doc,"Test SSH_FXP_OPENDIR and SSH_FXP_CLOSE commands"}]. @@ -662,6 +696,16 @@ open_file(File, Cm, Channel, ReqId, Access, Flags) -> ?SSH_FXP_OPEN, Data/binary>>), reply(Cm, Channel). +open_file_v3(File, Cm, Channel, ReqId, Flags) -> + + Data = list_to_binary([?uint32(ReqId), + ?binary(list_to_binary(File)), + ?uint32(Flags), + ?REG_ATTERS]), + Size = 1 + size(Data), + ssh_connection:send(Cm, Channel, <>), + reply(Cm, Channel). close(Handle, ReqId, Cm , Channel) -> -- cgit v1.2.3 From ec6583db02ec4b629c6b6b06119d324daea42225 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 22 Jan 2015 11:57:14 +0100 Subject: ssh: Correct Sftp flag handling Function name was somewhat confusing and when trying to find a better name for it we realised it did not work as intended. --- lib/ssh/src/ssh_sftpd.erl | 120 +++++++++++++++++++++++----------------------- 1 file changed, 59 insertions(+), 61 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl index 5410bd1925..a4e3e46ca3 100644 --- a/lib/ssh/src/ssh_sftpd.erl +++ b/lib/ssh/src/ssh_sftpd.erl @@ -558,71 +558,70 @@ stat(ReqId, RelPath, State0=#state{file_handler=FileMod, {error, E} -> send_status({error, E}, ReqId, State1) end. -%% sftp v3 -decode_4_open_flag(read) -> - [read]; -decode_4_open_flag(write) -> - [write]; -decode_4_open_flag(append) -> - [append]; -decode_4_open_flag(creat) -> - [write]; -decode_4_open_flag(trunc) -> - [write]; -decode_4_open_flag(excl) -> - [read]; -%% sftp newer -decode_4_open_flag(create_new) -> - [write]; -decode_4_open_flag(create_truncate) -> - [write]; -decode_4_open_flag(truncate_existing) -> - [write]; -decode_4_open_flag(open_existing) -> - [read]. - -decode_4_flags([OpenFlag | Flags]) -> - decode_4_flags(Flags, decode_4_open_flag(OpenFlag)). - -decode_4_flags([], Flags) -> - Flags; -decode_4_flags([append_data|R], _Flags) -> - decode_4_flags(R, [append]); -decode_4_flags([append_data_atomic|R], _Flags) -> - decode_4_flags(R, [append]); -decode_4_flags([_|R], Flags) -> - decode_4_flags(R, Flags). - -decode_4_access_flag(read_data) -> - [read]; -decode_4_access_flag(list_directory) -> - [read]; -decode_4_access_flag(write_data) -> - [write]; -decode_4_access_flag(add_file) -> - [write]; -decode_4_access_flag(add_subdirectory) -> - [read]; -decode_4_access_flag(append_data) -> - [append]; -decode_4_access_flag(write_attributes) -> - [write]; -decode_4_access_flag(_) -> - [read]. - -decode_4_acess([_ | _] = Flags) -> + +sftp_to_erlang_flag(read, Vsn) when Vsn == 3; + Vsn == 4 -> + read; +sftp_to_erlang_flag(write, Vsn) when Vsn == 3; + Vsn == 4 -> + write; +sftp_to_erlang_flag(append, Vsn) when Vsn == 3; + Vsn == 4 -> + append; +sftp_to_erlang_flag(creat, Vsn) when Vsn == 3; + Vsn == 4 -> + write; +sftp_to_erlang_flag(trunc, Vsn) when Vsn == 3; + Vsn == 4 -> + write; +sftp_to_erlang_flag(excl, Vsn) when Vsn == 3; + Vsn == 4 -> + read; +sftp_to_erlang_flag(append_data, Vsn) when Vsn > 4 -> + append; +sftp_to_erlang_flag(append_data_atomic, Vsn) when Vsn > 4 -> + append; +sftp_to_erlang_flag(create_new, Vsn) when Vsn > 4 -> + write; +sftp_to_erlang_flag(create_truncate, Vsn) when Vsn > 4 -> + write; +sftp_to_erlang_flag(truncate_existing, Vsn) when Vsn > 4 -> + write; +sftp_to_erlang_flag(open_existing, Vsn) when Vsn > 4 -> + read. + +sftp_to_erlang_flags(Flags, Vsn) -> + lists:map(fun(Flag) -> + sftp_to_erlang_flag(Flag, Vsn) + end, Flags). + +sftp_to_erlang_access_flag(read_data, _) -> + read; +sftp_to_erlang_access_flag(list_directory, _) -> + read; +sftp_to_erlang_access_flag(write_data, _) -> + write; +sftp_to_erlang_access_flag(add_file, _) -> + write; +sftp_to_erlang_access_flag(add_subdirectory, _) -> + read; +sftp_to_erlang_access_flag(append_data, _) -> + append; +sftp_to_erlang_access_flag(write_attributes, _) -> + write; +sftp_to_erlang_access_flag(_, _) -> + read. +sftp_to_erlang_access_flags(Flags, Vsn) -> lists:map(fun(Flag) -> - [decode_4_access_flag(Flag)] - end, Flags); -decode_4_acess([]) -> - []. + sftp_to_erlang_access_flag(Flag, Vsn) + end, Flags). open(Vsn, ReqId, Data, State) when Vsn =< 3 -> <> = Data, Path = unicode:characters_to_list(BPath), FlagBits = ssh_xfer:decode_open_flags(Vsn, PFlags), - Flags = lists:append(lists:umerge([[decode_4_flags(FlagBits)]])), + Flags = lists:usort(sftp_to_erlang_flags(FlagBits, Vsn)), do_open(ReqId, State, Path, Flags); open(Vsn, ReqId, Data, State) when Vsn >= 4 -> <= 4 -> %% it works better than when the Access flags where totally ignored. %% A better solution may need some code refactoring that we do %% not have time for right now. - AcessFlags = decode_4_acess(AcessBits), - Flags = lists:append(lists:umerge( - [[decode_4_flags(FlagBits)] | AcessFlags])), + AcessFlags = sftp_to_erlang_access_flags(AcessBits, Vsn), + Flags = lists:usort(sftp_to_erlang_flags(FlagBits, Vsn) ++ AcessFlags), do_open(ReqId, State, Path, Flags). do_open(ReqId, State0, Path, Flags) -> -- cgit v1.2.3 From 5c1a83668b14ef4288adaf181140f7f325ca407f Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 23 Jan 2015 09:41:05 +0100 Subject: ssh: Add some more flags --- lib/ssh/src/ssh_sftpd.erl | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl index a4e3e46ca3..04ae6b11e2 100644 --- a/lib/ssh/src/ssh_sftpd.erl +++ b/lib/ssh/src/ssh_sftpd.erl @@ -577,17 +577,21 @@ sftp_to_erlang_flag(trunc, Vsn) when Vsn == 3; sftp_to_erlang_flag(excl, Vsn) when Vsn == 3; Vsn == 4 -> read; -sftp_to_erlang_flag(append_data, Vsn) when Vsn > 4 -> - append; -sftp_to_erlang_flag(append_data_atomic, Vsn) when Vsn > 4 -> - append; sftp_to_erlang_flag(create_new, Vsn) when Vsn > 4 -> write; sftp_to_erlang_flag(create_truncate, Vsn) when Vsn > 4 -> write; +sftp_to_erlang_flag(open_existing, Vsn) when Vsn > 4 -> + read; +sftp_to_erlang_flag(open_or_create, Vsn) when Vsn > 4 -> + write; sftp_to_erlang_flag(truncate_existing, Vsn) when Vsn > 4 -> write; -sftp_to_erlang_flag(open_existing, Vsn) when Vsn > 4 -> +sftp_to_erlang_flag(append_data, Vsn) when Vsn > 4 -> + append; +sftp_to_erlang_flag(append_data_atomic, Vsn) when Vsn > 4 -> + append; +sftp_to_erlang_flag(_, _) -> read. sftp_to_erlang_flags(Flags, Vsn) -> @@ -601,12 +605,12 @@ sftp_to_erlang_access_flag(list_directory, _) -> read; sftp_to_erlang_access_flag(write_data, _) -> write; -sftp_to_erlang_access_flag(add_file, _) -> - write; -sftp_to_erlang_access_flag(add_subdirectory, _) -> - read; sftp_to_erlang_access_flag(append_data, _) -> append; +sftp_to_erlang_access_flag(add_subdirectory, _) -> + read; +sftp_to_erlang_access_flag(add_file, _) -> + write; sftp_to_erlang_access_flag(write_attributes, _) -> write; sftp_to_erlang_access_flag(_, _) -> @@ -629,12 +633,10 @@ open(Vsn, ReqId, Data, State) when Vsn >= 4 -> Path = unicode:characters_to_list(BPath), FlagBits = ssh_xfer:decode_open_flags(Vsn, PFlags), AcessBits = ssh_xfer:decode_ace_mask(Access), - %% TODO: This is to make sure the Access flags are not ignored - %% but this should be thought through better. This solution should - %% be considered a hack in order to buy some time. At least - %% it works better than when the Access flags where totally ignored. - %% A better solution may need some code refactoring that we do - %% not have time for right now. + %% TODO: There are still flags that are not + %% fully handled as SSH_FXF_ACCESS_TEXT_MODE and + %% a lot a ACE flags, the later we may not need + %% to understand as they are NFS flags AcessFlags = sftp_to_erlang_access_flags(AcessBits, Vsn), Flags = lists:usort(sftp_to_erlang_flags(FlagBits, Vsn) ++ AcessFlags), do_open(ReqId, State, Path, Flags). -- cgit v1.2.3 From ba3bd714f1c09e8bd8db0253ac18021cfabee28f Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 4 Feb 2015 14:29:58 +0100 Subject: Fix ssh:connect erroneus error msg at timeout --- lib/ssh/src/ssh_connection_handler.erl | 2 +- lib/ssh/test/ssh_basic_SUITE.erl | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 915060c426..68523aa72b 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1711,7 +1711,7 @@ handshake(Pid, Ref, Timeout) -> {error, Reason} after Timeout -> stop(Pid), - {error, Timeout} + {error, timeout} end. start_timeout(_,_, infinity) -> diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 415cb9fc9c..cb1b4ae945 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -723,7 +723,7 @@ ssh_connect_arg4_timeout(_Config) -> %% Wait for client reaction on the connection try: receive - {done, Client, {error,_E}, T0} -> + {done, Client, {error,timeout}, T0} -> Msp = ms_passed(T0, now()), exit(Server,hasta_la_vista___baby), Low = 0.9*Timeout, @@ -733,6 +733,11 @@ ssh_connect_arg4_timeout(_Config) -> Low ok; true -> {fail, "timeout not within limits"} end; + + {done, Client, {error,Other}, _T0} -> + ct:log("Error message \"~p\" from the client is unexpected.",[{error,Other}]), + {fail, "Unexpected error message"}; + {done, Client, {ok,_Ref}, _T0} -> {fail,"ssh-connected ???"} after -- cgit v1.2.3 From af972aaf14a5f53510e692f48f672f7e6805ee6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erland=20Sch=C3=B6nbeck?= Date: Wed, 25 Feb 2015 10:52:56 +0100 Subject: Use new time API and be back-compatible in ssh otp_SUITE: Ignore undefined functions in ssh --- lib/ssh/src/ssh_info.erl | 11 +++++++++-- lib/ssh/test/ssh_basic_SUITE.erl | 36 ++++++++++++++++++++++++++---------- 2 files changed, 35 insertions(+), 12 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl index 9ed598b3ab..e5a8666af0 100644 --- a/lib/ssh/src/ssh_info.erl +++ b/lib/ssh/src/ssh_info.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2014. All Rights Reserved. +%% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -179,7 +179,14 @@ line(Len, Char) -> datetime() -> - {{YYYY,MM,DD}, {H,M,S}} = calendar:now_to_universal_time(now()), + %% Adapt to new OTP 18 erlang time API and be back-compatible + TimeStamp = try + erlang:timestamp() + catch + error:undef -> + erlang:now() + end, + {{YYYY,MM,DD}, {H,M,S}} = calendar:now_to_universal_time(TimeStamp), lists:flatten(io_lib:format('~4w-~2..0w-~2..0w ~2..0w:~2..0w:~2..0w UTC',[YYYY,MM,DD, H,M,S])). diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index cb1b4ae945..094a3a7fc7 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2014. All Rights Reserved. +%% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -715,7 +715,16 @@ ssh_connect_arg4_timeout(_Config) -> %% try to connect with a timeout, but "supervise" it Client = spawn(fun() -> - T0 = now(), + %% Adapt to OTP 18 erlang time API and be back-compatible + T0 = try + erlang:monotonic_time() + catch + error:undef -> + %% Use Erlang system time as monotonic time + {MS, S, US} = erlang:now(), + %%(MS*1000000+S)*1000000+US + {MS, S, US} + end, Rc = ssh:connect("localhost",Port,[],Timeout), ct:log("Client ssh:connect got ~p",[Rc]), Parent ! {done,self(),Rc,T0} @@ -724,11 +733,14 @@ ssh_connect_arg4_timeout(_Config) -> %% Wait for client reaction on the connection try: receive {done, Client, {error,timeout}, T0} -> - Msp = ms_passed(T0, now()), + %%Msp = ms_passed(T0, now()), + Msp = ms_passed(T0), exit(Server,hasta_la_vista___baby), Low = 0.9*Timeout, High = 1.1*Timeout, - ct:log("Timeout limits: ~p--~p, timeout was ~p, expected ~p",[Low,High,Msp,Timeout]), + ct:log("Timeout limits: ~.4f - ~.4f ms, timeout " + "was ~.4f ms, expected ~p ms",[Low,High,Msp,Timeout]), + %%ct:log("Timeout limits: ~p--~p, my timeout was ~p, expected ~p",[Low,High,Msp0,Timeout]), if Low ok; true -> {fail, "timeout not within limits"} @@ -748,12 +760,16 @@ ssh_connect_arg4_timeout(_Config) -> end. -%% Help function -%% N2-N1 -ms_passed(N1={_,_,M1}, N2={_,_,M2}) -> - {0,{0,Min,Sec}} = calendar:time_difference(calendar:now_to_local_time(N1), - calendar:now_to_local_time(N2)), - 1000 * (Min*60 + Sec + (M2-M1)/1000000). +%% Help function, elapsed microseconds since T0 +ms_passed({_,_,_} = T0 ) -> + %% OTP 17 and earlier + timer:now_diff(erlang:now(), T0)/1000; + +ms_passed(T0) -> + %% OTP 18 + erlang:convert_time_resolution(erlang:monotonic_time() - T0, + erlang:time_resolution(), + 1000000)/1000. %%-------------------------------------------------------------------- ssh_connect_negtimeout_parallel(Config) -> ssh_connect_negtimeout(Config,true). -- cgit v1.2.3 From b72b492bd2b0e8e1d28897fb497d7151e30c1dbf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erland=20Sch=C3=B6nbeck?= Date: Mon, 2 Mar 2015 14:42:28 +0100 Subject: Update new time API and be back-compatible in ssh --- lib/ssh/test/ssh_basic_SUITE.erl | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 094a3a7fc7..6f37940f69 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -721,9 +721,7 @@ ssh_connect_arg4_timeout(_Config) -> catch error:undef -> %% Use Erlang system time as monotonic time - {MS, S, US} = erlang:now(), - %%(MS*1000000+S)*1000000+US - {MS, S, US} + erlang:now() end, Rc = ssh:connect("localhost",Port,[],Timeout), ct:log("Client ssh:connect got ~p",[Rc]), @@ -733,14 +731,12 @@ ssh_connect_arg4_timeout(_Config) -> %% Wait for client reaction on the connection try: receive {done, Client, {error,timeout}, T0} -> - %%Msp = ms_passed(T0, now()), Msp = ms_passed(T0), exit(Server,hasta_la_vista___baby), Low = 0.9*Timeout, High = 1.1*Timeout, ct:log("Timeout limits: ~.4f - ~.4f ms, timeout " "was ~.4f ms, expected ~p ms",[Low,High,Msp,Timeout]), - %%ct:log("Timeout limits: ~p--~p, my timeout was ~p, expected ~p",[Low,High,Msp0,Timeout]), if Low ok; true -> {fail, "timeout not within limits"} -- cgit v1.2.3 From aa8f4f23ee08281f06f11b80bbdb27bf1f279521 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erland=20Sch=C3=B6nbeck?= Date: Thu, 5 Mar 2015 15:10:32 +0100 Subject: Update misleading comment in ssh_basic_SUITE --- lib/ssh/test/ssh_basic_SUITE.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 6f37940f69..b449012ffc 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -756,7 +756,7 @@ ssh_connect_arg4_timeout(_Config) -> end. -%% Help function, elapsed microseconds since T0 +%% Help function, elapsed milliseconds since T0 ms_passed({_,_,_} = T0 ) -> %% OTP 17 and earlier timer:now_diff(erlang:now(), T0)/1000; -- cgit v1.2.3 From 6da38730c44a1fc39d651d476b8a23e2cf62c8ea Mon Sep 17 00:00:00 2001 From: "Linus.yuan" Date: Wed, 14 Jan 2015 23:19:03 +0800 Subject: Add client example for using the SSH module --- lib/ssh/examples/Makefile | 5 ++-- lib/ssh/examples/ssh_device.erl | 62 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 lib/ssh/examples/ssh_device.erl (limited to 'lib/ssh') diff --git a/lib/ssh/examples/Makefile b/lib/ssh/examples/Makefile index de019f75b5..9280c42076 100644 --- a/lib/ssh/examples/Makefile +++ b/lib/ssh/examples/Makefile @@ -1,7 +1,7 @@ # # %CopyrightBegin% # -# Copyright Ericsson AB 2005-2012. All Rights Reserved. +# Copyright Ericsson AB 2005-2015. All Rights Reserved. # # The contents of this file are subject to the Erlang Public License, # Version 1.1, (the "License"); you may not use this file except in @@ -38,7 +38,8 @@ RELSYSDIR = $(RELEASE_PATH)/lib/ssh-$(VSN) MODULES = \ - ssh_sample_cli + ssh_sample_cli \ + ssh_device.erl ERL_FILES= $(MODULES:=.erl) diff --git a/lib/ssh/examples/ssh_device.erl b/lib/ssh/examples/ssh_device.erl new file mode 100644 index 0000000000..f6be812915 --- /dev/null +++ b/lib/ssh/examples/ssh_device.erl @@ -0,0 +1,62 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2005-2015. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +-module(ssh_device). + +%% api +-export([ssh_device/5]). + +%%% I wrote this because of i think a fully ssh client sample will be easy to start the ssh module better than +%%% go though each function file. +ssh_device(Host, Port, User, Pass, Cmd) -> + ssh:start(), + case ssh:connect(Host, Port, + [{user, User}, {password, Pass}, + {silently_accept_hosts, true}, {quiet_mode, true}]) + of + {ok, Conn} -> + {ok, ChannelId} = ssh_connection:session_channel(Conn, + infinity), + ssh_connection:exec(Conn, ChannelId, Cmd, infinity), + Init_rep = <<>>, + wait_for_response(Conn, Host, Init_rep), + ssh:close(Conn); + {error, nxdomain} -> + {error,nxdomain} + end. + +%%-------------------------------------------------------------------- +%%% Internal application API +%%-------------------------------------------------------------------- +wait_for_response(Conn, Host, Acc) -> + receive + {ssh_cm, Conn, Msg} -> + case Msg of + {closed, _ChannelId} -> + {ok,Acc}; + {data, _, _, A} -> + Acc2 = <>, + wait_for_response(Conn, Host, Acc2); + _ -> + wait_for_response(Conn, Host, Acc) + end + after + 5000 -> + {error,timeout} + end. -- cgit v1.2.3 From 5319d8df72ff036bd8350cd6f00d34bd3c0d0d4e Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 16 Mar 2015 11:14:43 +0100 Subject: ssh: uppdate version in vsn.mk --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index c8cac3e852..bfebe2c60b 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.1 +SSH_VSN = 3.1.1 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 68f600f7466abca20ab5b2f81ab3c433a2b87064 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erland=20Sch=C3=B6nbeck?= Date: Mon, 16 Mar 2015 15:17:26 +0100 Subject: Revert "Use new time API and be back-compatible in ssh" This reverts commit af972aaf14a5f53510e692f48f672f7e6805ee6d. Conflicts: lib/ssh/test/ssh_basic_SUITE.erl --- lib/ssh/src/ssh_info.erl | 9 +-------- lib/ssh/test/ssh_basic_SUITE.erl | 29 +++++++++-------------------- 2 files changed, 10 insertions(+), 28 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl index e5a8666af0..9a91875894 100644 --- a/lib/ssh/src/ssh_info.erl +++ b/lib/ssh/src/ssh_info.erl @@ -179,14 +179,7 @@ line(Len, Char) -> datetime() -> - %% Adapt to new OTP 18 erlang time API and be back-compatible - TimeStamp = try - erlang:timestamp() - catch - error:undef -> - erlang:now() - end, - {{YYYY,MM,DD}, {H,M,S}} = calendar:now_to_universal_time(TimeStamp), + {{YYYY,MM,DD}, {H,M,S}} = calendar:now_to_universal_time(now()), lists:flatten(io_lib:format('~4w-~2..0w-~2..0w ~2..0w:~2..0w:~2..0w UTC',[YYYY,MM,DD, H,M,S])). diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index b449012ffc..45c03035cb 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -715,14 +715,7 @@ ssh_connect_arg4_timeout(_Config) -> %% try to connect with a timeout, but "supervise" it Client = spawn(fun() -> - %% Adapt to OTP 18 erlang time API and be back-compatible - T0 = try - erlang:monotonic_time() - catch - error:undef -> - %% Use Erlang system time as monotonic time - erlang:now() - end, + T0 = now(), Rc = ssh:connect("localhost",Port,[],Timeout), ct:log("Client ssh:connect got ~p",[Rc]), Parent ! {done,self(),Rc,T0} @@ -731,12 +724,13 @@ ssh_connect_arg4_timeout(_Config) -> %% Wait for client reaction on the connection try: receive {done, Client, {error,timeout}, T0} -> - Msp = ms_passed(T0), + Msp = ms_passed(T0, now()), exit(Server,hasta_la_vista___baby), Low = 0.9*Timeout, High = 1.1*Timeout, ct:log("Timeout limits: ~.4f - ~.4f ms, timeout " "was ~.4f ms, expected ~p ms",[Low,High,Msp,Timeout]), + %%ct:log("Timeout limits: ~p--~p, my timeout was ~p, expected ~p",[Low,High,Msp0,Timeout]), if Low ok; true -> {fail, "timeout not within limits"} @@ -755,17 +749,12 @@ ssh_connect_arg4_timeout(_Config) -> {fail, "Didn't timeout"} end. - -%% Help function, elapsed milliseconds since T0 -ms_passed({_,_,_} = T0 ) -> - %% OTP 17 and earlier - timer:now_diff(erlang:now(), T0)/1000; - -ms_passed(T0) -> - %% OTP 18 - erlang:convert_time_resolution(erlang:monotonic_time() - T0, - erlang:time_resolution(), - 1000000)/1000. +%% Help function +%% N2-N1 +ms_passed(N1={_,_,M1}, N2={_,_,M2}) -> + {0,{0,Min,Sec}} = calendar:time_difference(calendar:now_to_local_time(N1), + calendar:now_to_local_time(N2)), + 1000 * (Min*60 + Sec + (M2-M1)/1000000). %%-------------------------------------------------------------------- ssh_connect_negtimeout_parallel(Config) -> ssh_connect_negtimeout(Config,true). -- cgit v1.2.3 From e4416aba1c71f3d5d02450ebe8d818493b984030 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erland=20Sch=C3=B6nbeck?= Date: Mon, 2 Mar 2015 09:33:00 +0100 Subject: Use new time API and be back-compatible in ssh Conflicts: lib/ssh/test/ssh_basic_SUITE.erl --- lib/ssh/src/ssh_info.erl | 12 ++++++++++-- lib/ssh/test/ssh_basic_SUITE.erl | 33 +++++++++++++++++++++++---------- 2 files changed, 33 insertions(+), 12 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl index 9ed598b3ab..e23ee836d5 100644 --- a/lib/ssh/src/ssh_info.erl +++ b/lib/ssh/src/ssh_info.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2014. All Rights Reserved. +%% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -25,6 +25,7 @@ -module(ssh_info). -compile(export_all). +-compile([{nowarn_deprecated_function,{erlang,now,0}}]). print() -> try supervisor:which_children(ssh_sup) @@ -179,7 +180,14 @@ line(Len, Char) -> datetime() -> - {{YYYY,MM,DD}, {H,M,S}} = calendar:now_to_universal_time(now()), + %% Adapt to new OTP 18 erlang time API and be back-compatible + TimeStamp = try + erlang:timestamp() + catch + error:undef -> + erlang:now() + end, + {{YYYY,MM,DD}, {H,M,S}} = calendar:now_to_universal_time(TimeStamp), lists:flatten(io_lib:format('~4w-~2..0w-~2..0w ~2..0w:~2..0w:~2..0w UTC',[YYYY,MM,DD, H,M,S])). diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 415cb9fc9c..64d4d6acee 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2014. All Rights Reserved. +%% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -26,6 +26,7 @@ %% Note: This directive should only be used in test suites. -compile(export_all). +-compile([{nowarn_deprecated_function,{erlang,now,0}}]). -define(NEWLINE, <<"\r\n">>). @@ -715,7 +716,14 @@ ssh_connect_arg4_timeout(_Config) -> %% try to connect with a timeout, but "supervise" it Client = spawn(fun() -> - T0 = now(), + %% Adapt to OTP 18 erlang time API and be back-compatible + T0 = try + erlang:monotonic_time() + catch + error:undef -> + %% Use Erlang system time as monotonic time + erlang:now() + end, Rc = ssh:connect("localhost",Port,[],Timeout), ct:log("Client ssh:connect got ~p",[Rc]), Parent ! {done,self(),Rc,T0} @@ -724,11 +732,12 @@ ssh_connect_arg4_timeout(_Config) -> %% Wait for client reaction on the connection try: receive {done, Client, {error,_E}, T0} -> - Msp = ms_passed(T0, now()), + Msp = ms_passed(T0), exit(Server,hasta_la_vista___baby), Low = 0.9*Timeout, High = 1.1*Timeout, - ct:log("Timeout limits: ~p--~p, timeout was ~p, expected ~p",[Low,High,Msp,Timeout]), + ct:log("Timeout limits: ~.4f - ~.4f ms, timeout " + "was ~.4f ms, expected ~p ms",[Low,High,Msp,Timeout]), if Low ok; true -> {fail, "timeout not within limits"} @@ -743,12 +752,16 @@ ssh_connect_arg4_timeout(_Config) -> end. -%% Help function -%% N2-N1 -ms_passed(N1={_,_,M1}, N2={_,_,M2}) -> - {0,{0,Min,Sec}} = calendar:time_difference(calendar:now_to_local_time(N1), - calendar:now_to_local_time(N2)), - 1000 * (Min*60 + Sec + (M2-M1)/1000000). +%% Help function, elapsed microseconds since T0 +ms_passed({_,_,_} = T0 ) -> + %% OTP 17 and earlier + timer:now_diff(erlang:now(), T0)/1000; + +ms_passed(T0) -> + %% OTP 18 + erlang:convert_time_unit(erlang:monotonic_time() - T0, + native, + micro_seconds)/1000. %%-------------------------------------------------------------------- ssh_connect_negtimeout_parallel(Config) -> ssh_connect_negtimeout(Config,true). -- cgit v1.2.3 From 0fd30aa5c434dab38d0aa39a3ab7899c7e89dd9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erland=20Sch=C3=B6nbeck?= Date: Tue, 24 Mar 2015 10:07:17 +0100 Subject: ssh: Use new time API --- lib/ssh/src/ssh_info.erl | 2 +- lib/ssh/test/ssh_basic_SUITE.erl | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl index 9a91875894..eae9ded5c6 100644 --- a/lib/ssh/src/ssh_info.erl +++ b/lib/ssh/src/ssh_info.erl @@ -179,7 +179,7 @@ line(Len, Char) -> datetime() -> - {{YYYY,MM,DD}, {H,M,S}} = calendar:now_to_universal_time(now()), + {{YYYY,MM,DD}, {H,M,S}} = calendar:now_to_universal_time(erlang:timestamp()), lists:flatten(io_lib:format('~4w-~2..0w-~2..0w ~2..0w:~2..0w:~2..0w UTC',[YYYY,MM,DD, H,M,S])). diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 48a6627e0f..4c5498dc0e 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -715,7 +715,7 @@ ssh_connect_arg4_timeout(_Config) -> %% try to connect with a timeout, but "supervise" it Client = spawn(fun() -> - T0 = now(), + T0 = erlang:monotonic_time(), Rc = ssh:connect("localhost",Port,[],Timeout), ct:log("Client ssh:connect got ~p",[Rc]), Parent ! {done,self(),Rc,T0} @@ -724,7 +724,7 @@ ssh_connect_arg4_timeout(_Config) -> %% Wait for client reaction on the connection try: receive {done, Client, {error,timeout}, T0} -> - Msp = ms_passed(T0, now()), + Msp = ms_passed(T0), exit(Server,hasta_la_vista___baby), Low = 0.9*Timeout, High = 1.1*Timeout, @@ -748,12 +748,12 @@ ssh_connect_arg4_timeout(_Config) -> {fail, "Didn't timeout"} end. -%% Help function -%% N2-N1 -ms_passed(N1={_,_,M1}, N2={_,_,M2}) -> - {0,{0,Min,Sec}} = calendar:time_difference(calendar:now_to_local_time(N1), - calendar:now_to_local_time(N2)), - 1000 * (Min*60 + Sec + (M2-M1)/1000000). +%% Help function, elapsed milliseconds since T0 +ms_passed(T0) -> + %% OTP 18 + erlang:convert_time_unit(erlang:monotonic_time() - T0, + native, + micro_seconds) / 1000. %%-------------------------------------------------------------------- ssh_connect_negtimeout_parallel(Config) -> ssh_connect_negtimeout(Config,true). -- cgit v1.2.3 From 62870c998955e1498e71bfc90607885e96ecaa27 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 31 Mar 2015 12:24:04 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ lib/ssh/vsn.mk | 2 +- 2 files changed, 45 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 3aa61aa9ec..f22bca36f4 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,50 @@ notes.xml +
Ssh 3.2 + +
Fixed Bugs and Malfunctions + + +

+ If a channel is closed by the peer while using a function + with call semantics in ssh_connection.erl return {error, + closed}. Document that the functions can return {error, + timeout | closed} and not only ssh_request_status()

+

+ Own Id: OTP-12004

+ + +

+ Bug that causes ssh:connect to return + {error,int()} instead of {error,timeout} + when ssh handshake takes too long time.

+

+ Own Id: OTP-12369

+ + +

+ Documentation corrections. (Thanks to Rabbe Fogelholm)

+

+ Own Id: OTP-12399

+ + +
+ + +
Improvements and New Features + + +

+ Example of ssh_connection:exec added.

+

+ Own Id: OTP-12558

+ + +
+ +
+
Ssh 3.1
Fixed Bugs and Malfunctions diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index bfebe2c60b..0d90278977 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.1.1 +SSH_VSN = 3.2 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 0f7e72999e65c293ea421cd931aff4fc60aa647e Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 5 Mar 2015 15:45:02 +0100 Subject: ssh: Remove error report The error report was assumed to only happen if our code was wrongly implemented "internal error". However it would also occur when bad input was recived from the peer, and could hence cause extensive logging on DoS attacks. --- lib/ssh/src/ssh_connection_handler.erl | 7 +++---- lib/ssh/test/ssh_basic_SUITE.erl | 2 +- 2 files changed, 4 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 68523aa72b..1610364287 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2014. All Rights Reserved. +%% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -1241,10 +1241,9 @@ event(Event, StateName, State) -> handle_disconnect(DisconnectMsg, State); throw:{ErrorToDisplay, #ssh_msg_disconnect{} = DisconnectMsg} -> handle_disconnect(DisconnectMsg, State, ErrorToDisplay); - _:Error -> - log_error(Error), + _:_ -> handle_disconnect(#ssh_msg_disconnect{code = error_code(StateName), - description = "Internal error", + description = "Invalid state", language = "en"}, State) end. error_code(key_exchange) -> diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 45c03035cb..9354482b81 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -970,7 +970,7 @@ max_sessions(Config, ParallelLogin, Connect0) when is_function(Connect0,2) -> %% Due to timing the error message may or may not be delivered to %% the "tcp-application" before the socket closed message is recived -check_error("Internal error") -> +check_error("Invalid state") -> ok; check_error("Connection closed") -> ok; -- cgit v1.2.3 From 29a483d4f1eb42e23e30372d14ad69db2e9f33b9 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 23 Mar 2015 12:00:58 +0100 Subject: ssh: Change send_buf implementation from list to queue A queue is the behaviour that we want, so this makes the code easier to understand and more effective. --- lib/ssh/src/ssh_connection.erl | 105 ++++++++++++++++++--------------- lib/ssh/src/ssh_connection_handler.erl | 4 +- 2 files changed, 60 insertions(+), 49 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index c66f810948..e9b4547aef 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2014. All Rights Reserved. +%% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -326,9 +326,7 @@ channel_data(ChannelId, DataType, Data, SendDataType, SendData)} end, SendList), - FlowCtrlMsgs = flow_control(Replies, - Channel, - Cache), + FlowCtrlMsgs = flow_control(Replies, Channel, Cache), {{replies, Replies ++ FlowCtrlMsgs}, Connection}; _ -> gen_fsm:reply(From, {error, closed}), @@ -523,7 +521,9 @@ handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip" = Type, recv_window_size = LWindowSz, recv_packet_size = LPacketSz, send_window_size = RWindowSz, - send_packet_size = RPacketSz}, + send_packet_size = RPacketSz, + send_buf = queue:new() + }, ssh_channel:cache_update(Cache, Channel), OpenConfMsg = channel_open_confirmation_msg(RemoteId, ChannelId, LWindowSz, LPacketSz), @@ -929,6 +929,7 @@ setup_session(#connection{channel_cache = Cache} = Connection0, recv_packet_size = ?DEFAULT_PACKET_SIZE, send_window_size = WindowSize, send_packet_size = PacketSize, + send_buf = queue:new(), remote_id = RemoteId }, ssh_channel:cache_update(Cache, Channel), @@ -1024,63 +1025,71 @@ request_reply_or_data(#channel{local_id = ChannelId, user = ChannelPid}, update_send_window(Channel, _, undefined, #connection{channel_cache = Cache}) -> - do_update_send_window(Channel, Channel#channel.send_buf, Cache); + do_update_send_window(Channel, Cache); -update_send_window(Channel, DataType, Data, +update_send_window(#channel{send_buf = SendBuffer} = Channel, DataType, Data, #connection{channel_cache = Cache}) -> - do_update_send_window(Channel, Channel#channel.send_buf ++ [{DataType, Data}], Cache). + do_update_send_window(Channel#channel{send_buf = queue:in({DataType, Data}, SendBuffer)}, + Cache). -do_update_send_window(Channel0, Buf0, Cache) -> - {Buf1, NewSz, Buf2} = get_window(Buf0, - Channel0#channel.send_packet_size, - Channel0#channel.send_window_size), - - Channel = Channel0#channel{send_window_size = NewSz, send_buf = Buf2}, +do_update_send_window(Channel0, Cache) -> + {SendMsgs, Channel} = get_window(Channel0, []), ssh_channel:cache_update(Cache, Channel), - {Buf1, Channel}. - -get_window(Bs, PSz, WSz) -> - get_window(Bs, PSz, WSz, []). - -get_window(Bs, _PSz, 0, Acc) -> - {lists:reverse(Acc), 0, Bs}; -get_window([B0 = {DataType, Bin} | Bs], PSz, WSz, Acc) -> - BSz = size(Bin), - if BSz =< WSz -> %% will fit into window - if BSz =< PSz -> %% will fit into a packet - get_window(Bs, PSz, WSz-BSz, [B0|Acc]); - true -> %% split into packet size - <> = Bin, - get_window([setelement(2, B0, Bin2) | Bs], - PSz, WSz-PSz, - [{DataType, Bin1}|Acc]) + {SendMsgs, Channel}. + +get_window(#channel{send_window_size = 0 + } = Channel, Acc) -> + {lists:reverse(Acc), Channel}; +get_window(#channel{send_buf = Buffer, + send_packet_size = PacketSize, + send_window_size = WindowSize0 + } = Channel, Acc0) -> + case queue:out(Buffer) of + {{value, {_, Data} = Msg}, NewBuffer} -> + case handle_send_window(Msg, size(Data), PacketSize, WindowSize0, Acc0) of + {WindowSize, Acc, {_, <<>>}} -> + {lists:reverse(Acc), Channel#channel{send_window_size = WindowSize, + send_buf = NewBuffer}}; + {WindowSize, Acc, Rest} -> + get_window(Channel#channel{send_window_size = WindowSize, + send_buf = queue:in_r(Rest, NewBuffer)}, Acc) end; - WSz =< PSz -> %% use rest of window - <> = Bin, - get_window([setelement(2, B0, Bin2) | Bs], - PSz, WSz-WSz, - [{DataType, Bin1}|Acc]); - true -> %% use packet size - <> = Bin, - get_window([setelement(2, B0, Bin2) | Bs], - PSz, WSz-PSz, - [{DataType, Bin1}|Acc]) + {empty, NewBuffer} -> + {[], Channel#channel{send_buf = NewBuffer}} + end. + +handle_send_window(Msg = {Type, Data}, Size, PacketSize, WindowSize, Acc) when Size =< WindowSize -> + case Size =< PacketSize of + true -> + {WindowSize - Size, [Msg | Acc], {Type, <<>>}}; + false -> + <> = Data, + {WindowSize - PacketSize, [{Type, Msg1} | Acc], {Type, Msg2}} end; -get_window([], _PSz, WSz, Acc) -> - {lists:reverse(Acc), WSz, []}. +handle_send_window({Type, Data}, _, PacketSize, WindowSize, Acc) when WindowSize =< PacketSize -> + <> = Data, + {WindowSize - WindowSize, [{Type, Msg1} | Acc], {Type, Msg2}}; +handle_send_window({Type, Data}, _, PacketSize, WindowSize, Acc) -> + <> = Data, + {WindowSize - PacketSize, [{Type, Msg1} | Acc], {Type, Msg2}}. flow_control(Channel, Cache) -> flow_control([window_adjusted], Channel, Cache). - + flow_control([], Channel, Cache) -> ssh_channel:cache_update(Cache, Channel), []; - flow_control([_|_], #channel{flow_control = From, - send_buf = []} = Channel, Cache) when From =/= undefined -> - [{flow_control, Cache, Channel, From, ok}]; + send_buf = Buffer} = Channel, Cache) when From =/= undefined -> + case queue:is_empty(Buffer) of + true -> + ssh_channel:cache_update(Cache, Channel#channel{flow_control = undefined}), + [{flow_control, Cache, Channel, From, ok}]; + false -> + [] + end; flow_control(_,_,_) -> - []. + []. pty_req(ConnectionHandler, Channel, Term, Width, Height, PixWidth, PixHeight, PtyOpts, TimeOut) -> diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 1610364287..e1f2e059e8 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -751,7 +751,9 @@ handle_sync_event({open, ChannelPid, Type, InitialWindowSize, MaxPacketSize, Dat user = ChannelPid, local_id = ChannelId, recv_window_size = InitialWindowSize, - recv_packet_size = MaxPacketSize}, + recv_packet_size = MaxPacketSize, + send_buf = queue:new() + }, ssh_channel:cache_update(Cache, Channel), State = add_request(true, ChannelId, From, State2), start_timeout(ChannelId, From, Timeout), -- cgit v1.2.3 From 9610d69586cbc54cc6068d2d736d5c47d9acce03 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 1 Apr 2015 10:01:05 +0200 Subject: ssh: Add {active, false} to ssh listen socket The ssh acceptor process listens for connections and spawns a process to handle each new connection that it accepts. The ownership of the accepted socket will be transfered to the new process that will handle the incomming messages. Before the ownership is transfered the socket should be in {active, false} or the acceptor process may receive data aimed for the connection. As the accept socket inherits the listen options we set {active, false} there. --- lib/ssh/src/ssh_acceptor.erl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index 6c443eeb9c..34988f17b6 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -43,7 +43,7 @@ start_link(Port, Address, SockOpts, Opts, AcceptTimeout) -> acceptor_init(Parent, Port, Address, SockOpts, Opts, AcceptTimeout) -> {_, Callback, _} = proplists:get_value(transport, Opts, {tcp, gen_tcp, tcp_closed}), - case (catch do_socket_listen(Callback, Port, SockOpts)) of + case (catch do_socket_listen(Callback, Port, [{active, false} | SockOpts])) of {ok, ListenSocket} -> proc_lib:init_ack(Parent, {ok, self()}), acceptor_loop(Callback, -- cgit v1.2.3 From bdd146390f1a69251f386ea86c72fb8859de4ec1 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 2 Apr 2015 14:48:24 +0200 Subject: ssh: Add ssh_info:print/1 to write onto a file descriptor --- lib/ssh/src/ssh_info.erl | 146 +++++++++++++++++++++++++---------------------- 1 file changed, 77 insertions(+), 69 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl index 9a91875894..30df32c4fd 100644 --- a/lib/ssh/src/ssh_info.erl +++ b/lib/ssh/src/ssh_info.erl @@ -27,18 +27,21 @@ -compile(export_all). print() -> + print(user). + +print(D) -> try supervisor:which_children(ssh_sup) of _ -> - io:nl(), - print_general(), - io:nl(), - underline("Client part", $=), - print_clients(), - io:nl(), - underline("Server part", $=), - print_servers(), - io:nl(), + io:nl(D), + print_general(D), + io:nl(D), + underline(D, "Client part", $=), + print_clients(D), + io:nl(D), + underline(D, "Server part", $=), + print_servers(D), + io:nl(D), %% case os:type() of %% {unix,_} -> %% io:nl(), @@ -50,90 +53,95 @@ print() -> %% catch io:format(os:cmd("netstat -tpn")); %% _ -> ok %% end, - underline("Supervisors", $=), - walk_sups(ssh_sup), - io:nl() + underline(D, "Supervisors", $=), + walk_sups(D, ssh_sup), + io:nl(D) catch _:_ -> - io:format("Ssh not found~n",[]) + io:format(D,"Ssh not found~n",[]) end. %%%================================================================ -print_general() -> +print_general(D) -> {_Name, Slogan, Ver} = lists:keyfind(ssh,1,application:which_applications()), - underline(io_lib:format("~s ~s", [Slogan, Ver]), $=), - io:format('This printout is generated ~s. ~n',[datetime()]). + underline(D, io_lib:format("~s ~s", [Slogan, Ver]), $=), + io:format(D, 'This printout is generated ~s. ~n',[datetime()]). %%%================================================================ -print_clients() -> +print_clients(D) -> + PrintClient = fun(X) -> print_client(D,X) end, try - lists:foreach(fun print_client/1, supervisor:which_children(sshc_sup)) + lists:foreach(PrintClient, supervisor:which_children(sshc_sup)) catch C:E -> - io:format('***FAILED: ~p:~p~n',[C,E]) + io:format(D, '***FAILED: ~p:~p~n',[C,E]) end. -print_client({undefined,Pid,supervisor,[ssh_connection_handler]}) -> +print_client(D, {undefined,Pid,supervisor,[ssh_connection_handler]}) -> {{Local,Remote},_Str} = ssh_connection_handler:get_print_info(Pid), - io:format(" Local=~s Remote=~s~n",[fmt_host_port(Local),fmt_host_port(Remote)]); -print_client(Other) -> - io:format(" [[Other 1: ~p]]~n",[Other]). + io:format(D, " Local=~s Remote=~s~n",[fmt_host_port(Local),fmt_host_port(Remote)]); +print_client(D, Other) -> + io:format(D, " [[Other 1: ~p]]~n",[Other]). %%%================================================================ -print_servers() -> +print_servers(D) -> + PrintServer = fun(X) -> print_server(D,X) end, try - lists:foreach(fun print_server/1, supervisor:which_children(sshd_sup)) + lists:foreach(PrintServer, supervisor:which_children(sshd_sup)) catch C:E -> - io:format('***FAILED: ~p:~p~n',[C,E]) + io:format(D, '***FAILED: ~p:~p~n',[C,E]) end. -print_server({{server,ssh_system_sup,LocalHost,LocalPort},Pid,supervisor,[ssh_system_sup]}) when is_pid(Pid) -> - io:format('Local=~s (~p children)~n',[fmt_host_port({LocalHost,LocalPort}), - ssh_acceptor:number_of_connections(Pid)]), - lists:foreach(fun print_system_sup/1, supervisor:which_children(Pid)); -print_server(Other) -> - io:format(" [[Other 2: ~p]]~n",[Other]). +print_server(D, {{server,ssh_system_sup,LocalHost,LocalPort},Pid,supervisor,[ssh_system_sup]}) when is_pid(Pid) -> + io:format(D, 'Local=~s (~p children)~n',[fmt_host_port({LocalHost,LocalPort}), + ssh_acceptor:number_of_connections(Pid)]), + PrintSystemSup = fun(X) -> print_system_sup(D,X) end, + lists:foreach(PrintSystemSup, supervisor:which_children(Pid)); +print_server(D, Other) -> + io:format(D, " [[Other 2: ~p]]~n",[Other]). -print_system_sup({Ref,Pid,supervisor,[ssh_subsystem_sup]}) when is_reference(Ref), +print_system_sup(D, {Ref,Pid,supervisor,[ssh_subsystem_sup]}) when is_reference(Ref), is_pid(Pid) -> - lists:foreach(fun print_channels/1, supervisor:which_children(Pid)); -print_system_sup({{ssh_acceptor_sup,LocalHost,LocalPort}, Pid,supervisor, [ssh_acceptor_sup]}) when is_pid(Pid) -> - io:format(" [Acceptor for ~s]~n",[fmt_host_port({LocalHost,LocalPort})]); -print_system_sup(Other) -> - io:format(" [[Other 3: ~p]]~n",[Other]). - -print_channels({{server,ssh_channel_sup,_,_},Pid,supervisor,[ssh_channel_sup]}) when is_pid(Pid) -> - lists:foreach(fun print_channel/1, supervisor:which_children(Pid)); -print_channels(Other) -> - io:format(" [[Other 4: ~p]]~n",[Other]). - - -print_channel({Ref,Pid,worker,[ssh_channel]}) when is_reference(Ref), - is_pid(Pid) -> + PrintChannels = fun(X) -> print_channels(D,X) end, + lists:foreach(PrintChannels, supervisor:which_children(Pid)); +print_system_sup(D, {{ssh_acceptor_sup,LocalHost,LocalPort}, Pid,supervisor, [ssh_acceptor_sup]}) when is_pid(Pid) -> + io:format(D, " [Acceptor for ~s]~n",[fmt_host_port({LocalHost,LocalPort})]); +print_system_sup(D, Other) -> + io:format(D, " [[Other 3: ~p]]~n",[Other]). + +print_channels(D, {{server,ssh_channel_sup,_,_},Pid,supervisor,[ssh_channel_sup]}) when is_pid(Pid) -> + PrintChannel = fun(X) -> print_channel(D,X) end, + lists:foreach(PrintChannel, supervisor:which_children(Pid)); +print_channels(D, Other) -> + io:format(D, " [[Other 4: ~p]]~n",[Other]). + + +print_channel(D, {Ref,Pid,worker,[ssh_channel]}) when is_reference(Ref), + is_pid(Pid) -> {{ConnManager,ChannelID}, Str} = ssh_channel:get_print_info(Pid), {{Local,Remote},StrM} = ssh_connection_handler:get_print_info(ConnManager), - io:format(' ch ~p: ~s ~s',[ChannelID, StrM, Str]), - io:format(" Local=~s Remote=~s~n",[fmt_host_port(Local),fmt_host_port(Remote)]); -print_channel(Other) -> - io:format(" [[Other 5: ~p]]~n",[Other]). + io:format(D, ' ch ~p: ~s ~s',[ChannelID, StrM, Str]), + io:format(D, " Local=~s Remote=~s~n",[fmt_host_port(Local),fmt_host_port(Remote)]); +print_channel(D, Other) -> + io:format(D, " [[Other 5: ~p]]~n",[Other]). %%%================================================================ -define(inc(N), (N+4)). -walk_sups(StartPid) -> - io:format("Start at ~p, ~s.~n",[StartPid,dead_or_alive(StartPid)]), - walk_sups(children(StartPid), _Indent=?inc(0)). +walk_sups(D, StartPid) -> + io:format(D, "Start at ~p, ~s.~n",[StartPid,dead_or_alive(StartPid)]), + walk_sups(D, children(StartPid), _Indent=?inc(0)). -walk_sups([H={_,Pid,SupOrWorker,_}|T], Indent) -> - indent(Indent), io:format('~200p ~p is ~s~n',[H,Pid,dead_or_alive(Pid)]), +walk_sups(D, [H={_,Pid,SupOrWorker,_}|T], Indent) -> + indent(D, Indent), io:format(D, '~200p ~p is ~s~n',[H,Pid,dead_or_alive(Pid)]), case SupOrWorker of - supervisor -> walk_sups(children(Pid), ?inc(Indent)); + supervisor -> walk_sups(D, children(Pid), ?inc(Indent)); _ -> ok end, - walk_sups(T, Indent); -walk_sups([], _) -> + walk_sups(D, T, Indent); +walk_sups(_D, [], _) -> ok. dead_or_alive(Name) when is_atom(Name) -> @@ -149,7 +157,7 @@ dead_or_alive(Pid) when is_pid(Pid) -> _ -> "alive" end. -indent(I) -> io:format('~*c',[I,$ ]). +indent(D, I) -> io:format(D,'~*c',[I,$ ]). children(Pid) -> Parent = self(), @@ -166,16 +174,16 @@ children(Pid) -> end. %%%================================================================ -underline(Str) -> - underline(Str, $-). +underline(D, Str) -> + underline(D, Str, $-). -underline(Str, LineChar) -> +underline(D, Str, LineChar) -> Len = lists:flatlength(Str), - io:format('~s~n',[Str]), - line(Len,LineChar). + io:format(D, '~s~n',[Str]), + line(D,Len,LineChar). -line(Len, Char) -> - io:format('~*c~n', [Len,Char]). +line(D, Len, Char) -> + io:format(D, '~*c~n', [Len,Char]). datetime() -> @@ -188,6 +196,6 @@ fmt_host_port({Host,Port}) -> io_lib:format('~s:~p',[Host,Port]). -nyi() -> - io:format('Not yet implemented~n',[]), +nyi(D) -> + io:format(D,'Not yet implemented~n',[]), nyi. -- cgit v1.2.3 From 734506318c49778ff959c0f1f5136543fe8c314b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 2 Apr 2015 14:53:17 +0200 Subject: ssh: fix loop bug for zero maximum_packet_size. A channel could be opened with the 'max packet size' set to 0. The behaviour is not defined in the ssh rfc:s, and openssh does not handle that case in some special way besides looping. The introduced solution just "keep quiet" but removes the eternal loop that caused Erlang to core dump. --- lib/ssh/src/ssh_connection.erl | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index e9b4547aef..e6f2f12fb7 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -1040,6 +1040,9 @@ do_update_send_window(Channel0, Cache) -> get_window(#channel{send_window_size = 0 } = Channel, Acc) -> {lists:reverse(Acc), Channel}; +get_window(#channel{send_packet_size = 0 + } = Channel, Acc) -> + {lists:reverse(Acc), Channel}; get_window(#channel{send_buf = Buffer, send_packet_size = PacketSize, send_window_size = WindowSize0 -- cgit v1.2.3 From 3cf856fb8896dc61a0c6aaaab7f0679f3baf64db Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 7 Apr 2015 17:12:56 +0200 Subject: ssh: Option minimal_remote_max_packet_size and test cases --- lib/ssh/doc/src/ssh.xml | 6 +++ lib/ssh/src/ssh.erl | 5 ++ lib/ssh/src/ssh_connection.erl | 114 ++++++++++++++++++++++++--------------- lib/ssh/test/ssh_basic_SUITE.erl | 60 +++++++++++++++++++++ 4 files changed, 142 insertions(+), 43 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index d481a75c9a..0e7e3848ad 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -338,6 +338,12 @@ + + +

The least maximum packet size that the daemon will accept in channel open requests from the client. The default value is 0. +

+ +

Module implementing the behaviour ssh_server_key_api. diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index eae33e3683..51ad691ba2 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -345,9 +345,14 @@ handle_option([{parallel_login, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([parallel_login|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option({parallel_login,true}) | SshOptions]); +handle_option([{minimal_remote_max_packet_size, _} = Opt|Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, [handle_inet_option(Opt) | SocketOptions], SshOptions). + +handle_ssh_option({minimal_remote_max_packet_size, Value} = Opt) when is_integer(Value), Value >=0 -> + Opt; handle_ssh_option({system_dir, Value} = Opt) when is_list(Value) -> Opt; handle_ssh_option({user_dir, Value} = Opt) when is_list(Value) -> diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index e6f2f12fb7..654b9d4bde 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -468,18 +468,31 @@ handle_msg(#ssh_msg_channel_window_adjust{recipient_channel = ChannelId, handle_msg(#ssh_msg_channel_open{channel_type = "session" = Type, sender_channel = RemoteId, initial_window_size = WindowSz, - maximum_packet_size = PacketSz}, Connection0, server) -> - - try setup_session(Connection0, RemoteId, - Type, WindowSz, PacketSz) of - Result -> - Result - catch _:_ -> + maximum_packet_size = PacketSz}, + #connection{options = SSHopts} = Connection0, + server) -> + MinAcceptedPackSz = proplists:get_value(minimal_remote_max_packet_size, SSHopts, 0), + + if + MinAcceptedPackSz =< PacketSz -> + try setup_session(Connection0, RemoteId, + Type, WindowSz, PacketSz) of + Result -> + Result + catch _:_ -> + FailMsg = channel_open_failure_msg(RemoteId, + ?SSH_OPEN_CONNECT_FAILED, + "Connection refused", "en"), + {{replies, [{connection_reply, FailMsg}]}, + Connection0} + end; + + MinAcceptedPackSz > PacketSz -> FailMsg = channel_open_failure_msg(RemoteId, - ?SSH_OPEN_CONNECT_FAILED, - "Connection refused", "en"), - {{replies, [{connection_reply, FailMsg}]}, - Connection0} + ?SSH_OPEN_ADMINISTRATIVELY_PROHIBITED, + lists:concat(["Maximum packet size below ",MinAcceptedPackSz, + " not supported"]), "en"), + {{replies, [{connection_reply, FailMsg}]}, Connection0} end; handle_msg(#ssh_msg_channel_open{channel_type = "session", @@ -499,43 +512,57 @@ handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip" = Type, initial_window_size = RWindowSz, maximum_packet_size = RPacketSz, data = Data}, - #connection{channel_cache = Cache} = Connection0, server) -> + #connection{channel_cache = Cache, + options = SSHopts} = Connection0, server) -> <> = Data, - case bound_channel(Address, Port, Connection0) of - undefined -> + MinAcceptedPackSz = proplists:get_value(minimal_remote_max_packet_size, SSHopts, 0), + + if + MinAcceptedPackSz =< RPacketSz -> + case bound_channel(Address, Port, Connection0) of + undefined -> + FailMsg = channel_open_failure_msg(RemoteId, + ?SSH_OPEN_CONNECT_FAILED, + "Connection refused", "en"), + {{replies, + [{connection_reply, FailMsg}]}, Connection0}; + ChannelPid -> + {ChannelId, Connection1} = new_channel_id(Connection0), + LWindowSz = ?DEFAULT_WINDOW_SIZE, + LPacketSz = ?DEFAULT_PACKET_SIZE, + Channel = #channel{type = Type, + sys = "none", + user = ChannelPid, + local_id = ChannelId, + recv_window_size = LWindowSz, + recv_packet_size = LPacketSz, + send_window_size = RWindowSz, + send_packet_size = RPacketSz, + send_buf = queue:new() + }, + ssh_channel:cache_update(Cache, Channel), + OpenConfMsg = channel_open_confirmation_msg(RemoteId, ChannelId, + LWindowSz, LPacketSz), + {OpenMsg, Connection} = + reply_msg(Channel, Connection1, + {open, Channel, {forwarded_tcpip, + decode_ip(Address), Port, + decode_ip(Orig), OrigPort}}), + {{replies, [{connection_reply, OpenConfMsg}, + OpenMsg]}, Connection} + end; + + MinAcceptedPackSz > RPacketSz -> FailMsg = channel_open_failure_msg(RemoteId, - ?SSH_OPEN_CONNECT_FAILED, - "Connection refused", "en"), - {{replies, - [{connection_reply, FailMsg}]}, Connection0}; - ChannelPid -> - {ChannelId, Connection1} = new_channel_id(Connection0), - LWindowSz = ?DEFAULT_WINDOW_SIZE, - LPacketSz = ?DEFAULT_PACKET_SIZE, - Channel = #channel{type = Type, - sys = "none", - user = ChannelPid, - local_id = ChannelId, - recv_window_size = LWindowSz, - recv_packet_size = LPacketSz, - send_window_size = RWindowSz, - send_packet_size = RPacketSz, - send_buf = queue:new() - }, - ssh_channel:cache_update(Cache, Channel), - OpenConfMsg = channel_open_confirmation_msg(RemoteId, ChannelId, - LWindowSz, LPacketSz), - {OpenMsg, Connection} = - reply_msg(Channel, Connection1, - {open, Channel, {forwarded_tcpip, - decode_ip(Address), Port, - decode_ip(Orig), OrigPort}}), - {{replies, [{connection_reply, OpenConfMsg}, - OpenMsg]}, Connection} + ?SSH_OPEN_ADMINISTRATIVELY_PROHIBITED, + lists:concat(["Maximum packet size below ",MinAcceptedPackSz, + " not supported"]), "en"), + {{replies, [{connection_reply, FailMsg}]}, Connection0} end; + handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip", sender_channel = RemoteId}, Connection, client) -> @@ -917,7 +944,8 @@ start_channel(Cb, Id, Args, SubSysSup, Exec) -> %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- -setup_session(#connection{channel_cache = Cache} = Connection0, +setup_session(#connection{channel_cache = Cache + } = Connection0, RemoteId, Type, WindowSize, PacketSize) -> {ChannelId, Connection} = new_channel_id(Connection0), diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 9354482b81..81c7b5cd15 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -50,6 +50,8 @@ all() -> double_close, ssh_connect_timeout, ssh_connect_arg4_timeout, + packet_size_zero, + ssh_daemon_minimal_remote_max_packet_size_option, {group, hardening_tests} ]. @@ -756,6 +758,64 @@ ms_passed(N1={_,_,M1}, N2={_,_,M2}) -> calendar:now_to_local_time(N2)), 1000 * (Min*60 + Sec + (M2-M1)/1000000). +%%-------------------------------------------------------------------- +packet_size_zero(Config) -> + SystemDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + + {Server, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {user_passwords, [{"vego", "morot"}]}]), + Conn = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user_interaction, false}, + {user, "vego"}, + {password, "morot"}]), + + {ok,Chan} = ssh_connection:session_channel(Conn, 1000, _MaxPacketSize=0, 60000), + ok = ssh_connection:shell(Conn, Chan), + + ssh:close(Conn), + ssh:stop_daemon(Server), + + receive + {ssh_cm,Conn,{data,Chan,_Type,_Msg1}} = M -> + ct:pal("Got ~p",[M]), + ct:fail(doesnt_obey_max_packet_size_0) + after 5000 -> + ok + end. + +%%-------------------------------------------------------------------- +ssh_daemon_minimal_remote_max_packet_size_option(Config) -> + SystemDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + + {Server, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {user_passwords, [{"vego", "morot"}]}, + {failfun, fun ssh_test_lib:failfun/2}, + {minimal_remote_max_packet_size, 14}]), + Conn = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user_interaction, false}, + {user, "vego"}, + {password, "morot"}]), + + %% Try the limits of the minimal_remote_max_packet_size: + {ok, _ChannelId} = ssh_connection:session_channel(Conn, 100, 14, infinity), + {open_error,_,"Maximum packet size below 14 not supported",_} = + ssh_connection:session_channel(Conn, 100, 13, infinity), + + ssh:close(Conn), + ssh:stop_daemon(Server). + %%-------------------------------------------------------------------- ssh_connect_negtimeout_parallel(Config) -> ssh_connect_negtimeout(Config,true). ssh_connect_negtimeout_sequential(Config) -> ssh_connect_negtimeout(Config,false). -- cgit v1.2.3 From e8447f676b43712477369e8d27bd485217eebb0b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 7 Apr 2015 19:35:42 +0200 Subject: ssh: Change version (vsn.mk) --- lib/ssh/vsn.mk | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 0d90278977..fec8dacab7 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,4 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.2 +SSH_VSN = 3.2.1 APP_VSN = "ssh-$(SSH_VSN)" - -- cgit v1.2.3 From af095b98e089e3a4a5db5012dbdc0d579367a907 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 7 Apr 2015 23:19:11 +0200 Subject: ssh: Reset upgrade instructions to default --- lib/ssh/src/ssh.appup.src | 54 +---------------------------------------------- 1 file changed, 1 insertion(+), 53 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index b2b2994eed..e76c110c04 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -1,7 +1,7 @@ %% -*- erlang -*- %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2014. All Rights Reserved. +%% Copyright Ericsson AB 2004-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -19,61 +19,9 @@ {"%VSN%", [ - {"3.0.8", [{load_module, ssh_connection, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_xfer]}, - {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, - {load_module, ssh, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_xfer, soft_purge, soft_purge, []} - ]}, - {"3.0.7", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_acceptor, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_channel, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_connection, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, - {load_module, ssh_info, soft_purge, soft_purge, []}, - {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_xfer, soft_purge, soft_purge, [ssh_connection_handler]}]}, - {"3.0.6", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_acceptor, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_channel, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_connection, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, - {load_module, ssh_info, soft_purge, soft_purge, []}, - {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_xfer, soft_purge, soft_purge, [ssh_connection_handler]}]}, {<<".*">>, [{restart_application, ssh}]} ], [ - {"3.0.8", [{load_module, ssh_connection, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_sftp, soft_purge, soft_purge, []}, - {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, - {load_module, ssh, soft_purge, soft_purge, []}, - {load_module, ssh_xfer, soft_purge, soft_purge, []} - ]}, - {"3.0.7", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_acceptor, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_channel, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_connection, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, - {load_module, ssh_info, soft_purge, soft_purge, []}, - {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_xfer, soft_purge, soft_purge, [ssh_connection_handler]}]}, - {"3.0.6", [{load_module, ssh_auth, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_acceptor, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_channel, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_connection, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_connection_handler, soft_purge, soft_purge, []}, - {load_module, ssh_info, soft_purge, soft_purge, []}, - {load_module, ssh_message, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_io, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_sftp, soft_purge, soft_purge, [ssh_connection_handler]}, - {load_module, ssh_xfer, soft_purge, soft_purge, [ssh_connection_handler]}]}, {<<".*">>, [{restart_application, ssh}]} ] }. -- cgit v1.2.3 From a3083cd20dd60eb8770c44dbd697a61930af8541 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Fri, 10 Apr 2015 13:10:00 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index f22bca36f4..acbf3124ef 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,28 @@ notes.xml +

Ssh 3.2.1 + +
Fixed Bugs and Malfunctions + + +

+ Ssh crashed if a message was sent on a channel with + packet_size = 0.

+

+ A new option for ssh:daemon is also introduced: + minimal_remote_max_packet_size. This option sets + the least max packet size declaration that the daemon + will accept from a client. The default value is 0 to + maintain compatibility with OpenSSH and the rfc:s.

+

+ Own Id: OTP-12645 Aux Id: seq12816

+ + +
+ +
+
Ssh 3.2
Fixed Bugs and Malfunctions -- cgit v1.2.3 From fee64d33a788bf6e32a53e1d665c498c86004980 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 8 Apr 2015 20:07:34 +0200 Subject: ssh: Shutdown sftp channel gracefully If ssh_connection:subsystem/4 fails we do not want to crash but rather terminate gracefully. --- lib/ssh/src/ssh_sftp.erl | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl index 613f8f25b2..c264eabc78 100644 --- a/lib/ssh/src/ssh_sftp.erl +++ b/lib/ssh/src/ssh_sftp.erl @@ -111,7 +111,7 @@ start_channel(Cm, Opts) when is_pid(Cm) -> TimeOut end; {error, Reason} -> - {error, Reason}; + {error, format_channel_start_error(Reason)}; ignore -> {error, ignore} end; @@ -136,7 +136,7 @@ start_channel(Host, Port, Opts) -> TimeOut end; {error, Reason} -> - {error, Reason}; + {error, format_channel_start_error(Reason)}; ignore -> {error, ignore} end; @@ -491,9 +491,9 @@ init([Cm, ChannelId, Options]) -> inf = new_inf(), opts = Options}}; failure -> - {stop, "server failed to start sftp subsystem"}; + {stop, {shutdown, "server failed to start sftp subsystem"}}; Error -> - {stop, Error} + {stop, {shutdown, Error}} end. %%-------------------------------------------------------------------- @@ -1412,3 +1412,8 @@ open_buf1(Pid, BufInfo0, FileOpTimeout, CryptoState, ChunkSize) -> BufHandle = make_ref(), call(Pid, {put_bufinf,BufHandle,BufInfo}, FileOpTimeout), {ok,BufHandle}. + +format_channel_start_error({shutdown, Reason}) -> + Reason; +format_channel_start_error(Reason) -> + Reason. -- cgit v1.2.3 From 20707ef7688bed44fec39c4673a8823211e94149 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 16 Apr 2015 16:12:49 +0200 Subject: ssh: added id_string option for server and client For limiting Banner Grabbing attempts. --- lib/ssh/doc/src/ssh.xml | 17 ++++++ lib/ssh/src/ssh.erl | 6 +++ lib/ssh/src/ssh_transport.erl | 34 +++++++++--- lib/ssh/test/ssh_basic_SUITE.erl | 109 +++++++++++++++++++++++++++++++++++++++ lib/ssh/vsn.mk | 2 +- 5 files changed, 161 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 0e7e3848ad..72dafc0c09 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -180,6 +180,15 @@

If true, the client will not print out anything on authorization.

 + + + +

The string that the client presents to a connected server initially. The default value is "Erlang/VSN" where VSN is the ssh application version number. +

+

The value random will cause a random string to be created at each connection attempt. This is to make it a bit more difficult for a malicious peer to find the ssh software brand and version. +

+ +

Allow an existing file descriptor to be used @@ -344,6 +353,14 @@

+ + +

The string the daemon will present to a connecting peer initially. The default value is "Erlang/VSN" where VSN is the ssh application version number. +

+

The value random will cause a random string to be created at each connection attempt. This is to make it a bit more difficult for a malicious peer to find the ssh software brand and version. +

+ +

Module implementing the behaviour ssh_server_key_api. diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 51ad691ba2..d4b02a024e 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -347,6 +347,8 @@ handle_option([parallel_login|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option({parallel_login,true}) | SshOptions]); handle_option([{minimal_remote_max_packet_size, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{id_string, _ID} = Opt|Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, [handle_inet_option(Opt) | SocketOptions], SshOptions). @@ -439,6 +441,10 @@ handle_ssh_option({idle_time, Value} = Opt) when is_integer(Value), Value > 0 -> Opt; handle_ssh_option({rekey_limit, Value} = Opt) when is_integer(Value) -> Opt; +handle_ssh_option({id_string, random}) -> + {id_string, {random,2,5}}; %% 2 - 5 random characters +handle_ssh_option({id_string, ID} = Opt) when is_list(ID) -> + Opt; handle_ssh_option(Opt) -> throw({error, {eoptions, Opt}}). diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 76fa776113..8669be570e 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -44,12 +44,34 @@ versions(client, Options)-> Vsn = proplists:get_value(vsn, Options, ?DEFAULT_CLIENT_VERSION), - Version = format_version(Vsn), - {Vsn, Version}; + {Vsn, format_version(Vsn, software_version(Options))}; versions(server, Options) -> Vsn = proplists:get_value(vsn, Options, ?DEFAULT_SERVER_VERSION), - Version = format_version(Vsn), - {Vsn, Version}. + {Vsn, format_version(Vsn, software_version(Options))}. + +software_version(Options) -> + case proplists:get_value(id_string, Options) of + undefined -> + "Erlang"++ssh_vsn(); + {random,Nlo,Nup} -> + random_id(Nlo,Nup); + ID -> + ID + end. + +ssh_vsn() -> + try {ok,L} = application:get_all_key(ssh), + proplists:get_value(vsn,L,"") + of + "" -> ""; + VSN when is_list(VSN) -> "/" ++ VSN; + _ -> "" + catch + _:_ -> "" + end. + +random_id(Nlo, Nup) -> + [crypto:rand_uniform($a,$z+1) || _<- lists:duplicate(crypto:rand_uniform(Nlo,Nup+1),x) ]. hello_version_msg(Data) -> [Data,"\r\n"]. @@ -77,9 +99,9 @@ is_valid_mac(Mac, Data, #ssh{recv_mac = Algorithm, yes_no(Ssh, Prompt) -> (Ssh#ssh.io_cb):yes_no(Prompt, Ssh). -format_version({Major,Minor}) -> +format_version({Major,Minor}, SoftwareVersion) -> "SSH-" ++ integer_to_list(Major) ++ "." ++ - integer_to_list(Minor) ++ "-Erlang". + integer_to_list(Minor) ++ "-" ++ SoftwareVersion. handle_hello_version(Version) -> try diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 81c7b5cd15..f5f8991acc 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -52,6 +52,12 @@ all() -> ssh_connect_arg4_timeout, packet_size_zero, ssh_daemon_minimal_remote_max_packet_size_option, + id_string_no_opt_client, + id_string_own_string_client, + id_string_random_client, + id_string_no_opt_server, + id_string_own_string_server, + id_string_random_server, {group, hardening_tests} ]. @@ -816,6 +822,66 @@ ssh_daemon_minimal_remote_max_packet_size_option(Config) -> ssh:close(Conn), ssh:stop_daemon(Server). +%%-------------------------------------------------------------------- +id_string_no_opt_client(Config) -> + {Server, Host, Port} = fake_daemon(Config), + {error,_} = ssh:connect(Host, Port, []), + receive + {id,Server,"SSH-2.0-Erlang/"++Vsn} -> + true = expected_ssh_vsn(Vsn); + {id,Server,Other} -> + ct:fail("Unexpected id: ~s.",[Other]) + end. + +%%-------------------------------------------------------------------- +id_string_own_string_client(Config) -> + {Server, Host, Port} = fake_daemon(Config), + {error,_} = ssh:connect(Host, Port, [{id_string,"Pelle"}]), + receive + {id,Server,"SSH-2.0-Pelle\r\n"} -> + ok; + {id,Server,Other} -> + ct:fail("Unexpected id: ~s.",[Other]) + end. + +%%-------------------------------------------------------------------- +id_string_random_client(Config) -> + {Server, Host, Port} = fake_daemon(Config), + {error,_} = ssh:connect(Host, Port, [{id_string,random}]), + receive + {id,Server,Id="SSH-2.0-Erlang"++_} -> + ct:fail("Unexpected id: ~s.",[Id]); + {id,Server,Rnd="SSH-2.0-"++_} -> + ct:log("Got ~s.",[Rnd]); + {id,Server,Id} -> + ct:fail("Unexpected id: ~s.",[Id]) + end. + +%%-------------------------------------------------------------------- +id_string_no_opt_server(Config) -> + {_Server, Host, Port} = std_daemon(Config, []), + {ok,S1}=gen_tcp:connect(Host,Port,[{active,false}]), + {ok,"SSH-2.0-Erlang/"++Vsn} = gen_tcp:recv(S1, 0, 2000), + true = expected_ssh_vsn(Vsn). + +%%-------------------------------------------------------------------- +id_string_own_string_server(Config) -> + {_Server, Host, Port} = std_daemon(Config, [{id_string,"Olle"}]), + {ok,S1}=gen_tcp:connect(Host,Port,[{active,false}]), + {ok,"SSH-2.0-Olle\r\n"} = gen_tcp:recv(S1, 0, 2000). + +%%-------------------------------------------------------------------- +id_string_random_server(Config) -> + {_Server, Host, Port} = std_daemon(Config, [{id_string,random}]), + {ok,S1}=gen_tcp:connect(Host,Port,[{active,false}]), + {ok,"SSH-2.0-"++Rnd} = gen_tcp:recv(S1, 0, 2000), + case Rnd of + "Erlang"++_ -> ct:log("Id=~p",[Rnd]), + {fail,got_default_id}; + "Olle\r\n" -> {fail,got_previous_tests_value}; + _ -> ct:log("Got ~s.",[Rnd]) + end. + %%-------------------------------------------------------------------- ssh_connect_negtimeout_parallel(Config) -> ssh_connect_negtimeout(Config,true). ssh_connect_negtimeout_sequential(Config) -> ssh_connect_negtimeout(Config,false). @@ -1095,3 +1161,46 @@ do_shell(IO, Shell) -> %% {'EXIT', Shell, killed} -> %% ok %% end. + + +std_daemon(Config, ExtraOpts) -> + SystemDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + {_Server, _Host, _Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {failfun, fun ssh_test_lib:failfun/2} | ExtraOpts]). + +expected_ssh_vsn(Str) -> + try + {ok,L} = application:get_all_key(ssh), + proplists:get_value(vsn,L,"")++"\r\n" + of + Str -> true; + "\r\n" -> true; + _ -> false + catch + _:_ -> true %% ssh not started so we dont't know + end. + + +fake_daemon(_Config) -> + Parent = self(), + %% start the server + Server = spawn(fun() -> + {ok,Sl} = gen_tcp:listen(0,[]), + {ok,{Host,Port}} = inet:sockname(Sl), + Parent ! {sockname,self(),Host,Port}, + Rsa = gen_tcp:accept(Sl), + ct:log("Server gen_tcp:accept got ~p",[Rsa]), + {ok,S} = Rsa, + receive + {tcp, S, Id} -> Parent ! {id,self(),Id} + end + end), + %% Get listening host and port + receive + {sockname,Server,ServerHost,ServerPort} -> {Server, ServerHost, ServerPort} + end. + diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index fec8dacab7..b2b85a717f 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,4 +1,4 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.2.1 +SSH_VSN = 3.2.2 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 0bdd37192dd76acdf575a2482eabaeba99d4fdf6 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Wed, 22 Apr 2015 13:39:56 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index acbf3124ef..41885c684c 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,27 @@ notes.xml +

Ssh 3.2.2 + +
Improvements and New Features + + +

+ New option id_string for ssh:daemon and + ssh:connect for limiting banner grabbing attempts.

+

+ The possible values are: {id_string,string()} and + {id_string,random}. The latter will make ssh + generate a random nonsence id-string for each new + connection.

+

+ Own Id: OTP-12659

+ + +
+ +
+
Ssh 3.2.1
Fixed Bugs and Malfunctions -- cgit v1.2.3 From ac4107ceea994f028ae67b43dbe6676b9ccf2b3b Mon Sep 17 00:00:00 2001 From: tmanevik Date: Thu, 19 Mar 2015 14:00:43 +0100 Subject: Editorial updates SSH application --- lib/ssh/doc/src/introduction.xml | 182 +++++++++++-- lib/ssh/doc/src/ref_man.xml | 4 +- lib/ssh/doc/src/ssh.xml | 319 +++++++++++++---------- lib/ssh/doc/src/ssh_app.xml | 120 +++++---- lib/ssh/doc/src/ssh_channel.xml | 288 +++++++++++---------- lib/ssh/doc/src/ssh_client_key_api.xml | 96 +++---- lib/ssh/doc/src/ssh_connection.xml | 454 +++++++++++++++++---------------- lib/ssh/doc/src/ssh_server_key_api.xml | 75 +++--- lib/ssh/doc/src/ssh_sftp.xml | 224 ++++++++-------- lib/ssh/doc/src/ssh_sftpd.xml | 56 ++-- lib/ssh/doc/src/usersguide.xml | 7 +- lib/ssh/doc/src/using_ssh.xml | 122 +++++---- 12 files changed, 1128 insertions(+), 819 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/introduction.xml b/lib/ssh/doc/src/introduction.xml index b42910cb34..70c6fb2ee1 100644 --- a/lib/ssh/doc/src/introduction.xml +++ b/lib/ssh/doc/src/introduction.xml @@ -25,31 +25,181 @@ Introduction OTP team + + + + + + introduction.xml - +

SSH is a protocol for secure remote logon and + other secure network services over an insecure network.

- Purpose + Scope and Purpose -

Secure Shell (SSH) is a protocol for secure remote login and - other secure network services over an insecure network. SSH - provides a single, full-duplex, byte-oriented connection between +

SSH provides a single, full-duplex, and byte-oriented connection between client and server. The protocol also provides privacy, integrity, - server authentication and man-in-the-middle protection.

- -

The Erlang SSH application is an implementation of the SSH - protocol in Erlang which offers API functions to write customized - SSH clients and servers as well as making the Erlang shell - available via SSH. Also included in the SSH application are an - SFTP (SSH File Transfer Protocol) client ssh_sftp and server ssh_sftpd.

+ server authentication, and man-in-the-middle protection.

+ +

The ssh application is an implementation of the SSH Transport + Layer Protocol in Erlang. It provides the following:

+ + API functions to write customized SSH clients and servers + The Erlang shell available through SSH + An SFTP client (ssh_sftp) + and server (ssh_sftpd) +
Prerequisites -

It is assumed that the reader is familiar with the concepts of OTP - and has a basic understanding of public keys.

+

It is assumed that the reader is familiar with the Erlang programming language, + concepts of OTP, and has a basic understanding of public keys.

+
+ +
+ SSH Protocol Overview + +

Conceptually, the SSH protocol can be partitioned into four + layers:

+ + + SSH Protocol Architecture + + +
+ Transport Protocol + +

The SSH Transport Protocol is a secure, low-level transport. + It provides strong encryption, cryptographic host + authentication, and integrity protection. A minimum of + Message Authentication Code (MAC) and encryption + algorithms are supported. For details, see the + ssh(3) manual page in ssh.

+
+ +
+ Authentication Protocol + +

The SSH Authentication Protocol is a general-purpose user + authentication protocol run over the SSH Transport Layer + Protocol. The ssh application supports user authentication as follows: +

+ + + Using public key technology. RSA and DSA, X509-certificates + are not supported. + + + Using keyboard-interactive authentication. + This is suitable for interactive authentication methods + that do not need any special software support on the client side. + Instead, all authentication data is entered from the keyboard. + + + Using a pure password-based authentication scheme. + Here, the plain text password is encrypted before sent + over the network. + + +

Several configuration options for + authentication handling are available in + ssh:connect/[3,4] + and ssh:daemon/[2,3].

+

+ The public key handling can be customized by implementing + the following behaviours from ssh:

+ + Module + ssh_client_key_api. + + Module + ssh_server_key_api. + + +
+ +
+ Connection Protocol + +

The SSH Connection Protocol provides application-support + services over the transport pipe, for example, channel multiplexing, + flow control, remote program execution, signal propagation, and + connection forwarding. Functions for handling the SSH + Connection Protocol can be found in the module ssh_connection in ssh. +

+
+ +
+ Channels + +

All terminal sessions, forwarded connections, and so on, are + channels. Multiple channels are multiplexed into a single + connection. All channels are flow-controlled. This means that no + data is sent to a channel peer until a message is received to + indicate that window space is available. + The initial window size specifies how many bytes of channel + data that can be sent to the channel peer without adjusting the + window. Typically, an SSH client opens a channel, sends data (commands), + receives data (control information), and then closes the channel. + The ssh_channel behaviour + handles generic parts of SSH channel management. This makes it easy + to write your own SSH client/server processes that use flow-control + and thus opens for more focus on the application logic. +

+ +

Channels come in the following three flavors:

+ + + Subsystem - Named services that can be run as + part of an SSH server, such as SFTP (ssh_sftpd), that is built into the + SSH daemon (server) by default, but it can be disabled. The Erlang ssh + daemon can be configured to run any Erlang- + implemented SSH subsystem. + + Shell - Interactive shell. By default the + Erlang daemon runs the Erlang shell. The shell can be customized by + providing your own read-eval-print loop. You can also provide your + own Command-Line Interface (CLI) implementation, + but that is much more work. + + Exec - One-time remote execution of commands. See function + ssh_connection:exec/4 + for more information. + +
+ + +
+
+ Where to Find More Information +

+ For detailed information about the SSH protocol, refer to the + following Request for Comments(RFCs): +

+ + + RFC 4250 - + Protocol Assigned Numbers + RFC 4251 - + Protocol Architecture + RFC 4252 - + Authentication Protocol + RFC 4253 - + Transport Layer Protocol + RFC 4254 - + Connection Protocol + RFC 4255 - + Key Fingerprints + RFC 4344 - + Transport Layer Encryption Modes + RFC 4716 - + Public Key File Format + +
diff --git a/lib/ssh/doc/src/ref_man.xml b/lib/ssh/doc/src/ref_man.xml index 55339298e8..afe3f2ddf9 100644 --- a/lib/ssh/doc/src/ref_man.xml +++ b/lib/ssh/doc/src/ref_man.xml @@ -28,8 +28,8 @@ ref_man.xml -

The SSH application is an erlang implementation of the - secure shell protocol (SSH) as defined by RFC 4250 - 4254

+

The ssh application is an Erlang implementation of the + Secure Shell Protocol (SSH) as defined by RFC 4250 - 4254.

 diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 0e7e3848ad..bb41a317e5 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -22,54 +22,71 @@ ssh + + 2007-10-06 + ssh - Main API of the SSH application + Main API of the ssh application -

Interface module for the SSH application.

+

Interface module for the ssh application.
SSH - SSH requires the crypto and public_key applications. - Supported SSH version is 2.0 - Supported MAC algorithms: hmac-sha2-256 and hmac-sha1 - Supported encryption algorithms: aes128-ctr, aes128-cb and 3des-cbc - Supports unicode filenames if the emulator and the underlaying OS supports it. See the DESCRIPTION section in file for information about this subject - Supports unicode in shell and cli + SSH requires the crypto and public_key applications. + Supported SSH version is 2.0. + Supported MAC algorithms: hmac-sha2-256 and hmac-sha1. + Supported encryption algorithms: aes128-ctr, aes128-cb and 3des-cbc. + Supports unicode filenames if the emulator and the underlaying OS support it. + See section DESCRIPTION in the + file manual page in kernel + for information about this subject. + Supports unicode in shell and CLI.
- DATA TYPES + DATA TYPES

Type definitions that are used more than once in - this module and/or abstractions to indicate the intended use of the data - type:

-

boolean() = true | false

-

string() = [byte()]

-

ssh_daemon_ref() - opaque to the user - returned by ssh:daemon/[1,2,3]

-

ssh_connection_ref() - opaque to the user - returned by ssh:connect/3

-

ip_address() - inet::ip_address()

-

subsystem_spec() = {subsystem_name(), - {channel_callback(), channel_init_args()}}

-

subsystem_name() = string()

-

channel_callback() = atom() - Name of the erlang module - implementing the subsystem using the ssh_channel behavior see - ssh_channel(3)

-

channel_init_args() = list()

-
+ this module, or abstractions to indicate the intended use of the data + type, or both:

+ + boolean() +

= true | false

 + string() +

= [byte()]

 + ssh_daemon_ref() +

Opaque to the user, + returned by ssh:daemon/[1,2,3]

 + ssh_connection_ref() +

Opaque to the user, + returned by ssh:connect/3

 + ip_address() +

inet::ip_address

 + subsystem_spec() +

= {subsystem_name(), + {channel_callback(), channel_init_args()}}

 + subsystem_name() +

= string()

 + channel_callback() +

= atom() - Name of the Erlang module + implementing the subsystem using the ssh_channel behavior, see + ssh_channel(3)

 + channel_init_args() +

= list()

 + +
close(ConnectionRef) -> ok - Closes an SSH connection + Closes an SSH connection. ConnectionRef = ssh_connection_ref() @@ -81,135 +98,141 @@ connect(Host, Port, Options) -> connect(Host, Port, Options, Timeout) -> {ok, ssh_connection_ref()} | {error, Reason} - Connect to an ssh server. + Connects to an SSH server. Host = string() Port = integer() - The default is , the assigned well known port + is default, the assigned well-known port number for SSH. Options = [{Option, Value}] Timeout = infinity | integer(milliseconds) - Negotiation timeout, for connection timeout use the option {connect_timeout, timeout()}. + Negotiation time-out. For connection time-out, use option + {connect_timeout, timeout()}.

Connects to an SSH server. No channel is started. This is done by calling - ssh_connection:session_channel/[2, 4].

-

Options are:

+ + ssh_connection:session_channel/[2, 4].

+

Options:

- IP version to use. + +

IP version to use.

+ -

Sets the user directory i.e. the directory containing - ssh configuration files for the user such as +

Sets the user directory, that is, the directory containing + ssh configuration files for the user, such as , and + id_dsa]]>, and . Defaults to the directory normally referred to as -

+ .

 -

If the user dsa key is protected by a passphrase it can be +

If the user DSA key is protected by a passphrase, it can be supplied with this option.

-

If the user rsa key is protected by a passphrase it can be +

If the user RSA key is protected by a passphrase, it can be supplied with this option.

-

When true hosts are added to the +

When true, hosts are added to the file without asking the user. - Defaults to false. + Defaults to false.

-

If false disables the client to connect to the server - if any user interaction is needed such as accepting that - the server will be added to the known_hosts file or - supplying a password. Defaults to true. +

If false, disables the client to connect to the server + if any user interaction is needed, such as accepting + the server to be added to the known_hosts file, or + supplying a password. Defaults to true. Even if user interaction is allowed it can be - suppressed by other options such as silently_accept_hosts and - password. Do note that it may not always be desirable to use - those options from a security point of view.

+ suppressed by other options, such as silently_accept_hosts + and password. However, those optins are not always desirable + to use from a security point of view.

Sets the preferred public key algorithm to use for user - authentication. If the the preferred algorithm fails for - some reason, the other algorithm is tried. The default is + authentication. If the preferred algorithm fails, + the other algorithm is tried. The default is to try first.

 -

List of public key algorithms to try to use, 'ssh-rsa' and 'ssh-dss' available. - Will override

+

List of public key algorithms to try to use. + 'ssh-rsa' and 'ssh-dss' are available. + Overrides

-

Sets a timeout on the transport layer +

Sets a time-out on the transport layer connection. Defaults to infinity.

 -

Provides a user name. If this option is not given, ssh +

Provides a username. If this option is not given, ssh reads from the environment ( or - on unix, + on UNIX, on Windows).

 -

Provide a password for password authentication. If - this option is not given, the user will be asked for a - password if the password authentication method is +

Provides a password for password authentication. + If this option is not given, the user is asked for a + password, if the password authentication method is attempted.

 -

Module implementing the behaviour ssh_client_key_api. +

Module implementing the behaviour + ssh_client_key_api. Can be used to customize the handling of public keys.

-

If true, the client will not print out anything on authorization.

+

If true, the client does not print anything on authorization.

 -

Allow an existing file descriptor to be used - (simply passed on to the transport protocol).

 +

Allows an existing file descriptor to be used + (by passing it on to the transport protocol).

-

Provide, in bytes, when rekeying should be initiated, - defaults to one time each GB and one time per hour.

+

Provides, in bytes, when rekeying is to be initiated. + Defaults to once per each GB and once per hour.

 -

Sets a timeout on connection when no channels are active, default is infinity

 +

Sets a time-out on a connection when no channels are active. + Defaults to infinity.

 connection_info(ConnectionRef, [Option]) ->[{Option, - Value}] - Retrieves information about a connection. + Value}] + Retrieves information about a connection. Option = client_version | server_version | user | peer | sockname Value = [option_value()] - option_value() = {{Major::integer(), Minor::integer()}, VersionString::string()} | User::string() | - Peer::{inet:hostname(), {inet::ip_adress(), inet::port_number()}} | + option_value() = {{Major::integer(), Minor::integer()}, VersionString::string()} | + User::string() | Peer::{inet:hostname(), {inet::ip_adress(), inet::port_number()}} | Sockname::{inet::ip_adress(), inet::port_number()} () -

Retrieves information about a connection. -

+

Retrieves information about a connection.

 @@ -230,111 +253,127 @@

Starts a server listening for SSH connections on the given port.

-

Options are:

+

Options:

- IP version to use when the host address is specified as any. +

IP version to use when the host address is specified as any.

 - Provides specifications for handling of subsystems. The - "sftp" subsystem spec can be retrieved by calling - ssh_sftpd:subsystem_spec/1. If the subsystems option is - not present the value of - [ssh_sftpd:subsystem_spec([])] will be used. It is - of course possible to set the option to the empty list if - you do not want the daemon to run any subsystems at all. +

Provides specifications for handling of subsystems. The + "sftp" subsystem specification is retrieved by calling + ssh_sftpd:subsystem_spec/1. If the subsystems option is + not present, the value of + [ssh_sftpd:subsystem_spec([])] is used. + The option can be set to the empty list if + you do not want the daemon to run any subsystems.

 pid() | fun(string() = User, ip_address() = PeerAddr) -> pid()}]]> - Defines the read-eval-print loop used when a shell is - requested by the client. Default is to use the erlang shell: - +

Defines the read-eval-print loop used when a shell is + requested by the client. The default is to use the Erlang shell: +

- Provides your own CLI implementation, i.e. a channel callback - module that implements a shell and command execution. Note - that you may customize the shell read-eval-print loop using the - option shell which is much less work than implementing - your own CLI channel. If set to no_cli you will disable - CLI channels and only subsystem channels will be allowed. +

Provides your own CLI implementation, that is, a channel callback + module that implements a shell and command execution. The shell + read-eval-print loop can be customized, using the + option shell. This means less work than implementing + an own CLI channel. If set to no_cli, the CLI channels + are disabled and only subsystem channels are allowed.

 -

Sets the user directory i.e. the directory containing - ssh configuration files for the user such as +

Sets the user directory. That is, the directory containing + ssh configuration files for the user, such as , and + id_dsa]]>, and . Defaults to the directory normally referred to as -

+ .

Sets the system directory, containing the host key files - that identifies the host keys for ssh. The default is - , note that for security reasons - this directory is normally only accessible by the root user.

+ that identify the host keys for ssh. Defaults to + . For security reasons, + this directory is normally accessible only to the root user.

 -

Comma separated string that determines which - authentication methodes that the server should support and - in what order they will be tried. Defaults to +

Comma-separated string that determines which + authentication methods that the server is to support and + in what order they are tried. Defaults to

-

Provide passwords for password authentication.They will - be used when someone tries to connect to the server and - public key user authentication fails. The option provides - a list of valid user names and the corresponding password. +

Provides passwords for password authentication. The passwords + are used when someone tries to connect to the server and + public key user-authentication fails. The option provides + a list of valid usernames and the corresponding passwords.

-

Provide a global password that will authenticate any +

Provides a global password that authenticates any user. From a security perspective this option makes the server very vulnerable.

 boolean()}]]> -

Provide a function for password validation. This is called - with user and password as strings, and should return +

Provides a function for password validation. This function is called + with user and password as strings, and returns if the password is valid and otherwise.

 -

Max time in milliseconds for the authentication negotiation. The default value is 2 minutes. If the client fails to login within this time, the connection is closed. +

Maximum time in milliseconds for the authentication negotiation. + Defaults to 120000 (2 minutes). If the client fails to log in within this time, + the connection is closed.

-

The maximum number of simultaneous sessions that are accepted at any time for this daemon. This includes sessions that are being authorized. So if set to N, and N clients have connected but not started the login process, the N+1 connection attempt will be aborted. If N connections are authenticated and still logged in, no more loggins will be accepted until one of the existing ones log out. +

The maximum number of simultaneous sessions that are accepted at any time + for this daemon. This includes sessions that are being authorized. + Thus, if set to N, and N clients have connected but not started + the login process, connection attempt N+1 is aborted. + If N connections are authenticated and still logged in, no more logins + are accepted until one of the existing ones log out.

-

The counter is per listening port, so if two daemons are started, one with {max_sessions,N} and the other with {max_sessions,M} there will be in total N+M connections accepted for the whole ssh application. +

The counter is per listening port. Thus, if two daemons are started, one with + {max_sessions,N} and the other with {max_sessions,M}, in total + N+M connections are accepted for the whole ssh application.

-

Note that if parallel_login is false, only one client at a time may be in the authentication phase. +

Notice that if parallel_login is false, only one client + at a time can be in the authentication phase.

-

As default, the option is not set. This means that the number is not limited. +

By default, this option is not set. This means that the number is not limited.

-

If set to false (the default value), only one login is handled a time. If set to true, an unlimited number of login attempts will be allowed simultanously. +

If set to false (the default value), only one login is handled at a time. + If set to true, an unlimited number of login attempts are allowed simultaneously.

-

If the max_sessions option is set to N and parallel_login is set to true, the max number of simultaneous login attempts at any time is limited to N-K where K is the number of authenticated connections present at this daemon. +

If the max_sessions option is set to N and parallel_login + is set to true, the maximum number of simultaneous login attempts at any time is + limited to N-K, where K is the number of authenticated connections present + at this daemon.

-

Do not enable parallel_logins without protecting the server by other means, for example the max_sessions option or a firewall configuration. If set to true, there is no protection against DOS attacks.

+

Do not enable parallel_logins without protecting the server by other means, + for example, by the max_sessions option or a firewall configuration. If set to + true, there is no protection against DOS attacks.

 @@ -346,25 +385,28 @@ -

Module implementing the behaviour ssh_server_key_api. +

Module implementing the behaviour + ssh_server_key_api. Can be used to customize the handling of public keys.

-

Allow an existing file-descriptor to be used - (simply passed on to the transport protocol).

 - _}]]> +

Allows an existing file-descriptor to be used + (passed on to the transport protocol).

+ _}]]> -

Provide a fun to implement your own logging when a user fails to authenticate.

+

Provides a fun to implement your own logging when a user fails to authenticate.

 - _}]]> + _}]]> -

Provide a fun to implement your own logging when a user authenticates to the server.

+

Provides a fun to implement your own logging when a user authenticates to the server.

 _}]]> -

Provide a fun to implement your own logging when a user disconnects from the server.

+

Provides a fun to implement your own logging when a user disconnects from the server.

 @@ -375,16 +417,16 @@ shell(Host) -> shell(Host, Option) -> shell(Host, Port, Option) -> _ - + Starts an interactive shell over an SSH server. - Host = string() - Port = integer() - Options - see ssh:connect/3 + Host = string() + Port = integer() + Options - see ssh:connect/3 -

Starts an interactive shell via an SSH server on the +

Starts an interactive shell over an SSH server on the given Host. The function waits for user input, - and will not return until the remote shell is ended (i.e. + and does not return until the remote shell is ended (that is, exit from the shell).

@@ -393,28 +435,29 @@ start() -> start(Type) -> ok | {error, Reason} - Starts the SSH application. + Starts the SSH application. Type = permanent | transient | temporary Reason = term() -

Utility function that starts crypto, public_key and the SSH - application. Defult type is temporary. - See also application(3) -

+

Utility function that starts the applications crypto, public_key, + and ssh. Default type is temporary. + For more information, see the application(3) + manual page in kernel.

 stop() -> ok | {error, Reason} - Stops the SSH application. + Stops the ssh application. Reason = term() -

Stops the SSH application. See also - application(3)

+

Stops the ssh application. + For more information, see the application(3) + manual page in kernel.

 @@ -438,7 +481,7 @@ stop_listener(DaemonRef) -> stop_listener(Address, Port) -> ok Stops the listener, but leaves existing connections started - by the listener up and running. + by the listener operational. DaemonRef = ssh_daemon_ref() Address = ip_address() @@ -446,7 +489,7 @@

Stops the listener, but leaves existing connections started - by the listener up and running.

+ by the listener operational.

 diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index a1d2402790..498565057f 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -18,78 +18,98 @@ basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. - SSH + + + + + ssh_app.xml SSH - The ssh application implements the SSH (Secure Shell) protocol and - provides an SFTP (SSH File Transfer Protocol) client and server. + The ssh application implements the Secure Shell (SSH) protocol and + provides an SSH File Transfer Protocol (SFTP) client and server. + +

The ssh application is an implementation of the SSH protocol in Erlang. + ssh offers API functions to write customized SSH clients and servers as well as + making the Erlang shell available over SSH. An SFTP client, ssh_sftp, and server, + ssh_sftpd, are also included.

+ -
+
DEPENDENCIES -

The ssh application uses the Erlang applications public_key and - crypto to handle public keys and encryption, hence these - applications needs to be loaded for the ssh application to work. In - an embedded environment that means they need to be started with - application:start/[1,2] before the ssh application is started. +

The ssh application uses the applications public_key and + crypto to handle public keys and encryption. Hence, these + applications must be loaded for the ssh application to work. In + an embedded environment this means that they must be started with + application:start/[1,2] before the ssh application is started.

CONFIGURATION -

The ssh application does not currently have an application - specific configuration file as described in application(3), - however it will by default use the following configuration files - from openssh: known_hosts, authorized_keys, authorized_keys2, - id_dsa and id_rsa, ssh_host_dsa_key and ssh_host_rsa_key. By - default Erlang SSH will look for id_dsa, id_rsa, known_hosts - and authorized_keys in ~/.ssh, and the host key files in /etc/ssh - . These locations may be changed by the options user_dir and - system_dir. Public key handling may also be customized by - providing a callback module implementing the behaviors - ssh_client_key_api and - ssh_server_key_api. -

+

The ssh application does not have an application- + specific configuration file, as described in application(3). + However, by default it use the following configuration files + from OpenSSH:

+ + known_hosts + authorized_keys + authorized_keys2 + id_dsa + id_rsa + ssh_host_dsa_key + ssh_host_rsa_key + +

By default, ssh looks for id_dsa, id_rsa, + known_hosts, and authorized_keys in ~/.ssh, + and for the host key files in /etc/ssh. These locations can be changed + by the options user_dir and system_dir. +

+

Public key handling can also be customized through a callback module that + implements the behaviors + ssh_client_key_api and + ssh_server_key_api. +

-
- PUBLIC KEYS -

- id_dsa and id_rsa are the users private key files, note that - the public key is part of the private key so the ssh - application will not use the id_<*>.pub files. These are - for the users convenience when he/she needs to convey their +

+
+ Public Keys +

id_dsa and id_rsa are the users private key files. + Notice that the public key is part of the private key so the ssh + application does not use the id_<*>.pub files. These are + for the user's convenience when it is needed to convey the user's public key.

-
- -
- KNOW HOSTS -

The known_hosts file contains a list of approved servers and - their public keys. Once a server is listed, it can be verified +

+
+ Known Hosts +

The known_hosts file contains a list of approved servers and + their public keys. Once a server is listed, it can be verified without user interaction.

-
- -
- AUTHORIZED KEYS -

The authorized key file keeps track of the user's authorized +

+
+ Authorized Keys +

The authorized_key file keeps track of the user's authorized public keys. The most common use of this file is to let users - log in without entering their password which is supported by the - Erlang SSH daemon. + log in without entering their password, which is supported by the + Erlang ssh daemon.

-
- -
- HOST KEYS -

Currently rsa and dsa host keys are supported and are - expected to be found in files named ssh_host_rsa_key and - ssh_host_dsa_key. +

+
+ Host Keys +

RSA and DSA host keys are supported and are + expected to be found in files named ssh_host_rsa_key and + ssh_host_dsa_key.

-
+
+
+ ERROR LOGGER AND EVENT HANDLERS +

The ssh application has no error logger or event handlers.

diff --git a/lib/ssh/doc/src/ssh_channel.xml b/lib/ssh/doc/src/ssh_channel.xml index a52a6a115e..429ef3c849 100644 --- a/lib/ssh/doc/src/ssh_channel.xml +++ b/lib/ssh/doc/src/ssh_channel.xml @@ -23,69 +23,84 @@ The Initial Developer of the Original Code is Ericsson AB. ssh_channel + + + + ssh_channel -behaviour(ssh_channel).

SSH services (clients and servers) are implemented as channels - that are multiplexed over an SSH connection and communicates via + that are multiplexed over an SSH connection and communicates over the SSH Connection Protocol. This module provides a callback API - that takes care of generic channel aspects such as flow control - and close messages and lets the callback functions take care of + that takes care of generic channel aspects, such as flow control + and close messages. It lets the callback functions take care of the service (application) specific parts. This behavior also ensures that the channel process honors the principal of an OTP-process so that it can be part of a supervisor tree. This is a requirement of channel processes implementing a subsystem that will be added to - the SSH applications supervisor tree. + the ssh applications supervisor tree.

-

When implementing a SSH subsystem use the - -behaviour(ssh_daemon_channel). instead of -behaviour(ssh_channel). - as the only relevant callback functions for subsystems are - init/1, handle_ssh_msg/2, handle_msg/2 and terminate/2, so the ssh_daemon_channel - behaviour is limited version of the ssh_channel behaviour. -

+

When implementing an ssh subsystem, use + -behaviour(ssh_daemon_channel) instead of -behaviour(ssh_channel). + The reason is that the only relevant callback functions for subsystems are + init/1, handle_ssh_msg/2, handle_msg/2, and terminate/2. + So, the ssh_daemon_channel behaviour is a limited version of the + ssh_channel behaviour. +

- DATA TYPES + DATA TYPES -

Type definitions that are used more than once in this module - and/or abstractions to indicate the intended use of the data - type:

+

Type definitions that are used more than once in this module, + or abstractions to indicate the intended use of the data + type, or both:

-

boolean() = true | false

-

string() = list of ASCII characters

-

timeout() = infinity | integer() - in milliseconds.

-

ssh_connection_ref() - opaque to the user returned by - ssh:connect/3 or sent to an SSH channel process

-

ssh_channel_id() = integer()

-

ssh_data_type_code() = 1 ("stderr") | 0 ("normal") are - currently valid values see RFC 4254 section 5.2.

+ + boolean() +

= true | false

 + string() +

= list of ASCII characters

 + timeout() +

= infinity | integer() in milliseconds

 + ssh_connection_ref() +

Opaque to the user, returned by + ssh:connect/3 or sent to an SSH channel process

 + ssh_channel_id() +

= integer()

 + ssh_data_type_code() +

= 1 ("stderr") | 0 ("normal") are + the valid values, + see RFC 4254 + Section 5.2

 +
call(ChannelRef, Msg) -> call(ChannelRef, Msg, Timeout) -> Reply | {error, Reason} - Makes a synchronous call to a channel. + Makes a synchronous call to a channel. ChannelRef = pid() - As returned by start_link/4 - Msg = term() - Timeout = timeout() - Reply = term() - Reason = closed | timeout + As returned by start_link/4 + Msg = term() + Timeout = timeout() + Reply = term() + Reason = closed | timeout

Makes a synchronous call to the channel process by sending - a message and waiting until a reply arrives or a timeout - occurs. The channel will call Module:handle_call/3 - to handle the message. If the channel process does not exist + to handle the message. If the channel process does not exist, {error, closed} is returned.

@@ -96,14 +111,14 @@ Sends an asynchronous message to the channel ChannelRef and returns ok. - ChannelRef = pid() - As returned by start_link/4 - Msg = term() + ChannelRef = pid() + As returned by start_link/4 + Msg = term()

Sends an asynchronous message to the channel process and returns ok immediately, ignoring if the destination node or - channel process does not exist. The channel will call + channel process does not exist. The channel calls Module:handle_cast/2 to handle the message.

@@ -112,31 +127,32 @@ enter_loop(State) -> _ - Makes an existing process an ssh_channel process. + Makes an existing process an ssh_channel process. - State = term() - as returned by ssh_channel:init/1 + State = term() - as returned by + ssh_channel:init/1 -

Makes an existing process an ssh_channel - process. Does not return, instead the calling process will - enter the ssh_channel process receive loop and become an - ssh_channel process. The process must have been started using - one of the start functions in proc_lib, see proc_lib(3). The - user is responsible for any initialization of the process - and needs to call ssh_channel:init/1 +

Makes an existing process an ssh_channel + process. Does not return, instead the calling process + enters the ssh_channel process receive loop and become an + ssh_channel process. The process must have been started using + one of the start functions in proc_lib, see the proc_lib(3) manual page in stdlib. + The user is responsible for any initialization of the process + and must call ssh_channel:init/1.

init(Options) -> {ok, State} | {ok, State, Timeout} | {stop, Reason} - Initiates a ssh_channel process. + Initiates an ssh_channel process. Options = [{Option, Value}] State = term() - Timeout = timeout() - Reason = term() + Timeout = timeout() + Reason = term()

@@ -144,48 +160,47 @@

- The module that implements the channel behaviour. +

The module that implements the channel behaviour.

 - The list of arguments to the callback module's - init function. +

The list of arguments to the init function of the callback module.

 - Reference to the ssh connection as returned by ssh:connect/3 +

Reference to the ssh connection as returned by ssh:connect/3

 - Id of the SSH channel. +

Id of the ssh channel.

This function is normally not called by the - user. The user only needs to call if for some reason the + user. The user only needs to call if the channel process needs to be started with help of proc_lib instead of calling ssh_channel:start/4 or - ssh_channel:start_link/4

+ ssh_channel:start_link/4.

 reply(Client, Reply) -> _ - Send a reply to a client. + Sends a reply to a client. Client - opaque to the user, see explanation below Reply = term() -

This function can be used by a channel to explicitly send a +

This function can be used by a channel to send a reply to a client that called call/[2,3] when the reply cannot be defined in the return value of Module:handle_call/3.

Client must be the From argument provided to the callback function handle_call/3. Reply is an arbitrary term, - which will be given back to the client as the return value of - ssh_channel:call/[2,3].>

+ which is given back to the client as the return value of + ssh_channel:call/[2,3].

 @@ -193,24 +208,25 @@ start(SshConnection, ChannelId, ChannelCb, CbInitArgs) -> start_link(SshConnection, ChannelId, ChannelCb, CbInitArgs) -> {ok, ChannelRef} | {error, Reason} - Starts a processes that handles a SSH channel. + Starts a process that handles an SSH channel. SshConnection = ssh_connection_ref() - ChannelId = ssh_channel_id() - As returned by cannot be defined in the return value of - ssh_connection:session_channel/[2,4] + ChannelId = ssh_channel_id() + As returned by + + ssh_connection:session_channel/[2,4]. ChannelCb = atom() - The name of the module implementing the service specific parts + Name of the module implementing the service-specific parts of the channel. CbInitArgs = [term()] - Argument list for the init function in the callback module. + Argument list for the init function in the callback module. ChannelRef = pid() -

Starts a processes that handles an SSH channel. It will be - called internally by the SSH daemon or explicitly by the SSH - client implementations. The behavior will set the - trap_exit flag to true. +

Starts a process that handles an SSH channel. It is + called internally, by the ssh daemon, or explicitly by the ssh + client implementations. The behavior sets the + trap_exit flag to true.

@@ -219,19 +235,19 @@
- CALLBACK TIMEOUTS + CALLBACK TIME-OUTS -

The timeout values that may be returned by the callback functions - has the same semantics as in a gen_server - If the timeout occurs handle_msg/2 - will be called as handle_msg(timeout, State).

+

The time-out values that can be returned by the callback functions + have the same semantics as in a gen_server. + If the time-out occurs, handle_msg/2 + is called as handle_msg(timeout, State).

Module:code_change(OldVsn, State, Extra) -> {ok, NewState} - Converts process state when code is changed. + Converts process state when code is changed. OldVsn = term() In the case of an upgrade, OldVsn is Vsn, and @@ -241,31 +257,31 @@ Module. If no such attribute is defined, the version is the checksum of the BEAM file. State = term() - The internal state of the channel. + Internal state of the channel. Extra = term() - Passed as-is from the {advanced,Extra} + Passed “as-is†from the {advanced,Extra} part of the update instruction. -

Converts process state when code is changed.

+

Converts process state when code is changed.

-

This function is called by a client side channel when it - should update its internal state during a release - upgrade/downgrade, i.e. when the instruction - {update,Module,Change,...} where - Change={advanced,Extra} is given in the appup - file. See OTP - Design Principles for more information. +

This function is called by a client-side channel when it + is to update its internal state during a release + upgrade or downgrade, that is, when the instruction + {update,Module,Change,...}, where + Change={advanced,Extra}, is given in the appup + file. For more information, refer to Section 9.11.6 + Release Handling Instructions in the + System Documentation.

Soft upgrade according to the OTP release concept is not straight forward for the server side, as subsystem - channel processes are spawned by the SSH application and - hence added to its supervisor tree. It could be possible to - upgrade the subsystem channels, when upgrading the user - application, if the callback functions can handle two - versions of the state, but this function can not be used in - the normal way.

+ channel processes are spawned by the ssh application and + hence added to its supervisor tree. The subsystem channels can + be upgraded when upgrading the user application, if the callback + functions can handle two versions of the state, but this function + cannot be used in the normal way.

 @@ -274,30 +290,30 @@ Module:init(Args) -> {ok, State} | {ok, State, timeout()} | {stop, Reason} - Makes necessary initializations and returns the + Makes necessary initializations and returns the initial channel state if the initializations succeed. - Args = term() - Last argument to ssh_channel:start_link/4. - State = term() - Reason = term() + Args = term() + Last argument to ssh_channel:start_link/4. + State = term() + Reason = term() -

Makes necessary initializations and returns the initial channel +

Makes necessary initializations and returns the initial channel state if the initializations succeed.

-

For more detailed information on timeouts see the section - CALLBACK TIMEOUTS.

+

For more detailed information on time-outs, see Section + CALLBACK TIME-OUTS.

Module:handle_call(Msg, From, State) -> Result - Handles messages sent by calling - ssh_channel:call/[2,3] + Handles messages sent by calling + ssh_channel:call/[2,3]. Msg = term() - From = opaque to the user should be used as argument to + From = Opaque to the user, is to be used as argument to ssh_channel:reply/2 State = term() Result = {reply, Reply, NewState} | {reply, Reply, NewState, timeout()} @@ -311,15 +327,15 @@

Handles messages sent by calling ssh_channel:call/[2,3]

-

For more detailed information on timeouts see the section - CALLBACK TIMEOUTS.

+

For more detailed information on time-outs,, see Section + CALLBACK TIME-OUTS.

 Module:handle_cast(Msg, State) -> Result - Handles messages sent by calling - ssh_channel:cact/2 + Handles messages sent by calling + ssh_channel:cact/2. Msg = term() State = term() @@ -329,11 +345,11 @@ Reason = term() -

Handles messages sent by calling - ssh_channel:cast/2 +

Handles messages sent by calling + ssh_channel:cast/2.

-

For more detailed information on timeouts see the section - CALLBACK TIMEOUTS.

+

For more detailed information on time-outs, see Section + CALLBACK TIME-OUTS.

 @@ -341,33 +357,33 @@ Module:handle_msg(Msg, State) -> {ok, State} | {stop, ChannelId, State} - Handle other messages than SSH connection protocol, - call or cast messages sent to the channel. + Handles other messages than SSH connection protocol, + call, or cast messages sent to the channel. Msg = timeout | term() ChannelId = ssh_channel_id() State = term() -

Handle other messages than ssh connection protocol, call or +

Handles other messages than SSH Connection Protocol, call, or cast messages sent to the channel.

-

Possible erlang 'EXIT'-messages should be handled by this - function and all channels should handle the following message.

+

Possible Erlang 'EXIT' messages is to be handled by this + function and all channels are to handle the following message.

- This is the first messages that will be received by - the channel, it is sent just before the

This is the first message that the channel receives. + It is sent just before the ssh_channel:init/1 function - returns successfully. This is especially useful if the + returns successfully. This is especially useful if the server wants to send a message to the client without first receiving a message from it. If the message is not - useful for your particular scenario just ignore it by - immediately returning {ok, State}. - + useful for your particular scenario, ignore it by + immediately returning {ok, State}. +

@@ -375,42 +391,44 @@ Module:handle_ssh_msg(Msg, State) -> {ok, State} | {stop, ChannelId, State} - Handles ssh connection protocol messages. + Handles ssh connection protocol messages. - Msg = ssh_connection:event() + Msg = ssh_connection:event() ChannelId = ssh_channel_id() State = term() -

Handles SSH connection protocol messages that may need - service specific attention. +

Handles SSH Connection Protocol messages that may need + service-specific attention. For details, + see ssh_connection:event().

-

The following message is completely taken care of by the - SSH channel behavior

+

The following message is taken care of by the + ssh_channel behavior.

- The channel behavior will send a close message to the - other side if such a message has not already been sent and - then terminate the channel with reason normal. +

The channel behavior sends a close message to the + other side, if such a message has not already been sent. + Then it terminates the channel with reason normal.

 Module:terminate(Reason, State) -> _ - + Does cleaning up before channel process termination. + Reason = term() State = term()

This function is called by a channel process when it is - about to terminate. Before this function is called ssh_connection:close/2 - will be called if it has not been called earlier. - This function should do any necessary cleaning + is called, if it has not been called earlier. + This function does any necessary cleaning up. When it returns, the channel process terminates with reason Reason. The return value is ignored.

diff --git a/lib/ssh/doc/src/ssh_client_key_api.xml b/lib/ssh/doc/src/ssh_client_key_api.xml index f3d05a8980..c3c005c58c 100644 --- a/lib/ssh/doc/src/ssh_client_key_api.xml +++ b/lib/ssh/doc/src/ssh_client_key_api.xml @@ -23,102 +23,112 @@ The Initial Developer of the Original Code is Ericsson AB. ssh_client_key_api + + + + ssh_client_key_api -behaviour(ssh_client_key_api). -

Behavior describing the API for an SSH client's public key handling. - By implementing the callbacks defined. - in this behavior it is possible to customize the SSH client's public key - handling. By default the SSH application implements this behavior - with help of the standard openssh files, see ssh(6).

+

Behavior describing the API for public key handling of an SSH client. By implementing + the callbacks defined in this behavior, the public key handling of an SSH client can + be customized. By default the ssh application implements this behavior + with help of the standard OpenSSH files, + see the ssh(6) application.
- DATA TYPES + DATA TYPES -

Type definitions that are used more than once in this module - and/or abstractions to indicate the intended use of the data - type. For more details on public key data types - see the public_key user's guide. +

Type definitions that are used more than once in this module, + or abstractions to indicate the intended use of the data + type, or both. For more details on public key data types, + refer to Section 2 Public Key Records in the + public_key user's guide:

- -

boolean() = true | false

-

string() = [byte()]

-

public_key() = #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term()

-

private_key() = #'RSAPrivateKey'{} | #'DSAPrivateKey'{} | term()

-

public_key_algorithm() = 'ssh-rsa'| 'ssh-dss' | atom()

- + + boolean() +

= true | false

 + string() +

= [byte()]

 + public_key() +

= #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term()

 + private_key() +

= #'RSAPrivateKey'{} | #'DSAPrivateKey'{} | term()

 + public_key_algorithm() +

= 'ssh-rsa'| 'ssh-dss' | atom()

 +
Module:add_host_key(HostNames, Key, ConnectOptions) -> ok | {error, Reason} - Adds a host key to the set of trusted host keys + Adds a host key to the set of trusted host keys. HostNames = string() - Description of the host that owns the PublicKey + Description of the host that owns the PublicKey. - Key = public_key() - Normally an RSA or DSA public key but handling of other public keys can be added + Key = public_key() + Normally an RSA or DSA public key, but handling of other public keys can be added. - ConnectOptions = proplists:proplist() - Options provided to ssh:connect/[3,4] - Reason = term() + ConnectOptions = proplists:proplist() + Options provided to ssh:connect/[3,4] + Reason = term(). -

Adds a host key to the set of trusted host keys

+

Adds a host key to the set of trusted host keys.

 Module:is_host_key(Key, Host, Algorithm, ConnectOptions) -> Result - Checks if a host key is trusted + Checks if a host key is trusted. Key = public_key() - Normally an RSA or DSA public key but handling of other public keys can be added + Normally an RSA or DSA public key, but handling of other public keys can be added. Host = string() - Description of the host + Description of the host. Algorithm = public_key_algorithm() - Host key algorithm. Should support 'ssh-rsa'| 'ssh-dss' but additional algorithms + Host key algorithm. Is to support 'ssh-rsa'| 'ssh-dss', but more algorithms can be handled. - ConnectOptions = proplists:proplist() - Options provided to ssh:connect/[3,4] + ConnectOptions = proplists:proplist() + Options provided to ssh:connect/[3,4]. - Result = boolean() + Result = boolean() -

Checks if a host key is trusted

+

Checks if a host key is trusted.

 Module:user_key(Algorithm, ConnectOptions) -> {ok, PrivateKey} | {error, Reason} - Fetches the users "public key" matching the Algorithm. + Fetches the users public key matching the Algorithm. Algorithm = public_key_algorithm() - Host key algorithm. Should support 'ssh-rsa'| 'ssh-dss' but additional algorithms + Host key algorithm. Is to support 'ssh-rsa'| 'ssh-dss' but more algorithms can be handled. - ConnectOptions = proplists:proplist() - Options provided to ssh:connect/[3,4] + ConnectOptions = proplists:proplist() + Options provided to ssh:connect/[3,4] - PrivateKey = private_key() - The private key of the user matching the Algorithm + PrivateKey = private_key() + Private key of the user matching the Algorithm. - Reason = term() + Reason = term() -

Fetches the users "public key" matching the Algorithm. -

The private key contains the public key

-

+

Fetches the users public key matching the Algorithm.

+

The private key contains the public key.

 + diff --git a/lib/ssh/doc/src/ssh_connection.xml b/lib/ssh/doc/src/ssh_connection.xml index 5e2926dfa6..2ca1060e9e 100644 --- a/lib/ssh/doc/src/ssh_connection.xml +++ b/lib/ssh/doc/src/ssh_connection.xml @@ -24,156 +24,174 @@ ssh_connection + + + ssh_connection - This module provides API functions to send SSH Connection Protocol + This module provides API functions to send + SSH Connection Protocol events to the other side of an SSH channel. -

The SSH Connection Protocol is used by clients and servers - (i.e. SSH channels) to communicate over the SSH connection. The - API functions in this module sends SSH Connection Protocol events - that are received as messages by the remote channel. - In the case that the receiving channel is an Erlang process the - message will be on the following format - . If the ssh_channel behavior is used to - implement the channel process these will be handled by - handle_ssh_msg/2 .

+

The SSH Connection Protocol is used by clients and servers, + that is, SSH channels, to communicate over the SSH connection. The + API functions in this module send SSH Connection Protocol events, + which are received as messages by the remote channel. + If the receiving channel is an Erlang process, the + messages have the format + . + If the ssh_channel behavior is used to + implement the channel process, these messages are handled by + handle_ssh_msg/2.
- DATA TYPES - -

Type definitions that are used more than once in this module and/or - abstractions to indicate the intended use of the data type:

- -

boolean() = true | false

-

string() = list of ASCII characters

-

timeout() = infinity | integer() - in milliseconds.

-

ssh_connection_ref() - opaque to the user returned by - ssh:connect/3 or sent to an SSH channel processes

-

ssh_channel_id() = integer()

-

ssh_data_type_code() = 1 ("stderr") | 0 ("normal") are - currently valid values see RFC 4254 section 5.2.

-

ssh_request_status() = success | failure

-

event() = {ssh_cm, ssh_connection_ref(), ssh_event_msg()}

-

ssh_event_msg() = data_events() | status_events() | terminal_events()

-

reason() = timeout | closed

+ DATA TYPES + +

Type definitions that are used more than once in this module, + or abstractions to indicate the intended use of the data + type, or both:

+ + + boolean() +

= true | false

+ string() +

= list of ASCII characters

 + timeout() +

= infinity | integer() in milliseconds

 + ssh_connection_ref() +

Opaque to the user, returned by + ssh:connect/3 or sent to an SSH channel processes

 + ssh_channel_id() +

= integer()

 + ssh_data_type_code() +

= 1 ("stderr") | 0 ("normal") are + valid values, see + RFC 4254 Section 5.2.

 + ssh_request_status() ssh_request_status() +

= success | failure

 + event() +

= {ssh_cm, ssh_connection_ref(), ssh_event_msg()}

 + ssh_event_msg() +

= data_events() | status_events() | terminal_events()

 + reason() +

= timeout | closed

 + - data_events() + data_events() - Data has arrived on the channel. This event is sent as - result of calling ssh_connection:send/[3,4,5] +

Data has arrived on the channel. This event is sent as a + result of calling + ssh_connection:send/[3,4,5].

 - Indicates that the other side will not send any more - data. This event is sent as result of calling ssh_connection:send_eof/2 - +

Indicates that the other side sends no more data. + This event is sent as a result of calling ssh_connection:send_eof/2. +

- status_events() + status_events() - A signal can be delivered to the remote process/service - using the following message. Some systems will not support - signals, in which case they should ignore this message. There is - currently no funtion to generate this event as the signals - refered to are on OS-level and not something generated by an - Erlang program. +

A signal can be delivered to the remote process/service + using the following message. Some systems do not support + signals, in which case they are to ignore this message. There is + currently no function to generate this event as the signals + referred to are on OS-level and not something generated by an + Erlang program.

 - A remote execution may terminate violently due to a signal - then this message may be received. For details on valid string - values see RFC 4254 section 6.10. Special case of the signals - mentioned above. +

A remote execution can terminate violently because of a signal. + Then this message can be received. For details on valid string + values, see RFC 4254 + Section 6.10, which shows a special case of these signals.

 - When the command running at the other end terminates, the +

When the command running at the other end terminates, the following message can be sent to return the exit status of the - command. A zero 'exit_status' usually means that the command - terminated successfully. This event is sent as result of calling + command. A zero exit_status usually means that the command + terminated successfully. This event is sent as a result of calling - ssh_connection:exit_status/3 + ssh_connection:exit_status/3.

 - This event is sent as result of calling - ssh_connection:close/2 Both the handling of this - event and sending of it will be taken care of by the - ssh_channel behavior. +

This event is sent as a result of calling + ssh_connection:close/2. + Both the handling of this event and sending it are taken care of by the + ssh_channel behavior.

 - terminal_events() + terminal_events() -

Channels implementing a shell and command execution on the - server side should handle the following messages that may be sent by client channel processes.

+

Channels implementing a shell and command execution on the + server side are to handle the following messages that can be sent by client- + channel processes.

-

Events that includes a WantReply expects the event handling - process to call ssh_connection:reply_request/4 - with the boolean value of WantReply as the second - argument.

+

Events that include a WantReply expect the event handling + process to call + ssh_connection:reply_request/4 + with the boolean value of WantReply as the second argument.

- Environment variables may be passed to the shell/command - to be started later. This event is sent as result of calling ssh_connection:setenv/5 - +

Environment variables can be passed to the shell/command + to be started later. This event is sent as a result of calling ssh_connection:setenv/5. +

- A pseudo-terminal has been requested for the - session. Terminal is the value of the TERM environment - variable value (e.g., vt100). Zero dimension parameters must - be ignored. The character/row dimensions override the pixel - dimensions (when nonzero). Pixel dimensions refer to the - drawable area of the window. The Opcode in the +

A pseudo-terminal has been requested for the + session. Terminal is the value of the TERM environment + variable value, that is, vt100. Zero dimension parameters must + be ignored. The character/row dimensions override the pixel + dimensions (when non-zero). Pixel dimensions refer to the + drawable area of the window. Opcode in the TerminalModes list is the mnemonic name, represented - as an lowercase erlang atom, defined in - RFC 4254 section 8. - It may also be an opcode if the mnemonic name is not listed in the - RFC. Example OP code: 53, mnemonic name ECHO erlang atom: - echo.This event is sent as result of calling ssh_connection:ptty_alloc/4 + as a lowercase Erlang atom, defined in + RFC 4254, Section 8. + It can also be an Opcode if the mnemonic name is not listed in the + RFC. Example: OP code: 53, mnemonic name ECHO erlang atom: + echo. This event is sent as a result of calling ssh_connection:ptty_alloc/4.

 - This message will request that the user's default shell - be started at the other end. This event is sent as result of calling ssh_connection:shell/2 - +

This message requests that the user default shell + is started at the other end. This event is sent as a result of calling + ssh_connection:shell/2. +

- When the window (terminal) size changes on the client - side, it MAY send a message to the server side to inform it of - the new dimensions. There is currently no API function to generate this - event. +

When the window (terminal) size changes on the client + side, it can send a message to the server side to inform it of + the new dimensions. No API function generates this event.

 - This message will request that the server starts - execution of the given command. This event is sent as result of calling ssh_connection:exec/4 - +

This message requests that the server starts + execution of the given command. This event is sent as a result of calling ssh_connection:exec/4 . +

@@ -183,80 +201,83 @@ adjust_window(ConnectionRef, ChannelId, NumOfBytes) -> ok - Adjusts the SSH flowcontrol window. + Adjusts the SSH flow control window. - ConnectionRef = ssh_connection_ref() - ChannelId = ssh_channel_id() - NumOfBytes = integer() + ConnectionRef = ssh_connection_ref() + ChannelId = ssh_channel_id() + NumOfBytes = integer() -

Adjusts the SSH flowcontrol window. This shall be done by both client and server side channel processes.

+

Adjusts the SSH flow control window. This is to be done by both the + client- and server-side channel processes.

-

Channels implemented with the ssh_channel - behavior will normaly not need to call this function as flow control - will be handled by the behavior. The behavior will adjust the window every time +

Channels implemented with the ssh_channel + behavior do not normally need to call this function as flow control + is handled by the behavior. The behavior adjusts the window every time the callback - handle_ssh_msg/2 has returned after processing channel data

 + handle_ssh_msg/2 returns after processing channel data.

 close(ConnectionRef, ChannelId) -> ok - Sends a close message on the channel ChannelId. + Sends a close message on the channel ChannelId. - ConnectionRef = ssh_connection_ref() - ChannelId = ssh_channel_id() + ConnectionRef = ssh_connection_ref() + ChannelId = ssh_channel_id() -

A server or client channel process can choose to close their session by sending a close event. +

A server- or client-channel process can choose to close their session by + sending a close event.

-

This function will be called by the ssh_channel - behavior when the channel is terminated see ssh_channel(3) so channels implemented with the - behavior should not call this function explicitly.

 +

This function is called by the ssh_channel + behavior when the channel is terminated, see ssh_channel(3) . Thus, channels implemented + with the behavior are not to call this function explicitly.

 - exec(ConnectionRef, ChannelId, Command, TimeOut) -> ssh_request_status() | {error, reason()} - Request that the server start the execution of the given command. + exec(ConnectionRef, ChannelId, Command, TimeOut) -> ssh_request_status() | + {error, reason()} + Requests that the server starts the execution of the given command. - ConnectionRef = ssh_connection_ref() - ChannelId = ssh_channel_id() - Command = string() - Timeout = timeout() + ConnectionRef = ssh_connection_ref() + ChannelId = ssh_channel_id() + Command = string() + Timeout = timeout() -

Should be called by a client channel process to request that the server starts execution of the - given command, the result will be several messages according to the following pattern. Note - that the last message will be a channel close message, as the exec request is a one time - execution that closes the channel when it is done.

+

Is to be called by a client-channel process to request that the server starts + executing the given command. The result is several messages according to the + following pattern. The last message is a channel close message, as the exec + request is a one-time execution that closes the channel when it is done.

- N x {ssh_cm, ssh_connection_ref(), - {data, ssh_channel_id(), ssh_data_type_code(), binary() = Data}} - The result of executing the command may be only one line - or thousands of lines depending on the command. + N x {ssh_cm, ssh_connection_ref(), + {data, ssh_channel_id(), ssh_data_type_code(), binary() = Data}} +

The result of executing the command can be only one line + or thousands of lines depending on the command.

 0 or 1 x {ssh_cm, ssh_connection_ref(), {eof, ssh_channel_id()}} - Indicates that no more data will be sent. +

Indicates that no more data is to be sent.

 0 or 1 x {ssh_cm, ssh_connection_ref(), {exit_signal, ssh_channel_id(), string() = ExitSignal, string() = ErrorMsg, string() = LanguageString}} - Not all systems send signals. For details on valid string - values see RFC 4254 section 6.10 +

Not all systems send signals. For details on valid string + values, see RFC 4254, Section 6.10

 0 or 1 x {ssh_cm, ssh_connection_ref(), {exit_status, ssh_channel_id(), integer() = ExitStatus}} - It is recommended by the ssh connection protocol that this - message shall be sent, but that may not always be the case. +

It is recommended by the SSH Connection Protocol to send this + message, but that is not always the case.

 - 1 x {ssh_cm, ssh_connection_ref(), + 1 x {ssh_cm, ssh_connection_ref(), {closed, ssh_channel_id()}} - Indicates that the ssh channel started for the - execution of the command has now been shutdown. +

Indicates that the ssh_channel started for the + execution of the command has now been shut down.

 @@ -265,78 +286,72 @@ exit_status(ConnectionRef, ChannelId, Status) -> ok Sends the exit status of a command to the client. - ConnectionRef = ssh_connection_ref() - ChannelId = ssh_channel_id() - Status = integer() + ConnectionRef = ssh_connection_ref() + ChannelId = ssh_channel_id() + Status = integer() -

Should be called by a server channel process to sends the exit status of a command to the client.

+

Is to be called by a server-channel process to send the exit status of a command + to the client.

 - ptty_alloc(ConnectionRef, ChannelId, Options) -> - ptty_alloc(ConnectionRef, ChannelId, Options, Timeout) -> > ssh_request_status() | {error, reason()} - Send status replies to requests that want such replies. + ptty_alloc(ConnectionRef, ChannelId, Options) -> + ptty_alloc(ConnectionRef, ChannelId, Options, Timeout) -> > ssh_request_status() | + {error, reason()} + Sends an SSH Connection Protocol pty_req, + to allocate a pseudo-terminal. - ConnectionRef = ssh_connection_ref() - ChannelId = ssh_channel_id() - Options = proplists:proplist() + ConnectionRef = ssh_connection_ref() + ChannelId = ssh_channel_id() + Options = proplists:proplist() -

Sends a SSH Connection Protocol pty_req, to allocate a pseudo tty. - Should be called by a SSH client process. - Options are: -

+

Sends an SSH Connection Protocol pty_req, to allocate a pseudo-terminal. + Is to be called by an SSH client process.

+

Options:

{term, string()} - - Defaults to os:getenv("TERM") or "vt100" if it is undefined. - +

Defaults to os:getenv("TERM") or vt100 + if it is undefined.

 + {width, integer()} - - Defaults to 80 if pixel_width is not defined. - +

Defaults to 80 if pixel_width is not defined.

 + {height, integer()} - - Defaults to 24 if pixel_height is not defined. - +

Defaults to 24 if pixel_height is not defined.

 + {pixel_width, integer()} - - Is disregarded if width is defined. - +

Is disregarded if width is defined.

 + {pixel_height, integer()} - - Is disregarded if height is defined. - +

Is disregarded if height is defined.

 + {pty_opts, [{posix_atom(), integer()}]} - - Option may be an empty list, otherwise - see possible POSIX names in section 8 in RFC 4254. +

Option can be an empty list. Otherwise, see possible POSIX names + in Section 8 in RFC 4254.

 - - + reply_request(ConnectionRef, WantReply, Status, ChannelId) -> ok - Send status replies to requests that want such replies. + Sends status replies to requests that want such replies. - ConnectionRef = ssh_connection_ref() - WantReply = boolean() - Status = ssh_request_status() - ChannelId = ssh_channel_id() + ConnectionRef = ssh_connection_ref() + WantReply = boolean() + Status = ssh_request_status() + ChannelId = ssh_channel_id()

Sends status replies to requests where the requester has - stated that they want a status report e.i . WantReply = true, - if WantReply is false calling this function will be a - "noop". Should be called while handling an ssh connection - protocol message containing a WantReply boolean - value. -

+ stated that it wants a status report, that is, WantReply = true. + If WantReply is false, calling this function becomes a + "noop". Is to be called while handling an SSH Connection + Protocol message containing a WantReply boolean value.

 @@ -346,98 +361,97 @@ send(ConnectionRef, ChannelId, Type, Data) -> send(ConnectionRef, ChannelId, Type, Data, TimeOut) -> ok | {error, timeout} | {error, closed} - Sends channel data + Sends channel data. - ConnectionRef = ssh_connection_ref() - ChannelId = ssh_channel_id() - Data = binary() - Type = ssh_data_type_code() - Timeout = timeout() + ConnectionRef = ssh_connection_ref() + ChannelId = ssh_channel_id() + Data = binary() + Type = ssh_data_type_code() + Timeout = timeout() -

Should be called by client- and server channel processes to send data to each other. +

Is to be called by client- and server-channel processes to send data to each other.

send_eof(ConnectionRef, ChannelId) -> ok | {error, closed} - Sends eof on the channel ChannelId. + Sends EOF on channel ChannelId. - ConnectionRef = ssh_connection_ref() - ChannelId = ssh_channel_id() + ConnectionRef = ssh_connection_ref() + ChannelId = ssh_channel_id() -

Sends eof on the channel ChannelId. -

+

Sends EOF on channel ChannelId.

 - session_channel(ConnectionRef, Timeout) -> + session_channel(ConnectionRef, Timeout) -> session_channel(ConnectionRef, InitialWindowSize, MaxPacketSize, Timeout) -> {ok, ssh_channel_id()} | {error, reason()} - Opens a channel for a ssh session. + Opens a channel for an SSH session. - ConnectionRef = ssh_connection_ref() - InitialWindowSize = integer() - MaxPacketSize = integer() - Timeout = timeout() - Reason = term() + ConnectionRef = ssh_connection_ref() + InitialWindowSize = integer() + MaxPacketSize = integer() + Timeout = timeout() + Reason = term()

Opens a channel for an SSH session. The channel id returned from this function - is the id used as input to the other funtions in this module. -

+ is the id used as input to the other functions in this module.

 - setenv(ConnectionRef, ChannelId, Var, Value, TimeOut) -> ssh_request_status() | {error, reason()} - Environment variables may be passed to the + setenv(ConnectionRef, ChannelId, Var, Value, TimeOut) -> ssh_request_status() | + {error, reason()} + Environment variables can be passed to the shell/command to be started later. - ConnectionRef = ssh_connection_ref() - ChannelId = ssh_channel_id() - Var = string() - Value = string() - Timeout = timeout() + ConnectionRef = ssh_connection_ref() + ChannelId = ssh_channel_id() + Var = string() + Value = string() + Timeout = timeout() -

Environment variables may be passed before starting the - shell/command. Should be called by a client channel processes. -

+

Environment variables can be passed before starting the + shell/command. Is to be called by a client channel processes.

 shell(ConnectionRef, ChannelId) -> ssh_request_status() | {error, closed} - Requests that the user's default shell (typically - defined in /etc/passwd in UNIX systems) shall be executed at the server - end. + Requests that the user default shell (typically defined in + /etc/passwd in Unix systems) is to be executed at the server end. - ConnectionRef = ssh_connection_ref() - ChannelId = ssh_channel_id() + ConnectionRef = ssh_connection_ref() + ChannelId = ssh_channel_id() -

Should be called by a client channel process to request that the user's default shell (typically - defined in /etc/passwd in UNIX systems) shall be executed at the server end. -

+

Is to be called by a client channel process to request that the user default + shell (typically defined in /etc/passwd in Unix systems) is executed + at the server end.

 - subsystem(ConnectionRef, ChannelId, Subsystem, Timeout) -> ssh_request_status() | {error, reason()} - + subsystem(ConnectionRef, ChannelId, Subsystem, Timeout) -> ssh_request_status() | + {error, reason()} + Requests to execute a predefined subsystem on the server. - ConnectionRef = ssh_connection_ref() - ChannelId = ssh_channel_id() - Subsystem = string() - Timeout = timeout() + ConnectionRef = ssh_connection_ref() + ChannelId = ssh_channel_id() + Subsystem = string() + Timeout = timeout() -

Should be called by a client channel process for requesting to execute a predefined subsystem on the server. +

Is to be called by a client-channel process for requesting to execute a predefined + subsystem on the server.

diff --git a/lib/ssh/doc/src/ssh_server_key_api.xml b/lib/ssh/doc/src/ssh_server_key_api.xml index f7133e4ba5..9e1f4e908d 100644 --- a/lib/ssh/doc/src/ssh_server_key_api.xml +++ b/lib/ssh/doc/src/ssh_server_key_api.xml @@ -23,68 +23,81 @@ The Initial Developer of the Original Code is Ericsson AB. ssh_server_key_api + + + + ssh_server_key_api -behaviour(ssh_server_key_api). -

Behaviour describing the API for an SSH server's public key handling. By implementing the callbacks defined - in this behavior it is possible to customize the SSH server's public key - handling. By default the SSH application implements this behavior - with help of the standard openssh files, see ssh(6).

+

Behaviour describing the API for public key handling of an SSH server. By implementing + the callbacks defined in this behavior, the public key handling of an SSH server can + be customized. By default the SSH application implements this behavior + with help of the standard OpenSSH files, + see the ssh(6) application.
- DATA TYPES + DATA TYPES -

Type definitions that are used more than once in this module - and/or abstractions to indicate the intended use of the data - type. For more details on public key data types - see the public_key user's guide. +

Type definitions that are used more than once in this module, + or abstractions to indicate the intended use of the data + type, or both. For more details on public key data types, + refer to Section 2 Public Key Records in the + public_key user's guide.

-

boolean() = true | false

-

string() = [byte()]

-

public_key() = #'RSAPublicKey'{} | {integer(), #'Dss-Parms'{}} | term()

-

private_key() = #'RSAPrivateKey'{} | #'DSAPrivateKey'{} | term()

-

public_key_algorithm() = 'ssh-rsa' | 'ssh-dss' | atom()

+ + boolean() +

= true | false

 + string() +

= [byte()]

 + public_key() +

= #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term()

 + private_key() +

= #'RSAPrivateKey'{} | #'DSAPrivateKey'{} | term()

 + public_key_algorithm() +

= 'ssh-rsa'| 'ssh-dss' | atom()

 +
Module:host_key(Algorithm, DaemonOptions) -> {ok, Key} | {error, Reason} - Fetches the hosts private key + Fetches the host’s private key. Algorithm = public_key_algorithm() - Host key algorithm. Should support 'ssh-rsa' | 'ssh-dss' but additional algorithms + Host key algorithm. Is to support 'ssh-rsa' | 'ssh-dss', but more algorithms can be handled. - DaemonOptions = proplists:proplist() - Options provided to ssh:daemon/[2,3] - Key = private_key() - The private key of the host matching the Algorithm - Reason = term() + DaemonOptions = proplists:proplist() + Options provided to ssh:daemon/[2,3]. + Key = private_key() + Private key of the host matching the Algorithm. + Reason = term() -

Fetches the hosts private key

+

Fetches the private key of the host.

 Module:is_auth_key(Key, User, DaemonOptions) -> Result - Checks if the user key is authorized + Checks if the user key is authorized. - Key = public_key() - Normally an RSA or DSA public key but handling of other public keys can be added - User = string() - The user owning the public key - DaemonOptions = proplists:proplist() - Options provided to ssh:daemon/[2,3] - Result = boolean() + Key = public_key() + Normally an RSA or DSA public key, but handling of other public keys can be added + User = string() + User owning the public key. + DaemonOptions = proplists:proplist() + Options provided to ssh:daemon/[2,3]. + Result = boolean() -

Checks if the user key is authorized

+

Checks if the user key is authorized.

 diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index ab111562f9..95869befb8 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -23,43 +23,49 @@ ssh_sftp OTP + 2005-09-22 + ssh_sftp.sgml ssh_sftp SFTP client. -

This module implements an SFTP (SSH FTP) client. SFTP is a +

This module implements an SSH FTP (SFTP) client. SFTP is a secure, encrypted file transfer service available for SSH.
- DATA TYPES -

Type definitions that are used more than once in this module - and/or abstractions to indicate the intended use of the data type: + DATA TYPES +

Type definitions that are used more than once in this module, + or abstractions to indicate the intended use of the data type, or both:

-

ssh_connection_ref() - opaque to the user - returned by ssh:connect/3

-

timeout() = infinity | integer() - in milliseconds.

+ + + ssh_connection_ref() +

Opaque to the user, returned by ssh:connect/3

 + timeout() +

= infinity | integer() in milliseconds

 +
- TIMEOUTS -

If the request functions for the SFTP channel return {error, timeout} - it does not guarantee that the request did not reach the server and was - not performed, it only means that we did not receive an answer from the - server within the time that was expected.

+ Time-outs +

If the request functions for the SFTP channel return {error, timeout}, + it does not guarantee that the request never reached the server and was + not performed. It only means that no answer was received from the + server within the expected time.

- start_channel(ConnectionRef) -> - start_channel(ConnectionRef, Options) -> + start_channel(ConnectionRef) -> + start_channel(ConnectionRef, Options) -> start_channel(Host, Options) -> start_channel(Host, Port, Options) -> {ok, Pid} | {ok, Pid, ConnectionRef} | {error, Reason} - Starts a SFTP client + Starts an SFTP client. Host = string() ConnectionRef = ssh_connection_ref() @@ -69,33 +75,33 @@

If no connection reference is provided, a connection is set - up and the new connection is returned. An SSH channel process + up, and the new connection is returned. An SSH channel process is started to handle the communication with the SFTP server. - The returned pid for this process should be used as input to + The returned pid for this process is to be used as input to all other API functions in this module.

-

Options are:

+

Options:

-

The timeout is passed to the ssh_channel start function, - and defaults to infinity.

+

The time-out is passed to the ssh_channel start function, + and defaults to infinity.

 -

+

Desired SFTP protocol version. - The actual version will be the minimum of + The actual version is the minimum of the desired version and the maximum supported versions by the SFTP server.

-

All other options are directly passed to +

All other options are directly passed to ssh:connect/3 or ignored if a - connection is already provided.

+ connection is already provided.

 @@ -106,15 +112,15 @@ ChannelPid = pid() -

Stops an SFTP channel. Does not close the SSH connetion. +

Stops an SFTP channel. Does not close the SSH connection. Use ssh:close/1 to close it.

 - read_file(ChannelPid, File) -> + read_file(ChannelPid, File) -> read_file(ChannelPid, File, Timeout) -> {ok, Data} | {error, Reason} - Read a file + Reads a file. ChannelPid = pid() File = string() @@ -128,9 +134,9 @@ - write_file(ChannelPid, File, Iolist) -> + write_file(ChannelPid, File, Iolist) -> write_file(ChannelPid, File, Iolist, Timeout) -> ok | {error, Reason} - Write a file + Writes a file. ChannelPid = pid() File = string() @@ -140,14 +146,14 @@

Writes a file to the server, like - . The file is created if - it does not exist or is owerwritten if it does.

+ . The file is created if + it does not exist. The file is overwritten if it exists.

 - list_dir(ChannelPid, Path) -> + list_dir(ChannelPid, Path) -> list_dir(ChannelPid, Path, Timeout) -> {ok, Filenames} | {error, Reason} - List directory + Lists the directory. ChannelPid = pid() Path = string() @@ -162,9 +168,9 @@ - open(ChannelPid, File, Mode) -> + open(ChannelPid, File, Mode) -> open(ChannelPid, File, Mode, Timeout) -> {ok, Handle} | {error, Reason} - Open a file and return a handle + Opens a file and returns a handle. ChannelPid = pid() File = string() @@ -175,14 +181,14 @@ Reason = term() -

Opens a file on the server, and returns a handle that +

Opens a file on the server and returns a handle, which can be used for reading or writing.

 - opendir(ChannelPid, Path) -> + opendir(ChannelPid, Path) -> opendir(ChannelPid, Path, Timeout) -> {ok, Handle} | {error, Reason} - Open a directory and return a handle + Opens a directory and returns a handle. ChannelPid = pid() Path = string() @@ -190,7 +196,7 @@ Reason = term() -

Opens a handle to a directory on the server, the handle +

Opens a handle to a directory on the server. The handle can be used for reading directory contents.

 @@ -198,14 +204,15 @@ open_tar(ChannelPid, Path, Mode) -> open_tar(ChannelPid, Path, Mode, Timeout) -> {ok, Handle} | {error, Reason} - Opens a tar file on the server to which ChannelPid is connected and returns a handle + Opens a tar file on the server to which ChannelPid + is connected and returns a handle. ChannelPid = pid() Path = string() - Mode = [read] | [write] | [read,EncryptOpt] | [write,DecryptOpt] + Mode = [read] | [write] | [read,EncryptOpt] | [write,DecryptOpt] EncryptOpt = {crypto,{InitFun,EncryptFun,CloseFun}} DecryptOpt = {crypto,{InitFun,DecryptFun}} - InitFun = (fun() -> {ok,CryptoState}) | (fun() -> {ok,CryptoState,ChunkSize}) + InitFun = (fun() -> {ok,CryptoState}) | (fun() -> {ok,CryptoState,ChunkSize}) CryptoState = any() ChunkSize = undefined | pos_integer() EncryptFun = (fun(PlainBin,CryptoState) -> EncryptResult) @@ -219,11 +226,11 @@ Reason = term() -

Opens a handle to a tar file on the server associated with ChannelPid. The handle - can be used for remote tar creation and extraction as defined by the +

Opens a handle to a tar file on the server, associated with ChannelPid. + The handle can be used for remote tar creation and extraction, as defined by the erl_tar:init/3 function.

-

An example of writing and then reading a tar file:

+

Example of writing and then reading a tar file follows:

{ok,HandleWrite} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [write]), ok = erl_tar:add(HandleWrite, .... ), @@ -238,25 +245,24 @@ ok = erl_tar:close(HandleRead), -

The crypto mode option is applied to the generated stream of bytes just prior to sending - them to the sftp server. This is intended for encryption but could of course be used for other +

The crypto mode option is applied to the generated stream of bytes prior to sending + them to the SFTP server. This is intended for encryption but can be used for other purposes.

The InitFun is applied once - prior to any other crypto operation. The returned CryptoState is then folded into - repeated applications of the EncryptFun or DecryptFun. The binary returned - from those Funs are sent further to the remote sftp server. Finally - if doing encryption - - the CloseFun is applied to the last piece of data. The CloseFun is + prior to any other crypto operation. The returned CryptoState is then folded into + repeated applications of the EncryptFun or DecryptFun. The binary returned + from those funs are sent further to the remote SFTP server. Finally, if doing encryption, + the CloseFun is applied to the last piece of data. The CloseFun is responsible for padding (if needed) and encryption of that last piece.

The ChunkSize defines the size of the PlainBins that EncodeFun is applied - to. If the ChunkSize is undefined the size of the PlainBins varies because - this is inteded for stream crypto while a fixed ChunkSize is intended for block crypto. It - is possible to change the ChunkSizes in the return from the EncryptFun or - DecryptFun. It is in fact possible to change the value between pos_integer() and - undefined. + to. If the ChunkSize is undefined, the size of the PlainBins varies, + because this is intended for stream crypto, whereas a fixed ChunkSize is intended for block crypto. + ChunkSizes can be changed in the return from the EncryptFun or + DecryptFun. The value can be changed between pos_integer() and undefined.

-

The write and read example above can be extended with encryption and decryption:

+

The previous write and read example can be extended with encryption and decryption as follows:

%% First three parameters depending on which crypto type we select: Key = <<"This is a 256 bit key. abcdefghi">>, @@ -307,9 +313,9 @@ - close(ChannelPid, Handle) -> + close(ChannelPid, Handle) -> close(ChannelPid, Handle, Timeout) -> ok | {error, Reason} - Close an open handle + Closes an open handle. ChannelPid = pid() Handle = term() @@ -321,11 +327,11 @@ - read(ChannelPid, Handle, Len) -> + read(ChannelPid, Handle, Len) -> read(ChannelPid, Handle, Len, Timeout) -> {ok, Data} | eof | {error, Error} - pread(ChannelPid, Handle, Position, Len) -> + pread(ChannelPid, Handle, Position, Len) -> pread(ChannelPid, Handle, Position, Len, Timeout) -> {ok, Data} | eof | {error, Error} - Read from an open file + Reads from an open file. ChannelPid = pid() Handle = term() @@ -340,8 +346,8 @@ . Returns , , or . If the file is opened with , is a binary, otherwise it is a string.

-

If the file is read past eof, only the remaining bytes - will be read and returned. If no bytes are read, +

If the file is read past eof, only the remaining bytes + are read and returned. If no bytes are read, is returned.

The function reads from a specified position, combining the and functions.

@@ -350,7 +356,7 @@ aread(ChannelPid, Handle, Len) -> {async, N} | {error, Error} apread(ChannelPid, Handle, Position, Len) -> {async, N} | {error, Error} - Read asynchronously from an open file + Reads asynchronously from an open file. ChannelPid = pid() Handle = term() @@ -361,12 +367,12 @@

Reads from an open file, without waiting for the result. If the - handle is valid, the function returns , where N + handle is valid, the function returns , where N is a term guaranteed to be unique between calls of . The actual data is sent as a message to the calling process. This message has the form , where is the result from the read, either , - or , or .

+ , or .

The function reads from a specified position, combining the and functions.

 @@ -374,9 +380,9 @@ write(ChannelPid, Handle, Data) -> write(ChannelPid, Handle, Data, Timeout) -> ok | {error, Error} - pwrite(ChannelPid, Handle, Position, Data) -> ok + pwrite(ChannelPid, Handle, Position, Data) -> ok pwrite(ChannelPid, Handle, Position, Data, Timeout) -> ok | {error, Error} - Write to an open file + Writes to an open file. ChannelPid = pid() Handle = term() @@ -386,27 +392,27 @@ Reason = term() -

Writes to the file referenced by . - The file should be opened with or - flag. Returns if successful or S +

Writes to the file referenced by . + The file is to be opened with or + flag. Returns if successful or otherwise.

-

Typical error reasons are:

+

Typical error reasons:

-

The file is not opened for writing.

+

File is not opened for writing.

 -

There is a no space left on the device.

+

No space is left on the device.

 - awrite(ChannelPid, Handle, Data) -> ok | {error, Reason} + awrite(ChannelPid, Handle, Data) -> ok | {error, Reason} apwrite(ChannelPid, Handle, Position, Data) -> ok | {error, Reason} - Write asynchronously to an open file + Writes asynchronously to an open file. ChannelPid = pid() Handle = term() @@ -418,24 +424,25 @@

Writes to an open file, without waiting for the result. If the - handle is valid, the function returns , where N + handle is valid, the function returns , where N is a term guaranteed to be unique between calls of . The result of the operation is sent as a message to the calling process. This message has the form , where is the result from the write, either , or .

-

The writes on a specified position, combining +

writes on a specified position, combining the and operations.

 - position(ChannelPid, Handle, Location) -> + position(ChannelPid, Handle, Location) -> position(ChannelPid, Handle, Location, Timeout) -> {ok, NewPosition | {error, Error} - Seek position in open file + Sets the file position of a file. ChannelPid = pid() Handle = term() - Location = Offset | {bof, Offset} | {cur, Offset} | {eof, Offset} | bof | cur | eof + Location = Offset + | {bof, Offset} | {cur, Offset} | {eof, Offset} | bof | cur | eof Offset = integer() Timeout = timeout() NewPosition = integer() @@ -465,15 +472,17 @@ -

The same as above with 0.

+

The same as eariler with 0, + that is, . +

- read_file_info(ChannelPid, Name) -> + read_file_info(ChannelPid, Name) -> read_file_info(ChannelPid, Name, Timeout) -> {ok, FileInfo} | {error, Reason} - Get information about a file + Gets information about a file. ChannelPid = pid() Name = string() @@ -484,13 +493,14 @@

Returns a record from the file specified by - or , like .

+ or , + like .

 read_link_info(ChannelPid, Name) -> {ok, FileInfo} | {error, Reason} read_link_info(ChannelPid, Name, Timeout) -> {ok, FileInfo} | {error, Reason} - Get information about a symbolic link + Gets information about a symbolic link. ChannelPid = pid() Name = string() @@ -506,9 +516,9 @@ - write_file_info(ChannelPid, Name, Info) -> + write_file_info(ChannelPid, Name, Info) -> write_file_info(ChannelPid, Name, Info, Timeout) -> ok | {error, Reason} - Write information for a file + Writes information for a file. ChannelPid = pid() Name = string() @@ -522,9 +532,9 @@ - read_link(ChannelPid, Name) -> + read_link(ChannelPid, Name) -> read_link(ChannelPid, Name, Timeout) -> {ok, Target} | {error, Reason} - Read symbolic link + Reads symbolic link. ChannelPid = pid() Name = string() @@ -537,9 +547,9 @@ - make_symlink(ChannelPid, Name, Target) -> + make_symlink(ChannelPid, Name, Target) -> make_symlink(ChannelPid, Name, Target, Timeout) -> ok | {error, Reason} - Create symbolic link + Creates a symbolic link. ChannelPid = pid() Name = string() @@ -552,9 +562,9 @@ - rename(ChannelPid, OldName, NewName) -> + rename(ChannelPid, OldName, NewName) -> rename(ChannelPid, OldName, NewName, Timeout) -> ok | {error, Reason} - Rename a file + Renames a file. ChannelPid = pid() OldName = string() @@ -563,14 +573,14 @@ Reason = term() -

Renames a file named , and gives it the name - , like

+

Renames a file named and gives it the name + , like .

 - delete(ChannelPid, Name) -> + delete(ChannelPid, Name) -> delete(ChannelPid, Name, Timeout) -> ok | {error, Reason} - Delete a file + Deletes a file. ChannelPid = pid() Name = string() @@ -579,13 +589,13 @@

Deletes the file specified by , like -

+ .

 - make_dir(ChannelPid, Name) -> + make_dir(ChannelPid, Name) -> make_dir(ChannelPid, Name, Timeout) -> ok | {error, Reason} - Create a directory + Creates a directory. ChannelPid = pid() Name = string() @@ -593,15 +603,15 @@ Reason = term() -

Creates a directory specified by . should - be a full path to a new directory. The directory can only be +

Creates a directory specified by . + must be a full path to a new directory. The directory can only be created in an existing directory.

 - del_dir(ChannelPid, Name) -> + del_dir(ChannelPid, Name) -> del_dir(ChannelPid, Name, Timeout) -> ok | {error, Reason} - Delete an empty directory + Deletes an empty directory. ChannelPid = pid() Name = string() @@ -610,7 +620,7 @@

Deletes a directory specified by . - Note that the directory must be empty before it can be successfully deleted + The directory must be empty before it can be successfully deleted.

diff --git a/lib/ssh/doc/src/ssh_sftpd.xml b/lib/ssh/doc/src/ssh_sftpd.xml index 81c2acc575..bc2660f595 100644 --- a/lib/ssh/doc/src/ssh_sftpd.xml +++ b/lib/ssh/doc/src/ssh_sftpd.xml @@ -22,67 +22,73 @@ ssh_sftpd + + 2005-09-22 + ssh_sftpd.sgml ssh_sftpd - Specifies the channel process to handle an sftp subsystem. + Specifies the channel process to handle an SFTP subsystem. -

Specifies a channel process to handle a sftp subsystem.

+

Specifies a channel process to handle an SFTP subsystem.
- DATA TYPES -

subsystem_spec() = {subsystem_name(), {channel_callback(), channel_init_args()}}

-

subsystem_name() = "sftp"

-

channel_callback() = atom() - Name of the erlang module implementing the - subsystem using the ssh_channel behavior see - ssh_channel(3)

-

channel_init_args() = list() - The one given as argument to function - subsystem_spec/1.

+ DATA TYPES + + subsystem_spec() +

= {subsystem_name(), {channel_callback(), channel_init_args()}}

 + subsystem_name() +

= "sftp"

 + channel_callback() +

= atom() - Name of the Erlang module implementing the subsystem using the + ssh_channel behavior, see the + ssh_channel(3) manual page.

 + channel_init_args() +

= list() - The one given as argument to function subsystem_spec/1.

 +
subsystem_spec(Options) -> subsystem_spec() - Returns the subsystem specification that allows an ssh daemon to handle the subsystem "sftp". + Returns the subsystem specification that allows an SSH daemon to handle the subsystem "sftp". Options = [{Option, Value}] -

Should be used together with ssh:daemon/[1,2,3]

-

Options are:

+

Is to be used together with ssh:daemon/[1,2,3]

+

Options:

-

Sets the initial current working directory for the - server.

+

Sets the initial current working directory for the server.

Determines which module to call for accessing - the file server. The default value is ssh_sftpd_file that uses the - file and filelib API:s to access the standard OTP file - server. This option may be used to plug in + the file server. The default value is ssh_sftpd_file, which uses the + file and filelib + APIs to access the standard OTP file server. This option can be used to plug in other file servers.

The default value is 0, which means that there is no upper limit. - If supplied, the number of filenames returned to the sftp client per READDIR + If supplied, the number of filenames returned to the SFTP client per READDIR request is limited to at most the given value.

 -

Sets the sftp root directory. The user will then not be - able to see any files above this root. If for instance - the root is set to /tmp the user will see this - directory as / and if the user does cd /etc - the user will end up in /tmp/etc. +

Sets the SFTP root directory. Then the user cannot see any files + above this root. If, for example, the root directory is set to /tmp, + then the user sees this directory as /. If the user then writes + cd /etc, the user moves to /tmp/etc.

-

Sets the sftp version to use, defaults to 5. Version 6 is under +

Sets the SFTP version to use. Defaults to 5. Version 6 is under development and limited.

 diff --git a/lib/ssh/doc/src/usersguide.xml b/lib/ssh/doc/src/usersguide.xml index 8ab14c2945..a9ed5fe21e 100644 --- a/lib/ssh/doc/src/usersguide.xml +++ b/lib/ssh/doc/src/usersguide.xml @@ -23,15 +23,16 @@ SSH User's Guide OTP Team + 2012-10-11 + usersguide.xml -

The SSH application implements the SSH (Secure Shell) protocol and - provides an SFTP (Secret File Transfer Protocol) client and server. +

The Erlang Secure Shell (SSH) application, ssh, implements the SSH Transport Layer Protocol and + provides SSH File Transfer Protocol (SFTP) clients and servers.

- diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index 46178d4018..5873e03f23 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -22,35 +22,40 @@ - Getting started + Getting Started + + + + + using_ssh.xml
- General information -

The examples in the following sections use the utility function - ssh:start/0 that starts - all needed applications (crypto, public_key and ssh). All examples - are run in an Erlang shell, or in a bash shell using openssh to - illustrate how the erlang ssh application can be used. The - examples are run as the user otptest on a local network where the - user is authorized to login in over ssh to the host "tarlop". If - nothing else is stated it is persumed that the otptest user has an - entry in tarlop's authorized_keys file (may log in via ssh without - entering a password). Also tarlop is a known host in the user - otptest's known_hosts file so that host verification can be done - without user interaction. + General Information +

The following examples use the utility function + ssh:start/0 to start + all needed applications (crypto, public_key, and ssh). + All examples are run in an Erlang shell, or in a bash shell, using openssh + to illustrate how the ssh application can be used. The + examples are run as the user otptest on a local network where the + user is authorized to log in over ssh to the host tarlop. +

+

If nothing else is stated, it is presumed that the otptest user + has an entry in the authorized_keys file of tarlop + (allowed to log in over ssh without entering a password). + Also, tarlop is a known host in the known_hosts + file of the user otptest. This means that host-verification + can be done without user-interaction.

- Using the Erlang SSH Terminal Client + Using the Erlang ssh Terminal Client -

The user otptest, that has bash as default shell, uses the - ssh:shell/1 client to connect to the openssh daemon running on a - host called tarlop. Note that currently this client is very simple - and you should not be expected to be as fancy as the openssh - client.

+

The user otptest, which has bash as default shell, uses the + ssh:shell/1 client to connect to the openssh daemon running on a + host called tarlop:

1> ssh:start(). @@ -62,24 +67,27 @@ logout 3> +

Notice that this is a simple client that is not expected to be as + fancy as the openssh client.

- Running an Erlang SSH Daemon + + Running an Erlang ssh Daemon -

The option system_dir must be a directory containing a host - key file and it defaults to /etc/ssh. For details see section +

The system_dir option must be a directory containing a host + key file and it defaults to /etc/ssh. For details, see Section Configuration Files in ssh(6).

-

Normally the /etc/ssh directory is only readable by root.

+

Normally, the /etc/ssh directory is only readable by root.

 -

The option user_dir defaults to the users ~/.ssh directory

+

The option user_dir defaults to directory users ~/.ssh.

-

In the following example we generate new keys and host keys as - to be able to run the example without having root privileges

+

Step 1. To run the example without root privileges, + generate new keys and host keys:

$bash> ssh-keygen -t rsa -f /tmp/ssh_daemon/ssh_host_rsa_key @@ -88,8 +96,10 @@ [...] -

Create the file /tmp/otptest_user/.ssh/authorized_keys and add the content - of /tmp/otptest_user/.ssh/id_rsa.pub Now we can do

+

Step 2. Create the file /tmp/otptest_user/.ssh/authorized_keys + and add the content of /tmp/otptest_user/.ssh/id_rsa.pub.

+ +

Step 3. Start the Erlang ssh daemon:

1> ssh:start(). @@ -100,7 +110,8 @@ 3> -

Use the openssh client from a shell to connect to the Erlang ssh daemon.

+

Step 4. Use the openssh client from a shell to connect + to the Erlang ssh daemon:

$bash> ssh tarlop -p 8989 -i /tmp/otptest_user/.ssh/id_rsa\ @@ -113,9 +124,12 @@ 1> -

There are two ways of shutting down an SSH daemon

+

There are two ways of shutting down an ssh daemon, + see Step 5a and Step 5b.

-

1: Stops the listener, but leaves existing connections started by the listener up and running.

+

Step 5a. Shut down the Erlang ssh daemon so that it + stops the listener but leaves existing connections, started by the listener, + operational:

3> ssh:stop_listener(Sshd). @@ -123,7 +137,8 @@ 4> -

2: Stops the listener and all connections started by the listener.

+

Step 5b. Shut down the Erlang ssh daemon so that it + stops the listener and all connections started by the listener:

3> ssh:stop_daemon(Sshd) @@ -134,16 +149,17 @@
- One Time Execution + One-Time Execution + +

In the following example, the Erlang shell is the client process + that receives the channel replies.

-

In the following example the Erlang shell is the client process - that receives the channel replies.

+

The number of received messages in this example depends on which OS + and which shell that is used on the machine running the ssh daemon. + See also ssh_connection:exec/4 +

. -

If you run this example - in your environment you may get fewer or more messages back as - this depends on the OS and shell on the machine running the ssh - daemon. See also ssh_connection:exec/4 -

+

Do a one-time execution of a remote command over ssh:

1> ssh:start(). @@ -162,7 +178,8 @@ 6> -

Note only the channel is closed the connection is still up and can handle other channels

+

Notice that only the channel is closed. The connection is still up and can + handle other channels:

6> {ok, NewChannelId} = ssh_connection:session_channel(ConnectionRef, infinity). @@ -172,7 +189,9 @@
- SFTP (SSH File Transport Protocol) server + SFTP Server + +

Start the Erlang ssh daemon with the SFTP subsystem:

1> ssh:start(). @@ -184,7 +203,7 @@ 3> -

Run the openssh sftp client

+

Run the OpenSSH SFTP client:

$bash> sftp -oPort=8989 -o IdentityFile=/tmp/otptest_user/.ssh/id_rsa\ @@ -197,7 +216,9 @@
- SFTP (SSH File Transport Protocol) client + SFTP Client + +

Fetch a file with the Erlang SFTP client:

1> ssh:start(). @@ -210,10 +231,10 @@
- Creating a subsystem + Creating a Subsystem -

A very small SSH subsystem that echos N bytes could be implemented like this. - See also ssh_channel(3)

+

A small ssh subsystem that echoes N bytes can be implemented as shown + in the following example:

-module(ssh_echo_server). @@ -267,7 +288,9 @@ terminate(_Reason, _State) -> ok. -

And run like this on the host tarlop with the keys generated in section 3.3

+

The subsystem can be run on the host tarlop with the generated keys, + as described in Section + Running an Erlang ssh Daemon:

1> ssh:start(). @@ -293,6 +316,7 @@ terminate(_Reason, _State) -> {ssh_msg, <0.57.0>, {closed, 0}} 7> {error, closed} = ssh_connection:send(ConnectionRef, ChannelId, "10", infinity). +

See also ssh_channel(3).

-- cgit v1.2.3 From b2bac6ce7b0746a0643c638b6b33085de9aab9a6 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 20 Apr 2015 13:21:19 +0200 Subject: ssh: Technically correct description --- lib/ssh/doc/src/introduction.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/introduction.xml b/lib/ssh/doc/src/introduction.xml index 70c6fb2ee1..1efbc16016 100644 --- a/lib/ssh/doc/src/introduction.xml +++ b/lib/ssh/doc/src/introduction.xml @@ -42,11 +42,11 @@ client and server. The protocol also provides privacy, integrity, server authentication, and man-in-the-middle protection.

-

The ssh application is an implementation of the SSH Transport - Layer Protocol in Erlang. It provides the following:

+

The ssh application is an implementation of the SSH Transport, Connection and Authentication + Layer Protocols in Erlang. It provides the following:

- API functions to write customized SSH clients and servers - The Erlang shell available through SSH + API functions to write customized SSH clients and servers applications + The Erlang shell available over SSH An SFTP client (ssh_sftp) and server (ssh_sftpd) -- cgit v1.2.3 From 9afc4b632975b89b5ac772d2e6bf23679c1e8626 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 20 Apr 2015 13:41:18 +0200 Subject: ssh: Remove legacy statement --- lib/ssh/doc/src/using_ssh.xml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index 5873e03f23..64477cb493 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -61,14 +61,12 @@ 1> ssh:start(). ok 2> {ok, S} = ssh:shell("tarlop"). - >pwd + otptest@tarlop:> pwd /home/otptest - >exit + otptest@tarlop:> exit logout 3> -

Notice that this is a simple client that is not expected to be as - fancy as the openssh client.

-- cgit v1.2.3 From de3ec242ef34cef763a6e3a8462b81a972e9af7f Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 20 Apr 2015 16:42:06 +0200 Subject: ssh: Corrected information about error and event logging Also added some links --- lib/ssh/doc/src/ssh_app.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 498565057f..1dfe68b17d 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -52,7 +52,7 @@ CONFIGURATION

The ssh application does not have an application- - specific configuration file, as described in application(3). + specific configuration file, as described in application(3). However, by default it use the following configuration files from OpenSSH:

@@ -109,12 +109,12 @@
ERROR LOGGER AND EVENT HANDLERS -

The ssh application has no error logger or event handlers.

+

The ssh application uses the default OTP error logger to log unexpected errors or print information about special events.

SEE ALSO -

application(3)

+

application(3)

-- cgit v1.2.3 From ea648fd889cf519a947af9b2c73e0b3fc5346486 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 21 Apr 2015 15:48:13 +0200 Subject: ssh: Remove extra whitespace --- lib/ssh/doc/src/ssh_connection.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_connection.xml b/lib/ssh/doc/src/ssh_connection.xml index 2ca1060e9e..669a361db9 100644 --- a/lib/ssh/doc/src/ssh_connection.xml +++ b/lib/ssh/doc/src/ssh_connection.xml @@ -233,7 +233,7 @@

This function is called by the ssh_channel behavior when the channel is terminated, see ssh_channel(3) . Thus, channels implemented + marker="ssh_channel"> ssh_channel(3). Thus, channels implemented with the behavior are not to call this function explicitly.

 -- cgit v1.2.3 From 3ac3d047903bc7770afcc2b842959fd296f4e9ea Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 21 Apr 2015 15:58:20 +0200 Subject: ssh: Change wording to become accurate --- lib/ssh/doc/src/ssh_client_key_api.xml | 2 +- lib/ssh/doc/src/ssh_server_key_api.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_client_key_api.xml b/lib/ssh/doc/src/ssh_client_key_api.xml index c3c005c58c..a8dda042c9 100644 --- a/lib/ssh/doc/src/ssh_client_key_api.xml +++ b/lib/ssh/doc/src/ssh_client_key_api.xml @@ -37,7 +37,7 @@ the callbacks defined in this behavior, the public key handling of an SSH client can be customized. By default the ssh application implements this behavior with help of the standard OpenSSH files, - see the ssh(6) application.

+ see the ssh(6) application manual.

diff --git a/lib/ssh/doc/src/ssh_server_key_api.xml b/lib/ssh/doc/src/ssh_server_key_api.xml index 9e1f4e908d..34ce7f7660 100644 --- a/lib/ssh/doc/src/ssh_server_key_api.xml +++ b/lib/ssh/doc/src/ssh_server_key_api.xml @@ -37,7 +37,7 @@ the callbacks defined in this behavior, the public key handling of an SSH server can be customized. By default the SSH application implements this behavior with help of the standard OpenSSH files, - see the ssh(6) application.

+ see the ssh(6) application manual.

-- cgit v1.2.3 From cc4996c9b3ad5294d3c3e6bb2435baaabec3f319 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 22 Apr 2015 14:51:34 +0200 Subject: ssh: Align to alphabetic order --- lib/ssh/doc/src/ssh_sftp.xml | 545 ++++++++++++++++++++++++------------------- 1 file changed, 311 insertions(+), 234 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index 95869befb8..c2a86f3821 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -59,98 +59,132 @@
+ + apread(ChannelPid, Handle, Position, Len) -> {async, N} | {error, Error} + ChannelPid = pid() + Handle = term() + Position = integer() + Len = integer() + N = term() + Reason = term() + +

The function reads from a specified position, + combining the and functions.

+

ssh_sftp:apread/3

 + + + + aread(ChannelPid, Handle, Len) -> {async, N} | {error, Error} + Reads asynchronously from an open file. + + ChannelPid = pid() + Handle = term() + Position = integer() + Len = integer() + N = term() + Reason = term() + + +

Reads from an open file, without waiting for the result. If the + handle is valid, the function returns , where N + is a term guaranteed to be unique between calls of . + The actual data is sent as a message to the calling process. This + message has the form , where + is the result from the read, either , + , or .

+ + + - start_channel(ConnectionRef) -> - start_channel(ConnectionRef, Options) -> - start_channel(Host, Options) -> - start_channel(Host, Port, Options) -> {ok, Pid} | {ok, Pid, ConnectionRef} | - {error, Reason} - Starts an SFTP client. + apwrite(ChannelPid, Handle, Position, Data) -> ok | {error, Reason} + Writes asynchronously to an open file. - Host = string() - ConnectionRef = ssh_connection_ref() - Port = integer() - Options = [{Option, Value}] + ChannelPid = pid() + Handle = term() + Position = integer() + Len = integer() + Data = binary() + Timeout = timeout() Reason = term() -

If no connection reference is provided, a connection is set - up, and the new connection is returned. An SSH channel process - is started to handle the communication with the SFTP server. - The returned pid for this process is to be used as input to - all other API functions in this module.

+

writes on a specified position, combining + the and operations.

+

ssh_sftp:awrite/3

+ -

Options:

- - - -

The time-out is passed to the ssh_channel start function, - and defaults to infinity.

- - - - - -

- Desired SFTP protocol version. - The actual version is the minimum of - the desired version and the maximum supported - versions by the SFTP server. -

- - -

All other options are directly passed to - ssh:connect/3 or ignored if a - connection is already provided.

+ + awrite(ChannelPid, Handle, Data) -> ok | {error, Reason} + Writes asynchronously to an open file. + + ChannelPid = pid() + Handle = term() + Position = integer() + Len = integer() + Data = binary() + Timeout = timeout() + Reason = term() + + +

Writes to an open file, without waiting for the result. If the + handle is valid, the function returns , where N + is a term guaranteed to be unique between calls of + . The result of the operation is sent + as a message to the calling process. This message has the form + , where is the result + from the write, either , or .

 - stop_channel(ChannelPid) -> ok - Stops the SFTP client channel. + close(ChannelPid, Handle) -> + close(ChannelPid, Handle, Timeout) -> ok | {error, Reason} + Closes an open handle. ChannelPid = pid() + Handle = term() + Timeout = timeout() + Reason = term() -

Stops an SFTP channel. Does not close the SSH connection. - Use ssh:close/1 to close it.

+

Closes a handle to an open file or directory on the server.

 - + - read_file(ChannelPid, File) -> - read_file(ChannelPid, File, Timeout) -> {ok, Data} | {error, Reason} - Reads a file. + delete(ChannelPid, Name) -> + delete(ChannelPid, Name, Timeout) -> ok | {error, Reason} + Deletes a file. - ChannelPid = pid() - File = string() - Data = binary() + ChannelPid = pid() + Name = string() Timeout = timeout() - Reason = term() + Reason = term() -

Reads a file from the server, and returns the data in a binary, - like .

+

Deletes the file specified by , like + .

 + - write_file(ChannelPid, File, Iolist) -> - write_file(ChannelPid, File, Iolist, Timeout) -> ok | {error, Reason} - Writes a file. + del_dir(ChannelPid, Name) -> + del_dir(ChannelPid, Name, Timeout) -> ok | {error, Reason} + Deletes an empty directory. ChannelPid = pid() - File = string() - Iolist = iolist() + Name = string() Timeout = timeout() Reason = term() -

Writes a file to the server, like - . The file is created if - it does not exist. The file is overwritten if it exists.

+

Deletes a directory specified by . + The directory must be empty before it can be successfully deleted. +

- + + list_dir(ChannelPid, Path) -> list_dir(ChannelPid, Path, Timeout) -> {ok, Filenames} | {error, Reason} Lists the directory. @@ -167,7 +201,41 @@ filenames as a list of strings.

 + + make_dir(ChannelPid, Name) -> + make_dir(ChannelPid, Name, Timeout) -> ok | {error, Reason} + Creates a directory. + + ChannelPid = pid() + Name = string() + Timeout = timeout() + Reason = term() + + +

Creates a directory specified by . + must be a full path to a new directory. The directory can only be + created in an existing directory.

+ + + + + make_symlink(ChannelPid, Name, Target) -> + make_symlink(ChannelPid, Name, Target, Timeout) -> ok | {error, Reason} + Creates a symbolic link. + + ChannelPid = pid() + Name = string() + Target = string() + Reason = term() + + +

Creates a symbolic link pointing to with the + name , like .

+ + + + open(ChannelPid, File, Mode) -> open(ChannelPid, File, Mode, Timeout) -> {ok, Handle} | {error, Reason} Opens a file and returns a handle. @@ -228,10 +296,11 @@

Opens a handle to a tar file on the server, associated with ChannelPid. The handle can be used for remote tar creation and extraction, as defined by the - erl_tar:init/3 function. + erl_tar:init/3 function.

+

Example of writing and then reading a tar file follows:

- + {ok,HandleWrite} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [write]), ok = erl_tar:add(HandleWrite, .... ), ok = erl_tar:add(HandleWrite, .... ), @@ -263,7 +332,7 @@ DecryptFun. The value can be changed between pos_integer() and undefined.

The previous write and read example can be extended with encryption and decryption as follows:

- + %% First three parameters depending on which crypto type we select: Key = <<"This is a 256 bit key. abcdefghi">>, Ivec0 = crypto:rand_bytes(16), @@ -313,22 +382,52 @@ - close(ChannelPid, Handle) -> - close(ChannelPid, Handle, Timeout) -> ok | {error, Reason} - Closes an open handle. + position(ChannelPid, Handle, Location) -> + position(ChannelPid, Handle, Location, Timeout) -> {ok, NewPosition | {error, Error} + Sets the file position of a file. ChannelPid = pid() Handle = term() + Location = Offset + | {bof, Offset} | {cur, Offset} | {eof, Offset} | bof | cur | eof + Offset = integer() Timeout = timeout() + NewPosition = integer() Reason = term() -

Closes a handle to an open file or directory on the server.

+

Sets the file position of the file referenced by . + Returns (as an absolute offset) if + successful, otherwise . is + one of the following:

+ + + +

The same as .

+ + + +

Absolute offset.

+ + + +

Offset from the current position.

+ + + +

Offset from the end of file.

+ + + +

The same as eariler with 0, + that is, . +

+ + + - read(ChannelPid, Handle, Len) -> - read(ChannelPid, Handle, Len, Timeout) -> {ok, Data} | eof | {error, Error} pread(ChannelPid, Handle, Position, Len) -> pread(ChannelPid, Handle, Position, Len, Timeout) -> {ok, Data} | eof | {error, Error} Reads from an open file. @@ -342,44 +441,13 @@ Reason = term() -

Reads bytes from the file referenced by - . Returns , , or - . If the file is opened with , - is a binary, otherwise it is a string.

-

If the file is read past eof, only the remaining bytes - are read and returned. If no bytes are read, - is returned.

-

The function reads from a specified position, - combining the and functions.

- - - - aread(ChannelPid, Handle, Len) -> {async, N} | {error, Error} - apread(ChannelPid, Handle, Position, Len) -> {async, N} | {error, Error} - Reads asynchronously from an open file. - - ChannelPid = pid() - Handle = term() - Position = integer() - Len = integer() - N = term() - Reason = term() - - -

Reads from an open file, without waiting for the result. If the - handle is valid, the function returns , where N - is a term guaranteed to be unique between calls of . - The actual data is sent as a message to the calling process. This - message has the form , where - is the result from the read, either , - , or .

-

The function reads from a specified position, - combining the and functions.

+

The function reads from a specified position, + combining the and functions.

+

ssh_sftp:read/4

 + - write(ChannelPid, Handle, Data) -> - write(ChannelPid, Handle, Data, Timeout) -> ok | {error, Error} pwrite(ChannelPid, Handle, Position, Data) -> ok pwrite(ChannelPid, Handle, Position, Data, Timeout) -> ok | {error, Error} Writes to an open file. @@ -392,94 +460,55 @@ Reason = term() -

Writes to the file referenced by . - The file is to be opened with or - flag. Returns if successful or - otherwise.

-

Typical error reasons:

- - - -

File is not opened for writing.

- - - -

No space is left on the device.

- - +

The function writes to a specified position, + combining the and functions.

+

ssh_sftp:write/3

 - - awrite(ChannelPid, Handle, Data) -> ok | {error, Reason} - apwrite(ChannelPid, Handle, Position, Data) -> ok | {error, Reason} - Writes asynchronously to an open file. + + + + read(ChannelPid, Handle, Len) -> + read(ChannelPid, Handle, Len, Timeout) -> {ok, Data} | eof | {error, Error} + Reads from an open file. ChannelPid = pid() Handle = term() Position = integer() Len = integer() - Data = binary() Timeout = timeout() + Data = string() | binary() Reason = term() -

Writes to an open file, without waiting for the result. If the - handle is valid, the function returns , where N - is a term guaranteed to be unique between calls of - . The result of the operation is sent - as a message to the calling process. This message has the form - , where is the result - from the write, either , or .

-

writes on a specified position, combining - the and operations.

+

Reads bytes from the file referenced by + . Returns , , or + . If the file is opened with , + is a binary, otherwise it is a string.

+

If the file is read past eof, only the remaining bytes + are read and returned. If no bytes are read, + is returned.

 - - position(ChannelPid, Handle, Location) -> - position(ChannelPid, Handle, Location, Timeout) -> {ok, NewPosition | {error, Error} - Sets the file position of a file. + + + read_file(ChannelPid, File) -> + read_file(ChannelPid, File, Timeout) -> {ok, Data} | {error, Reason} + Reads a file. - ChannelPid = pid() - Handle = term() - Location = Offset - | {bof, Offset} | {cur, Offset} | {eof, Offset} | bof | cur | eof - Offset = integer() + ChannelPid = pid() + File = string() + Data = binary() Timeout = timeout() - NewPosition = integer() - Reason = term() + Reason = term() -

Sets the file position of the file referenced by . - Returns (as an absolute offset) if - successful, otherwise . is - one of the following:

- - - -

The same as .

- - - -

Absolute offset.

- - - -

Offset from the current position.

- - - -

Offset from the end of file.

- - - -

The same as eariler with 0, - that is, . -

- - +

Reads a file from the server, and returns the data in a binary, + like .

 - + + read_file_info(ChannelPid, Name) -> read_file_info(ChannelPid, Name, Timeout) -> {ok, FileInfo} | {error, Reason} Gets information about a file. @@ -497,7 +526,24 @@ like .

 - + + + read_link(ChannelPid, Name) -> + read_link(ChannelPid, Name, Timeout) -> {ok, Target} | {error, Reason} + Reads symbolic link. + + ChannelPid = pid() + Name = string() + Target = string() + Reason = term() + + +

Reads the link target from the symbolic link specified + by , like .

+ + + + read_link_info(ChannelPid, Name) -> {ok, FileInfo} | {error, Reason} read_link_info(ChannelPid, Name, Timeout) -> {ok, FileInfo} | {error, Reason} Gets information about a symbolic link. @@ -515,116 +561,147 @@ .

 + - write_file_info(ChannelPid, Name, Info) -> - write_file_info(ChannelPid, Name, Info, Timeout) -> ok | {error, Reason} - Writes information for a file. + rename(ChannelPid, OldName, NewName) -> + rename(ChannelPid, OldName, NewName, Timeout) -> ok | {error, Reason} + Renames a file. ChannelPid = pid() - Name = string() - Info = record() + OldName = string() + NewName = string() Timeout = timeout() Reason = term() -

Writes file information from a record to the - file specified by , like .

- - - - read_link(ChannelPid, Name) -> - read_link(ChannelPid, Name, Timeout) -> {ok, Target} | {error, Reason} - Reads symbolic link. - - ChannelPid = pid() - Name = string() - Target = string() - Reason = term() - - -

Reads the link target from the symbolic link specified - by , like .

+

Renames a file named and gives it the name + , like .

 + - make_symlink(ChannelPid, Name, Target) -> - make_symlink(ChannelPid, Name, Target, Timeout) -> ok | {error, Reason} - Creates a symbolic link. + start_channel(ConnectionRef) -> + start_channel(ConnectionRef, Options) -> + start_channel(Host, Options) -> + start_channel(Host, Port, Options) -> {ok, Pid} | {ok, Pid, ConnectionRef} | + {error, Reason} + Starts an SFTP client. - ChannelPid = pid() - Name = string() - Target = string() + Host = string() + ConnectionRef = ssh_connection_ref() + Port = integer() + Options = [{Option, Value}] Reason = term() -

Creates a symbolic link pointing to with the - name , like .

+

If no connection reference is provided, a connection is set + up, and the new connection is returned. An SSH channel process + is started to handle the communication with the SFTP server. + The returned pid for this process is to be used as input to + all other API functions in this module.

+ +

Options:

+ + + +

The time-out is passed to the ssh_channel start function, + and defaults to infinity.

+ + + + + +

+ Desired SFTP protocol version. + The actual version is the minimum of + the desired version and the maximum supported + versions by the SFTP server. +

+ + +

All other options are directly passed to + ssh:connect/3 or ignored if a + connection is already provided.

 - - rename(ChannelPid, OldName, NewName) -> - rename(ChannelPid, OldName, NewName, Timeout) -> ok | {error, Reason} - Renames a file. + + + stop_channel(ChannelPid) -> ok + Stops the SFTP client channel. ChannelPid = pid() - OldName = string() - NewName = string() - Timeout = timeout() - Reason = term() -

Renames a file named and gives it the name - , like .

+

Stops an SFTP channel. Does not close the SSH connection. + Use ssh:close/1 to close it.

 + - delete(ChannelPid, Name) -> - delete(ChannelPid, Name, Timeout) -> ok | {error, Reason} - Deletes a file. + write_file(ChannelPid, File, Iolist) -> + write_file(ChannelPid, File, Iolist, Timeout) -> ok | {error, Reason} + Writes a file. ChannelPid = pid() - Name = string() + File = string() + Iolist = iolist() Timeout = timeout() Reason = term() -

Deletes the file specified by , like - .

+

Writes a file to the server, like + . The file is created if + it does not exist. The file is overwritten if it exists.

 + - make_dir(ChannelPid, Name) -> - make_dir(ChannelPid, Name, Timeout) -> ok | {error, Reason} - Creates a directory. + write(ChannelPid, Handle, Data) -> + write(ChannelPid, Handle, Data, Timeout) -> ok | {error, Error} + Writes to an open file. ChannelPid = pid() - Name = string() + Handle = term() + Position = integer() + Data = iolist() Timeout = timeout() Reason = term() -

Creates a directory specified by . - must be a full path to a new directory. The directory can only be - created in an existing directory.

+

Writes to the file referenced by . + The file is to be opened with or + flag. Returns if successful or + otherwise.

+

Typical error reasons:

+ + + +

File is not opened for writing.

+ + + +

No space is left on the device.

+ + + - del_dir(ChannelPid, Name) -> - del_dir(ChannelPid, Name, Timeout) -> ok | {error, Reason} - Deletes an empty directory. + write_file_info(ChannelPid, Name, Info) -> + write_file_info(ChannelPid, Name, Info, Timeout) -> ok | {error, Reason} + Writes information for a file. ChannelPid = pid() Name = string() + Info = record() Timeout = timeout() Reason = term() -

Deletes a directory specified by . - The directory must be empty before it can be successfully deleted. -

+

Writes file information from a record to the + file specified by , like .

 - -- cgit v1.2.3 From f84db1b6f16075fdd91e456170615cbfebd7979b Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 22 Apr 2015 15:52:21 +0200 Subject: ssh: Add links --- lib/ssh/doc/src/ssh_sftp.xml | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index c2a86f3821..d52613c6bc 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -163,7 +163,7 @@

Deletes the file specified by , like - .

+ file:delete/1

 @@ -231,7 +231,8 @@

Creates a symbolic link pointing to with the - name , like .

+ name , like + file:make_symlink/2

 @@ -504,7 +505,8 @@

Reads a file from the server, and returns the data in a binary, - like .

+ like + file:read_file/1

 @@ -523,7 +525,7 @@

Returns a record from the file specified by or , - like .

+ like file:read_file_info/2

 @@ -539,7 +541,8 @@

Reads the link target from the symbolic link specified - by , like .

+ by , like + file:read_link/1

 @@ -558,7 +561,7 @@

Returns a record from the symbolic link specified by or , like - .

+ file:read_link_info/2

 @@ -575,7 +578,8 @@

Renames a file named and gives it the name - , like .

+ , like + file:rename/2

 @@ -649,9 +653,10 @@ Reason = term() -

Writes a file to the server, like - . The file is created if - it does not exist. The file is overwritten if it exists.

+

Writes a file to the server, like file:write_file/2 The + file is created if it does not exist. The file is overwritten + if it exists.

 @@ -699,7 +704,8 @@

Writes file information from a record to the - file specified by , like .

+ file specified by , like + file:write_file_info/[2,3]

 -- cgit v1.2.3 From 0bf8c6a7954055d672c268f08be37596264a78c5 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 22 Apr 2015 16:00:13 +0200 Subject: ssh: Keep dependency info in only one place --- lib/ssh/doc/src/ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index bb41a317e5..284d7febf8 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -37,7 +37,7 @@ SSH - SSH requires the crypto and public_key applications. + For application dependencies see ssh(6) Supported SSH version is 2.0. Supported MAC algorithms: hmac-sha2-256 and hmac-sha1. Supported encryption algorithms: aes128-ctr, aes128-cb and 3des-cbc. -- cgit v1.2.3 From 6cedde4ae59a6e8505d7fc8ac22111a7a8b15e4c Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 22 Apr 2015 16:17:50 +0200 Subject: ssh: Move code example to Users Guide --- lib/ssh/doc/src/ssh_sftp.xml | 65 +++-------------------------------------- lib/ssh/doc/src/using_ssh.xml | 67 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 61 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index d52613c6bc..4ed5a38de4 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -300,20 +300,9 @@ erl_tar:init/3 function.

-

Example of writing and then reading a tar file follows:

- - {ok,HandleWrite} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [write]), - ok = erl_tar:add(HandleWrite, .... ), - ok = erl_tar:add(HandleWrite, .... ), - ... - ok = erl_tar:add(HandleWrite, .... ), - ok = erl_tar:close(HandleWrite), - - %% And for reading - {ok,HandleRead} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [read]), - {ok,NameValueList} = erl_tar:extract(HandleRead,[memory]), - ok = erl_tar:close(HandleRead), - +

For code exampel see Section + SFTP Client with TAR Compression and Encryption in + the ssh Users Guide.

The crypto mode option is applied to the generated stream of bytes prior to sending them to the SFTP server. This is intended for encryption but can be used for other @@ -332,53 +321,7 @@ ChunkSizes can be changed in the return from the EncryptFun or DecryptFun. The value can be changed between pos_integer() and undefined.

-

The previous write and read example can be extended with encryption and decryption as follows:

- - %% First three parameters depending on which crypto type we select: - Key = <<"This is a 256 bit key. abcdefghi">>, - Ivec0 = crypto:rand_bytes(16), - DataSize = 1024, % DataSize rem 16 = 0 for aes_cbc - - %% Initialization of the CryptoState, in this case it is the Ivector. - InitFun = fun() -> {ok, Ivec0, DataSize} end, - - %% How to encrypt: - EncryptFun = - fun(PlainBin,Ivec) -> - EncryptedBin = crypto:block_encrypt(aes_cbc256, Key, Ivec, PlainBin), - {ok, EncryptedBin, crypto:next_iv(aes_cbc,EncryptedBin)} - end, - - %% What to do with the very last block: - CloseFun = - fun(PlainBin, Ivec) -> - EncryptedBin = crypto:block_encrypt(aes_cbc256, Key, Ivec, - pad(16,PlainBin) %% Last chunk - ), - {ok, EncryptedBin} - end, - - Cw = {InitFun,EncryptFun,CloseFun}, - {ok,HandleWrite} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [write,{crypto,Cw}]), - ok = erl_tar:add(HandleWrite, .... ), - ok = erl_tar:add(HandleWrite, .... ), - ... - ok = erl_tar:add(HandleWrite, .... ), - ok = erl_tar:close(HandleWrite), - - %% And for decryption (in this crypto example we could use the same InitFun - %% as for encryption): - DecryptFun = - fun(EncryptedBin,Ivec) -> - PlainBin = crypto:block_decrypt(aes_cbc256, Key, Ivec, EncryptedBin), - {ok, PlainBin, crypto:next_iv(aes_cbc,EncryptedBin)} - end, - - Cr = {InitFun,DecryptFun}, - {ok,HandleRead} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [read,{crypto,Cw}]), - {ok,NameValueList} = erl_tar:extract(HandleRead,[memory]), - ok = erl_tar:close(HandleRead), - + diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index 64477cb493..9da839d072 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -228,6 +228,73 @@
+
+ SFTP Client with TAR Compression and Encryption + +

Example of writing and then reading a tar file follows:

+ + {ok,HandleWrite} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [write]), + ok = erl_tar:add(HandleWrite, .... ), + ok = erl_tar:add(HandleWrite, .... ), + ... + ok = erl_tar:add(HandleWrite, .... ), + ok = erl_tar:close(HandleWrite), + + %% And for reading + {ok,HandleRead} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [read]), + {ok,NameValueList} = erl_tar:extract(HandleRead,[memory]), + ok = erl_tar:close(HandleRead), + + +

The previous write and read example can be extended with encryption and decryption as follows:

+ + %% First three parameters depending on which crypto type we select: + Key = <<"This is a 256 bit key. abcdefghi">>, + Ivec0 = crypto:rand_bytes(16), + DataSize = 1024, % DataSize rem 16 = 0 for aes_cbc + + %% Initialization of the CryptoState, in this case it is the Ivector. + InitFun = fun() -> {ok, Ivec0, DataSize} end, + + %% How to encrypt: + EncryptFun = + fun(PlainBin,Ivec) -> + EncryptedBin = crypto:block_encrypt(aes_cbc256, Key, Ivec, PlainBin), + {ok, EncryptedBin, crypto:next_iv(aes_cbc,EncryptedBin)} + end, + + %% What to do with the very last block: + CloseFun = + fun(PlainBin, Ivec) -> + EncryptedBin = crypto:block_encrypt(aes_cbc256, Key, Ivec, + pad(16,PlainBin) %% Last chunk + ), + {ok, EncryptedBin} + end, + + Cw = {InitFun,EncryptFun,CloseFun}, + {ok,HandleWrite} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [write,{crypto,Cw}]), + ok = erl_tar:add(HandleWrite, .... ), + ok = erl_tar:add(HandleWrite, .... ), + ... + ok = erl_tar:add(HandleWrite, .... ), + ok = erl_tar:close(HandleWrite), + + %% And for decryption (in this crypto example we could use the same InitFun + %% as for encryption): + DecryptFun = + fun(EncryptedBin,Ivec) -> + PlainBin = crypto:block_decrypt(aes_cbc256, Key, Ivec, EncryptedBin), + {ok, PlainBin, crypto:next_iv(aes_cbc,EncryptedBin)} + end, + + Cr = {InitFun,DecryptFun}, + {ok,HandleRead} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [read,{crypto,Cw}]), + {ok,NameValueList} = erl_tar:extract(HandleRead,[memory]), + ok = erl_tar:close(HandleRead), + +
+
Creating a Subsystem -- cgit v1.2.3 From 220ef7dbc2cfc30a8fd6f6d37c09a9f35bbc3797 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 23 Apr 2015 13:45:54 +0200 Subject: ssh: Removed missplaced empty paranthesis --- lib/ssh/doc/src/ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 284d7febf8..71d520b6ff 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -229,7 +229,7 @@ Value = [option_value()] option_value() = {{Major::integer(), Minor::integer()}, VersionString::string()} | User::string() | Peer::{inet:hostname(), {inet::ip_adress(), inet::port_number()}} | - Sockname::{inet::ip_adress(), inet::port_number()} () + Sockname::{inet::ip_adress(), inet::port_number()}

Retrieves information about a connection.

-- cgit v1.2.3 From 8e76d7b749a8c8d01f9567d75b8069ce1d8edefb Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 23 Apr 2015 13:46:34 +0200 Subject: ssh: Add line about supported kex algorithm(s) --- lib/ssh/doc/src/ssh.xml | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 71d520b6ff..9034c5ee6d 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -41,6 +41,7 @@ Supported SSH version is 2.0. Supported MAC algorithms: hmac-sha2-256 and hmac-sha1. Supported encryption algorithms: aes128-ctr, aes128-cb and 3des-cbc. + Supported key exchange algorithms: diffie-hellman-group1-sha1. Supports unicode filenames if the emulator and the underlaying OS support it. See section DESCRIPTION in the file manual page in kernel -- cgit v1.2.3 From 851db53855b5e47e0861da2616fe87b2b81d3cff Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 23 Apr 2015 14:04:06 +0200 Subject: ssh: Formatting adjustments Some examples had encountered the space eater. --- lib/ssh/doc/src/using_ssh.xml | 109 +++++++++++++++++++++--------------------- 1 file changed, 55 insertions(+), 54 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index 9da839d072..cd7b64ac43 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -102,8 +102,8 @@ 1> ssh:start(). ok - 2> {ok, Sshd} = ssh:daemon(8989, [{system_dir, "/tmp/ssh_daemon"}, - {user_dir, "/tmp/otptest_user/.ssh"}]). + 2> {ok, Sshd} = ssh:daemon(8989, [{system_dir, "/tmp/ssh_daemon"}, + {user_dir, "/tmp/otptest_user/.ssh"}]). {ok,<0.54.0>} 3> @@ -154,8 +154,8 @@

The number of received messages in this example depends on which OS and which shell that is used on the machine running the ssh daemon. - See also ssh_connection:exec/4 -

. + See also ssh_connection:exec/4. +

Do a one-time execution of a remote command over ssh:

@@ -194,9 +194,10 @@ 1> ssh:start(). ok - 2> ssh:daemon(8989, [{system_dir, "/tmp/ssh_daemon"}, - {user_dir, "/tmp/otptest_user/.ssh"}, - {subsystems, [ssh_sftpd:subsystem_spec([{cwd, "/tmp/sftp/example"}])]}]). + 2> ssh:daemon(8989, [{system_dir, "/tmp/ssh_daemon"}, + {user_dir, "/tmp/otptest_user/.ssh"}, + {subsystems, [ssh_sftpd:subsystem_spec([{cwd, "/tmp/sftp/example"}]) + ]}]). {ok,<0.54.0>} 3> @@ -248,50 +249,50 @@

The previous write and read example can be extended with encryption and decryption as follows:

- %% First three parameters depending on which crypto type we select: - Key = <<"This is a 256 bit key. abcdefghi">>, - Ivec0 = crypto:rand_bytes(16), - DataSize = 1024, % DataSize rem 16 = 0 for aes_cbc - - %% Initialization of the CryptoState, in this case it is the Ivector. - InitFun = fun() -> {ok, Ivec0, DataSize} end, - - %% How to encrypt: - EncryptFun = - fun(PlainBin,Ivec) -> - EncryptedBin = crypto:block_encrypt(aes_cbc256, Key, Ivec, PlainBin), - {ok, EncryptedBin, crypto:next_iv(aes_cbc,EncryptedBin)} - end, - - %% What to do with the very last block: - CloseFun = - fun(PlainBin, Ivec) -> - EncryptedBin = crypto:block_encrypt(aes_cbc256, Key, Ivec, - pad(16,PlainBin) %% Last chunk - ), - {ok, EncryptedBin} - end, - - Cw = {InitFun,EncryptFun,CloseFun}, - {ok,HandleWrite} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [write,{crypto,Cw}]), - ok = erl_tar:add(HandleWrite, .... ), - ok = erl_tar:add(HandleWrite, .... ), - ... - ok = erl_tar:add(HandleWrite, .... ), - ok = erl_tar:close(HandleWrite), - - %% And for decryption (in this crypto example we could use the same InitFun - %% as for encryption): - DecryptFun = - fun(EncryptedBin,Ivec) -> - PlainBin = crypto:block_decrypt(aes_cbc256, Key, Ivec, EncryptedBin), - {ok, PlainBin, crypto:next_iv(aes_cbc,EncryptedBin)} - end, - - Cr = {InitFun,DecryptFun}, - {ok,HandleRead} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [read,{crypto,Cw}]), - {ok,NameValueList} = erl_tar:extract(HandleRead,[memory]), - ok = erl_tar:close(HandleRead), +%% First three parameters depending on which crypto type we select: +Key = <<"This is a 256 bit key. abcdefghi">>, +Ivec0 = crypto:rand_bytes(16), +DataSize = 1024, % DataSize rem 16 = 0 for aes_cbc + +%% Initialization of the CryptoState, in this case it is the Ivector. +InitFun = fun() -> {ok, Ivec0, DataSize} end, + +%% How to encrypt: +EncryptFun = + fun(PlainBin,Ivec) -> + EncryptedBin = crypto:block_encrypt(aes_cbc256, Key, Ivec, PlainBin), + {ok, EncryptedBin, crypto:next_iv(aes_cbc,EncryptedBin)} + end, + +%% What to do with the very last block: +CloseFun = + fun(PlainBin, Ivec) -> + EncryptedBin = crypto:block_encrypt(aes_cbc256, Key, Ivec, + pad(16,PlainBin) %% Last chunk + ), + {ok, EncryptedBin} + end, + +Cw = {InitFun,EncryptFun,CloseFun}, +{ok,HandleWrite} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [write,{crypto,Cw}]), +ok = erl_tar:add(HandleWrite, .... ), +ok = erl_tar:add(HandleWrite, .... ), +... +ok = erl_tar:add(HandleWrite, .... ), +ok = erl_tar:close(HandleWrite), + +%% And for decryption (in this crypto example we could use the same InitFun +%% as for encryption): +DecryptFun = + fun(EncryptedBin,Ivec) -> + PlainBin = crypto:block_decrypt(aes_cbc256, Key, Ivec, EncryptedBin), + {ok, PlainBin, crypto:next_iv(aes_cbc,EncryptedBin)} + end, + +Cr = {InitFun,DecryptFun}, +{ok,HandleRead} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [read,{crypto,Cw}]), +{ok,NameValueList} = erl_tar:extract(HandleRead,[memory]), +ok = erl_tar:close(HandleRead),
@@ -360,9 +361,9 @@ terminate(_Reason, _State) -> 1> ssh:start(). ok - 2> ssh:daemon(8989, [{system_dir, "/tmp/ssh_daemon"}, - {user_dir, "/tmp/otptest_user/.ssh"} - {subsystems, [{"echo_n", {ssh_echo_server, [10]}}]}]). + 2> ssh:daemon(8989, [{system_dir, "/tmp/ssh_daemon"}, + {user_dir, "/tmp/otptest_user/.ssh"} + {subsystems, [{"echo_n", {ssh_echo_server, [10]}}]}]). {ok,<0.54.0>} 3> -- cgit v1.2.3 From 5e7158109d659d6b8668250e308c3c4dd57f15ae Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 23 Apr 2015 15:31:04 +0200 Subject: ssh: Timeout unit and default added to some missing places --- lib/ssh/doc/src/ssh.xml | 9 +++++---- lib/ssh/doc/src/ssh_sftp.xml | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 9034c5ee6d..35b5eb87cb 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -106,9 +106,9 @@ is default, the assigned well-known port number for SSH. Options = [{Option, Value}] - Timeout = infinity | integer(milliseconds) - Negotiation time-out. For connection time-out, use option - {connect_timeout, timeout()}. + Timeout = infinity | integer() + Negotiation time-out in milli-seconds. The default value is infinity. + For connection time-out, use option {connect_timeout, timeout()}.

Connects to an SSH server. No channel is started. This is done @@ -177,7 +177,8 @@

Sets a time-out on the transport layer - connection. Defaults to infinity.

+ connection. For gen_tcp the time is in milli-seconds and the default value is + infinity.

diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index 4ed5a38de4..1a3705b341 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -46,7 +46,7 @@ ssh_connection_ref()

Opaque to the user, returned by ssh:connect/3

 timeout() -

= infinity | integer() in milliseconds

 +

= infinity | integer() in milliseconds. Default infinity.
-- cgit v1.2.3 From c08c4a88a73453bd60fb93d0462482a6afc50544 Mon Sep 17 00:00:00 2001 From: Simon Cornish Date: Thu, 16 Apr 2015 15:45:20 -0700 Subject: Fix ssh_sftp wait_for_version_negotiation timeout This patch fixes a bug that causes an SFTP connection to always fail when {timeout, Timeout} option is used with ssh_sftp:start_channel. The bug is that the version negotiation timer is not cancelled upon reception of SSH_FXP_VERSION. --- lib/ssh/src/ssh_sftp.erl | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl index c264eabc78..bab688f226 100644 --- a/lib/ssh/src/ssh_sftp.erl +++ b/lib/ssh/src/ssh_sftp.erl @@ -508,12 +508,12 @@ init([Cm, ChannelId, Options]) -> %%-------------------------------------------------------------------- handle_call({{timeout, infinity}, wait_for_version_negotiation}, From, #state{xf = #ssh_xfer{vsn = undefined} = Xf} = State) -> - {noreply, State#state{xf = Xf#ssh_xfer{vsn = From}}}; + {noreply, State#state{xf = Xf#ssh_xfer{vsn = {wait, From, undefined}}}}; handle_call({{timeout, Timeout}, wait_for_version_negotiation}, From, #state{xf = #ssh_xfer{vsn = undefined} = Xf} = State) -> - timer:send_after(Timeout, {timeout, undefined, From}), - {noreply, State#state{xf = Xf#ssh_xfer{vsn = From}}}; + TRef = erlang:send_after(Timeout, self(), {timeout, undefined, From}), + {noreply, State#state{xf = Xf#ssh_xfer{vsn = {wait, From, TRef}}}}; handle_call({_, wait_for_version_negotiation}, _, State) -> {reply, ok, State}; @@ -865,7 +865,12 @@ do_handle_reply(#state{xf = Xf} = State, case Xf#ssh_xfer.vsn of undefined -> ok; - From -> + {wait, From, TRef} -> + if is_reference(TRef) -> + erlang:cancel_timer(TRef); + true -> + ok + end, ssh_channel:reply(From, ok) end, State#state{xf = Xf#ssh_xfer{vsn = Version, ext = Ext}, rep_buf = Rest}; -- cgit v1.2.3 From 8538603617b2e95d943319da5cb5b0b1bea490cf Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 24 Apr 2015 16:16:09 +0200 Subject: ssh: broken doc links to file functions fixed --- lib/ssh/doc/src/ssh_sftp.xml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index 1a3705b341..02970bfa42 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -70,7 +70,7 @@

The function reads from a specified position, combining the and functions.

-

ssh_sftp:apread/3

 +

ssh_sftp:apread/4

@@ -110,7 +110,7 @@

writes on a specified position, combining the and operations.

-

ssh_sftp:awrite/3

+

ssh_sftp:awrite/3

@@ -163,7 +163,7 @@

Deletes the file specified by , like - file:delete/1

+ file:delete/1

 @@ -232,7 +232,7 @@

Creates a symbolic link pointing to with the name , like - file:make_symlink/2

+ file:make_symlink/2

 @@ -297,7 +297,7 @@

Opens a handle to a tar file on the server, associated with ChannelPid. The handle can be used for remote tar creation and extraction, as defined by the - erl_tar:init/3 function. + erl_tar:init/3 function.

For code exampel see Section @@ -387,7 +387,7 @@

The function reads from a specified position, combining the and functions.

-

ssh_sftp:read/4

+

ssh_sftp:read/4

 @@ -406,7 +406,7 @@

The function writes to a specified position, combining the and functions.

-

ssh_sftp:write/3

+

ssh_sftp:write/3

 @@ -449,7 +449,7 @@

Reads a file from the server, and returns the data in a binary, like - file:read_file/1

+ file:read_file/1

 @@ -468,7 +468,7 @@

Returns a record from the file specified by or , - like file:read_file_info/2

+ like file:read_file_info/2

 @@ -485,7 +485,7 @@

Reads the link target from the symbolic link specified by , like - file:read_link/1

+ file:read_link/1

 @@ -504,7 +504,7 @@

Returns a record from the symbolic link specified by or , like - file:read_link_info/2

+ file:read_link_info/2

 @@ -522,7 +522,7 @@

Renames a file named and gives it the name , like - file:rename/2

+ file:rename/2

 @@ -580,7 +580,7 @@

Stops an SFTP channel. Does not close the SSH connection. - Use ssh:close/1 to close it.

+ Use ssh:close/1 to close it.

 @@ -597,7 +597,7 @@

Writes a file to the server, like file:write_file/2 The + marker="kernel:file#write_file/2">file:write_file/2 The file is created if it does not exist. The file is overwritten if it exists.

 @@ -648,7 +648,7 @@

Writes file information from a record to the file specified by , like - file:write_file_info/[2,3]

+ file:write_file_info/[2,3]

 -- cgit v1.2.3 From fb584c520ef60845506a14cb910745ffc3b92a66 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 24 Mar 2015 18:58:46 +0100 Subject: ssh: Add openSSH interop check --- lib/ssh/test/ssh_connection_SUITE.erl | 9 +++++---- lib/ssh/test/ssh_test_lib.erl | 15 ++++++++++++++- lib/ssh/test/ssh_to_openssh_SUITE.erl | 4 ++-- 3 files changed, 21 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index c9441a46b0..6fc09876ad 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2014. All Rights Reserved. +%% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -76,12 +76,13 @@ end_per_suite(_Config) -> crypto:stop(). %%-------------------------------------------------------------------- -init_per_group(openssh, _Config) -> +init_per_group(openssh, Config) -> case gen_tcp:connect("localhost", 22, []) of {error,econnrefused} -> {skip,"No openssh deamon"}; {ok, Socket} -> - gen_tcp:close(Socket) + gen_tcp:close(Socket), + ssh_test_lib:openssh_sanity_check(Config) end; init_per_group(_, Config) -> Config. @@ -93,7 +94,7 @@ end_per_group(_, Config) -> init_per_testcase(_TestCase, Config) -> %% To make sure we start clean as it is not certain that %% end_per_testcase will be run! - ssh:stop(), + end_per_testcase(Config), ssh:start(), Config. diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index b8abf5e80e..8ca05746db 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2012. All Rights Reserved. +%% Copyright Ericsson AB 2004-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -358,3 +358,16 @@ do_inet_port(Node) -> {ok, Socket} = rpc:call(Node, gen_tcp, listen, [0, [{reuseaddr, true}]]), {ok, Port} = rpc:call(Node, inet, port, [Socket]), {Port, Socket}. + +openssh_sanity_check(Config) -> + ssh:start(), + case ssh:connect("localhost", 22, []) of + {ok, Pid} -> + ssh:close(Pid), + ssh:stop(), + Config; + Err -> + Str = lists:append(io_lib:format("~p", [Err])), + ssh:stop(), + {skip, Str} + end. diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index af70eeb46c..d99123f871 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2014. All Rights Reserved. +%% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -66,7 +66,7 @@ init_per_suite(Config) -> {error,econnrefused} -> {skip,"No openssh deamon"}; _ -> - Config + ssh_test_lib:openssh_sanity_check(Config) end; _Else -> {skip,"Could not start crypto!"} -- cgit v1.2.3 From ec5dcc8a6b9f86aa8dd02c70b630460cdc0833df Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 29 Apr 2015 14:58:06 +0200 Subject: ssh: Fix bug causing rekeying once per minute after 1st Gbyte Thanks Simon The port stats are not accumulated so that once rekey_limit bytes (by default, 1GB) have been transmitted the connection will be rekeyed every minute, not after the next 1GB. --- lib/ssh/src/ssh_connection_handler.erl | 7 +++++-- lib/ssh/vsn.mk | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index e1f2e059e8..4dea284071 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -70,6 +70,7 @@ undecoded_packet_length, % integer() key_exchange_init_msg, % #ssh_msg_kexinit{} renegotiate = false, % boolean() + last_size_rekey = 0, connection_queue, address, port, @@ -635,7 +636,8 @@ handle_event(renegotiate, StateName, State) -> %% Rekey due to sent data limit reached? handle_event(data_size, connected, #state{ssh_params = Ssh0} = State) -> - {ok, [{send_oct,Sent}]} = inet:getstat(State#state.socket, [send_oct]), + {ok, [{send_oct,Sent0}]} = inet:getstat(State#state.socket, [send_oct]), + Sent = Sent0 - State#state.last_size_rekey, MaxSent = proplists:get_value(rekey_limit, State#state.opts, 1024000000), timer:apply_after(?REKEY_DATA_TIMOUT, gen_fsm, send_all_state_event, [self(), data_size]), case Sent >= MaxSent of @@ -645,7 +647,8 @@ handle_event(data_size, connected, #state{ssh_params = Ssh0} = State) -> {next_state, kexinit, next_packet(State#state{ssh_params = Ssh, key_exchange_init_msg = KeyInitMsg, - renegotiate = true})}; + renegotiate = true, + last_size_rekey = Sent0})}; _ -> {next_state, connected, next_packet(State)} end; diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index b2b85a717f..40bda0c19f 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,4 +1,4 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.2.2 +SSH_VSN = 3.2.3 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 88320638b5512e9555539ad6c7af502ea64e06db Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Thu, 30 Apr 2015 12:59:49 +0200 Subject: ssh: Fix links --- lib/ssh/doc/src/ssh_sftp.xml | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index 02970bfa42..b986d38fea 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -70,7 +70,7 @@

The function reads from a specified position, combining the and functions.

-

ssh_sftp:apread/4

 +

ssh_sftp:apread/4

@@ -110,7 +110,7 @@

writes on a specified position, combining the and operations.

-

ssh_sftp:awrite/3

+

ssh_sftp:awrite/3

@@ -163,7 +163,7 @@

Deletes the file specified by , like - file:delete/1

+ file:delete/1

 @@ -232,7 +232,7 @@

Creates a symbolic link pointing to with the name , like - file:make_symlink/2

+ file:make_symlink/2

 @@ -297,7 +297,7 @@

Opens a handle to a tar file on the server, associated with ChannelPid. The handle can be used for remote tar creation and extraction, as defined by the - erl_tar:init/3 function. + erl_tar:init/3 function.

For code exampel see Section @@ -387,7 +387,7 @@

The function reads from a specified position, combining the and functions.

-

ssh_sftp:read/4

+

ssh_sftp:read/4

 @@ -406,7 +406,7 @@

The function writes to a specified position, combining the and functions.

-

ssh_sftp:write/3

+

ssh_sftp:write/3

 @@ -449,7 +449,7 @@

Reads a file from the server, and returns the data in a binary, like - file:read_file/1

+ file:read_file/1

 @@ -468,7 +468,7 @@

Returns a record from the file specified by or , - like file:read_file_info/2

+ like file:read_file_info/2

 @@ -485,7 +485,7 @@

Reads the link target from the symbolic link specified by , like - file:read_link/1

+ file:read_link/1

 @@ -504,7 +504,7 @@

Returns a record from the symbolic link specified by or , like - file:read_link_info/2

+ file:read_link_info/2

 @@ -522,7 +522,7 @@

Renames a file named and gives it the name , like - file:rename/2

+ file:rename/2

 @@ -580,7 +580,7 @@

Stops an SFTP channel. Does not close the SSH connection. - Use ssh:close/1 to close it.

+ Use ssh:close/1 to close it.

 @@ -597,7 +597,7 @@

Writes a file to the server, like file:write_file/2 The + marker="kernel:file#write_file-2">file:write_file/2 The file is created if it does not exist. The file is overwritten if it exists.

 @@ -648,7 +648,7 @@

Writes file information from a record to the file specified by , like - file:write_file_info/[2,3]

+ file:write_file_info/[2,3]

 -- cgit v1.2.3 From 609f259646e2ff3ee87d1b4ab47bf0edc9bed19e Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 4 May 2015 12:00:07 +0200 Subject: ssh: Use correct ASCII char for quote --- lib/ssh/doc/src/ssh_channel.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_channel.xml b/lib/ssh/doc/src/ssh_channel.xml index 429ef3c849..2205eb4279 100644 --- a/lib/ssh/doc/src/ssh_channel.xml +++ b/lib/ssh/doc/src/ssh_channel.xml @@ -259,7 +259,7 @@ State = term() Internal state of the channel. Extra = term() - Passed “as-is†from the {advanced,Extra} + Passed "as-is" from the {advanced,Extra} part of the update instruction. -- cgit v1.2.3 From fd89608b7ae337bc29712c14c90de8d1c82ea667 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Mon, 4 May 2015 12:06:25 +0200 Subject: ssh: Fix missed alphabetic ordering and indentation --- lib/ssh/doc/src/ssh_sftp.xml | 88 ++++++++++++++++++++++---------------------- 1 file changed, 45 insertions(+), 43 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index b986d38fea..643130fe6b 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -73,6 +73,24 @@

ssh_sftp:apread/4

 + + apwrite(ChannelPid, Handle, Position, Data) -> ok | {error, Reason} + Writes asynchronously to an open file. + + ChannelPid = pid() + Handle = term() + Position = integer() + Len = integer() + Data = binary() + Timeout = timeout() + Reason = term() + + +

writes on a specified position, combining + the and operations.

+

ssh_sftp:awrite/3

+ + aread(ChannelPid, Handle, Len) -> {async, N} | {error, Error} Reads asynchronously from an open file. @@ -95,23 +113,7 @@ - - apwrite(ChannelPid, Handle, Position, Data) -> ok | {error, Reason} - Writes asynchronously to an open file. - - ChannelPid = pid() - Handle = term() - Position = integer() - Len = integer() - Data = binary() - Timeout = timeout() - Reason = term() - - -

writes on a specified position, combining - the and operations.

-

ssh_sftp:awrite/3

- + awrite(ChannelPid, Handle, Data) -> ok | {error, Reason} @@ -584,25 +586,6 @@ - - write_file(ChannelPid, File, Iolist) -> - write_file(ChannelPid, File, Iolist, Timeout) -> ok | {error, Reason} - Writes a file. - - ChannelPid = pid() - File = string() - Iolist = iolist() - Timeout = timeout() - Reason = term() - - -

Writes a file to the server, like file:write_file/2 The - file is created if it does not exist. The file is overwritten - if it exists.

- - - write(ChannelPid, Handle, Data) -> write(ChannelPid, Handle, Data, Timeout) -> ok | {error, Error} @@ -617,9 +600,9 @@

Writes to the file referenced by . - The file is to be opened with or - flag. Returns if successful or - otherwise.

+ The file is to be opened with or + flag. Returns if successful or + otherwise.

Typical error reasons:

@@ -633,7 +616,26 @@ - + + + write_file(ChannelPid, File, Iolist) -> + write_file(ChannelPid, File, Iolist, Timeout) -> ok | {error, Reason} + Writes a file. + + ChannelPid = pid() + File = string() + Iolist = iolist() + Timeout = timeout() + Reason = term() + + +

Writes a file to the server, like file:write_file/2 The + file is created if it does not exist. The file is overwritten + if it exists.

+ + + write_file_info(ChannelPid, Name, Info) -> write_file_info(ChannelPid, Name, Info, Timeout) -> ok | {error, Reason} @@ -647,11 +649,11 @@

Writes file information from a record to the - file specified by , like - file:write_file_info/[2,3]

+ file specified by , like + file:write_file_info/[2,3]

 - + -- cgit v1.2.3 From 5d6805703035d88a44265b3e0e1337d4e8388c10 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 5 May 2015 11:59:07 +0200 Subject: ssh: No description in v-tag --- lib/ssh/doc/src/ssh_channel.xml | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_channel.xml b/lib/ssh/doc/src/ssh_channel.xml index 2205eb4279..b8a03c350a 100644 --- a/lib/ssh/doc/src/ssh_channel.xml +++ b/lib/ssh/doc/src/ssh_channel.xml @@ -88,7 +88,7 @@ Makes a synchronous call to a channel. ChannelRef = pid() - As returned by start_link/4 + As returned by ssh_channel:start_link/4 Msg = term() Timeout = timeout() Reply = term() @@ -112,7 +112,7 @@ ChannelRef and returns ok. ChannelRef = pid() - As returned by start_link/4 + As returned by ssh_channel:start_link/4 Msg = term() @@ -129,8 +129,8 @@ enter_loop(State) -> _ Makes an existing process an ssh_channel process. - State = term() - as returned by - ssh_channel:init/1 + State = term() + as returned by ssh_channel:init/1

Makes an existing process an ssh_channel @@ -188,7 +188,7 @@ reply(Client, Reply) -> _ Sends a reply to a client. - Client - opaque to the user, see explanation below + Client = opaque() Reply = term() @@ -313,13 +313,15 @@ ssh_channel:call/[2,3]. Msg = term() - From = Opaque to the user, is to be used as argument to - ssh_channel:reply/2 + From = opaque() + Is to be used as argument to + ssh_channel:reply/2 State = term() Result = {reply, Reply, NewState} | {reply, Reply, NewState, timeout()} | {noreply, NewState} | {noreply , NewState, timeout()} | {stop, Reason, Reply, NewState} | {stop, Reason, NewState} - Reply = term() - will be the return value of ssh_channel:call/[2,3] + Reply = term() + Will be the return value of ssh_channel:call/[2,3] NewState = term() Reason = term() @@ -418,7 +420,7 @@ Module:terminate(Reason, State) -> _ Does cleaning up before channel process termination. - + Reason = term() State = term() -- cgit v1.2.3 From 7d53cdb5dabeea6c51e56703667ed6879ad29542 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 5 May 2015 17:00:35 +0200 Subject: ssh: Hadle shell that sends two logout messages --- lib/ssh/test/ssh_to_openssh_SUITE.erl | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index d99123f871..a61fd2dd41 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -545,6 +545,7 @@ receive_hej() -> receive_logout() -> receive <<"logout">> -> + extra_logout(), receive <<"Connection closed">> -> ok @@ -564,6 +565,14 @@ receive_normal_exit(Shell) -> ct:fail({unexpected_msg, Other}) end. +extra_logout() -> + receive + <<"logout">> -> + ok + after 500 -> + ok + end. + %%-------------------------------------------------------------------- %%-------------------------------------------------------------------- %% Check if we have a "newer" ssh client that supports these test cases -- cgit v1.2.3 From 1bbad876f66cab6277fc80def9da82922f6958e1 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 7 May 2015 09:41:42 +0200 Subject: ssh: update vsn.mk to 4.0 --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 40bda0c19f..cef9992f1b 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,4 +1,4 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.2.3 +SSH_VSN = 4.0 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 1dbb97809d0d4cafab45cf0f0281f88ed777cae3 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 8 May 2015 15:39:38 +0200 Subject: ssh: Check e and f parameters in kexdh rfc 4253 says in section 8 that: "Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be sent or accepted by either side. If this condition is violated, the key exchange fails." This commit implements the reception check. --- lib/ssh/src/ssh_transport.erl | 50 +++++++++++++++++++++++++++++-------------- 1 file changed, 34 insertions(+), 16 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 8669be570e..d6414bab6c 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -240,20 +240,30 @@ key_exchange_first_msg('diffie-hellman-group-exchange-sha1', Ssh0) -> handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) -> {G, P} = dh_group1(), - {Private, Public} = dh_gen_key(G, P, 1024), - K = ssh_math:ipow(E, Private, P), - Key = get_host_key(Ssh0), - H = kex_h(Ssh0, Key, E, Public, K), - H_SIG = sign_host_key(Ssh0, Key, H), - {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_reply{public_host_key = Key, - f = Public, - h_sig = H_SIG - }, Ssh0), - - {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}, - shared_secret = K, - exchanged_hash = H, - session_id = sid(Ssh1, H)}}. + if + 1= + {Private, Public} = dh_gen_key(G, P, 1024), + K = ssh_math:ipow(E, Private, P), + Key = get_host_key(Ssh0), + H = kex_h(Ssh0, Key, E, Public, K), + H_SIG = sign_host_key(Ssh0, Key, H), + {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_reply{public_host_key = Key, + f = Public, + h_sig = H_SIG + }, Ssh0), + + {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}, + shared_secret = K, + exchanged_hash = H, + session_id = sid(Ssh1, H)}}; + true -> + Error = {error,bad_e_from_peer}, + Disconnect = #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'f' out of bounds", + language = "en"}, + throw({Error, Disconnect}) + end. handle_kex_dh_gex_group(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0) -> {Private, Public} = dh_gen_key(G,P,1024), @@ -277,7 +287,7 @@ handle_new_keys(#ssh_msg_newkeys{}, Ssh0) -> %% %% Select algorithms handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, f = F, h_sig = H_SIG}, - #ssh{keyex_key = {{Private, Public}, {_G, P}}} = Ssh0) -> + #ssh{keyex_key = {{Private, Public}, {_G, P}}} = Ssh0) when 1= K = ssh_math:ipow(F, Private, P), H = kex_h(Ssh0, HostKey, Public, F, K), @@ -293,7 +303,15 @@ handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, f = F, description = "Key exchange failed", language = "en"}, throw({Error, Disconnect}) - end. + end; +handle_kexdh_reply(#ssh_msg_kexdh_reply{}, _SSH) -> + Error = {error,bad_f_from_peer}, + Disconnect = #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'f' out of bounds", + language = "en"}, + throw({Error, Disconnect}). + handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request{min = _Min, n = _NBits, -- cgit v1.2.3 From 4dde4fa2ac753223404a24bdb6a9e7323f04489e Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 8 May 2015 17:12:26 +0200 Subject: ssh: Fix typo Option height was misspelled in the code. Fix code but recognize the mispellt option for backwards compatible reasons. --- lib/ssh/src/ssh_connection.erl | 18 ++++++++++++++---- lib/ssh/test/ssh_connection_SUITE.erl | 2 +- 2 files changed, 15 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index 388c080d99..d532d41009 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -196,15 +196,16 @@ reply_request(_,false, _, _) -> %%-------------------------------------------------------------------- ptty_alloc(ConnectionHandler, Channel, Options) -> ptty_alloc(ConnectionHandler, Channel, Options, infinity). -ptty_alloc(ConnectionHandler, Channel, Options, TimeOut) -> +ptty_alloc(ConnectionHandler, Channel, Options0, TimeOut) -> + Options = backwards_compatible(Options0, []), {Width, PixWidth} = pty_default_dimensions(width, Options), - {Hight, PixHight} = pty_default_dimensions(hight, Options), + {Height, PixHeight} = pty_default_dimensions(height, Options), pty_req(ConnectionHandler, Channel, proplists:get_value(term, Options, os:getenv("TERM", ?DEFAULT_TERMINAL)), proplists:get_value(width, Options, Width), - proplists:get_value(hight, Options, Hight), + proplists:get_value(height, Options, Height), proplists:get_value(pixel_widh, Options, PixWidth), - proplists:get_value(pixel_hight, Options, PixHight), + proplists:get_value(pixel_height, Options, PixHeight), proplists:get_value(pty_opts, Options, []), TimeOut ). %%-------------------------------------------------------------------- @@ -1339,3 +1340,12 @@ decode_ip(Addr) when is_binary(Addr) -> {error,_} -> Addr; {ok,A} -> A end. + +backwards_compatible([], Acc) -> + Acc; +backwards_compatible([{hight, Value} | Rest], Acc) -> + backwards_compatible(Rest, [{height, Value} | Acc]); +backwards_compatible([{pixel_hight, Value} | Rest], Acc) -> + backwards_compatible(Rest, [{height, Value} | Acc]); +backwards_compatible([Value| Rest], Acc) -> + backwards_compatible(Rest, [ Value | Acc]). diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 6fc09876ad..db51f65509 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -271,7 +271,7 @@ ptty_alloc(Config) when is_list(Config) -> {user_interaction, false}]), {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), success = ssh_connection:ptty_alloc(ConnectionRef, ChannelId, - [{term, os:getenv("TERM", ?DEFAULT_TERMINAL)}, {width, 70}, {high, 20}]), + [{term, os:getenv("TERM", ?DEFAULT_TERMINAL)}, {width, 70}, {height, 20}]), ssh:close(ConnectionRef). -- cgit v1.2.3 From e85487d4c50ace315292e8d6ab6f1b0b1cf800ca Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 7 May 2015 21:03:36 +0200 Subject: ssh: Fix ssh_basic_SUITE.erl to work on Windows hosts The test cases id_string_no_opt_client id_string_own_string_client id_string_random_client didn't work on MS Windows. This commit adds {packet,line} to get the whole version exchange line in one packet on all architectures. It also adds timeouts to speed up failures in those test cases. --- lib/ssh/test/ssh_basic_SUITE.erl | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index bd029ad420..d55d09f2a2 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -823,56 +823,62 @@ ssh_daemon_minimal_remote_max_packet_size_option(Config) -> %%-------------------------------------------------------------------- id_string_no_opt_client(Config) -> - {Server, Host, Port} = fake_daemon(Config), - {error,_} = ssh:connect(Host, Port, []), + {Server, _Host, Port} = fake_daemon(Config), + {error,_} = ssh:connect("localhost", Port, [], 1000), receive {id,Server,"SSH-2.0-Erlang/"++Vsn} -> true = expected_ssh_vsn(Vsn); {id,Server,Other} -> ct:fail("Unexpected id: ~s.",[Other]) + after 5000 -> + {fail,timeout} end. %%-------------------------------------------------------------------- id_string_own_string_client(Config) -> - {Server, Host, Port} = fake_daemon(Config), - {error,_} = ssh:connect(Host, Port, [{id_string,"Pelle"}]), + {Server, _Host, Port} = fake_daemon(Config), + {error,_} = ssh:connect("localhost", Port, [{id_string,"Pelle"}], 1000), receive {id,Server,"SSH-2.0-Pelle\r\n"} -> ok; {id,Server,Other} -> ct:fail("Unexpected id: ~s.",[Other]) + after 5000 -> + {fail,timeout} end. %%-------------------------------------------------------------------- id_string_random_client(Config) -> - {Server, Host, Port} = fake_daemon(Config), - {error,_} = ssh:connect(Host, Port, [{id_string,random}]), + {Server, _Host, Port} = fake_daemon(Config), + {error,_} = ssh:connect("localhost", Port, [{id_string,random}], 1000), receive {id,Server,Id="SSH-2.0-Erlang"++_} -> ct:fail("Unexpected id: ~s.",[Id]); {id,Server,Rnd="SSH-2.0-"++_} -> - ct:log("Got ~s.",[Rnd]); + ct:log("Got correct ~s",[Rnd]); {id,Server,Id} -> ct:fail("Unexpected id: ~s.",[Id]) + after 5000 -> + {fail,timeout} end. %%-------------------------------------------------------------------- id_string_no_opt_server(Config) -> {_Server, Host, Port} = std_daemon(Config, []), - {ok,S1}=gen_tcp:connect(Host,Port,[{active,false}]), + {ok,S1}=gen_tcp:connect(Host,Port,[{active,false},{packet,line}]), {ok,"SSH-2.0-Erlang/"++Vsn} = gen_tcp:recv(S1, 0, 2000), true = expected_ssh_vsn(Vsn). %%-------------------------------------------------------------------- id_string_own_string_server(Config) -> {_Server, Host, Port} = std_daemon(Config, [{id_string,"Olle"}]), - {ok,S1}=gen_tcp:connect(Host,Port,[{active,false}]), + {ok,S1}=gen_tcp:connect(Host,Port,[{active,false},{packet,line}]), {ok,"SSH-2.0-Olle\r\n"} = gen_tcp:recv(S1, 0, 2000). %%-------------------------------------------------------------------- id_string_random_server(Config) -> {_Server, Host, Port} = std_daemon(Config, [{id_string,random}]), - {ok,S1}=gen_tcp:connect(Host,Port,[{active,false}]), + {ok,S1}=gen_tcp:connect(Host,Port,[{active,false},{packet,line}]), {ok,"SSH-2.0-"++Rnd} = gen_tcp:recv(S1, 0, 2000), case Rnd of "Erlang"++_ -> ct:log("Id=~p",[Rnd]), @@ -1183,13 +1189,14 @@ expected_ssh_vsn(Str) -> _:_ -> true %% ssh not started so we dont't know end. - + fake_daemon(_Config) -> Parent = self(), %% start the server Server = spawn(fun() -> - {ok,Sl} = gen_tcp:listen(0,[]), + {ok,Sl} = gen_tcp:listen(0,[{packet,line}]), {ok,{Host,Port}} = inet:sockname(Sl), + ct:log("fake_daemon listening on ~p:~p~n",[Host,Port]), Parent ! {sockname,self(),Host,Port}, Rsa = gen_tcp:accept(Sl), ct:log("Server gen_tcp:accept got ~p",[Rsa]), -- cgit v1.2.3 From 66c06dc602594b263225b5481d2abba653a3b5e8 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 12 May 2015 11:21:20 +0200 Subject: ssh: Align "=" sign in type declarations to decided policy --- lib/ssh/doc/src/ssh.xml | 43 +++++++++++++++++----------------- lib/ssh/doc/src/ssh_channel.xml | 32 ++++++++++++------------- lib/ssh/doc/src/ssh_client_key_api.xml | 20 ++++++++-------- lib/ssh/doc/src/ssh_connection.xml | 42 ++++++++++++++++----------------- lib/ssh/doc/src/ssh_server_key_api.xml | 24 +++++++++---------- lib/ssh/doc/src/ssh_sftp.xml | 4 ++-- lib/ssh/doc/src/ssh_sftpd.xml | 16 ++++++------- 7 files changed, 90 insertions(+), 91 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index d49d3ac2a7..7cca84432e 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -57,29 +57,28 @@ this module, or abstractions to indicate the intended use of the data type, or both:

- boolean() -

= true | false

 - string() -

= [byte()]

 - ssh_daemon_ref() -

Opaque to the user, - returned by ssh:daemon/[1,2,3]

 - ssh_connection_ref() -

Opaque to the user, - returned by ssh:connect/3

 - ip_address() + boolean() = +

true | false

 + string() = +

[byte()]

 + ssh_daemon_ref() = +

opaque() - + as returned by ssh:daemon/[1,2,3]

 + ssh_connection_ref() = +

opaque() - as returned by ssh:connect/3

 + ip_address() =

inet::ip_address

 - subsystem_spec() -

= {subsystem_name(), - {channel_callback(), channel_init_args()}}

 - subsystem_name() -

= string()

 - channel_callback() -

= atom() - Name of the Erlang module - implementing the subsystem using the ssh_channel behavior, see - ssh_channel(3)

 - channel_init_args() -

= list()

 + subsystem_spec() = +

{subsystem_name(), + {channel_callback(), channel_init_args()}}

 + subsystem_name() = +

string()

 + channel_callback() = +

atom() - Name of the Erlang module + implementing the subsystem using the ssh_channel behavior, see + ssh_channel(3)

 + channel_init_args() = +

list()
diff --git a/lib/ssh/doc/src/ssh_channel.xml b/lib/ssh/doc/src/ssh_channel.xml index b8a03c350a..2fdecf9072 100644 --- a/lib/ssh/doc/src/ssh_channel.xml +++ b/lib/ssh/doc/src/ssh_channel.xml @@ -62,22 +62,22 @@ type, or both:

- boolean() -

= true | false

 - string() -

= list of ASCII characters

 - timeout() -

= infinity | integer() in milliseconds

 - ssh_connection_ref() -

Opaque to the user, returned by - ssh:connect/3 or sent to an SSH channel process

 - ssh_channel_id() -

= integer()

 - ssh_data_type_code() -

= 1 ("stderr") | 0 ("normal") are - the valid values, - see RFC 4254 - Section 5.2

 + boolean() = +

true | false

 + string() = +

list of ASCII characters

 + timeout() = +

infinity | integer() in milliseconds

 + ssh_connection_ref() = +

opaque() -as returned by + ssh:connect/3 or sent to an SSH channel process

 + ssh_channel_id() = +

integer()

 + ssh_data_type_code() = +

1 ("stderr") | 0 ("normal") are + the valid values, + see RFC 4254 + Section 5.2
diff --git a/lib/ssh/doc/src/ssh_client_key_api.xml b/lib/ssh/doc/src/ssh_client_key_api.xml index a8dda042c9..9a892d71fd 100644 --- a/lib/ssh/doc/src/ssh_client_key_api.xml +++ b/lib/ssh/doc/src/ssh_client_key_api.xml @@ -50,16 +50,16 @@ public_key user's guide:

- boolean() -

= true | false

 - string() -

= [byte()]

 - public_key() -

= #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term()

 - private_key() -

= #'RSAPrivateKey'{} | #'DSAPrivateKey'{} | term()

 - public_key_algorithm() -

= 'ssh-rsa'| 'ssh-dss' | atom()

 + boolean() = +

true | false

 + string() = +

[byte()]

 + public_key() = +

#'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term()

 + private_key() = +

#'RSAPrivateKey'{} | #'DSAPrivateKey'{} | term()

 + public_key_algorithm() = +

'ssh-rsa'| 'ssh-dss' | atom()
diff --git a/lib/ssh/doc/src/ssh_connection.xml b/lib/ssh/doc/src/ssh_connection.xml index 669a361db9..5422633dc3 100644 --- a/lib/ssh/doc/src/ssh_connection.xml +++ b/lib/ssh/doc/src/ssh_connection.xml @@ -56,29 +56,29 @@ type, or both:

- boolean() -

= true | false

- string() -

= list of ASCII characters

 - timeout() -

= infinity | integer() in milliseconds

 - ssh_connection_ref() -

Opaque to the user, returned by - ssh:connect/3 or sent to an SSH channel processes

 - ssh_channel_id() -

= integer()

 - ssh_data_type_code() -

= 1 ("stderr") | 0 ("normal") are + boolean() = +

true | false

+ string() = +

list of ASCII characters

 + timeout() = +

infinity | integer() in milliseconds

 + ssh_connection_ref() = +

opaque() -as returned by + ssh:connect/3 or sent to an SSH channel processes

 + ssh_channel_id() = +

integer()

 + ssh_data_type_code() = +

1 ("stderr") | 0 ("normal") are valid values, see RFC 4254 Section 5.2.

 - ssh_request_status() ssh_request_status() -

= success | failure

 - event() -

= {ssh_cm, ssh_connection_ref(), ssh_event_msg()}

 - ssh_event_msg() -

= data_events() | status_events() | terminal_events()

 - reason() -

= timeout | closed

 + ssh_request_status() = +

success | failure

 + event() = +

{ssh_cm, ssh_connection_ref(), ssh_event_msg()}

 + ssh_event_msg() = +

data_events() | status_events() | terminal_events()

 + reason() = +

timeout | closed

 diff --git a/lib/ssh/doc/src/ssh_server_key_api.xml b/lib/ssh/doc/src/ssh_server_key_api.xml index 34ce7f7660..73dd90c962 100644 --- a/lib/ssh/doc/src/ssh_server_key_api.xml +++ b/lib/ssh/doc/src/ssh_server_key_api.xml @@ -50,20 +50,20 @@ public_key user's guide.

- - boolean() -

= true | false

 - string() -

= [byte()]

 - public_key() -

= #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term()

 - private_key() -

= #'RSAPrivateKey'{} | #'DSAPrivateKey'{} | term()

 - public_key_algorithm() -

= 'ssh-rsa'| 'ssh-dss' | atom()

 + + boolean() = +

true | false

 + string() = +

[byte()]

 + public_key() = +

#'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term()

 + private_key() = +

#'RSAPrivateKey'{} | #'DSAPrivateKey'{} | term()

 + public_key_algorithm() = +

'ssh-rsa'| 'ssh-dss' | atom()
- + Module:host_key(Algorithm, DaemonOptions) -> diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index 643130fe6b..fc418bc934 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -43,8 +43,8 @@

- ssh_connection_ref() -

Opaque to the user, returned by ssh:connect/3

 + ssh_connection_ref() = +

opaque() - as returned by ssh:connect/3

 timeout()

= infinity | integer() in milliseconds. Default infinity.

 diff --git a/lib/ssh/doc/src/ssh_sftpd.xml b/lib/ssh/doc/src/ssh_sftpd.xml index bc2660f595..8b2497e6a3 100644 --- a/lib/ssh/doc/src/ssh_sftpd.xml +++ b/lib/ssh/doc/src/ssh_sftpd.xml @@ -37,16 +37,16 @@
DATA TYPES - subsystem_spec() -

= {subsystem_name(), {channel_callback(), channel_init_args()}}

 - subsystem_name() -

= "sftp"

 - channel_callback() -

= atom() - Name of the Erlang module implementing the subsystem using the + subsystem_spec() = +

{subsystem_name(), {channel_callback(), channel_init_args()}}

 + subsystem_name() = +

"sftp"

 + channel_callback() = +

atom() - Name of the Erlang module implementing the subsystem using the ssh_channel behavior, see the ssh_channel(3) manual page.

 - channel_init_args() -

= list() - The one given as argument to function subsystem_spec/1.

 + channel_init_args() = +

list() - The one given as argument to function subsystem_spec/1.
-- cgit v1.2.3 From e09dd66dc4d89c62ddfd8c19791f9678d5d787c6 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 12 May 2015 18:18:55 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 66 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 41885c684c..af5b78bff2 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,72 @@ notes.xml +
Ssh 4.0 + +
Fixed Bugs and Malfunctions + + +

+ Included test of the 'e' and 'f' parameters in dh key + exchange as specified in rfc 4253 section 8.

+

+ Own Id: OTP-12649

+ + +

+ Fixes the bug that once the rekey_limit bytes (by + default, 1GB) had been transmitted the connection was + rekeyed every minute, not after the next 'rekey_limit'.

+

+ Thanks to Simon Cornish for the report and the fix!

+

+ Own Id: OTP-12692

+ + +

+ Fixes a bug that causes an SFTP connection to always fail + when {timeout, Timeout} option is used with + ssh_sftp:start_channel.

+

+ Thanks to Simon Cornish

+

+ Own Id: OTP-12708

+ + +
+ + +
Improvements and New Features + + +

+ The internal group to user_drv protocol has been changed + to be synchronous in order to guarantee that output sent + to a process implementing the user_drv protocol is + printed before replying. This protocol is used by the + standard_output device and the ssh application when + acting as a client.

+

+ This change changes the previous unlimited buffer when + printing to standard_io and other devices that end up in + user_drv to 1KB.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-12240

+ + +

+ If ssh_connection:subsystem/4 fails we do not want to + crash but rather terminate gracefully.

+

+ Own Id: OTP-12648 Aux Id: seq12834

+ + +
+ +
+
Ssh 3.2.2
Improvements and New Features -- cgit v1.2.3 From 9a81b28598fadc44bf506354c9227e41aac786f6 Mon Sep 17 00:00:00 2001 From: Henrik Nord Date: Wed, 13 May 2015 09:40:16 +0200 Subject: Revert "Prepare release" This reverts commit e09dd66dc4d89c62ddfd8c19791f9678d5d787c6. --- lib/ssh/doc/src/notes.xml | 66 ----------------------------------------------- 1 file changed, 66 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index af5b78bff2..41885c684c 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,72 +29,6 @@ notes.xml -
Ssh 4.0 - -
Fixed Bugs and Malfunctions - - -

- Included test of the 'e' and 'f' parameters in dh key - exchange as specified in rfc 4253 section 8.

-

- Own Id: OTP-12649

- - -

- Fixes the bug that once the rekey_limit bytes (by - default, 1GB) had been transmitted the connection was - rekeyed every minute, not after the next 'rekey_limit'.

-

- Thanks to Simon Cornish for the report and the fix!

-

- Own Id: OTP-12692

- - -

- Fixes a bug that causes an SFTP connection to always fail - when {timeout, Timeout} option is used with - ssh_sftp:start_channel.

-

- Thanks to Simon Cornish

-

- Own Id: OTP-12708

- - -
- - -
Improvements and New Features - - -

- The internal group to user_drv protocol has been changed - to be synchronous in order to guarantee that output sent - to a process implementing the user_drv protocol is - printed before replying. This protocol is used by the - standard_output device and the ssh application when - acting as a client.

-

- This change changes the previous unlimited buffer when - printing to standard_io and other devices that end up in - user_drv to 1KB.

-

- *** POTENTIAL INCOMPATIBILITY ***

-

- Own Id: OTP-12240

- - -

- If ssh_connection:subsystem/4 fails we do not want to - crash but rather terminate gracefully.

-

- Own Id: OTP-12648 Aux Id: seq12834

- - -
- -
-
Ssh 3.2.2
Improvements and New Features -- cgit v1.2.3 From 7aef211a66219b6fef9d0bdaf9b09be6c2e0a32f Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 12 May 2015 17:03:28 +0200 Subject: ssh: option for handling the SSH_MSG_DEBUG message's printouts A fun could be given in the options that will be called whenever the SSH_MSG_DEBUG message arrives. This enables the user to format the printout or just discard it. The default is changed to not print the message. In RFC4253 printing is a SHOULD, but our new default is to protect logs from dos attacs. --- lib/ssh/doc/src/ssh.xml | 20 +++++++- lib/ssh/src/ssh.erl | 4 ++ lib/ssh/src/ssh_connection_handler.erl | 12 ++--- lib/ssh/test/ssh_basic_SUITE.erl | 90 ++++++++++++++++++++++++++++++++++ lib/ssh/vsn.mk | 2 +- 5 files changed, 119 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 72dafc0c09..501668ca78 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -201,6 +201,14 @@

Sets a timeout on connection when no channels are active, default is infinity

 + + _}]]> + +

Provide a fun to implement your own logging of the SSH message SSH_MSG_DEBUG. The last three parameters are from the message, see RFC4253, section 11.3. The ConnectionRef is the reference to the connection on which the message arrived. The return value from the fun is not checked.

+

The default behaviour is ignore the message. + To get a printout for each message with AlwaysDisplay = true, use for example {ssh_msg_debug_fun, fun(_,true,M,_)-> io:format("DEBUG: ~p~n", [M]) end}

+ + @@ -383,8 +391,16 @@

Provide a fun to implement your own logging when a user disconnects from the server.

 - - + + _}]]> + +

Provide a fun to implement your own logging of the SSH message SSH_MSG_DEBUG. The last three parameters are from the message, see RFC4253, section 11.3. The ConnectionRef is the reference to the connection on which the message arrived. The return value from the fun is not checked.

+

The default behaviour is ignore the message. + To get a printout for each message with AlwaysDisplay = true, use for example {ssh_msg_debug_fun, fun(_,true,M,_)-> io:format("DEBUG: ~p~n", [M]) end}

+ + + + diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index d4b02a024e..71e7d77475 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -312,6 +312,8 @@ handle_option([{disconnectfun, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{failfun, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{ssh_msg_debug_fun, _} = Opt | Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); %%Backwards compatibility should not be underscore between ip and v6 in API handle_option([{ip_v6_disabled, Value} | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option({ipv6_disabled, Value}) | SshOptions]); @@ -417,6 +419,8 @@ handle_ssh_option({disconnectfun , Value} = Opt) when is_function(Value) -> Opt; handle_ssh_option({failfun, Value} = Opt) when is_function(Value) -> Opt; +handle_ssh_option({ssh_msg_debug_fun, Value} = Opt) when is_function(Value,4) -> + Opt; handle_ssh_option({ipv6_disabled, Value} = Opt) when is_boolean(Value) -> throw({error, {{ipv6_disabled, Opt}, option_no_longer_valid_use_inet_option_instead}}); diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index e1f2e059e8..0f6162db60 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -580,12 +580,12 @@ handle_event(#ssh_msg_disconnect{description = Desc} = DisconnectMsg, _StateName handle_event(#ssh_msg_ignore{}, StateName, State) -> {next_state, StateName, next_packet(State)}; -handle_event(#ssh_msg_debug{always_display = true, message = DbgMsg}, - StateName, State) -> - io:format("DEBUG: ~p\n", [DbgMsg]), - {next_state, StateName, next_packet(State)}; - -handle_event(#ssh_msg_debug{}, StateName, State) -> +handle_event(#ssh_msg_debug{always_display = Display, message = DbgMsg, language=Lang}, + StateName, #state{opts = Opts} = State) -> + F = proplists:get_value(ssh_msg_debug_fun, Opts, + fun(_ConnRef, _AlwaysDisplay, _Msg, _Language) -> ok end + ), + catch F(self(), Display, DbgMsg, Lang), {next_state, StateName, next_packet(State)}; handle_event(#ssh_msg_unimplemented{}, StateName, State) -> diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index f5f8991acc..fa7b426545 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -52,6 +52,8 @@ all() -> ssh_connect_arg4_timeout, packet_size_zero, ssh_daemon_minimal_remote_max_packet_size_option, + ssh_msg_debug_fun_option_client, + ssh_msg_debug_fun_option_server, id_string_no_opt_client, id_string_own_string_client, id_string_random_client, @@ -493,6 +495,94 @@ server_userpassword_option(Config) when is_list(Config) -> {user_dir, UserDir}]), ssh:stop_daemon(Pid). +%%-------------------------------------------------------------------- +ssh_msg_debug_fun_option_client() -> + [{doc, "validate client that uses the 'ssh_msg_debug_fun' option"}]. +ssh_msg_debug_fun_option_client(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}]), + Parent = self(), + DbgFun = fun(ConnRef,Displ,Msg,Lang) -> Parent ! {msg_dbg,{ConnRef,Displ,Msg,Lang}} end, + + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {user_interaction, false}, + {ssh_msg_debug_fun,DbgFun}]), + %% Beware, implementation knowledge: + gen_fsm:send_all_state_event(ConnectionRef,{ssh_msg_debug,false,<<"Hello">>,<<>>}), + receive + {msg_dbg,X={ConnectionRef,false,<<"Hello">>,<<>>}} -> + ct:log("Got expected dbg msg ~p",[X]), + ssh:stop_daemon(Pid); + {msg_dbg,X={_,false,<<"Hello">>,<<>>}} -> + ct:log("Got dbg msg but bad ConnectionRef (~p expected) ~p",[ConnectionRef,X]), + ssh:stop_daemon(Pid), + {fail, "Bad ConnectionRef received"}; + {msg_dbg,X} -> + ct:log("Got bad dbg msg ~p",[X]), + ssh:stop_daemon(Pid), + {fail,"Bad msg received"} + after 1000 -> + ssh:stop_daemon(Pid), + {fail,timeout} + end. + +%%-------------------------------------------------------------------- +ssh_msg_debug_fun_option_server() -> + [{doc, "validate client that uses the 'ssh_msg_debug_fun' option"}]. +ssh_msg_debug_fun_option_server(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + DbgFun = fun(ConnRef,Displ,Msg,Lang) -> Parent ! {msg_dbg,{ConnRef,Displ,Msg,Lang}} end, + ConnFun = fun(_,_,_) -> Parent ! {connection_pid,self()} end, + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}, + {connectfun, ConnFun}, + {ssh_msg_debug_fun, DbgFun}]), + _ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {user_interaction, false}]), + receive + {connection_pid,Server} -> + %% Beware, implementation knowledge: + gen_fsm:send_all_state_event(Server,{ssh_msg_debug,false,<<"Hello">>,<<>>}), + receive + {msg_dbg,X={_,false,<<"Hello">>,<<>>}} -> + ct:log("Got expected dbg msg ~p",[X]), + ssh:stop_daemon(Pid); + {msg_dbg,X} -> + ct:log("Got bad dbg msg ~p",[X]), + ssh:stop_daemon(Pid), + {fail,"Bad msg received"} + after 3000 -> + ssh:stop_daemon(Pid), + {fail,timeout2} + end + after 3000 -> + ssh:stop_daemon(Pid), + {fail,timeout1} + end. + %%-------------------------------------------------------------------- known_hosts() -> [{doc, "check that known_hosts is updated correctly"}]. diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index b2b85a717f..40bda0c19f 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,4 +1,4 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.2.2 +SSH_VSN = 3.2.3 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From ba0608d66d7b66d9108f79afd3c7c23b0ba06194 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 18 May 2015 09:55:10 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 41885c684c..579a3ae4a8 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,25 @@ notes.xml +
Ssh 3.2.3 + +
Fixed Bugs and Malfunctions + + +

+ A new option for handling the SSH_MSG_DEBUG message's + printouts. A fun could be given in the options that will + be called whenever the SSH_MSG_DEBUG message arrives. + This enables the user to format the printout or just + discard it.

+

+ Own Id: OTP-12738 Aux Id: seq12860

+ + +
+ +
+
Ssh 3.2.2
Improvements and New Features -- cgit v1.2.3 From 5e71fae6329a8cfa82ac5d5f9146e947fc92f542 Mon Sep 17 00:00:00 2001 From: Simon Cornish Date: Mon, 11 May 2015 15:47:06 -0700 Subject: Fix rekeying according to RFC 4253 When in the connected state, an received KEXINIT message MUST be responded to with KEXINIT. After that, the client may continue with KEXDH_INIT (or similar). See the first paragraph on RFC 4253 sec. 9. --- lib/ssh/src/ssh_connection_handler.erl | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 2c7f132916..9b11cadab6 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -559,11 +559,13 @@ userauth(#ssh_msg_userauth_banner{message = Msg}, -spec connected({#ssh_msg_kexinit{}, binary()}, %%| %% #ssh_msg_kexdh_init{}, #state{}) -> gen_fsm_state_return(). %%-------------------------------------------------------------------- -connected({#ssh_msg_kexinit{}, _Payload} = Event, State) -> - kexinit(Event, State#state{renegotiate = true}). -%% ; -%% connected(#ssh_msg_kexdh_init{} = Event, State) -> -%% key_exchange(Event, State#state{renegotiate = true}). +connected({#ssh_msg_kexinit{}, _Payload} = Event, #state{ssh_params = Ssh0} = State0) -> + {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), + State = State0#state{ssh_params = Ssh, + key_exchange_init_msg = KeyInitMsg, + renegotiate = true}, + send_msg(SshPacket, State), + kexinit(Event, State). %%-------------------------------------------------------------------- -spec handle_event(#ssh_msg_disconnect{} | #ssh_msg_ignore{} | #ssh_msg_debug{} | -- cgit v1.2.3 From d467173208581ee70213d34674ea841813af2e7e Mon Sep 17 00:00:00 2001 From: Simon Cornish Date: Mon, 11 May 2015 15:54:50 -0700 Subject: Fix protocol violations during rekeying In RFC 4253, sections 7.1 & 9 describe rekeying with special attention to the protocol messages that may be received and may not be sent during rekeying. This patch fixes a number of problems during rekeying caused by data & requests received from the network, and/or data & requests sent by the user. --- lib/ssh/src/ssh_connection_handler.erl | 237 ++++++++++++++++++++------------- 1 file changed, 146 insertions(+), 91 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 9b11cadab6..65208ae158 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -71,6 +71,7 @@ key_exchange_init_msg, % #ssh_msg_kexinit{} renegotiate = false, % boolean() last_size_rekey = 0, + event_queue = [], connection_queue, address, port, @@ -83,6 +84,11 @@ {next_state, state_name(), term(), timeout()} | {stop, term(), term()}. +-type gen_fsm_sync_return() :: {next_state, state_name(), term()} | + {next_state, state_name(), term(), timeout()} | + {reply, term(), state_name(), term()} | + {stop, term(), term(), term()}. + %%==================================================================== %% Internal application API %%==================================================================== @@ -433,9 +439,7 @@ key_exchange(#ssh_msg_kex_dh_gex_reply{} = Msg, new_keys(#ssh_msg_newkeys{} = Msg, #state{ssh_params = Ssh0} = State0) -> {ok, Ssh} = ssh_transport:handle_new_keys(Msg, Ssh0), - {NextStateName, State} = - after_new_keys(State0#state{ssh_params = Ssh}), - {next_state, NextStateName, next_packet(State)}. + after_new_keys(next_packet(State0#state{ssh_params = Ssh})). %%-------------------------------------------------------------------- -spec userauth(#ssh_msg_service_request{} | #ssh_msg_service_accept{} | @@ -594,33 +598,6 @@ handle_event(#ssh_msg_debug{always_display = Display, message = DbgMsg, language handle_event(#ssh_msg_unimplemented{}, StateName, State) -> {next_state, StateName, next_packet(State)}; -handle_event({adjust_window, ChannelId, Bytes}, StateName, - #state{connection_state = - #connection{channel_cache = Cache}} = State0) -> - State = - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{recv_window_size = WinSize, remote_id = Id} = Channel -> - ssh_channel:cache_update(Cache, Channel#channel{recv_window_size = - WinSize + Bytes}), - Msg = ssh_connection:channel_adjust_window_msg(Id, Bytes), - send_replies([{connection_reply, Msg}], State0); - undefined -> - State0 - end, - {next_state, StateName, next_packet(State)}; - -handle_event({reply_request, success, ChannelId}, StateName, - #state{connection_state = - #connection{channel_cache = Cache}} = State0) -> - State = case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{remote_id = RemoteId} -> - Msg = ssh_connection:channel_success_msg(RemoteId), - send_replies([{connection_reply, Msg}], State0); - undefined -> - State0 - end, - {next_state, StateName, State}; - handle_event(renegotiate, connected, #state{ssh_params = Ssh0} = State) -> {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), @@ -632,8 +609,7 @@ handle_event(renegotiate, connected, #state{ssh_params = Ssh0} renegotiate = true})}; handle_event(renegotiate, StateName, State) -> - timer:apply_after(?REKEY_TIMOUT, gen_fsm, send_all_state_event, [self(), renegotiate]), - %% Allready in keyexcahange so ignore + %% Already in key-exchange so safe to ignore {next_state, StateName, State}; %% Rekey due to sent data limit reached? @@ -655,6 +631,38 @@ handle_event(data_size, connected, #state{ssh_params = Ssh0} = State) -> {next_state, connected, next_packet(State)} end; handle_event(data_size, StateName, State) -> + %% Already in key-exchange so safe to ignore + {next_state, StateName, State}; + +handle_event(Event, StateName, State) when StateName /= connected -> + Events = [{event, Event} | State#state.event_queue], + {next_state, StateName, State#state{event_queue = Events}}; + +handle_event({adjust_window, ChannelId, Bytes}, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + State = + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{recv_window_size = WinSize, remote_id = Id} = Channel -> + ssh_channel:cache_update(Cache, Channel#channel{recv_window_size = + WinSize + Bytes}), + Msg = ssh_connection:channel_adjust_window_msg(Id, Bytes), + send_replies([{connection_reply, Msg}], State0); + undefined -> + State0 + end, + {next_state, StateName, next_packet(State)}; + +handle_event({reply_request, success, ChannelId}, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + State = case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{remote_id = RemoteId} -> + Msg = ssh_connection:channel_success_msg(RemoteId), + send_replies([{connection_reply, Msg}], State0); + undefined -> + State0 + end, {next_state, StateName, State}; handle_event({request, ChannelPid, ChannelId, Type, Data}, StateName, State0) -> @@ -685,8 +693,65 @@ handle_event({unknown, Data}, StateName, State) -> sockname]} | {channel_info, channel_id(), [recv_window | send_window]} | {close, channel_id()} | stop, term(), state_name(), #state{}) - -> gen_fsm_state_return(). + -> gen_fsm_sync_return(). %%-------------------------------------------------------------------- +handle_sync_event(get_print_info, _From, StateName, State) -> + Reply = + try + {inet:sockname(State#state.socket), + inet:peername(State#state.socket) + } + of + {{ok,Local}, {ok,Remote}} -> {{Local,Remote},io_lib:format("statename=~p",[StateName])}; + _ -> {{"-",0},"-"} + catch + _:_ -> {{"?",0},"?"} + end, + {reply, Reply, StateName, State}; + +handle_sync_event({connection_info, Options}, _From, StateName, State) -> + Info = ssh_info(Options, State, []), + {reply, Info, StateName, State}; + +handle_sync_event({channel_info, ChannelId, Options}, _From, StateName, + #state{connection_state = #connection{channel_cache = Cache}} = State) -> + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{} = Channel -> + Info = ssh_channel_info(Options, Channel, []), + {reply, Info, StateName, State}; + undefined -> + {reply, [], StateName, State} + end; + +handle_sync_event({info, ChannelPid}, _From, StateName, + #state{connection_state = + #connection{channel_cache = Cache}} = State) -> + Result = ssh_channel:cache_foldl( + fun(Channel, Acc) when ChannelPid == all; + Channel#channel.user == ChannelPid -> + [Channel | Acc]; + (_, Acc) -> + Acc + end, [], Cache), + {reply, {ok, Result}, StateName, State}; + +handle_sync_event(stop, _, _StateName, #state{connection_state = Connection0, + role = Role, + opts = Opts} = State0) -> + {disconnect, Reason, {{replies, Replies}, Connection}} = + ssh_connection:handle_msg(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + description = "User closed down connection", + language = "en"}, Connection0, Role), + State = send_replies(Replies, State0), + SSHOpts = proplists:get_value(ssh_opts, Opts), + disconnect_fun(Reason, SSHOpts), + {stop, normal, ok, State#state{connection_state = Connection}}; + + +handle_sync_event(Event, From, StateName, State) when StateName /= connected -> + Events = [{sync, Event, From} | State#state.event_queue], + {next_state, StateName, State#state{event_queue = Events}}; + handle_sync_event({request, ChannelPid, ChannelId, Type, Data, Timeout}, From, StateName, State0) -> {{replies, Replies}, State1} = handle_request(ChannelPid, ChannelId, Type, Data, @@ -789,46 +854,6 @@ handle_sync_event({recv_window, ChannelId}, _From, StateName, end, {reply, Reply, StateName, next_packet(State)}; -handle_sync_event(get_print_info, _From, StateName, State) -> - Reply = - try - {inet:sockname(State#state.socket), - inet:peername(State#state.socket) - } - of - {{ok,Local}, {ok,Remote}} -> {{Local,Remote},io_lib:format("statename=~p",[StateName])}; - _ -> {{"-",0},"-"} - catch - _:_ -> {{"?",0},"?"} - end, - {reply, Reply, StateName, State}; - -handle_sync_event({connection_info, Options}, _From, StateName, State) -> - Info = ssh_info(Options, State, []), - {reply, Info, StateName, State}; - -handle_sync_event({channel_info, ChannelId, Options}, _From, StateName, - #state{connection_state = #connection{channel_cache = Cache}} = State) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{} = Channel -> - Info = ssh_channel_info(Options, Channel, []), - {reply, Info, StateName, State}; - undefined -> - {reply, [], StateName, State} - end; - -handle_sync_event({info, ChannelPid}, _From, StateName, - #state{connection_state = - #connection{channel_cache = Cache}} = State) -> - Result = ssh_channel:cache_foldl( - fun(Channel, Acc) when ChannelPid == all; - Channel#channel.user == ChannelPid -> - [Channel | Acc]; - (_, Acc) -> - Acc - end, [], Cache), - {reply, {ok, Result}, StateName, State}; - handle_sync_event({close, ChannelId}, _, StateName, #state{connection_state = #connection{channel_cache = Cache}} = State0) -> @@ -843,19 +868,7 @@ handle_sync_event({close, ChannelId}, _, StateName, undefined -> State0 end, - {reply, ok, StateName, next_packet(State)}; - -handle_sync_event(stop, _, _StateName, #state{connection_state = Connection0, - role = Role, - opts = Opts} = State0) -> - {disconnect, Reason, {{replies, Replies}, Connection}} = - ssh_connection:handle_msg(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, - description = "User closed down connection", - language = "en"}, Connection0, Role), - State = send_replies(Replies, State0), - SSHOpts = proplists:get_value(ssh_opts, Opts), - disconnect_fun(Reason, SSHOpts), - {stop, normal, ok, State#state{connection_state = Connection}}. + {reply, ok, StateName, next_packet(State)}. %%-------------------------------------------------------------------- -spec handle_info({atom(), port(), binary()} | {atom(), port()} | @@ -1284,8 +1297,17 @@ generate_event(<> = Msg, StateName, ConnectionMsg = ssh_message:decode(Msg), State1 = generate_event_new_state(State0, EncData), try ssh_connection:handle_msg(ConnectionMsg, Connection0, Role) of - {{replies, Replies}, Connection} -> - State = send_replies(Replies, State1#state{connection_state = Connection}), + {{replies, Replies0}, Connection} -> + if StateName == connected -> + Replies = Replies0, + State2 = State1; + true -> + {ConnReplies, Replies} = + lists:splitwith(fun not_connected_filter/1, Replies0), + Q = State1#state.event_queue ++ ConnReplies, + State2 = State1#state{ event_queue = Q } + end, + State = send_replies(Replies, State2#state{connection_state = Connection}), {next_state, StateName, next_packet(State)}; {noreply, Connection} -> {next_state, StateName, next_packet(State1#state{connection_state = Connection})}; @@ -1458,15 +1480,43 @@ next_packet(#state{socket = Socket} = State) -> State. after_new_keys(#state{renegotiate = true} = State) -> - {connected, State#state{renegotiate = false}}; + State1 = State#state{renegotiate = false, event_queue = []}, + lists:foldr(fun after_new_keys_events/2, {next_state, connected, State1}, State#state.event_queue); after_new_keys(#state{renegotiate = false, ssh_params = #ssh{role = client} = Ssh0} = State) -> {Msg, Ssh} = ssh_auth:service_request_msg(Ssh0), send_msg(Msg, State), - {userauth, State#state{ssh_params = Ssh}}; + {next_state, userauth, State#state{ssh_params = Ssh}}; after_new_keys(#state{renegotiate = false, ssh_params = #ssh{role = server}} = State) -> - {userauth, State}. + {next_state, userauth, State}. + +after_new_keys_events({sync, _Event, From}, {stop, _Reason, _StateData}=Terminator) -> + gen_fsm:reply(From, {error, closed}), + Terminator; +after_new_keys_events(_, {stop, _Reason, _StateData}=Terminator) -> + Terminator; +after_new_keys_events({sync, Event, From}, {next_state, StateName, StateData}) -> + case handle_sync_event(Event, From, StateName, StateData) of + {reply, Reply, NextStateName, NewStateData} -> + gen_fsm:reply(From, Reply), + {next_state, NextStateName, NewStateData}; + {next_state, NextStateName, NewStateData}-> + {next_state, NextStateName, NewStateData}; + {stop, Reason, Reply, NewStateData} -> + gen_fsm:reply(From, Reply), + {stop, Reason, NewStateData} + end; +after_new_keys_events({event, Event}, {next_state, StateName, StateData}) -> + case handle_event(Event, StateName, StateData) of + {next_state, NextStateName, NewStateData}-> + {next_state, NextStateName, NewStateData}; + {stop, Reason, NewStateData} -> + {stop, Reason, NewStateData} + end; +after_new_keys_events({connection_reply, _Data} = Reply, {StateName, State}) -> + NewState = send_replies([Reply], State), + {next_state, StateName, NewState}. handle_ssh_packet_data(RemainingSshPacketLen, DecData, EncData, StateName, State) -> @@ -1627,6 +1677,11 @@ log_error(Reason) -> error_logger:error_report(Report), "Internal error". +not_connected_filter({connection_reply, _Data}) -> + true; +not_connected_filter(_) -> + false. + send_replies([], State) -> State; send_replies([{connection_reply, Data} | Rest], #state{ssh_params = Ssh0} = State) -> -- cgit v1.2.3 From 21ecb1a4f3e037411af0c72eb93948ecafbd2984 Mon Sep 17 00:00:00 2001 From: Simon Cornish Date: Mon, 11 May 2015 15:55:02 -0700 Subject: Add tests for ssh rekeying --- lib/ssh/test/Makefile | 3 +- lib/ssh/test/ssh_basic_SUITE.erl | 177 ++++++++++++++++- lib/ssh/test/ssh_relay.erl | 407 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 581 insertions(+), 6 deletions(-) create mode 100644 lib/ssh/test/ssh_relay.erl (limited to 'lib/ssh') diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile index 740dbd0235..39b2f57d26 100644 --- a/lib/ssh/test/Makefile +++ b/lib/ssh/test/Makefile @@ -40,7 +40,8 @@ MODULES= \ ssh_connection_SUITE \ ssh_echo_server \ ssh_peername_sockname_server \ - ssh_test_cli + ssh_test_cli \ + ssh_relay HRL_FILES_NEEDED_IN_TEST= \ $(ERL_TOP)/lib/ssh/src/ssh.hrl \ diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 242c9a3bd9..aaf0fa9905 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -29,6 +29,7 @@ -define(NEWLINE, <<"\r\n">>). +-define(REKEY_DATA_TMO, 65000). %%-------------------------------------------------------------------- %% Common Test interface functions ----------------------------------- %%-------------------------------------------------------------------- @@ -44,6 +45,7 @@ all() -> {group, dsa_pass_key}, {group, rsa_pass_key}, {group, internal_error}, + {group, renegotiate}, daemon_already_started, server_password_option, server_userpassword_option, @@ -69,6 +71,7 @@ groups() -> {dsa_pass_key, [], [pass_phrase]}, {rsa_pass_key, [], [pass_phrase]}, {internal_error, [], [internal_error]}, + {renegotiate, [], [rekey, rekey_limit, renegotiate1, renegotiate2]}, {hardening_tests, [], [ssh_connect_nonegtimeout_connected_parallel, ssh_connect_nonegtimeout_connected_sequential, ssh_connect_negtimeout_parallel, @@ -84,8 +87,7 @@ groups() -> basic_tests() -> [send, close, peername_sockname, exec, exec_compressed, shell, cli, known_hosts, - idle_time, rekey, openssh_zlib_basic_test, - misc_ssh_options, inet_option]. + idle_time, openssh_zlib_basic_test, misc_ssh_options, inet_option]. %%-------------------------------------------------------------------- @@ -333,25 +335,175 @@ idle_time(Config) -> rekey() -> [{doc, "Idle timeout test"}]. rekey(Config) -> - SystemDir = filename:join(?config(priv_dir, Config), system), + SystemDir = ?config(data_dir, Config), UserDir = ?config(priv_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {user_dir, UserDir}, + {user_dir, UserDir}, {failfun, fun ssh_test_lib:failfun/2}, + {user_passwords, + [{"simon", "says"}]}, {rekey_limit, 0}]), + ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, {user_dir, UserDir}, + {user, "simon"}, + {password, "says"}, {user_interaction, false}, {rekey_limit, 0}]), receive - after 200000 -> + after ?REKEY_DATA_TMO -> %%By this time rekeying would have been done ssh:close(ConnectionRef), ssh:stop_daemon(Pid) end. %%-------------------------------------------------------------------- +rekey_limit() -> + [{doc, "Test rekeying by data volume"}]. +rekey_limit(Config) -> + SystemDir = ?config(data_dir, Config), + UserDir = ?config(priv_dir, Config), + DataFile = filename:join(UserDir, "rekey.data"), + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {user_passwords, + [{"simon", "says"}]}]), + {ok, SftpPid, ConnectionRef} = + ssh_sftp:start_channel(Host, Port, [{system_dir, SystemDir}, + {user_dir, UserDir}, + {user, "simon"}, + {password, "says"}, + {rekey_limit, 2500}, + {user_interaction, false}, + {silently_accept_hosts, true}]), + + Kex1 = get_kex_init(ConnectionRef), + + ct:sleep(?REKEY_DATA_TMO), + Kex1 = get_kex_init(ConnectionRef), + + Data = lists:duplicate(9000,1), + ok = ssh_sftp:write_file(SftpPid, DataFile, Data), + + ct:sleep(?REKEY_DATA_TMO), + Kex2 = get_kex_init(ConnectionRef), + + false = (Kex2 == Kex1), + + ct:sleep(?REKEY_DATA_TMO), + Kex2 = get_kex_init(ConnectionRef), + + ok = ssh_sftp:write_file(SftpPid, DataFile, "hi\n"), + + ct:sleep(?REKEY_DATA_TMO), + Kex2 = get_kex_init(ConnectionRef), + + false = (Kex2 == Kex1), + + ct:sleep(?REKEY_DATA_TMO), + Kex2 = get_kex_init(ConnectionRef), + + + ssh_sftp:stop_channel(SftpPid), + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). + +%%-------------------------------------------------------------------- +renegotiate1() -> + [{doc, "Test rekeying with simulataneous send request"}]. +renegotiate1(Config) -> + SystemDir = ?config(data_dir, Config), + UserDir = ?config(priv_dir, Config), + DataFile = filename:join(UserDir, "renegotiate1.data"), + + {Pid, Host, DPort} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {user_passwords, + [{"simon", "says"}]}]), + RPort = ssh_test_lib:inet_port(), + + {ok,RelayPid} = ssh_relay:start_link({0,0,0,0}, RPort, Host, DPort), + + {ok, SftpPid, ConnectionRef} = + ssh_sftp:start_channel(Host, RPort, [{system_dir, SystemDir}, + {user_dir, UserDir}, + {user, "simon"}, + {password, "says"}, + {user_interaction, false}, + {silently_accept_hosts, true}]), + + Kex1 = get_kex_init(ConnectionRef), + + {ok, Handle} = ssh_sftp:open(SftpPid, DataFile, [write]), + + ok = ssh_sftp:write(SftpPid, Handle, "hi\n"), + + ssh_relay:hold(RelayPid, rx, 20, 1000), + ssh_connection_handler:renegotiate(ConnectionRef), + spawn(fun() -> ok=ssh_sftp:write(SftpPid, Handle, "another hi\n") end), + + ct:sleep(2000), + + Kex2 = get_kex_init(ConnectionRef), + + false = (Kex2 == Kex1), + + ssh_relay:stop(RelayPid), + ssh_sftp:stop_channel(SftpPid), + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). + +%%-------------------------------------------------------------------- +renegotiate2() -> + [{doc, "Test rekeying with inflight messages from peer"}]. +renegotiate2(Config) -> + SystemDir = ?config(data_dir, Config), + UserDir = ?config(priv_dir, Config), + DataFile = filename:join(UserDir, "renegotiate1.data"), + + {Pid, Host, DPort} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {user_passwords, + [{"simon", "says"}]}]), + RPort = ssh_test_lib:inet_port(), + + {ok,RelayPid} = ssh_relay:start_link({0,0,0,0}, RPort, Host, DPort), + + {ok, SftpPid, ConnectionRef} = + ssh_sftp:start_channel(Host, RPort, [{system_dir, SystemDir}, + {user_dir, UserDir}, + {user, "simon"}, + {password, "says"}, + {user_interaction, false}, + {silently_accept_hosts, true}]), + + Kex1 = get_kex_init(ConnectionRef), + + {ok, Handle} = ssh_sftp:open(SftpPid, DataFile, [write]), + + ok = ssh_sftp:write(SftpPid, Handle, "hi\n"), + + ssh_relay:hold(RelayPid, rx, 20, infinity), + spawn(fun() -> ok=ssh_sftp:write(SftpPid, Handle, "another hi\n") end), + %% need a small pause here to ensure ssh_sftp:write is executed + ct:sleep(10), + ssh_connection_handler:renegotiate(ConnectionRef), + ssh_relay:release(RelayPid, rx), + + ct:sleep(2000), + + Kex2 = get_kex_init(ConnectionRef), + + false = (Kex2 == Kex1), + + ssh_relay:stop(RelayPid), + ssh_sftp:stop_channel(SftpPid), + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). + +%%-------------------------------------------------------------------- shell() -> [{doc, "Test that ssh:shell/2 works"}]. shell(Config) when is_list(Config) -> @@ -1300,3 +1452,18 @@ fake_daemon(_Config) -> {sockname,Server,ServerHost,ServerPort} -> {Server, ServerHost, ServerPort} end. +%% get_kex_init - helper function to get key_exchange_init_msg +get_kex_init(Conn) -> + %% First, validate the key exchange is complete (StateName == connected) + {connected,S} = sys:get_state(Conn), + %% Next, walk through the elements of the #state record looking + %% for the #ssh_msg_kexinit record. This method is robust against + %% changes to either record. The KEXINIT message contains a cookie + %% unique to each invocation of the key exchange procedure (RFC4253) + SL = tuple_to_list(S), + case lists:keyfind(ssh_msg_kexinit, 1, SL) of + false -> + throw(not_found); + KexInit -> + KexInit + end. diff --git a/lib/ssh/test/ssh_relay.erl b/lib/ssh/test/ssh_relay.erl new file mode 100644 index 0000000000..a4f2bad2e2 --- /dev/null +++ b/lib/ssh/test/ssh_relay.erl @@ -0,0 +1,407 @@ +%%%------------------------------------------------------------------- +%%% @author Simon Cornish +%%% @copyright (C) 2015, Simon Cornish +%%% @doc +%%% Provide manipulatable TCP-level relaying for testing SSH +%%% @end +%%% Created : 7 May 2015 by Simon Cornish +%%%------------------------------------------------------------------- +-module(ssh_relay). + +-behaviour(gen_server). + +%% API +-export([start_link/4]). +-export([stop/1]). +-export([hold/4, release/2, release_next/3]). + +%% gen_server callbacks +-export([init/1, handle_call/3, handle_cast/2, handle_info/2, + terminate/2, code_change/3]). + +-record(hold, { + port, + n, + tmo, + tref, + q = [] + }). + +-record(state, { + local_addr, + local_port, + peer_addr, + peer_port, + lpid, + local, + peer, + tx_hold, + rx_hold + }). + +-define(ACCEPT_TMO, 200). +%%%=================================================================== +%%% API +%%%=================================================================== +%%-------------------------------------------------------------------- +%% @doc +%% Hold N (or 'all') messages in given direction. +%% Messages will be released after the N+1th message or +%% Tmo ms or 'infinity' +%% +%% Dir is 'tx' for direction local -> peer +%% and 'rx' for direction peer -> local +%% +%% An Error, ealready, is returned if there is already a hold +%% in the given direction +%% +%% @spec hold(Srv, Dir, N, Tmo) -> ok | {error, Error} +%% @end +%%-------------------------------------------------------------------- +hold(Srv, Dir, N, Tmo) -> + gen_server:call(Srv, {hold, Dir, N, Tmo}). + +%%-------------------------------------------------------------------- +%% @doc +%% Release all held messages in given direction. +%% +%% An Error, enoent, is returned if there is no hold +%% in the given direction +%% +%% @spec release(Srv, Dir) -> ok | {error, Error} +%% @end +%%-------------------------------------------------------------------- +release(Srv, Dir) -> + gen_server:call(Srv, {release, Dir}). + +%%-------------------------------------------------------------------- +%% @doc +%% Release all held messages in given direction after the +%% next message in the trigger direction +%% +%% An Error, enoent, is returned if there is no hold +%% in the given direction +%% +%% @spec release_next(Srv, Dir, TriggerDir) -> ok | {error, Error} +%% @end +%%-------------------------------------------------------------------- +release_next(Srv, Dir, TriggerDir) -> + gen_server:call(Srv, {release_next, Dir, TriggerDir}). + +%%-------------------------------------------------------------------- +%% @doc +%% Starts the server +%% +%% @spec start_link() -> {ok, Pid} | ignore | {error, Error} +%% @end +%%-------------------------------------------------------------------- +start_link(ListenAddr, ListenPort, PeerAddr, PeerPort) -> + gen_server:start_link(?MODULE, [ListenAddr, ListenPort, PeerAddr, PeerPort], []). + +stop(Srv) -> + unlink(Srv), + Srv ! stop. + +%%%=================================================================== +%%% gen_server callbacks +%%%=================================================================== + +%%-------------------------------------------------------------------- +%% @private +%% @doc +%% Initializes the server +%% +%% @spec init(Args) -> {ok, State} | +%% {ok, State, Timeout} | +%% ignore | +%% {stop, Reason} +%% @end +%%-------------------------------------------------------------------- +init([ListenAddr, ListenPort, PeerAddr, PeerPort | Options]) -> + IfAddr = case ListenAddr of + {0,0,0,0} -> + []; + _ -> + [{ifaddr, ListenAddr}] + end, + case gen_tcp:listen(ListenPort, [{reuseaddr, true}, {backlog, 1}, {active, false}, binary | IfAddr]) of + {ok, LSock} -> + Parent = self(), + {LPid, _LMod} = spawn_monitor(fun() -> listen(Parent, LSock) end), + S = #state{local_addr = ListenAddr, + local_port = ListenPort, + lpid = LPid, + peer_addr = PeerAddr, + peer_port = PeerPort + }, + {ok, S}; + Error -> + {stop, Error} + end. + +%%-------------------------------------------------------------------- +%% @private +%% @doc +%% Handling call messages +%% +%% @spec handle_call(Request, From, State) -> +%% {reply, Reply, State} | +%% {reply, Reply, State, Timeout} | +%% {noreply, State} | +%% {noreply, State, Timeout} | +%% {stop, Reason, Reply, State} | +%% {stop, Reason, State} +%% @end +%%-------------------------------------------------------------------- +handle_call({hold, Dir, N, Tmo}, _From, State) -> + case Dir of + tx -> + do_hold(#state.tx_hold, State#state.peer, N, Tmo, State); + rx -> + do_hold(#state.rx_hold, State#state.local, N, Tmo, State); + _ -> + {reply, {error, einval}, State} + end; +handle_call({release, Dir}, _From, State) -> + case Dir of + tx -> + do_release(#state.tx_hold, State); + rx -> + do_release(#state.rx_hold, State); + _ -> + {reply, {error, einval}, State} + end; +handle_call({release_next, _Dir, _TriggerDir}, _From, State) -> + {reply, {error, nyi}, State}; + +handle_call(Request, _From, State) -> + Reply = {unhandled, Request}, + {reply, Reply, State}. + +%%-------------------------------------------------------------------- +%% @private +%% @doc +%% Handling cast messages +%% +%% @spec handle_cast(Msg, State) -> {noreply, State} | +%% {noreply, State, Timeout} | +%% {stop, Reason, State} +%% @end +%%-------------------------------------------------------------------- +handle_cast(_Msg, State) -> + {noreply, State}. + +%%-------------------------------------------------------------------- +%% @private +%% @doc +%% Handling all non call/cast messages +%% +%% @spec handle_info(Info, State) -> {noreply, State} | +%% {noreply, State, Timeout} | +%% {stop, Reason, State} +%% @end +%%-------------------------------------------------------------------- +handle_info({tcp, Local, Data}, S) when S#state.local == Local -> + S1 = do_local(Data, S), + {noreply, S1}; + +handle_info({tcp_error, Local, Error}, S) when S#state.local == Local -> + S1 = do_local({error, Error}, S), + {noreply, S1}; + +handle_info({tcp_closed, Local}, S) when S#state.local == Local -> + S1 = do_local(closed, S), + {noreply, S1}; + +handle_info({tcp, Peer, Data}, S) when S#state.peer == Peer -> + S1 = do_peer(Data, S), + {noreply, S1}; + +handle_info({tcp_error, Peer, Error}, S) when S#state.peer == Peer -> + S1 = do_peer({error, Error}, S), + {noreply, S1}; + +handle_info({tcp_closed, Peer}, S) when S#state.peer == Peer -> + S1 = do_peer(closed, S), + {noreply, S1}; + +handle_info({accept, Local}, S) -> + S1 = do_accept(Local, S), + {noreply, S1}; + +handle_info({activate, Local}, State) -> + inet:setopts(Local, [{active, true}]), + {noreply, State}; + +handle_info({release, Pos}, S) -> + {reply, _, S1} = do_release(Pos,S), + {noreply, S1}; + +handle_info(stop, State) -> + {stop, normal, State}; + +handle_info({'DOWN', _Ref, _process, LPid, Reason}, S) when S#state.lpid == LPid -> + io:format("Acceptor has finished: ~p~n", [Reason]), + {noreply, S}; + +handle_info(_Info, State) -> + io:format("Unhandled info: ~p~n", [_Info]), + {noreply, State}. + +%%-------------------------------------------------------------------- +%% @private +%% @doc +%% This function is called by a gen_server when it is about to +%% terminate. It should be the opposite of Module:init/1 and do any +%% necessary cleaning up. When it returns, the gen_server terminates +%% with Reason. The return value is ignored. +%% +%% @spec terminate(Reason, State) -> void() +%% @end +%%-------------------------------------------------------------------- +terminate(_Reason, _State) -> + ok. + +%%-------------------------------------------------------------------- +%% @private +%% @doc +%% Convert process state when code is changed +%% +%% @spec code_change(OldVsn, State, Extra) -> {ok, NewState} +%% @end +%%-------------------------------------------------------------------- +code_change(_OldVsn, State, _Extra) -> + {ok, State}. + +%%%=================================================================== +%%% Internal functions +%%%=================================================================== +do_hold(Pos, _Port, _N, _Tmo, S) when element(Pos, S) /= undefined -> + {reply, {error, ealready}, S}; +do_hold(Pos, Port, N, Tmo, S) -> + TRef = if is_integer(Tmo) andalso Tmo > 0 -> + erlang:send_after(Tmo, self(), {release, Pos}); + true -> + undefined + end, + Hold = #hold{port = Port, n = N, tmo = Tmo, tref = TRef}, + {reply, ok, setelement(Pos, S, Hold)}. + +do_release(HPos, S) when element(HPos, S) == undefined -> + {reply, {error, enoent}, S}; +do_release(HPos, S) -> + #hold{port = Port, tref = TRef, q = Q} = element(HPos, S), + lists:foreach(fun(M) -> gen_tcp:send(Port, M), erlang:yield() end, Q), + catch erlang:cancel_timer(TRef), + receive + {release, HPos} -> ok + after 0 -> + ok + end, + {reply, ok, setelement(HPos, S, undefined)}. + +listen(Parent, LSock) -> + monitor(process, Parent), + do_listen(Parent, LSock). + +do_listen(Parent, LSock) -> + %% So annoying there is no select-like sematic for this + case gen_tcp:accept(LSock, ?ACCEPT_TMO) of + {ok, Sock} -> + Parent ! {accept, Sock}, + gen_tcp:controlling_process(Sock, Parent), + Parent ! {activate, Sock}, + do_flush(Parent, Sock), + gen_tcp:close(LSock); + {error, timeout} -> + receive + DOWN when element(1, DOWN) == 'DOWN' -> + ok; + stop -> + ok + after 1 -> + do_listen(Parent, LSock) + end; + Error -> + gen_tcp:close(LSock), + exit({accept,Error}) + end. + +do_flush(Parent, Sock) -> + receive + {Tcp, Sock, _} = Msg when Tcp == tcp; Tcp == tcp_error -> + Parent ! Msg, + do_flush(Parent, Sock); + {tcp_closed, Sock} = Msg -> + Parent ! Msg, + do_flush(Parent, Sock) + after 1 -> + ok + end. + +do_accept(Local, S) -> + case gen_tcp:connect(S#state.peer_addr, S#state.peer_port, [{active, true}, binary]) of + {ok, Peer} -> + S#state{local = Local, peer = Peer}; + Error -> + exit({connect, Error}) + end. + +do_local(Data, S) when is_binary(Data) -> + TxH = S#state.tx_hold, + if TxH == undefined -> + gen_tcp:send(S#state.peer, Data), + S; + TxH#hold.n == 0 -> + lists:foreach(fun(M) -> gen_tcp:send(S#state.peer, M) end, TxH#hold.q), + gen_tcp:send(S#state.peer, Data), + catch erlang:cancel_timer(TxH#hold.tref), + TxP = #state.tx_hold, + receive + {release, TxP} -> + ok + after 0 -> + ok + end, + S#state{tx_hold = undefined}; + true -> + Q = TxH#hold.q ++ [Data], + N = if is_integer(TxH#hold.n) -> + TxH#hold.n -1; + true -> + TxH#hold.n + end, + S#state{tx_hold = TxH#hold{q = Q, n = N}} + end; +do_local(Error, _S) -> + exit({local, Error}). + +do_peer(Data, S) when is_binary(Data) -> + RxH = S#state.rx_hold, + if RxH == undefined -> + gen_tcp:send(S#state.local, Data), + S; + RxH#hold.n == 0 -> + lists:foreach(fun(M) -> gen_tcp:send(S#state.local, M) end, RxH#hold.q), + gen_tcp:send(S#state.local, Data), + catch erlang:cancel_timer(RxH#hold.tref), + RxP = #state.rx_hold, + receive + {release, RxP} -> + ok + after 0 -> + ok + end, + S#state{rx_hold = undefined}; + true -> + Q = RxH#hold.q ++ [Data], + N = if is_integer(RxH#hold.n) -> + RxH#hold.n -1; + true -> + RxH#hold.n + end, + S#state{rx_hold = RxH#hold{q = Q, n = N}} + end; +do_peer(Error, _S) -> + exit({peer, Error}). + -- cgit v1.2.3 From e4b26deed9f99b04dae1195144d9cbdbd61be515 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 19 May 2015 13:20:36 +0200 Subject: ssh: Remove erroneous option 'role' This option is set internaly but there is no reason to set it when calling a function. --- lib/ssh/src/ssh.erl | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 71e7d77475..a9d6f09e72 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -297,8 +297,6 @@ handle_option([{pwdfun, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{key_cb, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); -handle_option([{role, _} = Opt | Rest], SocketOptions, SshOptions) -> - handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{compression, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); %%Backwards compatibility -- cgit v1.2.3 From e5715f37dcfd9c21103232e699390d9736180923 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 13 May 2015 17:36:24 +0200 Subject: ssh: New option 'preferred_algorithms' This option enables the user to define which algorithms that are to be used as well as their precedences in the negotiation between server and client. --- lib/ssh/doc/src/ssh.xml | 100 ++++++++++++++++++++++- lib/ssh/src/ssh.erl | 144 ++++++++++++++++++++++++++------- lib/ssh/src/ssh_auth.erl | 66 ++++++--------- lib/ssh/src/ssh_auth.hrl | 2 +- lib/ssh/src/ssh_connection_handler.erl | 70 +++++++--------- lib/ssh/src/ssh_transport.erl | 131 ++++++++++++++++++++---------- 6 files changed, 352 insertions(+), 161 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index df13442fc6..3e7726c24d 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -35,13 +35,15 @@
SSH - + For application dependencies see ssh(6) Supported SSH version is 2.0. + Supported public key algorithms: ssh-rsa and ssh-dss. Supported MAC algorithms: hmac-sha2-256 and hmac-sha1. Supported encryption algorithms: aes128-ctr, aes128-cb and 3des-cbc. Supported key exchange algorithms: diffie-hellman-group1-sha1. + Supported compression algorithms: none, zlib, zlib@openssh.com, Supports unicode filenames if the emulator and the underlaying OS support it. See section DESCRIPTION in the file manual page in kernel @@ -79,6 +81,18 @@ ssh_channel(3)

 channel_init_args() =

list()

 + + algs_list() = +

list( alg_entry() )

 + + alg_entry() = +

{kex, simple_algs()} | {public_key, simple_algs()} | {cipher, double_algs()} | {mac, double_algs()} | {compression, double_algs()}

 + + simple_algs() = +

list( atom() )

 + + double_algs() = +

[{client2serverlist,simple_algs()},{server2client,simple_algs()}] | simple_algs()
@@ -160,19 +174,57 @@ and password. However, those optins are not always desirable to use from a security point of view.

+ + +

This option is kept for compatibility. It is ignored if the preferred_algorithms + option is used. The equivalence of {public_key_alg,'ssh-dss'} is + {preferred_algorithms, [{public_key,['ssh-dss','ssh-rsa']}]}.

+

Sets the preferred public key algorithm to use for user authentication. If the preferred algorithm fails, the other algorithm is tried. The default is to try first.

 + + +

This option is kept for compatibility. It is ignored if the preferred_algorithms + option is used. The equivalence of {pref_public_key_algs,['ssh-dss']} is + {preferred_algorithms, [{public_key,['ssh-dss']}]}.

+

List of public key algorithms to try to use. 'ssh-rsa' and 'ssh-dss' are available. Overrides

+ + + +

List of algorithms to use in the algorithm negotiation. The default algs_list() can + be obtained from default_algorithms/0. +

+

Here is an example of this option:

+ +{preferred_algorithms, + [{public_key,['ssh-rsa','ssh-dss']}, + {cipher,[{client2server,['aes128-ctr']}, + {server2client,['aes128-cbc','3des-cbc']}]}, + {mac,['hmac-sha2-256','hmac-sha1']}, + {compression,[none,zlib]} +} + +

Note that we want different algorithms in the two directions for cipher, but the same in + both directions for mac and compression. We keep the default for kex and + public_key but has given the default value explicitly for public_key

+ +

Changing the values can make a connection less secure. Do not change unless you + know exactly what you are doing. If you do not understand the values then you + are not supposed to change them

+ + +

Sets a time-out on the transport layer @@ -341,6 +393,32 @@ user. From a security perspective this option makes the server very vulnerable.

 + + + +

List of algorithms to use in the algorithm negotiation. The default algs_list() can + be obtained from default_algorithms/0. +

+

Here is an example of this option:

+ +{preferred_algorithms, + [{public_key,['ssh-rsa','ssh-dss']}, + {cipher,[{client2server,['aes128-ctr']}, + {server2client,['aes128-cbc','3des-cbc']}]}, + {mac,['hmac-sha2-256','hmac-sha1']}, + {compression,[none,zlib]} +} + +

Note that we want different algorithms in the two directions for cipher, but the same in + both directions for mac and compression. We keep the default for kex and + public_key but has given the default value explicitly for public_key

+ +

Changing the values can make a connection less secure. Do not change unless you + know exactly what you are doing. If you do not understand the values then you + are not supposed to change them

+ + + boolean()}]]>

Provides a function for password validation. This function is called @@ -445,6 +523,26 @@ + + default_algorithms() -> algs_list() + Get a list declaring the supported algorithms + +

Returns a key-value list, where the keys are the different types of algorithms and the values are the + algorithms themselves. An example:

+ +20> ssh:default_algorithms(). +[{kex,['diffie-hellman-group1-sha1']}, + {public_key,['ssh-rsa','ssh-dss']}, + {cipher,[{client2server,['aes128-ctr','aes128-cbc','3des-cbc']}, + {server2client,['aes128-ctr','aes128-cbc','3des-cbc']}]}, + {mac,[{client2server,['hmac-sha2-256','hmac-sha1']}, + {server2client,['hmac-sha2-256','hmac-sha1']}]}, + {compression,[{client2server,[none,zlib]}, + {server2client,[none,zlib]}]}] +21> + + + shell(Host) -> diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index a9d6f09e72..c3b0e3edc1 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -28,6 +28,7 @@ -export([start/0, start/1, stop/0, connect/3, connect/4, close/1, connection_info/2, channel_info/3, daemon/1, daemon/2, daemon/3, + default_algorithms/0, stop_listener/1, stop_listener/2, stop_daemon/1, stop_daemon/2, shell/1, shell/2, shell/3]). @@ -207,6 +208,11 @@ shell(Host, Port, Options) -> Error end. +%%-------------------------------------------------------------------- +%%-------------------------------------------------------------------- +default_algorithms() -> + ssh_transport:default_algorithms(). + %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- @@ -259,7 +265,7 @@ do_start_daemon(Host, Port, Options, SocketOptions) -> end. handle_options(Opts) -> - try handle_option(proplists:unfold(Opts), [], []) of + try handle_option(algs_compatibility(proplists:unfold(Opts)), [], []) of {Inet, Ssh} -> {handle_ip(Inet), Ssh} catch @@ -267,6 +273,35 @@ handle_options(Opts) -> Error end. + +algs_compatibility(Os) -> + %% Take care of old options 'public_key_alg' and 'pref_public_key_algs' + comp_pk(proplists:get_value(preferred_algorithms,Os), + proplists:get_value(pref_public_key_algs,Os), + proplists:get_value(public_key_alg, Os), + [{K,V} || {K,V} <- Os, + K =/= public_key_alg, + K =/= pref_public_key_algs] + ). + +comp_pk(undefined, undefined, undefined, Os) -> Os; +comp_pk( PrefAlgs, _, _, Os) when PrefAlgs =/= undefined -> Os; + +comp_pk(undefined, undefined, ssh_dsa, Os) -> comp_pk(undefined, undefined, 'ssh-dss', Os); +comp_pk(undefined, undefined, ssh_rsa, Os) -> comp_pk(undefined, undefined, 'ssh-rsa', Os); +comp_pk(undefined, undefined, PK, Os) -> + PKs = [PK | ssh_transport:supported_algorithms(public_key)--[PK]], + [{preferred_algorithms, [{public_key,PKs}] } | Os]; + +comp_pk(undefined, PrefPKs, _, Os) when PrefPKs =/= undefined -> + PKs = [case PK of + ssh_dsa -> 'ssh-dss'; + ssh_rsa -> 'ssh-rsa'; + _ -> PK + end || PK <- PrefPKs], + [{preferred_algorithms, [{public_key,PKs}]} | Os]. + + handle_option([], SocketOptions, SshOptions) -> {SocketOptions, SshOptions}; handle_option([{system_dir, _} = Opt | Rest], SocketOptions, SshOptions) -> @@ -279,8 +314,6 @@ handle_option([{silently_accept_hosts, _} = Opt | Rest], SocketOptions, SshOptio handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{user_interaction, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); -handle_option([{public_key_alg, _} = Opt | Rest], SocketOptions, SshOptions) -> - handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{connect_timeout, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{user, _} = Opt | Rest], SocketOptions, SshOptions) -> @@ -329,7 +362,7 @@ handle_option([{exec, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{auth_methods, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); -handle_option([{pref_public_key_algs, _} = Opt | Rest], SocketOptions, SshOptions) -> +handle_option([{preferred_algorithms,_} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{quiet_mode, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); @@ -365,19 +398,8 @@ handle_ssh_option({silently_accept_hosts, Value} = Opt) when is_boolean(Value) - Opt; handle_ssh_option({user_interaction, Value} = Opt) when is_boolean(Value) -> Opt; -handle_ssh_option({public_key_alg, ssh_dsa}) -> - {public_key_alg, 'ssh-dss'}; -handle_ssh_option({public_key_alg, ssh_rsa}) -> - {public_key_alg, 'ssh-rsa'}; -handle_ssh_option({public_key_alg, Value} = Opt) when Value == 'ssh-rsa'; Value == 'ssh-dss' -> - Opt; -handle_ssh_option({pref_public_key_algs, Value} = Opt) when is_list(Value), length(Value) >= 1 -> - case handle_pref_algs(Value, []) of - {true, NewOpts} -> - NewOpts; - _ -> - throw({error, {eoptions, Opt}}) - end; +handle_ssh_option({preferred_algorithms,[_|_]} = Opt) -> + handle_pref_algs(Opt); handle_ssh_option({connect_timeout, Value} = Opt) when is_integer(Value); Value == infinity -> Opt; handle_ssh_option({max_sessions, Value} = Opt) when is_integer(Value), Value>0 -> @@ -463,23 +485,83 @@ handle_inet_option({reuseaddr, _} = Opt) -> %% Option verified by inet handle_inet_option(Opt) -> Opt. + + %% Check preferred algs -handle_pref_algs([], Acc) -> - {true, lists:reverse(Acc)}; -handle_pref_algs([H|T], Acc) -> - case H of - ssh_dsa -> - handle_pref_algs(T, ['ssh-dss'| Acc]); - ssh_rsa -> - handle_pref_algs(T, ['ssh-rsa'| Acc]); - 'ssh-dss' -> - handle_pref_algs(T, ['ssh-dss'| Acc]); - 'ssh-rsa' -> - handle_pref_algs(T, ['ssh-rsa'| Acc]); - _ -> - false + +handle_pref_algs({preferred_algorithms,Algs}) -> + try alg_duplicates(Algs, [], []) of + [] -> + {preferred_algorithms, + [try ssh_transport:supported_algorithms(Key) + of + DefAlgs -> handle_pref_alg(Key,Vals,DefAlgs) + catch + _:_ -> throw({error, {{eoptions, {preferred_algorithms,Key}}, + "Bad preferred_algorithms key"}}) + end || {Key,Vals} <- Algs] + }; + + Dups -> + throw({error, {{eoptions, {preferred_algorithms,Dups}}, "Duplicates found"}}) + catch + _:_ -> + throw({error, {{eoptions, preferred_algorithms}, "Malformed"}}) end. +alg_duplicates([{K,V}|KVs], Ks, Dups0) -> + Dups = + case lists:member(K,Ks) of + true -> + [K|Dups0]; + false -> + Dups0 + end, + case V--lists:usort(V) of + [] -> + alg_duplicates(KVs, [K|Ks], Dups); + Ds -> + alg_duplicates(KVs, [K|Ks], Dups++Ds) + end; +alg_duplicates([], _Ks, Dups) -> + Dups. + +handle_pref_alg(Key, + Vs=[{client2server,C2Ss=[_|_]},{server2client,S2Cs=[_|_]}], + [{client2server,Sup_C2Ss},{server2client,Sup_S2Cs}] + ) -> + chk_alg_vs(Key, C2Ss, Sup_C2Ss), + chk_alg_vs(Key, S2Cs, Sup_S2Cs), + {Key, Vs}; + +handle_pref_alg(Key, + Vs=[{server2client,[_|_]},{client2server,[_|_]}], + Sup=[{client2server,_},{server2client,_}] + ) -> + handle_pref_alg(Key, lists:reverse(Vs), Sup); + +handle_pref_alg(Key, + Vs=[V|_], + Sup=[{client2server,_},{server2client,_}] + ) when is_atom(V) -> + handle_pref_alg(Key, [{client2server,Vs},{server2client,Vs}], Sup); + +handle_pref_alg(Key, + Vs=[V|_], + Sup=[S|_] + ) when is_atom(V), is_atom(S) -> + chk_alg_vs(Key, Vs, Sup), + {Key, Vs}; + +handle_pref_alg(Key, Vs, _) -> + throw({error, {{eoptions, {preferred_algorithms,[{Key,Vs}]}}, "Badly formed list"}}). + +chk_alg_vs(OptKey, Values, SupportedValues) -> + case (Values -- SupportedValues) of + [] -> Values; + Bad -> throw({error, {{eoptions, {OptKey,Bad}}, "Unsupported value(s) found"}}) + end. + handle_ip(Inet) -> %% Default to ipv4 case lists:member(inet, Inet) of true -> diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 45c4d52d7e..197808754c 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -30,7 +30,8 @@ -export([publickey_msg/1, password_msg/1, keyboard_interactive_msg/1, service_request_msg/1, init_userauth_request_msg/1, userauth_request_msg/1, handle_userauth_request/3, - handle_userauth_info_request/3, handle_userauth_info_response/2 + handle_userauth_info_request/3, handle_userauth_info_response/2, + default_public_key_algorithms/0 ]). %%-------------------------------------------------------------------- @@ -115,33 +116,16 @@ init_userauth_request_msg(#ssh{opts = Opts} = Ssh) -> service = "ssh-connection", method = "none", data = <<>>}, - case proplists:get_value(pref_public_key_algs, Opts, false) of - false -> - FirstAlg = proplists:get_value(public_key_alg, Opts, ?PREFERRED_PK_ALG), - SecondAlg = other_alg(FirstAlg), - Prefs = method_preference(FirstAlg, SecondAlg), - ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, - userauth_preference = Prefs, - userauth_methods = none, - service = "ssh-connection"}); - Algs -> - FirstAlg = lists:nth(1, Algs), - case length(Algs) =:= 2 of - true -> - SecondAlg = other_alg(FirstAlg), - Prefs = method_preference(FirstAlg, SecondAlg), - ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, - userauth_preference = Prefs, - userauth_methods = none, - service = "ssh-connection"}); - _ -> - Prefs = method_preference(FirstAlg), - ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, - userauth_preference = Prefs, - userauth_methods = none, - service = "ssh-connection"}) - end - end; + + + Algs = proplists:get_value(public_key, + proplists:get_value(preferred_algorithms, Opts, []), + default_public_key_algorithms()), + Prefs = method_preference(Algs), + ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, + userauth_preference = Prefs, + userauth_methods = none, + service = "ssh-connection"}); {error, no_user} -> ErrStr = "Could not determine the users name", throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_ILLEGAL_USER_NAME, @@ -287,20 +271,20 @@ handle_userauth_info_response(#ssh_msg_userauth_info_response{}, "keyboard-interactive", language = "en"}). + +default_public_key_algorithms() -> ?PREFERRED_PK_ALGS. + %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- -method_preference(Alg1, Alg2) -> - [{"publickey", ?MODULE, publickey_msg, [Alg1]}, - {"publickey", ?MODULE, publickey_msg,[Alg2]}, - {"password", ?MODULE, password_msg, []}, - {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []} - ]. -method_preference(Alg1) -> - [{"publickey", ?MODULE, publickey_msg, [Alg1]}, - {"password", ?MODULE, password_msg, []}, - {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []} - ]. +method_preference(Algs) -> + lists:foldr(fun(A, Acc) -> + [{"publickey", ?MODULE, publickey_msg, [A]} | Acc] + end, + [{"password", ?MODULE, password_msg, []}, + {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []} + ], + Algs). user_name(Opts) -> Env = case os:type() of @@ -418,10 +402,6 @@ keyboard_interact_fun(KbdInteractFun, Name, Instr, PromptInfos, NumPrompts) -> language = "en"}}) end. -other_alg('ssh-rsa') -> - 'ssh-dss'; -other_alg('ssh-dss') -> - 'ssh-rsa'. decode_public_key_v2(<> diff --git a/lib/ssh/src/ssh_auth.hrl b/lib/ssh/src/ssh_auth.hrl index 6cd8e6bf14..764c9f4246 100644 --- a/lib/ssh/src/ssh_auth.hrl +++ b/lib/ssh/src/ssh_auth.hrl @@ -23,7 +23,7 @@ -define(SUPPORTED_AUTH_METHODS, "publickey,keyboard-interactive,password"). --define(PREFERRED_PK_ALG, 'ssh-rsa'). +-define(PREFERRED_PK_ALGS, ['ssh-rsa','ssh-dss']). -define(SSH_MSG_USERAUTH_REQUEST, 50). -define(SSH_MSG_USERAUTH_FAILURE, 51). diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 65208ae158..ca63d2194f 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -33,7 +33,7 @@ -include("ssh_transport.hrl"). -include("ssh_auth.hrl"). -include("ssh_connect.hrl"). - +-compile(export_all). -export([start_link/3]). %% Internal application API @@ -1156,54 +1156,38 @@ init_ssh(server = Role, Vsn, Version, Options, Socket) -> supported_host_keys(client, _, Options) -> try - case extract_algs(proplists:get_value(pref_public_key_algs, Options, false), []) of - false -> - ["ssh-rsa", "ssh-dss"]; - Algs -> - Algs + case proplists:get_value(public_key, + proplists:get_value(preferred_algorithms,Options,[]) + ) of + undefined -> + ssh_auth:default_public_key_algorithms(); + L -> + L -- (L--ssh_auth:default_public_key_algorithms()) end + of + [] -> + {stop, {shutdown, "No public key algs"}}; + Algs -> + [atom_to_list(A) || A<-Algs] catch exit:Reason -> {stop, {shutdown, Reason}} end; supported_host_keys(server, KeyCb, Options) -> - lists:foldl(fun(Type, Acc) -> - case available_host_key(KeyCb, Type, Options) of - {error, _} -> - Acc; - Alg -> - [Alg | Acc] - end - end, [], - %% Prefered alg last so no need to reverse - ["ssh-dss", "ssh-rsa"]). -extract_algs(false, _) -> - false; -extract_algs([],[]) -> - false; -extract_algs([], NewList) -> - lists:reverse(NewList); -extract_algs([H|T], NewList) -> - case H of - 'ssh-dss' -> - extract_algs(T, ["ssh-dss"|NewList]); - 'ssh-rsa' -> - extract_algs(T, ["ssh-rsa"|NewList]) - end. -available_host_key(KeyCb, "ssh-dss"= Alg, Opts) -> - case KeyCb:host_key('ssh-dss', Opts) of - {ok, _} -> - Alg; - Other -> - Other - end; -available_host_key(KeyCb, "ssh-rsa" = Alg, Opts) -> - case KeyCb:host_key('ssh-rsa', Opts) of - {ok, _} -> - Alg; - Other -> - Other - end. + Algs= + [atom_to_list(A) || A <- proplists:get_value(public_key, + proplists:get_value(preferred_algorithms,Options,[]), + ssh_auth:default_public_key_algorithms() + ), + available_host_key(KeyCb, A, Options) + ], + Algs. + + +%% Alg :: atom() +available_host_key(KeyCb, Alg, Opts) -> + element(1, catch KeyCb:host_key(Alg, Opts)) == ok. + send_msg(Msg, #state{socket = Socket, transport_cb = Transport}) -> Transport:send(Socket, Msg). diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index d6414bab6c..95840c94ad 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -31,6 +31,8 @@ -export([versions/2, hello_version_msg/1]). -export([next_seqnum/1, decrypt_first_block/2, decrypt_blocks/3, + supported_algorithms/0, supported_algorithms/1, + default_algorithms/0, default_algorithms/1, is_valid_mac/3, handle_hello_version/1, key_exchange_init_msg/1, @@ -42,6 +44,68 @@ unpack/3, decompress/2, ssh_packet/2, pack/2, msg_data/1, sign/3, verify/4]). +%%%---------------------------------------------------------------------------- +%%% +%%% There is a difference between supported and default algorithms. The +%%% SUPPORTED algorithms can be handled (maybe untested...). The DEFAULT ones +%%% are announced in ssh_msg_kexinit and in ssh:default_algorithms/0 to the +%%% user. +%%% +%%% A supported algorithm can be requested in the option 'preferred_algorithms', +%%% but may give unexpected results because of being promoted to default. +%%% +%%% This makes it possible to add experimental algorithms (in supported_algorithms) +%%% and test them without letting the default users know about them. +%%% + +default_algorithms() -> [{K,default_algorithms(K)} || K <- algo_classes()]. + +algo_classes() -> [kex, public_key, cipher, mac, compression]. + +default_algorithms(compression) -> + %% Do not announce 'zlib@openssh.com' because there seem to be problems + supported_algorithms(compression, same(['zlib@openssh.com'])); +default_algorithms(Alg) -> + supported_algorithms(Alg). + + +supported_algorithms() -> [{K,supported_algorithms(K)} || K <- algo_classes()]. + +supported_algorithms(kex) -> + ['diffie-hellman-group1-sha1']; +supported_algorithms(public_key) -> + ssh_auth:default_public_key_algorithms(); +supported_algorithms(cipher) -> + Supports = crypto:supports(), + CipherAlgos = [{aes_ctr, 'aes128-ctr'}, {aes_cbc128, 'aes128-cbc'}, {des3_cbc, '3des-cbc'}], + Algs = [SshAlgo || + {CryptoAlgo, SshAlgo} <- CipherAlgos, + lists:member(CryptoAlgo, proplists:get_value(ciphers, Supports, []))], + same(Algs); +supported_algorithms(mac) -> + Supports = crypto:supports(), + HashAlgos = [{sha256, 'hmac-sha2-256'}, {sha, 'hmac-sha1'}], + Algs = [SshAlgo || + {CryptoAlgo, SshAlgo} <- HashAlgos, + lists:member(CryptoAlgo, proplists:get_value(hashs, Supports, []))], + same(Algs); +supported_algorithms(compression) -> + same(['none','zlib','zlib@openssh.com']). + + +supported_algorithms(Key, [{client2server,BL1},{server2client,BL2}]) -> + [{client2server,As1},{server2client,As2}] = supported_algorithms(Key), + [{client2server,As1--BL1},{server2client,As2--BL2}]; +supported_algorithms(Key, BlackList) -> + supported_algorithms(Key) -- BlackList. + + + + +same(Algs) -> [{client2server,Algs}, {server2client,Algs}]. + + +%%%---------------------------------------------------------------------------- versions(client, Options)-> Vsn = proplists:get_value(vsn, Options, ?DEFAULT_CLIENT_VERSION), {Vsn, format_version(Vsn, software_version(Options))}; @@ -128,62 +192,45 @@ key_exchange_init_msg(Ssh0) -> kex_init(#ssh{role = Role, opts = Opts, available_host_keys = HostKeyAlgs}) -> Random = ssh_bits:random(16), - Compression = case proplists:get_value(compression, Opts, none) of - openssh_zlib -> ["zlib@openssh.com", "none"]; - zlib -> ["zlib", "none"]; - none -> ["none", "zlib"] - end, - kexinit_messsage(Role, Random, Compression, HostKeyAlgs). + PrefAlgs = + case proplists:get_value(preferred_algorithms,Opts) of + undefined -> + default_algorithms(); + Algs0 -> + Algs0 + end, + kexinit_message(Role, Random, PrefAlgs, HostKeyAlgs). key_init(client, Ssh, Value) -> Ssh#ssh{c_keyinit = Value}; key_init(server, Ssh, Value) -> Ssh#ssh{s_keyinit = Value}. -available_ssh_algos() -> - Supports = crypto:supports(), - CipherAlgos = [{aes_ctr, "aes128-ctr"}, {aes_cbc128, "aes128-cbc"}, {des3_cbc, "3des-cbc"}], - Ciphers = [SshAlgo || - {CryptoAlgo, SshAlgo} <- CipherAlgos, - lists:member(CryptoAlgo, proplists:get_value(ciphers, Supports, []))], - HashAlgos = [{sha256, "hmac-sha2-256"}, {sha, "hmac-sha1"}], - Hashs = [SshAlgo || - {CryptoAlgo, SshAlgo} <- HashAlgos, - lists:member(CryptoAlgo, proplists:get_value(hashs, Supports, []))], - {Ciphers, Hashs}. - -kexinit_messsage(client, Random, Compression, HostKeyAlgs) -> - {CipherAlgs, HashAlgs} = available_ssh_algos(), - #ssh_msg_kexinit{ - cookie = Random, - kex_algorithms = ["diffie-hellman-group1-sha1"], - server_host_key_algorithms = HostKeyAlgs, - encryption_algorithms_client_to_server = CipherAlgs, - encryption_algorithms_server_to_client = CipherAlgs, - mac_algorithms_client_to_server = HashAlgs, - mac_algorithms_server_to_client = HashAlgs, - compression_algorithms_client_to_server = Compression, - compression_algorithms_server_to_client = Compression, - languages_client_to_server = [], - languages_server_to_client = [] - }; -kexinit_messsage(server, Random, Compression, HostKeyAlgs) -> - {CipherAlgs, HashAlgs} = available_ssh_algos(), +kexinit_message(_Role, Random, Algs, HostKeyAlgs) -> #ssh_msg_kexinit{ cookie = Random, - kex_algorithms = ["diffie-hellman-group1-sha1"], + kex_algorithms = to_strings( get_algs(kex,Algs) ), server_host_key_algorithms = HostKeyAlgs, - encryption_algorithms_client_to_server = CipherAlgs, - encryption_algorithms_server_to_client = CipherAlgs, - mac_algorithms_client_to_server = HashAlgs, - mac_algorithms_server_to_client = HashAlgs, - compression_algorithms_client_to_server = Compression, - compression_algorithms_server_to_client = Compression, + encryption_algorithms_client_to_server = c2s(cipher,Algs), + encryption_algorithms_server_to_client = s2c(cipher,Algs), + mac_algorithms_client_to_server = c2s(mac,Algs), + mac_algorithms_server_to_client = s2c(mac,Algs), + compression_algorithms_client_to_server = c2s(compression,Algs), + compression_algorithms_server_to_client = s2c(compression,Algs), languages_client_to_server = [], languages_server_to_client = [] }. +c2s(Key, Algs) -> x2y(client2server, Key, Algs). +s2c(Key, Algs) -> x2y(server2client, Key, Algs). + +x2y(DirectionKey, Key, Algs) -> to_strings(proplists:get_value(DirectionKey, get_algs(Key,Algs))). + +get_algs(Key, Algs) -> proplists:get_value(Key, Algs, default_algorithms(Key)). + +to_strings(L) -> lists:map(fun erlang:atom_to_list/1, L). + new_keys_message(Ssh0) -> {SshPacket, Ssh} = ssh_packet(#ssh_msg_newkeys{}, Ssh0), -- cgit v1.2.3 From 12f96d2a414bb44c0c5268bc18741f6bad9bbe09 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 20 May 2015 14:02:32 +0200 Subject: ssh: Undocumented option 'compression' replaced by 'preferred_algorithms' The 'compression' option was used in the test cases. The new option 'preferred_algorithms' is much more powerful and can be used as a replacement. --- lib/ssh/src/ssh.erl | 2 -- lib/ssh/src/ssh_transport.erl | 1 + lib/ssh/test/ssh_basic_SUITE.erl | 6 ++++-- lib/ssh/test/ssh_connection_SUITE.erl | 1 + lib/ssh/test/ssh_sftp_SUITE.erl | 1 + lib/ssh/test/ssh_sftpd_SUITE.erl | 1 + lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl | 1 + lib/ssh/test/ssh_to_openssh_SUITE.erl | 10 ++++++++-- lib/ssh/test/ssh_unicode_SUITE.erl | 1 + 9 files changed, 18 insertions(+), 6 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index c3b0e3edc1..57f7ae8b5e 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -330,8 +330,6 @@ handle_option([{pwdfun, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{key_cb, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); -handle_option([{compression, _} = Opt | Rest], SocketOptions, SshOptions) -> - handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); %%Backwards compatibility handle_option([{allow_user_interaction, Value} | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option({user_interaction, Value}) | SshOptions]); diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 95840c94ad..7162d18b19 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -495,6 +495,7 @@ select_algorithm(Role, Client, Server) -> decompress = Decompression, c_lng = C_Lng, s_lng = S_Lng}, +%%ct:pal("~p~n Client=~p~n Server=~p~n Alg=~p~n",[Role,Client,Server,Alg]), {ok, Alg}. select_encrypt_decrypt(client, Client, Server) -> diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index aaf0fa9905..e9002b8bfe 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -92,6 +92,7 @@ basic_tests() -> %%-------------------------------------------------------------------- init_per_suite(Config) -> + catch crypto:stop(), case catch crypto:start() of ok -> Config; @@ -289,7 +290,7 @@ exec_compressed(Config) when is_list(Config) -> UserDir = ?config(priv_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, - {compression, zlib}, + {preferred_algorithms,[{compression, [zlib]}]}, {failfun, fun ssh_test_lib:failfun/2}]), ConnectionRef = @@ -1238,7 +1239,8 @@ openssh_zlib_basic_test(Config) -> ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, {user_dir, UserDir}, {user_interaction, false}, - {compression, openssh_zlib}]), + {preferred_algorithms,[{compression, ['zlib@openssh.com']}]} + ]), ok = ssh:close(ConnectionRef), ssh:stop_daemon(Pid). diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index db51f65509..f0c337cf2f 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -65,6 +65,7 @@ ptty() -> %%-------------------------------------------------------------------- init_per_suite(Config) -> + catch crypto:stop(), case catch crypto:start() of ok -> Config; diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index cb74a27638..850b1cbf6b 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -49,6 +49,7 @@ all() -> init_per_suite(Config) -> + catch crypto:stop(), case (catch crypto:start()) of ok -> ssh:start(), diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl index 0ce8eec906..925b02a437 100644 --- a/lib/ssh/test/ssh_sftpd_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_SUITE.erl @@ -68,6 +68,7 @@ groups() -> %%-------------------------------------------------------------------- init_per_suite(Config) -> + catch crypto:stop(), case (catch crypto:start()) of ok -> DataDir = ?config(data_dir, Config), diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl index cc34cc0793..eac7575486 100644 --- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl @@ -52,6 +52,7 @@ groups() -> init_per_suite(Config) -> catch ssh:stop(), + catch crypto:stop(), case catch crypto:start() of ok -> DataDir = ?config(data_dir, Config), diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index a61fd2dd41..277e3a1b08 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -60,6 +60,7 @@ groups() -> ]. init_per_suite(Config) -> + catch crypto:stop(), case catch crypto:start() of ok -> case gen_tcp:connect("localhost", 22, []) of @@ -166,9 +167,11 @@ erlang_client_openssh_server_exec_compressed() -> [{doc, "Test that compression option works"}]. erlang_client_openssh_server_exec_compressed(Config) when is_list(Config) -> + CompressAlgs = [zlib, 'zlib@openssh.com',none], ConnectionRef = ssh_test_lib:connect(?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, {user_interaction, false}, - {compression, zlib}]), + {preferred_algorithms, + [{compression,CompressAlgs}]}]), {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), success = ssh_connection:exec(ConnectionRef, ChannelId, "echo testing", infinity), @@ -326,8 +329,11 @@ erlang_server_openssh_client_exec_compressed(Config) when is_list(Config) -> PrivDir = ?config(priv_dir, Config), KnownHosts = filename:join(PrivDir, "known_hosts"), +%% CompressAlgs = [zlib, 'zlib@openssh.com'], % Does not work + CompressAlgs = [zlib], {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {compression, zlib}, + {preferred_algorithms, + [{compression, CompressAlgs}]}, {failfun, fun ssh_test_lib:failfun/2}]), ct:sleep(500), diff --git a/lib/ssh/test/ssh_unicode_SUITE.erl b/lib/ssh/test/ssh_unicode_SUITE.erl index cc916673b3..07d51335c6 100644 --- a/lib/ssh/test/ssh_unicode_SUITE.erl +++ b/lib/ssh/test/ssh_unicode_SUITE.erl @@ -55,6 +55,7 @@ all() -> init_per_suite(Config) -> + catch crypto:stop(), case {file:native_name_encoding(), (catch crypto:start())} of {utf8, ok} -> ssh:start(), -- cgit v1.2.3 From 946425be714a72b1dec0a67966679ef7a5c3e39d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 21 May 2015 17:44:03 +0200 Subject: ssh: Algorithms test case added --- lib/ssh/doc/src/ssh.xml | 18 +++++++------ lib/ssh/test/ssh_basic_SUITE.erl | 56 +++++++++++++++++++++++++++++++++++++++- 2 files changed, 65 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 3e7726c24d..cf58806aa8 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -215,13 +215,14 @@ {compression,[none,zlib]} } -

Note that we want different algorithms in the two directions for cipher, but the same in - both directions for mac and compression. We keep the default for kex and - public_key but has given the default value explicitly for public_key

+

The example specifies different algorithms in the two directions (client2server and server2client), for cipher but specifies the same +algorithms for mac and compression in both directions. The kex (key exchange) and public key algorithms are set to their default values, +kex is implicit but public_key is set explicitly.

+

Changing the values can make a connection less secure. Do not change unless you know exactly what you are doing. If you do not understand the values then you - are not supposed to change them

+ are not supposed to change them.

 @@ -409,13 +410,14 @@ {compression,[none,zlib]} } -

Note that we want different algorithms in the two directions for cipher, but the same in - both directions for mac and compression. We keep the default for kex and - public_key but has given the default value explicitly for public_key

+

The example specifies different algorithms in the two directions (client2server and server2client), for cipher but specifies the same +algorithms for mac and compression in both directions. The kex (key exchange) and public key algorithms are set to their default values, +kex is implicit but public_key is set explicitly.

+

Changing the values can make a connection less secure. Do not change unless you know exactly what you are doing. If you do not understand the values then you - are not supposed to change them

+ are not supposed to change them.

 diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index e9002b8bfe..cff695681e 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -56,6 +56,7 @@ all() -> ssh_daemon_minimal_remote_max_packet_size_option, ssh_msg_debug_fun_option_client, ssh_msg_debug_fun_option_server, + preferred_algorithms, id_string_no_opt_client, id_string_own_string_client, id_string_random_client, @@ -1064,6 +1065,57 @@ ssh_daemon_minimal_remote_max_packet_size_option(Config) -> ssh:close(Conn), ssh:stop_daemon(Server). +%%-------------------------------------------------------------------- +%% This test try every algorithm by connecting to an Erlang server +preferred_algorithms(Config) -> + SystemDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + + {Server, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {user_passwords, [{"vego", "morot"}]}, + {failfun, fun ssh_test_lib:failfun/2}]), + Available = ssh:default_algorithms(), + Tests = [[{Tag,[Alg]}] || {Tag, SubAlgs} <- Available, + is_atom(hd(SubAlgs)), + Alg <- SubAlgs] + ++ [[{Tag,[{T1,[A1]},{T2,[A2]}]}] || {Tag, [{T1,As1},{T2,As2}]} <- Available, + A1 <- As1, + A2 <- As2], + ct:log("TESTS: ~p",[Tests]), + [connect_exec_channel(Host,Port,PrefAlgs) || PrefAlgs <- Tests], + ssh:stop_daemon(Server). + + +connect_exec_channel(_Host, Port, Algs) -> + ct:log("Try ~p",[Algs]), + ConnectionRef = ssh_test_lib:connect(Port, [{silently_accept_hosts, true}, + {user_interaction, false}, + {user, "vego"}, + {password, "morot"}, + {preferred_algorithms,Algs} + ]), + chan_exec(ConnectionRef, "2*21.", <<"42\n">>), + ssh:close(ConnectionRef). + +chan_exec(ConnectionRef, Cmnd, Expected) -> + {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), + success = ssh_connection:exec(ConnectionRef, ChannelId0,Cmnd, infinity), + Data0 = {ssh_cm, ConnectionRef, {data, ChannelId0, 0, Expected}}, + case ssh_test_lib:receive_exec_result(Data0) of + expected -> + ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId0); + {unexpected_msg,{ssh_cm, ConnectionRef, {exit_status, ChannelId0, 0}} + = ExitStatus0} -> + ct:pal("0: Collected data ~p", [ExitStatus0]), + ssh_test_lib:receive_exec_result(Data0, + ConnectionRef, ChannelId0); + Other0 -> + ct:fail(Other0) + end. + %%-------------------------------------------------------------------- id_string_no_opt_client(Config) -> {Server, _Host, Port} = fake_daemon(Config), @@ -1234,12 +1286,14 @@ openssh_zlib_basic_test(Config) -> {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, UserDir}, + {preferred_algorithms,[{compression, ['zlib@openssh.com']}]}, {failfun, fun ssh_test_lib:failfun/2}]), ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, {user_dir, UserDir}, {user_interaction, false}, - {preferred_algorithms,[{compression, ['zlib@openssh.com']}]} + {preferred_algorithms,[{compression, ['zlib@openssh.com', + none]}]} ]), ok = ssh:close(ConnectionRef), ssh:stop_daemon(Pid). -- cgit v1.2.3 From 92a9ddf4c4169c486c1b3bfe958464a90b553289 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 29 May 2015 10:15:51 +0200 Subject: ssh: handle that inet:getopts(Socket, [recbuf]) may return {ok, []} If something bad happens and the socket is closed the call inet:getopts(Socket, [recbuf]) may return {ok, []}. We want to treat this as a fatal error and terminate gracefully. The same goes for the case that inet:getopts returns {error, Reason} that was not handled either. --- lib/ssh/src/ssh_connection_handler.erl | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 0f6162db60..d4bbb0b32e 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -326,9 +326,13 @@ info(ConnectionHandler, ChannelProcess) -> hello(socket_control, #state{socket = Socket, ssh_params = Ssh} = State) -> VsnMsg = ssh_transport:hello_version_msg(string_version(Ssh)), send_msg(VsnMsg, State), - {ok, [{recbuf, Size}]} = inet:getopts(Socket, [recbuf]), - inet:setopts(Socket, [{packet, line}, {active, once}, {recbuf, ?MAX_PROTO_VERSION}]), - {next_state, hello, State#state{recbuf = Size}}; + case getopt(recbuf, Socket) of + {ok, Size} -> + inet:setopts(Socket, [{packet, line}, {active, once}, {recbuf, ?MAX_PROTO_VERSION}]), + {next_state, hello, State#state{recbuf = Size}}; + {error, Reason} -> + {stop, {shutdown, Reason}, State} + end; hello({info_line, _Line},#state{role = client, socket = Socket} = State) -> %% The server may send info lines before the version_exchange @@ -1719,3 +1723,12 @@ start_timeout(_,_, infinity) -> ok; start_timeout(Channel, From, Time) -> erlang:send_after(Time, self(), {timeout, {Channel, From}}). + +getopt(Opt, Socket) -> + case inet:getopts(Socket, [Opt]) of + {ok, [{Opt, Value}]} -> + {ok, Value}; + Other -> + {error, {unexpected_getopts_return, Other}} + end. + -- cgit v1.2.3 From 979b94a3f31697fe06f329660f2ea9e48944490a Mon Sep 17 00:00:00 2001 From: Hans Date: Tue, 26 May 2015 19:23:04 +0200 Subject: ssh: Set max num algoritms in msg_kexinit negotiation This is to prevent some dos-attac scenarios. The limit is hard-coded. --- lib/ssh/src/ssh_transport.erl | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 8669be570e..34b76f1b08 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -519,10 +519,15 @@ alg_final(SSH0) -> {ok,SSH6} = decompress_final(SSH5), SSH6. -select_all(CL, SL) -> +select_all(CL, SL) when length(CL) + length(SL) < 50 -> A = CL -- SL, %% algortihms only used by client %% algorithms used by client and server (client pref) - lists:map(fun(ALG) -> list_to_atom(ALG) end, (CL -- A)). + lists:map(fun(ALG) -> list_to_atom(ALG) end, (CL -- A)); +select_all(_CL, _SL) -> + throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Too many algorithms", + language = "en"}). + select([], []) -> none; -- cgit v1.2.3 From 59b5884dfef313c09d79f3c18063297c81fb67d5 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 8 May 2015 15:39:38 +0200 Subject: ssh: Check e and f parameters in kexdh rfc 4253 says in section 8 that: "Values of 'e' or 'f' that are not in the range [1, p-1] MUST NOT be sent or accepted by either side. If this condition is violated, the key exchange fails." This commit implements the reception check. --- lib/ssh/src/ssh_transport.erl | 50 +++++++++++++++++++++++++++++-------------- 1 file changed, 34 insertions(+), 16 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 34b76f1b08..6c0873fd9e 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -240,20 +240,30 @@ key_exchange_first_msg('diffie-hellman-group-exchange-sha1', Ssh0) -> handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) -> {G, P} = dh_group1(), - {Private, Public} = dh_gen_key(G, P, 1024), - K = ssh_math:ipow(E, Private, P), - Key = get_host_key(Ssh0), - H = kex_h(Ssh0, Key, E, Public, K), - H_SIG = sign_host_key(Ssh0, Key, H), - {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_reply{public_host_key = Key, - f = Public, - h_sig = H_SIG - }, Ssh0), - - {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}, - shared_secret = K, - exchanged_hash = H, - session_id = sid(Ssh1, H)}}. + if + 1= + {Private, Public} = dh_gen_key(G, P, 1024), + K = ssh_math:ipow(E, Private, P), + Key = get_host_key(Ssh0), + H = kex_h(Ssh0, Key, E, Public, K), + H_SIG = sign_host_key(Ssh0, Key, H), + {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_reply{public_host_key = Key, + f = Public, + h_sig = H_SIG + }, Ssh0), + + {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}, + shared_secret = K, + exchanged_hash = H, + session_id = sid(Ssh1, H)}}; + true -> + Error = {error,bad_e_from_peer}, + Disconnect = #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'f' out of bounds", + language = "en"}, + throw({Error, Disconnect}) + end. handle_kex_dh_gex_group(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0) -> {Private, Public} = dh_gen_key(G,P,1024), @@ -277,7 +287,7 @@ handle_new_keys(#ssh_msg_newkeys{}, Ssh0) -> %% %% Select algorithms handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, f = F, h_sig = H_SIG}, - #ssh{keyex_key = {{Private, Public}, {_G, P}}} = Ssh0) -> + #ssh{keyex_key = {{Private, Public}, {_G, P}}} = Ssh0) when 1= K = ssh_math:ipow(F, Private, P), H = kex_h(Ssh0, HostKey, Public, F, K), @@ -293,7 +303,15 @@ handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, f = F, description = "Key exchange failed", language = "en"}, throw({Error, Disconnect}) - end. + end; +handle_kexdh_reply(#ssh_msg_kexdh_reply{}, _SSH) -> + Error = {error,bad_f_from_peer}, + Disconnect = #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'f' out of bounds", + language = "en"}, + throw({Error, Disconnect}). + handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request{min = _Min, n = _NBits, -- cgit v1.2.3 From 2d9a5afcd801837be7637048977982bd9e1330f5 Mon Sep 17 00:00:00 2001 From: Hans Date: Wed, 27 May 2015 16:46:24 +0200 Subject: ssh: Implement keyboard_interactive on server side --- lib/ssh/src/ssh.erl | 9 ++++ lib/ssh/src/ssh_auth.erl | 80 ++++++++++++++++++++++++++++++++++ lib/ssh/src/ssh_connection_handler.erl | 19 ++++++-- 3 files changed, 104 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 71e7d77475..7ed17618e7 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -331,6 +331,8 @@ handle_option([{exec, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{auth_methods, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{auth_method_kb_interactive_data, _} = Opt | Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{pref_public_key_algs, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{quiet_mode, _} = Opt|Rest], SocketOptions, SshOptions) -> @@ -411,6 +413,13 @@ handle_ssh_option({exec, Function} = Opt) when is_function(Function) -> Opt; handle_ssh_option({auth_methods, Value} = Opt) when is_list(Value) -> Opt; +handle_ssh_option({auth_method_kb_interactive_data, {Name,Instruction,Prompt,Echo}} = Opt) when is_list(Name), + is_list(Instruction), + is_list(Prompt), + is_boolean(Echo) -> + Opt; +handle_ssh_option({auth_method_kb_interactive_data, F} = Opt) when is_function(F,3) -> + Opt; handle_ssh_option({infofun, Value} = Opt) when is_function(Value) -> Opt; handle_ssh_option({connectfun, Value} = Opt) when is_function(Value) -> diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 45c4d52d7e..9d1ab14ce9 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -257,6 +257,54 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, key_blob = KeyBlob}, Ssh)} end; +handle_userauth_request(#ssh_msg_userauth_request{user = User, + service = "ssh-connection", + method = "keyboard-interactive", + data = _}, + _, #ssh{opts = Opts} = Ssh) -> + %% RFC4256 + %% The data field contains: + %% - language tag (deprecated). If =/=[] SHOULD use it however. We skip + %% it for simplicity. + %% - submethods. "... the user can give a hint of which actual methods + %% he wants to use. ...". It's a "MAY use" so we skip + %% it. It also needs an understanding between the client + %% and the server. + %% + %% "The server MUST reply with an SSH_MSG_USERAUTH_SUCCESS, + %% SSH_MSG_USERAUTH_FAILURE, or SSH_MSG_USERAUTH_INFO_REQUEST message." + Default = {"SSH server", + "Enter password for \""++User++"\"", + "pwd: ", + false}, + + {Name, Instruction, Prompt, Echo} = + case proplists:get_value(auth_method_kb_interactive_data, Opts) of + undefined -> + Default; + {_,_,_,_}=V -> + V; + F when is_function(F) -> + {_,PeerName} = Ssh#ssh.peer, + F(PeerName, User, "ssh-connection") + end, + EchoEnc = case Echo of + true -> <>; + false -> <> + end, + Msg = #ssh_msg_userauth_info_request{name = unicode:characters_to_list(Name), + instruction = unicode:characters_to_list(Instruction), + language_tag = "", + num_prompts = 1, + data = <> + }, + {not_authorized, {User, undefined}, + ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, + opts = [{max_kb_tries,3},{kb_userauth_info_msg,Msg}|Opts] + })}; + handle_userauth_request(#ssh_msg_userauth_request{user = User, service = "ssh-connection", method = Other}, _, @@ -280,6 +328,38 @@ handle_userauth_info_request( #ssh_msg_userauth_info_response{num_responses = NumPrompts, data = Responses}, Ssh)}. +handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1, + data = <>}, + #ssh{opts = Opts0, + user = User} = Ssh) -> + NumTriesLeft = proplists:get_value(max_kb_tries, Opts0, 0) - 1, + Opts = lists:keydelete(max_kb_tries,1,Opts0), + case check_password(User, unicode:characters_to_list(Password), Opts) of + true -> + {authorized, User, + ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh)}; + false when NumTriesLeft > 0 -> + UserAuthInfoMsg = + (proplists:get_value(kb_userauth_info_msg,Opts)) + #ssh_msg_userauth_info_request{name = "", + instruction = + lists:concat( + ["Bad user or password, try again. ", + integer_to_list(NumTriesLeft), + " tries left."])}, + {not_authorized, {User, undefined}, + ssh_transport:ssh_packet(UserAuthInfoMsg, + Ssh#ssh{opts = [{max_kb_tries,NumTriesLeft}|Opts]})}; + + false -> + {not_authorized, {User, {error,"Bad user or password"}}, + ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ + authentications = "", + partial_success = false}, + Ssh#ssh{opts = lists:keydelete(kb_userauth_info_msg,1,Opts)} + )} + end; + handle_userauth_info_response(#ssh_msg_userauth_info_response{}, _Auth) -> throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 0f6162db60..3161c1f291 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -496,10 +496,21 @@ userauth(#ssh_msg_userauth_info_request{} = Msg, {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; userauth(#ssh_msg_userauth_info_response{} = Msg, - #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> - {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_info_response(Msg, Ssh0), - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; + #state{ssh_params = #ssh{role = server, + peer = {_, Address}} = Ssh0, + opts = Opts, starter = Pid} = State) -> + case ssh_auth:handle_userauth_info_response(Msg, Ssh0) of + {authorized, User, {Reply, Ssh}} -> + send_msg(Reply, State), + Pid ! ssh_connected, + connected_fun(User, Address, "keyboard-interactive", Opts), + {next_state, connected, + next_packet(State#state{auth_user = User, ssh_params = Ssh})}; + {not_authorized, {User, Reason}, {Reply, Ssh}} -> + retry_fun(User, Address, Reason, Opts), + send_msg(Reply, State), + {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} + end; userauth(#ssh_msg_userauth_success{}, #state{ssh_params = #ssh{role = client} = Ssh, starter = Pid} = State) -> -- cgit v1.2.3 From 4cb16a7ed0f0491ccf8defbeb62a9b0e96923372 Mon Sep 17 00:00:00 2001 From: Hans Date: Thu, 28 May 2015 20:58:28 +0200 Subject: ssh: Plain text message returned for invalid version exchange This is how OpenSSH does. The bytes returned will be put on the user's tty, so it is better with text than a ssh_msg_disconnect --- lib/ssh/src/ssh_connection_handler.erl | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 3161c1f291..bc652b81b8 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -335,13 +335,12 @@ hello({info_line, _Line},#state{role = client, socket = Socket} = State) -> inet:setopts(Socket, [{active, once}]), {next_state, hello, State}; -hello({info_line, _Line},#state{role = server} = State) -> - DisconnectMsg = - #ssh_msg_disconnect{code = - ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Did not receive expected protocol version exchange", - language = "en"}, - handle_disconnect(DisconnectMsg, State); +hello({info_line, _Line},#state{role = server, + socket = Socket, + transport_cb = Transport } = State) -> + %% as openssh + Transport:send(Socket, "Protocol mismatch."), + {stop, {shutdown,"Protocol mismatch in version exchange."}, State}; hello({version_exchange, Version}, #state{ssh_params = Ssh0, socket = Socket, -- cgit v1.2.3 From 3f600aa0048b6515616774f0a289a88cb66affbe Mon Sep 17 00:00:00 2001 From: Hans Date: Fri, 29 May 2015 11:40:34 +0200 Subject: ssh: update ssh version --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 40bda0c19f..9d486f8890 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,4 +1,4 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 3.2.3 +SSH_VSN = 3.2.4 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 69f114203690b84d7261b68b1893cb578536eca9 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 1 Jun 2015 12:06:48 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 579a3ae4a8..c77ee1e77a 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -29,6 +29,33 @@ notes.xml +
Ssh 3.2.4 + +
Fixed Bugs and Malfunctions + + +

+ Gracefully terminate if sockets is unexpectedly closed.

+

+ Own Id: OTP-12782

+ + +

+ Made Codenomicon Defensics test suite pass: + limit number of algorithms in kexinit + message check 'e' and 'f' parameters in + kexdh implement 'keyboard-interactive' user + authentication on server side return plain + text message to bad version exchange message +

+

+ Own Id: OTP-12784

+ + +
+ +
+
Ssh 3.2.3
Fixed Bugs and Malfunctions -- cgit v1.2.3 From d67837c4646a7a94d2f1a7dd6b871335bf618290 Mon Sep 17 00:00:00 2001 From: Henrik Nord Date: Tue, 2 Jun 2015 10:37:05 +0200 Subject: correct merge conflict --- lib/ssh/src/ssh.erl | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 10b526ba28..4a07473f74 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -360,13 +360,9 @@ handle_option([{exec, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{auth_methods, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); -<<<<<<< HEAD -handle_option([{preferred_algorithms,_} = Opt | Rest], SocketOptions, SshOptions) -> -======= handle_option([{auth_method_kb_interactive_data, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); -handle_option([{pref_public_key_algs, _} = Opt | Rest], SocketOptions, SshOptions) -> ->>>>>>> maint +handle_option([{preferred_algorithms,_} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{quiet_mode, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); -- cgit v1.2.3 From 051a662cdc5cfc2aa93d86119688c14743837a5f Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 2 Jun 2015 09:14:18 +0200 Subject: ssh: Add profile option To enable the ssh daemon to run in a virtualized environment, where there can be more that one server that has the same ip-address and port, we add a new option profile. The profile name will be used in concatenation with ip-address and port to identify the ssh daemon instance. The name profile was chosen as there is a similar concept in the HTTP client in inets where profile names can be used to instantiate client configurations. Also the same type of option has been added to the HTTP server in inets. --- lib/ssh/doc/src/ssh.xml | 13 ++ lib/ssh/src/ssh.erl | 19 +- lib/ssh/src/ssh.hrl | 1 + lib/ssh/src/ssh_acceptor.erl | 6 +- lib/ssh/src/ssh_acceptor_sup.erl | 24 ++- lib/ssh/src/ssh_system_sup.erl | 64 ++++--- lib/ssh/src/sshd_sup.erl | 27 ++- lib/ssh/test/Makefile | 1 + lib/ssh/test/ssh_sup_SUITE.erl | 192 +++++++++++++++++++++ lib/ssh/test/ssh_sup_SUITE_data/id_dsa | 13 ++ lib/ssh/test/ssh_sup_SUITE_data/id_rsa | 15 ++ lib/ssh/test/ssh_sup_SUITE_data/ssh_host_dsa_key | 13 ++ .../test/ssh_sup_SUITE_data/ssh_host_dsa_key.pub | 11 ++ lib/ssh/test/ssh_sup_SUITE_data/ssh_host_rsa_key | 16 ++ .../test/ssh_sup_SUITE_data/ssh_host_rsa_key.pub | 5 + 15 files changed, 374 insertions(+), 46 deletions(-) create mode 100644 lib/ssh/test/ssh_sup_SUITE.erl create mode 100644 lib/ssh/test/ssh_sup_SUITE_data/id_dsa create mode 100644 lib/ssh/test/ssh_sup_SUITE_data/id_rsa create mode 100644 lib/ssh/test/ssh_sup_SUITE_data/ssh_host_dsa_key create mode 100644 lib/ssh/test/ssh_sup_SUITE_data/ssh_host_dsa_key.pub create mode 100644 lib/ssh/test/ssh_sup_SUITE_data/ssh_host_rsa_key create mode 100644 lib/ssh/test/ssh_sup_SUITE_data/ssh_host_rsa_key.pub (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index cf58806aa8..b6533099c8 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -495,6 +495,19 @@ kex is implicit but public_key is set explicitly.

Can be used to customize the handling of public keys.

+ + {profile, atom()} + +

Used together with ip-address and port to + uniquely identify a ssh daemon. This can be useful in a + virtualized environment, where there can be more that one + server that has the same ip-address and + port. If this property is not explicitly set, it is + assumed that the the ip-address and port + uniquely identifies the SSH daemon. +

+ +

Allows an existing file-descriptor to be used diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 4a07473f74..48d18c05f3 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -29,7 +29,8 @@ channel_info/3, daemon/1, daemon/2, daemon/3, default_algorithms/0, - stop_listener/1, stop_listener/2, stop_daemon/1, stop_daemon/2, + stop_listener/1, stop_listener/2, stop_listener/3, + stop_daemon/1, stop_daemon/2, stop_daemon/3, shell/1, shell/2, shell/3]). %%-------------------------------------------------------------------- @@ -158,7 +159,9 @@ daemon(HostAddr, Port, Options0) -> stop_listener(SysSup) -> ssh_system_sup:stop_listener(SysSup). stop_listener(Address, Port) -> - ssh_system_sup:stop_listener(Address, Port). + stop_listener(Address, Port, ?DEFAULT_PROFILE). +stop_listener(Address, Port, Profile) -> + ssh_system_sup:stop_listener(Address, Port, Profile). %%-------------------------------------------------------------------- -spec stop_daemon(pid()) -> ok. @@ -170,8 +173,9 @@ stop_listener(Address, Port) -> stop_daemon(SysSup) -> ssh_system_sup:stop_system(SysSup). stop_daemon(Address, Port) -> - ssh_system_sup:stop_system(Address, Port). - + ssh_system_sup:stop_system(Address, Port, ?DEFAULT_PROFILE). +stop_daemon(Address, Port, Profile) -> + ssh_system_sup:stop_system(Address, Port, Profile). %%-------------------------------------------------------------------- -spec shell(string()) -> _. -spec shell(string(), proplists:proplist()) -> _. @@ -232,7 +236,8 @@ start_daemon(Host, Port, Options, Inet) -> end. do_start_daemon(Host, Port, Options, SocketOptions) -> - case ssh_system_sup:system_supervisor(Host, Port) of + Profile = proplists:get_value(profile, Options, ?DEFAULT_PROFILE), + case ssh_system_sup:system_supervisor(Host, Port, Profile) of undefined -> %% It would proably make more sense to call the %% address option host but that is a too big change at the @@ -382,6 +387,8 @@ handle_option([{minimal_remote_max_packet_size, _} = Opt|Rest], SocketOptions, S handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{id_string, _ID} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{profile, _ID} = Opt|Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, [handle_inet_option(Opt) | SocketOptions], SshOptions). @@ -476,6 +483,8 @@ handle_ssh_option({id_string, random}) -> {id_string, {random,2,5}}; %% 2 - 5 random characters handle_ssh_option({id_string, ID} = Opt) when is_list(ID) -> Opt; +handle_ssh_option({profile, Value} = Opt) when is_atom(Value) -> + Opt; handle_ssh_option(Opt) -> throw({error, {eoptions, Opt}}). diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index 0c4d34f89c..94154c8a96 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -31,6 +31,7 @@ -define(SSH_LENGHT_INDICATOR_SIZE, 4). -define(REKEY_TIMOUT, 3600000). -define(REKEY_DATA_TIMOUT, 60000). +-define(DEFAULT_PROFILE, default). -define(FALSE, 0). -define(TRUE, 1). diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index 34988f17b6..6c431af270 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -21,6 +21,8 @@ -module(ssh_acceptor). +-include("ssh.hrl"). + %% Internal application API -export([start_link/5, number_of_connections/1]). @@ -82,8 +84,10 @@ acceptor_loop(Callback, Port, Address, Opts, ListenSocket, AcceptTimeout) -> end. handle_connection(Callback, Address, Port, Options, Socket) -> - SystemSup = ssh_system_sup:system_supervisor(Address, Port), SSHopts = proplists:get_value(ssh_opts, Options, []), + Profile = proplists:get_value(profile, SSHopts, ?DEFAULT_PROFILE), + SystemSup = ssh_system_sup:system_supervisor(Address, Port, Profile), + MaxSessions = proplists:get_value(max_sessions,SSHopts,infinity), case number_of_connections(SystemSup) < MaxSessions of true -> diff --git a/lib/ssh/src/ssh_acceptor_sup.erl b/lib/ssh/src/ssh_acceptor_sup.erl index 46fdef07d0..e101ce8b39 100644 --- a/lib/ssh/src/ssh_acceptor_sup.erl +++ b/lib/ssh/src/ssh_acceptor_sup.erl @@ -26,7 +26,9 @@ -module(ssh_acceptor_sup). -behaviour(supervisor). --export([start_link/1, start_child/2, stop_child/3]). +-include("ssh.hrl"). + +-export([start_link/1, start_child/2, stop_child/4]). %% Supervisor callback -export([init/1]). @@ -45,14 +47,16 @@ start_child(AccSup, ServerOpts) -> {error, already_present} -> Address = proplists:get_value(address, ServerOpts), Port = proplists:get_value(port, ServerOpts), - stop_child(AccSup, Address, Port), + Profile = proplists:get_value(profile, + proplists:get_value(ssh_opts, ServerOpts), ?DEFAULT_PROFILE), + stop_child(AccSup, Address, Port, Profile), supervisor:start_child(AccSup, Spec); Reply -> Reply end. -stop_child(AccSup, Address, Port) -> - Name = id(Address, Port), +stop_child(AccSup, Address, Port, Profile) -> + Name = id(Address, Port, Profile), case supervisor:terminate_child(AccSup, Name) of ok -> supervisor:delete_child(AccSup, Name); @@ -77,7 +81,8 @@ child_spec(ServerOpts) -> Address = proplists:get_value(address, ServerOpts), Port = proplists:get_value(port, ServerOpts), Timeout = proplists:get_value(timeout, ServerOpts, ?DEFAULT_TIMEOUT), - Name = id(Address, Port), + Profile = proplists:get_value(profile, proplists:get_value(ssh_opts, ServerOpts), ?DEFAULT_PROFILE), + Name = id(Address, Port, Profile), SocketOpts = proplists:get_value(socket_opts, ServerOpts), StartFunc = {ssh_acceptor, start_link, [Port, Address, [{active, false}, @@ -89,6 +94,11 @@ child_spec(ServerOpts) -> Type = worker, {Name, StartFunc, Restart, Shutdown, Type, Modules}. -id(Address, Port) -> - {ssh_acceptor_sup, Address, Port}. +id(Address, Port, Profile) -> + case is_list(Address) of + true -> + {ssh_acceptor_sup, any, Port, Profile}; + false -> + {ssh_acceptor_sup, Address, Port, Profile} + end. diff --git a/lib/ssh/src/ssh_system_sup.erl b/lib/ssh/src/ssh_system_sup.erl index 660fe8bb65..acf94b4b73 100644 --- a/lib/ssh/src/ssh_system_sup.erl +++ b/lib/ssh/src/ssh_system_sup.erl @@ -28,13 +28,15 @@ -behaviour(supervisor). +-include("ssh.hrl"). + -export([start_link/1, stop_listener/1, - stop_listener/2, stop_system/1, - stop_system/2, system_supervisor/2, + stop_listener/3, stop_system/1, + stop_system/3, system_supervisor/3, subsystem_supervisor/1, channel_supervisor/1, connection_supervisor/1, - acceptor_supervisor/1, start_subsystem/2, restart_subsystem/2, - restart_acceptor/2, stop_subsystem/2]). + acceptor_supervisor/1, start_subsystem/2, restart_subsystem/3, + restart_acceptor/3, stop_subsystem/2]). %% Supervisor callback -export([init/1]). @@ -45,14 +47,15 @@ start_link(ServerOpts) -> Address = proplists:get_value(address, ServerOpts), Port = proplists:get_value(port, ServerOpts), - Name = make_name(Address, Port), + Profile = proplists:get_value(profile, proplists:get_value(ssh_opts, ServerOpts), ?DEFAULT_PROFILE), + Name = make_name(Address, Port, Profile), supervisor:start_link({local, Name}, ?MODULE, [ServerOpts]). stop_listener(SysSup) -> stop_acceptor(SysSup). -stop_listener(Address, Port) -> - Name = make_name(Address, Port), +stop_listener(Address, Port, Profile) -> + Name = make_name(Address, Port, Profile), stop_acceptor(whereis(Name)). stop_system(SysSup) -> @@ -60,12 +63,12 @@ stop_system(SysSup) -> spawn(fun() -> sshd_sup:stop_child(Name) end), ok. -stop_system(Address, Port) -> - spawn(fun() -> sshd_sup:stop_child(Address, Port) end), +stop_system(Address, Port, Profile) -> + spawn(fun() -> sshd_sup:stop_child(Address, Port, Profile) end), ok. -system_supervisor(Address, Port) -> - Name = make_name(Address, Port), +system_supervisor(Address, Port, Profile) -> + Name = make_name(Address, Port, Profile), whereis(Name). subsystem_supervisor(SystemSup) -> @@ -103,9 +106,9 @@ stop_subsystem(SystemSup, SubSys) -> end. -restart_subsystem(Address, Port) -> - SysSupName = make_name(Address, Port), - SubSysName = id(ssh_subsystem_sup, Address, Port), +restart_subsystem(Address, Port, Profile) -> + SysSupName = make_name(Address, Port, Profile), + SubSysName = id(ssh_subsystem_sup, Address, Port, Profile), case supervisor:terminate_child(SysSupName, SubSysName) of ok -> supervisor:restart_child(SysSupName, SubSysName); @@ -113,9 +116,9 @@ restart_subsystem(Address, Port) -> Error end. -restart_acceptor(Address, Port) -> - SysSupName = make_name(Address, Port), - AcceptorName = id(ssh_acceptor_sup, Address, Port), +restart_acceptor(Address, Port, Profile) -> + SysSupName = make_name(Address, Port, Profile), + AcceptorName = id(ssh_acceptor_sup, Address, Port, Profile), supervisor:restart_child(SysSupName, AcceptorName). %%%========================================================================= @@ -137,7 +140,8 @@ child_specs(ServerOpts) -> ssh_acceptor_child_spec(ServerOpts) -> Address = proplists:get_value(address, ServerOpts), Port = proplists:get_value(port, ServerOpts), - Name = id(ssh_acceptor_sup, Address, Port), + Profile = proplists:get_value(profile, proplists:get_value(ssh_opts, ServerOpts), ?DEFAULT_PROFILE), + Name = id(ssh_acceptor_sup, Address, Port, Profile), StartFunc = {ssh_acceptor_sup, start_link, [ServerOpts]}, Restart = transient, Shutdown = infinity, @@ -155,12 +159,23 @@ ssh_subsystem_child_spec(ServerOpts) -> {Name, StartFunc, Restart, Shutdown, Type, Modules}. -id(Sup, Address, Port) -> - {Sup, Address, Port}. - -make_name(Address, Port) -> - list_to_atom(lists:flatten(io_lib:format("ssh_system_~p_~p_sup", - [Address, Port]))). +id(Sup, Address, Port, Profile) -> + case is_list(Address) of + true -> + {Sup, any, Port, Profile}; + false -> + {Sup, Address, Port, Profile} + end. + +make_name(Address, Port, Profile) -> + case is_list(Address) of + true -> + list_to_atom(lists:flatten(io_lib:format("ssh_system_~p_~p_~p_sup", + [any, Port, Profile]))); + false -> + list_to_atom(lists:flatten(io_lib:format("ssh_system_~p_~p_~p_sup", + [Address, Port, Profile]))) + end. ssh_subsystem_sup([{_, Child, _, [ssh_subsystem_sup]} | _]) -> Child; @@ -178,3 +193,4 @@ stop_acceptor(Sup) -> supervisor:which_children(Sup)], supervisor:terminate_child(AcceptorSup, Name). + diff --git a/lib/ssh/src/sshd_sup.erl b/lib/ssh/src/sshd_sup.erl index 60222f5172..e879629ccb 100644 --- a/lib/ssh/src/sshd_sup.erl +++ b/lib/ssh/src/sshd_sup.erl @@ -26,8 +26,10 @@ -behaviour(supervisor). +-include("ssh.hrl"). + -export([start_link/1, start_child/1, stop_child/1, - stop_child/2, system_name/1]). + stop_child/3, system_name/1]). %% Supervisor callback -export([init/1]). @@ -40,13 +42,14 @@ start_link(Servers) -> start_child(ServerOpts) -> Address = proplists:get_value(address, ServerOpts), - Port = proplists:get_value(port, ServerOpts), - case ssh_system_sup:system_supervisor(Address, Port) of + Port = proplists:get_value(port, ServerOpts), + Profile = proplists:get_value(profile, proplists:get_value(ssh_opts, ServerOpts), ?DEFAULT_PROFILE), + case ssh_system_sup:system_supervisor(Address, Port, Profile) of undefined -> Spec = child_spec(Address, Port, ServerOpts), case supervisor:start_child(?MODULE, Spec) of {error, already_present} -> - Name = id(Address, Port), + Name = id(Address, Port, Profile), supervisor:delete_child(?MODULE, Name), supervisor:start_child(?MODULE, Spec); Reply -> @@ -60,8 +63,8 @@ start_child(ServerOpts) -> stop_child(Name) -> supervisor:terminate_child(?MODULE, Name). -stop_child(Address, Port) -> - Name = id(Address, Port), +stop_child(Address, Port, Profile) -> + Name = id(Address, Port, Profile), stop_child(Name). system_name(SysSup) -> @@ -87,7 +90,8 @@ init([Servers]) -> %%% Internal functions %%%========================================================================= child_spec(Address, Port, ServerOpts) -> - Name = id(Address, Port), + Profile = proplists:get_value(profile, proplists:get_value(ssh_opts, ServerOpts), ?DEFAULT_PROFILE), + Name = id(Address, Port,Profile), StartFunc = {ssh_system_sup, start_link, [ServerOpts]}, Restart = temporary, Shutdown = infinity, @@ -95,8 +99,13 @@ child_spec(Address, Port, ServerOpts) -> Type = supervisor, {Name, StartFunc, Restart, Shutdown, Type, Modules}. -id(Address, Port) -> - {server, ssh_system_sup, Address, Port}. +id(Address, Port, Profile) -> + case is_list(Address) of + true -> + {server, ssh_system_sup, any, Port, Profile}; + false -> + {server, ssh_system_sup, Address, Port, Profile} + end. system_name([], _ ) -> undefined; diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile index 39b2f57d26..843b1d906d 100644 --- a/lib/ssh/test/Makefile +++ b/lib/ssh/test/Makefile @@ -32,6 +32,7 @@ VSN=$(GS_VSN) MODULES= \ ssh_test_lib \ + ssh_sup_SUITE \ ssh_basic_SUITE \ ssh_to_openssh_SUITE \ ssh_sftp_SUITE \ diff --git a/lib/ssh/test/ssh_sup_SUITE.erl b/lib/ssh/test/ssh_sup_SUITE.erl new file mode 100644 index 0000000000..6e1595f9fa --- /dev/null +++ b/lib/ssh/test/ssh_sup_SUITE.erl @@ -0,0 +1,192 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2015-2015. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +%% + +-module(ssh_sup_SUITE). +-include_lib("common_test/include/ct.hrl"). +-include_lib("ssh/src/ssh.hrl"). + +%% Note: This directive should only be used in test suites. +-compile(export_all). + +-define(WAIT_FOR_SHUTDOWN, 500). +-define(USER, "Alladin"). +-define(PASSWD, "Sesame"). + +%%-------------------------------------------------------------------- +%% Common Test interface functions ----------------------------------- +%%-------------------------------------------------------------------- + +all() -> + [default_tree, sshc_subtree, sshd_subtree, sshd_subtree_profile]. + +groups() -> + []. + +init_per_group(_GroupName, Config) -> + Config. + +end_per_group(_GroupName, Config) -> + Config. + +init_per_suite(Config) -> + Port = ssh_test_lib:inet_port(node()), + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + [{userdir, UserDir},{port, Port}, {host, "localhost"}, {host_ip, any} | Config]. + +end_per_suite(_) -> + ok. + +init_per_testcase(sshc_subtree, Config) -> + ssh:start(), + SystemDir = ?config(data_dir, Config), + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {failfun, fun ssh_test_lib:failfun/2}, + {user_passwords, + [{?USER, ?PASSWD}]}]), + [{server, {Pid, Host, Port}} | Config]; +init_per_testcase(Case, Config) -> + end_per_testcase(Case, Config), + ssh:start(), + Config. +end_per_testcase(sshc_subtree, Config) -> + {Pid,_,_} = ?config(server, Config), + ssh:stop_daemon(Pid), + ssh:stop(); +end_per_testcase(_, _Config) -> + ssh:stop(). + +%%------------------------------------------------------------------------- +%% Test cases +%%------------------------------------------------------------------------- +default_tree() -> + [{doc, "Makes sure the correct processes are started and linked," + "in the default case."}]. +default_tree(Config) when is_list(Config) -> + TopSupChildren = supervisor:which_children(ssh_sup), + 2 = length(TopSupChildren), + {value, {sshc_sup, _, supervisor,[sshc_sup]}} = + lists:keysearch(sshc_sup, 1, TopSupChildren), + {value, {sshd_sup, _,supervisor,[sshd_sup]}} = + lists:keysearch(sshd_sup, 1, TopSupChildren), + [] = supervisor:which_children(sshc_sup), + [] = supervisor:which_children(sshd_sup). + +sshc_subtree() -> + [{doc, "Make sure the sshc subtree is correct"}]. +sshc_subtree(Config) when is_list(Config) -> + {_Pid, Host, Port} = ?config(server, Config), + UserDir = ?config(userdir, Config), + + [] = supervisor:which_children(sshc_sup), + {ok, Pid1} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user_interaction, false}, + {user, ?USER}, {password, ?PASSWD},{user_dir, UserDir}]), + [{_, _,supervisor,[ssh_connection_handler]}] = + supervisor:which_children(sshc_sup), + {ok, Pid2} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user_interaction, false}, + {user, ?USER}, {password, ?PASSWD}, {user_dir, UserDir}]), + [{_,_,supervisor,[ssh_connection_handler]}, + {_,_,supervisor,[ssh_connection_handler]}] = + supervisor:which_children(sshc_sup), + ssh:close(Pid1), + [{_,_,supervisor,[ssh_connection_handler]}] = + supervisor:which_children(sshc_sup), + ssh:close(Pid2), + ct:sleep(?WAIT_FOR_SHUTDOWN), + [] = supervisor:which_children(sshc_sup). + +sshd_subtree() -> + [{doc, "Make sure the sshd subtree is correct"}]. +sshd_subtree(Config) when is_list(Config) -> + HostIP = ?config(host_ip, Config), + Port = ?config(port, Config), + SystemDir = ?config(data_dir, Config), + ssh:daemon(HostIP, Port, [{system_dir, SystemDir}, + {failfun, fun ssh_test_lib:failfun/2}, + {user_passwords, + [{?USER, ?PASSWD}]}]), + [{{server,ssh_system_sup, HostIP, Port, ?DEFAULT_PROFILE}, + Daemon, supervisor, + [ssh_system_sup]}] = + supervisor:which_children(sshd_sup), + check_sshd_system_tree(Daemon, Config), + ssh:stop_daemon(HostIP, Port), + ct:sleep(?WAIT_FOR_SHUTDOWN), + [] = supervisor:which_children(sshd_sup). + +sshd_subtree_profile() -> + [{doc, "Make sure the sshd subtree using profile option is correct"}]. +sshd_subtree_profile(Config) when is_list(Config) -> + HostIP = ?config(host_ip, Config), + Port = ?config(port, Config), + Profile = ?config(profile, Config), + SystemDir = ?config(data_dir, Config), + + {ok, _} = ssh:daemon(HostIP, Port, [{system_dir, SystemDir}, + {failfun, fun ssh_test_lib:failfun/2}, + {user_passwords, + [{?USER, ?PASSWD}]}, + {profile, Profile}]), + [{{server,ssh_system_sup, HostIP,Port,Profile}, + Daemon, supervisor, + [ssh_system_sup]}] = + supervisor:which_children(sshd_sup), + check_sshd_system_tree(Daemon, Config), + ssh:stop_daemon(HostIP, Port, Profile), + ct:sleep(?WAIT_FOR_SHUTDOWN), + [] = supervisor:which_children(sshd_sup). + + +check_sshd_system_tree(Daemon, Config) -> + Host = ?config(host, Config), + Port = ?config(port, Config), + UserDir = ?config(userdir, Config), + {ok, Client} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user_interaction, false}, + {user, ?USER}, {password, ?PASSWD},{user_dir, UserDir}]), + + [{_,SubSysSup, supervisor,[ssh_subsystem_sup]}, + {{ssh_acceptor_sup,_,_,_}, AccSup, supervisor,[ssh_acceptor_sup]}] + = supervisor:which_children(Daemon), + + [{{server,ssh_connection_sup, _,_}, + ConnectionSup, supervisor, + [ssh_connection_sup]}, + {{server,ssh_channel_sup,_ ,_}, + ChannelSup,supervisor, + [ssh_channel_sup]}] = supervisor:which_children(SubSysSup), + + [{{ssh_acceptor_sup,_,_,_},_,worker,[ssh_acceptor]}] = + supervisor:which_children(AccSup), + + [{_, _, worker,[ssh_connection_handler]}] = + supervisor:which_children(ConnectionSup), + + [] = supervisor:which_children(ChannelSup), + + ssh_sftp:start_channel(Client), + + [{_, _,worker,[ssh_channel]}] = + supervisor:which_children(ChannelSup), + ssh:close(Client). + diff --git a/lib/ssh/test/ssh_sup_SUITE_data/id_dsa b/lib/ssh/test/ssh_sup_SUITE_data/id_dsa new file mode 100644 index 0000000000..d306f8b26e --- /dev/null +++ b/lib/ssh/test/ssh_sup_SUITE_data/id_dsa @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ +APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod +/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP +kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW +JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD +OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt ++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e +uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX +Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE +ZU8w8Q+H7z0j+a+70x2iAw== +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_sup_SUITE_data/id_rsa b/lib/ssh/test/ssh_sup_SUITE_data/id_rsa new file mode 100644 index 0000000000..9d7e0dd5fb --- /dev/null +++ b/lib/ssh/test/ssh_sup_SUITE_data/id_rsa @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQD1OET+3O/Bvj/dtjxDTXmj1oiJt4sIph5kGy0RfjoPrZfaS+CU +DhakCmS6t2ivxWFgtpKWaoGMZMJqWj6F6ZsumyFl3FPBtujwY/35cgifrI9Ns4Tl +zR1uuengNBmV+WRQ5cd9F2qS6Z8aDQihzt0r8JUqLcK+VQbrmNzboCCQQwIDAQAB +AoGAPQEyqPTt8JUT7mRXuaacjFXiweAXhp9NEDpyi9eLOjtFe9lElZCrsUOkq47V +TGUeRKEm9qSodfTbKPoqc8YaBJGJPhUaTAcha+7QcDdfHBvIsgxvU7ePVnlpXRp3 +CCUEMPhlnx6xBoTYP+fRU0e3+xJIPVyVCqX1jAdUMkzfRoECQQD6ux7B1QJAIWyK +SGkbDUbBilNmzCFNgIpOP6PA+bwfi5d16diTpra5AX09keQABAo/KaP1PdV8Vg0p +z4P3A7G3AkEA+l+AKG6m0kQTTBMJDqOdVPYwe+5GxunMaqmhokpEbuGsrZBl5Dvd +WpcBjR7jmenrhKZRIuA+Fz5HPo/UQJPl1QJBAKxstDkeED8j/S2XoFhPKAJ+6t39 +sUVICVTIZQeXdmzHJXCcUSkw8+WEhakqw/3SyW0oaK2FSWQJFWJUZ+8eJj8CQEh3 +xeduB5kKnS9CvzdeghZqX6QvVosSdtlUmfUYW/BgH5PpHKTP8wTaeld3XldZTpMJ +dKiMkUw2+XYROVUrubUCQD+Na1LhULlpn4ISEtIEfqpdlUhxDgO15Wg8USmsng+x +ICliVOSQtwaZjm8kwaFt0W7XnpnDxbRs37vIEbIMWak= +-----END RSA PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_sup_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_sup_SUITE_data/ssh_host_dsa_key new file mode 100644 index 0000000000..51ab6fbd88 --- /dev/null +++ b/lib/ssh/test/ssh_sup_SUITE_data/ssh_host_dsa_key @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK +wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q +diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA +l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X +skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF +Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP +ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah +/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U +ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W +Lv62jKcdskxNyz2NQoBx +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_sup_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_sup_SUITE_data/ssh_host_dsa_key.pub new file mode 100644 index 0000000000..4dbb1305b0 --- /dev/null +++ b/lib/ssh/test/ssh_sup_SUITE_data/ssh_host_dsa_key.pub @@ -0,0 +1,11 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j +YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2 +KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU +aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI +fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT +MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh +DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48 +wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2 +/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg== +---- END SSH2 PUBLIC KEY ---- diff --git a/lib/ssh/test/ssh_sup_SUITE_data/ssh_host_rsa_key b/lib/ssh/test/ssh_sup_SUITE_data/ssh_host_rsa_key new file mode 100644 index 0000000000..79968bdd7d --- /dev/null +++ b/lib/ssh/test/ssh_sup_SUITE_data/ssh_host_rsa_key @@ -0,0 +1,16 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8semM4q843337 +zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RWRWzjaxSB +6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4QIDAQAB +AoGANmvJzJO5hkLuvyDZHKfAnGTtpifcR1wtSa9DjdKUyn8vhKF0mIimnbnYQEmW +NUUb3gXCZLi9PvkpRSVRrASDOZwcjoU/Kvww163vBUVb2cOZfFhyn6o2Sk88Tt++ +udH3hdjpf9i7jTtUkUe+QYPsia+wgvvrmn4QrahLAH86+kECQQDx5gFeXTME3cnW +WMpFz3PPumduzjqgqMMWEccX4FtQkMX/gyGa5UC7OHFyh0N/gSWvPbRHa8A6YgIt +n8DO+fh5AkEAzbqX4DOn8NY6xJIi42q7l/2jIA0RkB6P7YugW5NblhqBZ0XDnpA5 +sMt+rz+K07u9XZtxgh1xi7mNfwY6lEAMqQJBAJBEauCKmRj35Z6OyeQku59SPsnY ++SJEREVvSNw2lH9SOKQQ4wPsYlTGbvKtNVZgAcen91L5MmYfeckYE/fdIZECQQCt +64zxsTnM1I8iFxj/gP/OYlJBikrKt8udWmjaghzvLMEw+T2DExJyb9ZNeT53+UMB +m6O+B/4xzU/djvp+0hbhAkAemIt+rA5kTmYlFndhpvzkSSM8a2EXsO4XIPgGWCTT +tQKS/tTly0ADMjN/TVy11+9d6zcqadNVuHXHGtR4W0GR +-----END RSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_sup_SUITE_data/ssh_host_rsa_key.pub b/lib/ssh/test/ssh_sup_SUITE_data/ssh_host_rsa_key.pub new file mode 100644 index 0000000000..75d2025c71 --- /dev/null +++ b/lib/ssh/test/ssh_sup_SUITE_data/ssh_host_rsa_key.pub @@ -0,0 +1,5 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8 +semM4q843337zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RW +RWzjaxSB6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4Q== +---- END SSH2 PUBLIC KEY ---- -- cgit v1.2.3 From 9a6662bd15c03a9607d328b5efbaf592a4205574 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Wed, 3 Jun 2015 16:46:32 +0200 Subject: ssh: Correct Makefile The ssh application does not have any external include files --- lib/ssh/src/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile index 90d71107ad..a06d8acfd4 100644 --- a/lib/ssh/src/Makefile +++ b/lib/ssh/src/Makefile @@ -75,7 +75,7 @@ MODULES= \ ssh_transport \ ssh_xfer -PUBLIC_HRL_FILES= ssh.hrl ssh_userauth.hrl ssh_xfer.hrl +HRL_FILES = ERL_FILES= \ $(MODULES:%=%.erl) \ @@ -95,7 +95,7 @@ APP_TARGET= $(EBIN)/$(APP_FILE) APPUP_SRC= $(APPUP_FILE).src APPUP_TARGET= $(EBIN)/$(APPUP_FILE) -INTERNAL_HRL_FILES = ssh_auth.hrl ssh_connect.hrl ssh_transport.hrl +INTERNAL_HRL_FILES = ssh_auth.hrl ssh_connect.hrl ssh_transport.hrl ssh.hrl ssh_userauth.hrl ssh_xfer.hrl # ---------------------------------------------------- # FLAGS @@ -140,7 +140,7 @@ release_spec: opt $(INSTALL_DATA) $(BEHAVIOUR_TARGET_FILES) $(TARGET_FILES) $(APP_TARGET) \ $(APPUP_TARGET) "$(RELSYSDIR)/ebin" $(INSTALL_DIR) "$(RELSYSDIR)/include" - $(INSTALL_DATA) $(PUBLIC_HRL_FILES) "$(RELSYSDIR)/include" + release_docs_spec: -- cgit v1.2.3 From 04653b8c66c2b8d1453b32ca28d66ef1863dbd75 Mon Sep 17 00:00:00 2001 From: Hans Date: Thu, 4 Jun 2015 13:30:58 +0200 Subject: ssh: make disconnectfun work for both server&client --- lib/ssh/doc/src/ssh.xml | 5 +++ lib/ssh/src/ssh_connection_handler.erl | 20 ++++------ lib/ssh/test/ssh_basic_SUITE.erl | 71 ++++++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+), 12 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index cf58806aa8..0516945c0e 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -175,6 +175,11 @@ to use from a security point of view.

 + _}]]> + +

Provides a fun to implement your own logging when a server disconnects the client.

+ + diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 3bdca4ba94..ab1fc93a1b 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -750,15 +750,12 @@ handle_sync_event({info, ChannelPid}, _From, StateName, {reply, {ok, Result}, StateName, State}; handle_sync_event(stop, _, _StateName, #state{connection_state = Connection0, - role = Role, - opts = Opts} = State0) -> - {disconnect, Reason, {{replies, Replies}, Connection}} = + role = Role} = State0) -> + {disconnect, _Reason, {{replies, Replies}, Connection}} = ssh_connection:handle_msg(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, description = "User closed down connection", language = "en"}, Connection0, Role), State = send_replies(Replies, State0), - SSHOpts = proplists:get_value(ssh_opts, Opts), - disconnect_fun(Reason, SSHOpts), {stop, normal, ok, State#state{connection_state = Connection}}; @@ -1275,7 +1272,6 @@ generate_event(<> = Msg, StateName, #state{ role = Role, starter = User, - opts = Opts, renegotiate = Renegotiation, connection_state = Connection0} = State0, EncData) when Byte == ?SSH_MSG_GLOBAL_REQUEST; @@ -1315,21 +1311,17 @@ generate_event(<> = Msg, StateName, User ! {self(), not_connected, Reason}, {stop, {shutdown, normal}, next_packet(State#state{connection_state = Connection})}; - {disconnect, Reason, {{replies, Replies}, Connection}} -> + {disconnect, _Reason, {{replies, Replies}, Connection}} -> State = send_replies(Replies, State1#state{connection_state = Connection}), - SSHOpts = proplists:get_value(ssh_opts, Opts), - disconnect_fun(Reason, SSHOpts), {stop, {shutdown, normal}, State#state{connection_state = Connection}} catch _:Error -> - {disconnect, Reason, {{replies, Replies}, Connection}} = + {disconnect, _Reason, {{replies, Replies}, Connection}} = ssh_connection:handle_msg( #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, description = "Internal error", language = "en"}, Connection0, Role), State = send_replies(Replies, State1#state{connection_state = Connection}), - SSHOpts = proplists:get_value(ssh_opts, Opts), - disconnect_fun(Reason, SSHOpts), {stop, {shutdown, Error}, State#state{connection_state = Connection}} end; @@ -1576,12 +1568,14 @@ handle_disconnect(#ssh_msg_disconnect{} = DisconnectMsg, State, Error) -> handle_disconnect(Type, #ssh_msg_disconnect{description = Desc} = Msg, #state{connection_state = Connection0, role = Role} = State0) -> {disconnect, _, {{replies, Replies}, Connection}} = ssh_connection:handle_msg(Msg, Connection0, Role), State = send_replies(disconnect_replies(Type, Msg, Replies), State0), + disconnect_fun(Desc, State#state.opts), {stop, {shutdown, Desc}, State#state{connection_state = Connection}}. handle_disconnect(Type, #ssh_msg_disconnect{description = Desc} = Msg, #state{connection_state = Connection0, role = Role} = State0, ErrorMsg) -> {disconnect, _, {{replies, Replies}, Connection}} = ssh_connection:handle_msg(Msg, Connection0, Role), State = send_replies(disconnect_replies(Type, Msg, Replies), State0), + disconnect_fun(Desc, State#state.opts), {stop, {shutdown, {Desc, ErrorMsg}}, State#state{connection_state = Connection}}. disconnect_replies(own, Msg, Replies) -> @@ -1700,6 +1694,8 @@ send_reply({flow_control, Cache, Channel, From, Msg}) -> send_reply({flow_control, From, Msg}) -> gen_fsm:reply(From, Msg). +disconnect_fun({disconnect,Msg}, Opts) -> + disconnect_fun(Msg, Opts); disconnect_fun(_, undefined) -> ok; disconnect_fun(Reason, Opts) -> diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index cff695681e..4b72c57cca 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -56,6 +56,8 @@ all() -> ssh_daemon_minimal_remote_max_packet_size_option, ssh_msg_debug_fun_option_client, ssh_msg_debug_fun_option_server, + disconnectfun_option_server, + disconnectfun_option_client, preferred_algorithms, id_string_no_opt_client, id_string_own_string_client, @@ -737,6 +739,75 @@ ssh_msg_debug_fun_option_server(Config) -> {fail,timeout1} end. +%%-------------------------------------------------------------------- +disconnectfun_option_server(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + DisConnFun = fun(Reason) -> Parent ! {disconnect,Reason} end, + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}, + {disconnectfun, DisConnFun}]), + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {user_interaction, false}]), + ssh:close(ConnectionRef), + receive + {disconnect,Reason} -> + ct:log("Server detected disconnect: ~p",[Reason]), + ssh:stop_daemon(Pid), + ok + after 3000 -> + receive + X -> ct:log("received ~p",[X]) + after 0 -> ok + end, + {fail,"Timeout waiting for disconnect"} + end. + +%%-------------------------------------------------------------------- +disconnectfun_option_client(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + DisConnFun = fun(Reason) -> Parent ! {disconnect,Reason} end, + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}]), + _ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {user_interaction, false}, + {disconnectfun, DisConnFun}]), + ssh:stop_daemon(Pid), + receive + {disconnect,Reason} -> + ct:log("Client detected disconnect: ~p",[Reason]), + ok + after 3000 -> + receive + X -> ct:log("received ~p",[X]) + after 0 -> ok + end, + {fail,"Timeout waiting for disconnect"} + end. + %%-------------------------------------------------------------------- known_hosts() -> [{doc, "check that known_hosts is updated correctly"}]. -- cgit v1.2.3 From def3336c4e7f1fd2210ded405263bcad293cdc25 Mon Sep 17 00:00:00 2001 From: Hans Date: Wed, 3 Jun 2015 16:43:21 +0200 Subject: ssh: timeout fixes in ssh_basic_SUITE The testcases ssh_connect_negtimeout_parallel ssh_connect_negtimeout_sequential max_sessions_sftp_start_channel_sequential max_sessions_sftp_start_channel_parallel max_sessions_ssh_connect_sequential max_sessions_ssh_connect_parallel sometimes failed on certain machines. Tried to increase timeouts and added a sleep. (Not exactly the best way of doing real time programming....) --- lib/ssh/test/ssh_basic_SUITE.erl | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index cff695681e..7eaf1b1b53 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -1199,8 +1199,9 @@ ssh_connect_negtimeout(Config, Parallel) -> {failfun, fun ssh_test_lib:failfun/2}]), {ok,Socket} = gen_tcp:connect(Host, Port, []), - ct:pal("And now sleeping 1.2*NegTimeOut (~p ms)...", [round(1.2 * NegTimeOut)]), - receive after round(1.2 * NegTimeOut) -> ok end, + Factor = 1.5, + ct:pal("And now sleeping ~p*NegTimeOut (~p ms)...", [Factor, round(Factor * NegTimeOut)]), + receive after round(Factor * NegTimeOut) -> ok end, case inet:sockname(Socket) of {ok,_} -> ct:fail("Socket not closed"); @@ -1243,8 +1244,11 @@ ssh_connect_nonegtimeout_connected(Config, Parallel) -> ct:pal("---Erlang shell start: ~p~n", [ErlShellStart]), one_shell_op(IO, NegTimeOut), one_shell_op(IO, NegTimeOut), - ct:pal("And now sleeping 1.2*NegTimeOut (~p ms)...", [round(1.2 * NegTimeOut)]), - receive after round(1.2 * NegTimeOut) -> ok end, + + Factor = 1.5, + ct:pal("And now sleeping ~p*NegTimeOut (~p ms)...", [Factor, round(Factor * NegTimeOut)]), + receive after round(Factor * NegTimeOut) -> ok end, + one_shell_op(IO, NegTimeOut) end, exit(Shell, kill). @@ -1372,6 +1376,7 @@ max_sessions(Config, ParallelLogin, Connect0) when is_function(Connect0,2) -> %% This is expected %% Now stop one connection and try to open one more ok = ssh:close(hd(Connections)), + receive after 250 -> ok end, % sleep so the supervisor has time to count down. Not nice... try Connect(Host,Port) of _ConnectionRef1 -> -- cgit v1.2.3 From 802f297763e12ee02b1669fd1fcf502aee4665b7 Mon Sep 17 00:00:00 2001 From: Hans Date: Thu, 4 Jun 2015 15:19:15 +0200 Subject: ssh: Replace ct:sleep with timer:sleep for long sleeps On two of our test machines, ct:sleep was scaled to a ridicously long time (10 x). This made the key renegotiation to trigger wich the test case was designed not to tolerate. By reducing the sleep time to the intended order of magnitude, hopfully the test cases will work. --- lib/ssh/test/ssh_basic_SUITE.erl | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 7eaf1b1b53..a35e6e691a 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -383,28 +383,28 @@ rekey_limit(Config) -> Kex1 = get_kex_init(ConnectionRef), - ct:sleep(?REKEY_DATA_TMO), + timer:sleep(?REKEY_DATA_TMO), Kex1 = get_kex_init(ConnectionRef), Data = lists:duplicate(9000,1), ok = ssh_sftp:write_file(SftpPid, DataFile, Data), - ct:sleep(?REKEY_DATA_TMO), + timer:sleep(?REKEY_DATA_TMO), Kex2 = get_kex_init(ConnectionRef), false = (Kex2 == Kex1), - ct:sleep(?REKEY_DATA_TMO), + timer:sleep(?REKEY_DATA_TMO), Kex2 = get_kex_init(ConnectionRef), ok = ssh_sftp:write_file(SftpPid, DataFile, "hi\n"), - ct:sleep(?REKEY_DATA_TMO), + timer:sleep(?REKEY_DATA_TMO), Kex2 = get_kex_init(ConnectionRef), false = (Kex2 == Kex1), - ct:sleep(?REKEY_DATA_TMO), + timer:sleep(?REKEY_DATA_TMO), Kex2 = get_kex_init(ConnectionRef), @@ -446,7 +446,7 @@ renegotiate1(Config) -> ssh_connection_handler:renegotiate(ConnectionRef), spawn(fun() -> ok=ssh_sftp:write(SftpPid, Handle, "another hi\n") end), - ct:sleep(2000), + timer:sleep(2000), Kex2 = get_kex_init(ConnectionRef), @@ -494,7 +494,7 @@ renegotiate2(Config) -> ssh_connection_handler:renegotiate(ConnectionRef), ssh_relay:release(RelayPid, rx), - ct:sleep(2000), + timer:sleep(2000), Kex2 = get_kex_init(ConnectionRef), -- cgit v1.2.3 From 5de5f9660245c5626bdbc7afc1528105d32a1d96 Mon Sep 17 00:00:00 2001 From: Hans Date: Thu, 4 Jun 2015 18:12:35 +0200 Subject: ssh: add empty password to the probing ssh_test_lib:openssh_sanity_check/1 This is to give a quick end if the test is run a maskin where it can't log in to the OpenSSH server. --- lib/ssh/test/ssh_test_lib.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 8ca05746db..d08afdfb90 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -361,7 +361,7 @@ do_inet_port(Node) -> openssh_sanity_check(Config) -> ssh:start(), - case ssh:connect("localhost", 22, []) of + case ssh:connect("localhost", 22, [{password,""}]) of {ok, Pid} -> ssh:close(Pid), ssh:stop(), -- cgit v1.2.3 From c6434424833dbf9918f9c266a18f7d154a2edc5b Mon Sep 17 00:00:00 2001 From: Hans Date: Fri, 5 Jun 2015 13:13:46 +0200 Subject: ssh: Change to ct:sleep in ssh_basic_SUITE --- lib/ssh/test/ssh_basic_SUITE.erl | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index a35e6e691a..a3186565da 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -1199,9 +1199,10 @@ ssh_connect_negtimeout(Config, Parallel) -> {failfun, fun ssh_test_lib:failfun/2}]), {ok,Socket} = gen_tcp:connect(Host, Port, []), - Factor = 1.5, + + Factor = 2, ct:pal("And now sleeping ~p*NegTimeOut (~p ms)...", [Factor, round(Factor * NegTimeOut)]), - receive after round(Factor * NegTimeOut) -> ok end, + ct:sleep(round(Factor * NegTimeOut)), case inet:sockname(Socket) of {ok,_} -> ct:fail("Socket not closed"); @@ -1245,10 +1246,10 @@ ssh_connect_nonegtimeout_connected(Config, Parallel) -> one_shell_op(IO, NegTimeOut), one_shell_op(IO, NegTimeOut), - Factor = 1.5, + Factor = 2, ct:pal("And now sleeping ~p*NegTimeOut (~p ms)...", [Factor, round(Factor * NegTimeOut)]), - receive after round(Factor * NegTimeOut) -> ok end, - + ct:sleep(round(Factor * NegTimeOut)), + one_shell_op(IO, NegTimeOut) end, exit(Shell, kill). -- cgit v1.2.3 From 834b38ff07d835d68f5ab62f78b40aa9c6341b6b Mon Sep 17 00:00:00 2001 From: Hans Date: Wed, 3 Jun 2015 15:22:46 +0200 Subject: ssh: Check that user_dir and system_dir exists and are readable --- lib/ssh/src/ssh.erl | 34 +++++++++++++++++-- lib/ssh/test/ssh_basic_SUITE.erl | 72 +++++++++++++++++++++++++++++++++++++++- 2 files changed, 102 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 4a07473f74..18951c8c89 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -24,6 +24,7 @@ -include("ssh.hrl"). -include("ssh_connect.hrl"). -include_lib("public_key/include/public_key.hrl"). +-include_lib("kernel/include/file.hrl"). -export([start/0, start/1, stop/0, connect/3, connect/4, close/1, connection_info/2, channel_info/3, @@ -389,9 +390,9 @@ handle_option([Opt | Rest], SocketOptions, SshOptions) -> handle_ssh_option({minimal_remote_max_packet_size, Value} = Opt) when is_integer(Value), Value >=0 -> Opt; handle_ssh_option({system_dir, Value} = Opt) when is_list(Value) -> - Opt; + check_dir(Opt); handle_ssh_option({user_dir, Value} = Opt) when is_list(Value) -> - Opt; + check_dir(Opt); handle_ssh_option({user_dir_fun, Value} = Opt) when is_function(Value) -> Opt; handle_ssh_option({silently_accept_hosts, Value} = Opt) when is_boolean(Value) -> @@ -581,4 +582,31 @@ handle_ip(Inet) -> %% Default to ipv4 [inet | Inet] end end. - + +check_dir({_,Dir} = Opt) -> + case directory_exist_readable(Dir) of + ok -> + Opt; + {error,Error} -> + throw({error, {eoptions,{Opt,Error}}}) + end. + +directory_exist_readable(Dir) -> + case file:read_file_info(Dir) of + {ok, #file_info{type = directory, + access = Access}} -> + case Access of + read -> ok; + read_write -> ok; + _ -> {error, eacces} + end; + + {ok, #file_info{}}-> + {error, enotdir}; + + {error, Error} -> + {error, Error} + end. + + + diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index cff695681e..4126b4beb4 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -23,6 +23,7 @@ -include_lib("common_test/include/ct.hrl"). -include_lib("kernel/include/inet.hrl"). +-include_lib("kernel/include/file.hrl"). %% Note: This directive should only be used in test suites. -compile(export_all). @@ -49,6 +50,7 @@ all() -> daemon_already_started, server_password_option, server_userpassword_option, + {group, dir_options}, double_close, ssh_connect_timeout, ssh_connect_arg4_timeout, @@ -81,7 +83,9 @@ groups() -> max_sessions_ssh_connect_sequential, max_sessions_sftp_start_channel_parallel, max_sessions_sftp_start_channel_sequential - ]} + ]}, + {dir_options, [], [user_dir_option, + system_dir_option]} ]. @@ -132,6 +136,30 @@ init_per_group(internal_error, Config) -> ssh_test_lib:setup_dsa(DataDir, PrivDir), file:delete(filename:join(PrivDir, "system/ssh_host_dsa_key")), Config; +init_per_group(dir_options, Config) -> + PrivDir = ?config(priv_dir, Config), + %% Make unreadable dir: + Dir_unreadable = filename:join(PrivDir, "unread"), + ok = file:make_dir(Dir_unreadable), + {ok,F1} = file:read_file_info(Dir_unreadable), + ok = file:write_file_info(Dir_unreadable, + F1#file_info{mode = F1#file_info.mode band (bnot 8#00444)}), + %% Make readable file: + File_readable = filename:join(PrivDir, "file"), + ok = file:write_file(File_readable, <<>>), + %% Check: + case {file:read_file_info(Dir_unreadable), + file:read_file_info(File_readable)} of + {{ok, #file_info{type=directory, access=Md}}, + {ok, #file_info{type=regular, access=Mf}}} when Md=/=read, Md=/=read_write -> + %% Save: + [{unreadable_dir, Dir_unreadable}, + {readable_file, File_readable} + | Config]; + X -> + ct:log("#file_info : ~p",[X]), + {skip, "File or dir mode settings failed"} + end; init_per_group(_, Config) -> Config. @@ -649,6 +677,48 @@ server_userpassword_option(Config) when is_list(Config) -> {user_dir, UserDir}]), ssh:stop_daemon(Pid). +%%-------------------------------------------------------------------- +system_dir_option(Config) -> + DirUnread = proplists:get_value(unreadable_dir,Config), + FileRead = proplists:get_value(readable_file,Config), + + case ssh_test_lib:daemon([{system_dir, DirUnread}]) of + {error,{eoptions,{{system_dir,DirUnread},eacces}}} -> + ok; + {Pid1,_Host1,Port1} when is_pid(Pid1),is_integer(Port1) -> + ssh:stop_daemon(Pid1), + ct:fail("Didn't detect that dir is unreadable", []) + end, + + case ssh_test_lib:daemon([{system_dir, FileRead}]) of + {error,{eoptions,{{system_dir,FileRead},enotdir}}} -> + ok; + {Pid2,_Host2,Port2} when is_pid(Pid2),is_integer(Port2) -> + ssh:stop_daemon(Pid2), + ct:fail("Didn't detect that option is a plain file", []) + end. + + +user_dir_option(Config) -> + DirUnread = proplists:get_value(unreadable_dir,Config), + FileRead = proplists:get_value(readable_file,Config), + %% Any port will do (beware, implementation knowledge!): + Port = 65535, + + case ssh:connect("localhost", Port, [{user_dir, DirUnread}]) of + {error,{eoptions,{{user_dir,DirUnread},eacces}}} -> + ok; + {error,econnrefused} -> + ct:fail("Didn't detect that dir is unreadable", []) + end, + + case ssh:connect("localhost", Port, [{user_dir, FileRead}]) of + {error,{eoptions,{{user_dir,FileRead},enotdir}}} -> + ok; + {error,econnrefused} -> + ct:fail("Didn't detect that option is a plain file", []) + end. + %%-------------------------------------------------------------------- ssh_msg_debug_fun_option_client() -> [{doc, "validate client that uses the 'ssh_msg_debug_fun' option"}]. -- cgit v1.2.3 From 2ce77297d3475448d2f969b851ddaaa6c4c2e4e2 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 8 Jun 2015 13:59:20 +0200 Subject: ssh: add missing doc for option auth_method_kb_interactive_data --- lib/ssh/doc/src/ssh.xml | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 0516945c0e..4d2d68f460 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -360,7 +360,7 @@ kex is implicit but public_key is set explicitly.

an own CLI channel. If set to no_cli, the CLI channels are disabled and only subsystem channels are allowed.

 - +

Sets the user directory. That is, the directory containing ssh configuration files for the user, such as @@ -377,6 +377,7 @@ kex is implicit but public_key is set explicitly.

. For security reasons, this directory is normally accessible only to the root user.

 +

Comma-separated string that determines which @@ -384,6 +385,19 @@ kex is implicit but public_key is set explicitly.

in what order they are tried. Defaults to

+ + +
where: +
PromptTexts = kb_int_tuple() | fun(PeerName::string(), User::string(), Service::string()) -> kb_int_tuple() +
kb_int_tuple() = {Name::string(), Instruction::string(), Prompt::string(), Echo::boolean()} + + +

Sets the text strings that the daemon sends to the client for presentation to the user when using keyboar-interactive authentication. If the fun/3 is used, it is called when the actual authentication occurs and may therefore return dynamic data like time, remote ip etc.

+

The parameter Echo guides the client about need to hide the password.

+

The default value is: + {auth_method_kb_interactive_data, {"SSH server", "Enter password for \""++User++"\"", "pwd: ", false}>

+ + -- cgit v1.2.3 From 4b624b498410033240ae93dfaa3be46ae88be64b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 8 Jun 2015 18:20:54 +0200 Subject: ssh: add test cases for disconnectfun OTP-12786 --- lib/ssh/test/ssh_basic_SUITE.erl | 70 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index a3186565da..951ebacf97 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -45,6 +45,8 @@ all() -> {group, dsa_pass_key}, {group, rsa_pass_key}, {group, internal_error}, + connectfun_disconnectfun_server, + connectfun_disconnectfun_client, {group, renegotiate}, daemon_already_started, server_password_option, @@ -691,6 +693,74 @@ ssh_msg_debug_fun_option_client(Config) -> {fail,timeout} end. +%%-------------------------------------------------------------------- +connectfun_disconnectfun_server(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + Ref = make_ref(), + ConnFun = fun(_,_,_) -> Parent ! {connect,Ref} end, + DiscFun = fun(R) -> Parent ! {disconnect,Ref,R} end, + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}, + {disconnectfun, DiscFun}, + {connectfun, ConnFun}]), + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {user_interaction, false}]), + receive + {connect,Ref} -> + ssh:close(ConnectionRef), + receive + {disconnect,Ref,R} -> + ct:log("Disconnect result: ~p",[R]), + ssh:stop_daemon(Pid) + after 2000 -> + {fail, "No disconnectfun action"} + end + after 2000 -> + {fail, "No connectfun action"} + end. + +%%-------------------------------------------------------------------- +connectfun_disconnectfun_client(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + Ref = make_ref(), + DiscFun = fun(R) -> Parent ! {disconnect,Ref,R} end, + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}]), + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {disconnectfun, DiscFun}, + {user_interaction, false}]), + ssh:stop_daemon(Pid), + receive + {disconnect,Ref,R} -> + ct:log("Disconnect result: ~p",[R]) + after 2000 -> + {fail, "No disconnectfun action"} + end. + %%-------------------------------------------------------------------- ssh_msg_debug_fun_option_server() -> [{doc, "validate client that uses the 'ssh_msg_debug_fun' option"}]. -- cgit v1.2.3 From ca4a952ab374f6cd9343c571e42605b23d51914c Mon Sep 17 00:00:00 2001 From: Hans Date: Thu, 4 Jun 2015 16:34:46 +0200 Subject: ssh: Replace erlint/1 in ssh_message.erl and ssh_auth.erl In the old times there was no binary notation which handled this particulary case, but now we can write big-signed-integer-unit:8 directly in binaries. The undocumented internal function ssh_bits:erlint/1 is removed. --- lib/ssh/src/ssh_auth.erl | 18 ++++++------------ lib/ssh/src/ssh_bits.erl | 8 ++------ lib/ssh/src/ssh_message.erl | 34 ++++++++++++++++------------------ 3 files changed, 24 insertions(+), 36 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index df9a97c8f8..4cbfe81f18 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -483,22 +483,16 @@ keyboard_interact_fun(KbdInteractFun, Name, Instr, PromptInfos, NumPrompts) -> end. decode_public_key_v2(<> + ?UINT32(Len1), E:Len1/big-signed-integer-unit:8, + ?UINT32(Len2), N:Len2/big-signed-integer-unit:8>> ,"ssh-rsa") -> - E = ssh_bits:erlint(Len1, BinE), - N = ssh_bits:erlint(Len2, BinN), {ok, #'RSAPublicKey'{publicExponent = E, modulus = N}}; decode_public_key_v2(<> + ?UINT32(Len1), P:Len1/big-signed-integer-unit:8, + ?UINT32(Len2), Q:Len2/big-signed-integer-unit:8, + ?UINT32(Len3), G:Len3/big-signed-integer-unit:8, + ?UINT32(Len4), Y:Len4/big-signed-integer-unit:8>> , "ssh-dss") -> - P = ssh_bits:erlint(Len1, BinP), - Q = ssh_bits:erlint(Len2, BinQ), - G = ssh_bits:erlint(Len3, BinG), - Y = ssh_bits:erlint(Len4, BinY), {ok, {Y, #'Dss-Parms'{p = P, q = Q, g = G}}}; decode_public_key_v2(_, _) -> diff --git a/lib/ssh/src/ssh_bits.erl b/lib/ssh/src/ssh_bits.erl index 8aaff93b9f..d5f8df6fe4 100644 --- a/lib/ssh/src/ssh_bits.erl +++ b/lib/ssh/src/ssh_bits.erl @@ -26,7 +26,7 @@ -include("ssh.hrl"). -export([encode/2]). --export([mpint/1, erlint/2, string/1, name_list/1]). +-export([mpint/1, string/1, name_list/1]). -export([random/1]). -define(name_list(X), @@ -145,11 +145,7 @@ enc(Xs, ['...'| []], _Offset) -> enc([], [],_) -> []. -erlint(Len, BinInt) -> - Sz = Len*8, - <> = BinInt, - Int. - + %% %% Create a binary with constant bytes %% diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 66e7717095..483c6cb4aa 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -421,8 +421,8 @@ decode(<>) -> decode(<>) -> decode_kex_init(Data, [Cookie, ssh_msg_kexinit], 10); -decode(<>) -> - #ssh_msg_kexdh_init{e = erlint(Len, E) +decode(<>) -> + #ssh_msg_kexdh_init{e = E }; decode(<>) -> #ssh_msg_kex_dh_gex_request{ @@ -442,11 +442,11 @@ decode(<>) -> #ssh_msg_kexdh_reply{ public_host_key = decode_host_key(Key), - f = erlint(Len1, F), + f = F, h_sig = decode_sign(Hashsign) }; @@ -514,10 +514,7 @@ decode_kex_init(<>, Acc, N) -> Names = string:tokens(unicode:characters_to_list(Data), ","), decode_kex_init(Rest, [Names | Acc], N -1). -erlint(MPIntSize, MPIntValue) -> - Bits = MPIntSize * 8, - <> = MPIntValue, - Integer. + decode_sign(<>) -> Signature. @@ -525,18 +522,19 @@ decode_sign(<>) -> decode_host_key(<>) -> decode_host_key(Alg, Rest). -decode_host_key(<<"ssh-rsa">>, <>) -> - #'RSAPublicKey'{publicExponent = erlint(Len0, E), - modulus = erlint(Len1, N)}; +decode_host_key(<<"ssh-rsa">>, <>) -> + #'RSAPublicKey'{publicExponent = E, + modulus = N}; decode_host_key(<<"ssh-dss">>, - <>) -> - {erlint(Len3, Y), #'Dss-Parms'{p = erlint(Len0, P), q = erlint(Len1, Q), - g = erlint(Len2, G)}}. + <>) -> + {Y, #'Dss-Parms'{p = P, + q = Q, + g = G}}. encode_host_key(#'RSAPublicKey'{modulus = N, publicExponent = E}) -> ssh_bits:encode(["ssh-rsa", E, N], [string, mpint, mpint]); -- cgit v1.2.3 From 1e3637220afb2269a829ea0a15b98b05f38344a8 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 8 Jun 2015 21:18:43 +0200 Subject: ssh: make server check auth_methods when rec request --- lib/ssh/src/ssh_auth.erl | 125 ++++++++++++++++++--------------- lib/ssh/src/ssh_connection_handler.erl | 35 +++++---- 2 files changed, 92 insertions(+), 68 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index df9a97c8f8..5610be5878 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -169,7 +169,8 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, service = "ssh-connection", method = "password", data = <>}, _, - #ssh{opts = Opts} = Ssh) -> + #ssh{opts = Opts, + userauth_supported_methods = Methods} = Ssh) -> Password = unicode:characters_to_list(BinPwd), case check_password(User, Password, Opts) of true -> @@ -178,7 +179,7 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, false -> {not_authorized, {User, {error,"Bad user or password"}}, ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ - authentications = "", + authentications = Methods, partial_success = false}, Ssh)} end; @@ -191,7 +192,7 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, %% ?UINT32(Sz2), NewBinPwd:Sz2/binary >> }, _, - Ssh) -> + #ssh{userauth_supported_methods = Methods} = Ssh) -> %% Password change without us having sent SSH_MSG_USERAUTH_PASSWD_CHANGEREQ (because we never do) %% RFC 4252 says: %% SSH_MSG_USERAUTH_FAILURE without partial success - The password @@ -200,7 +201,7 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, {not_authorized, {User, {error,"Password change not supported"}}, ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ - authentications = "", + authentications = Methods, partial_success = false}, Ssh)}; handle_userauth_request(#ssh_msg_userauth_request{user = User, @@ -216,7 +217,9 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, service = "ssh-connection", method = "publickey", data = Data}, - SessionId, #ssh{opts = Opts} = Ssh) -> + SessionId, + #ssh{opts = Opts, + userauth_supported_methods = Methods} = Ssh) -> <> = Data, Alg = binary_to_list(BAlg), @@ -231,7 +234,7 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, false -> {not_authorized, {User, undefined}, ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ - authentications="publickey,password", + authentications = Methods, partial_success = false}, Ssh)} end; ?FALSE -> @@ -245,49 +248,59 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, service = "ssh-connection", method = "keyboard-interactive", data = _}, - _, #ssh{opts = Opts} = Ssh) -> - %% RFC4256 - %% The data field contains: - %% - language tag (deprecated). If =/=[] SHOULD use it however. We skip - %% it for simplicity. - %% - submethods. "... the user can give a hint of which actual methods - %% he wants to use. ...". It's a "MAY use" so we skip - %% it. It also needs an understanding between the client - %% and the server. - %% - %% "The server MUST reply with an SSH_MSG_USERAUTH_SUCCESS, - %% SSH_MSG_USERAUTH_FAILURE, or SSH_MSG_USERAUTH_INFO_REQUEST message." - Default = {"SSH server", - "Enter password for \""++User++"\"", - "pwd: ", - false}, - - {Name, Instruction, Prompt, Echo} = - case proplists:get_value(auth_method_kb_interactive_data, Opts) of - undefined -> - Default; - {_,_,_,_}=V -> - V; - F when is_function(F) -> - {_,PeerName} = Ssh#ssh.peer, - F(PeerName, User, "ssh-connection") - end, - EchoEnc = case Echo of - true -> <>; - false -> <> - end, - Msg = #ssh_msg_userauth_info_request{name = unicode:characters_to_list(Name), - instruction = unicode:characters_to_list(Instruction), - language_tag = "", - num_prompts = 1, - data = <> - }, - {not_authorized, {User, undefined}, - ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, - opts = [{max_kb_tries,3},{kb_userauth_info_msg,Msg}|Opts] - })}; + _, #ssh{opts = Opts, + userauth_supported_methods = Methods} = Ssh) -> + case proplists:get_value(max_kb_tries, Opts, 0) of + N when N<1 -> + {not_authorized, {User, {authmethod, "keyboard-interactive"}}, + ssh_transport:ssh_packet( + #ssh_msg_userauth_failure{authentications = Methods, + partial_success = false}, Ssh)}; + + _ -> + %% RFC4256 + %% The data field contains: + %% - language tag (deprecated). If =/=[] SHOULD use it however. We skip + %% it for simplicity. + %% - submethods. "... the user can give a hint of which actual methods + %% he wants to use. ...". It's a "MAY use" so we skip + %% it. It also needs an understanding between the client + %% and the server. + %% + %% "The server MUST reply with an SSH_MSG_USERAUTH_SUCCESS, + %% SSH_MSG_USERAUTH_FAILURE, or SSH_MSG_USERAUTH_INFO_REQUEST message." + Default = {"SSH server", + "Enter password for \""++User++"\"", + "pwd: ", + false}, + + {Name, Instruction, Prompt, Echo} = + case proplists:get_value(auth_method_kb_interactive_data, Opts) of + undefined -> + Default; + {_,_,_,_}=V -> + V; + F when is_function(F) -> + {_,PeerName} = Ssh#ssh.peer, + F(PeerName, User, "ssh-connection") + end, + EchoEnc = case Echo of + true -> <>; + false -> <> + end, + Msg = #ssh_msg_userauth_info_request{name = unicode:characters_to_list(Name), + instruction = unicode:characters_to_list(Instruction), + language_tag = "", + num_prompts = 1, + data = <> + }, + {not_authorized, {User, undefined}, + ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, + opts = [{kb_userauth_info_msg,Msg}|Opts] + })} + end; handle_userauth_request(#ssh_msg_userauth_request{user = User, service = "ssh-connection", @@ -315,7 +328,8 @@ handle_userauth_info_request( handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1, data = <>}, #ssh{opts = Opts0, - user = User} = Ssh) -> + user = User, + userauth_supported_methods = Methods} = Ssh) -> NumTriesLeft = proplists:get_value(max_kb_tries, Opts0, 0) - 1, Opts = lists:keydelete(max_kb_tries,1,Opts0), case check_password(User, unicode:characters_to_list(Password), Opts) of @@ -327,10 +341,11 @@ handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1, (proplists:get_value(kb_userauth_info_msg,Opts)) #ssh_msg_userauth_info_request{name = "", instruction = - lists:concat( - ["Bad user or password, try again. ", - integer_to_list(NumTriesLeft), - " tries left."])}, + lists:concat( + ["Bad user or password, try again. ", + integer_to_list(NumTriesLeft), + " tries left."]) + }, {not_authorized, {User, undefined}, ssh_transport:ssh_packet(UserAuthInfoMsg, Ssh#ssh{opts = [{max_kb_tries,NumTriesLeft}|Opts]})}; @@ -338,7 +353,7 @@ handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1, false -> {not_authorized, {User, {error,"Bad user or password"}}, ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ - authentications = "", + authentications = Methods, partial_success = false}, Ssh#ssh{opts = lists:keydelete(kb_userauth_info_msg,1,Opts)} )} diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index ab1fc93a1b..9bd49c5c05 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -483,17 +483,22 @@ userauth(#ssh_msg_userauth_request{service = "ssh-connection", service = "ssh-connection", peer = {_, Address}} = Ssh0, opts = Opts, starter = Pid} = State) -> - case ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of - {authorized, User, {Reply, Ssh}} -> - send_msg(Reply, State), - Pid ! ssh_connected, - connected_fun(User, Address, Method, Opts), - {next_state, connected, - next_packet(State#state{auth_user = User, ssh_params = Ssh})}; - {not_authorized, {User, Reason}, {Reply, Ssh}} -> - retry_fun(User, Address, Reason, Opts), - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} + case lists:member(Method, Ssh0#ssh.userauth_methods) of + true -> + case ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of + {authorized, User, {Reply, Ssh}} -> + send_msg(Reply, State), + Pid ! ssh_connected, + connected_fun(User, Address, Method, Opts), + {next_state, connected, + next_packet(State#state{auth_user = User, ssh_params = Ssh})}; + {not_authorized, {User, Reason}, {Reply, Ssh}} -> + retry_fun(User, Address, Reason, Opts), + send_msg(Reply, State), + {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} + end; + false -> + userauth(Msg#ssh_msg_userauth_request{method="none"}, State) end; userauth(#ssh_msg_userauth_info_request{} = Msg, @@ -1148,9 +1153,9 @@ init_ssh(client = Role, Vsn, Version, Options, Socket) -> }; init_ssh(server = Role, Vsn, Version, Options, Socket) -> - AuthMethods = proplists:get_value(auth_methods, Options, ?SUPPORTED_AUTH_METHODS), + AuthMethodsAsList = string:tokens(AuthMethods, ","), {ok, PeerAddr} = inet:peername(Socket), KeyCb = proplists:get_value(key_cb, Options, ssh_file), @@ -1159,8 +1164,12 @@ init_ssh(server = Role, Vsn, Version, Options, Socket) -> s_version = Version, key_cb = KeyCb, io_cb = proplists:get_value(io_cb, Options, ssh_io), - opts = Options, + opts = case lists:member("keyboard-interactive",AuthMethodsAsList) of + true -> [{max_kb_tries,3}|Options]; + false -> Options + end, userauth_supported_methods = AuthMethods, + userauth_methods = AuthMethodsAsList, peer = {undefined, PeerAddr}, available_host_keys = supported_host_keys(Role, KeyCb, Options) }. -- cgit v1.2.3 From dc3b2ec3a2e89d48c9fb3329c756107cfb7442c2 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 8 Jun 2015 21:43:23 +0200 Subject: ssh save keybard-interactive data in #ssh{} --- lib/ssh/src/ssh.hrl | 6 ++++-- lib/ssh/src/ssh_auth.erl | 36 +++++++++++++++++++--------------- lib/ssh/src/ssh_connection_handler.erl | 6 ++---- 3 files changed, 26 insertions(+), 22 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index 94154c8a96..a02c87505d 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -128,8 +128,10 @@ user, service, userauth_quiet_mode, % boolean() - userauth_supported_methods , % - userauth_methods, + userauth_supported_methods, % string() eg "keyboard-interactive,password" + userauth_methods, % list( string() ) eg ["keyboard-interactive", "password"] + kb_tries_left = 0, % integer(), num tries left for "keyboard-interactive" + kb_data, userauth_preference, available_host_keys, authenticated = false diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 5610be5878..585bf89539 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -249,8 +249,10 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, method = "keyboard-interactive", data = _}, _, #ssh{opts = Opts, + kb_tries_left = KbTriesLeft, userauth_supported_methods = Methods} = Ssh) -> - case proplists:get_value(max_kb_tries, Opts, 0) of +io:format('KbTriesLeft ~p~n',[KbTriesLeft]), + case KbTriesLeft of N when N<1 -> {not_authorized, {User, {authmethod, "keyboard-interactive"}}, ssh_transport:ssh_packet( @@ -298,7 +300,7 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, }, {not_authorized, {User, undefined}, ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, - opts = [{kb_userauth_info_msg,Msg}|Opts] + kb_data = Msg })} end; @@ -327,35 +329,37 @@ handle_userauth_info_request( handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1, data = <>}, - #ssh{opts = Opts0, + #ssh{opts = Opts, + kb_tries_left = KbTriesLeft0, + kb_data = InfoMsg, user = User, userauth_supported_methods = Methods} = Ssh) -> - NumTriesLeft = proplists:get_value(max_kb_tries, Opts0, 0) - 1, - Opts = lists:keydelete(max_kb_tries,1,Opts0), + KbTriesLeft = KbTriesLeft0 - 1, case check_password(User, unicode:characters_to_list(Password), Opts) of true -> {authorized, User, ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh)}; - false when NumTriesLeft > 0 -> + false when KbTriesLeft > 0 -> UserAuthInfoMsg = - (proplists:get_value(kb_userauth_info_msg,Opts)) - #ssh_msg_userauth_info_request{name = "", - instruction = - lists:concat( - ["Bad user or password, try again. ", - integer_to_list(NumTriesLeft), - " tries left."]) - }, + InfoMsg#ssh_msg_userauth_info_request{ + name = "", + instruction = + lists:concat( + ["Bad user or password, try again. ", + integer_to_list(KbTriesLeft), + " tries left."]) + }, {not_authorized, {User, undefined}, ssh_transport:ssh_packet(UserAuthInfoMsg, - Ssh#ssh{opts = [{max_kb_tries,NumTriesLeft}|Opts]})}; + Ssh#ssh{kb_tries_left = KbTriesLeft})}; false -> {not_authorized, {User, {error,"Bad user or password"}}, ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ authentications = Methods, partial_success = false}, - Ssh#ssh{opts = lists:keydelete(kb_userauth_info_msg,1,Opts)} + Ssh#ssh{kb_data = undefined, + kb_tries_left = 0} )} end; diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 9bd49c5c05..d8bf66d2a8 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1164,12 +1164,10 @@ init_ssh(server = Role, Vsn, Version, Options, Socket) -> s_version = Version, key_cb = KeyCb, io_cb = proplists:get_value(io_cb, Options, ssh_io), - opts = case lists:member("keyboard-interactive",AuthMethodsAsList) of - true -> [{max_kb_tries,3}|Options]; - false -> Options - end, + opts = Options, userauth_supported_methods = AuthMethods, userauth_methods = AuthMethodsAsList, + kb_tries_left = 3, peer = {undefined, PeerAddr}, available_host_keys = supported_host_keys(Role, KeyCb, Options) }. -- cgit v1.2.3 From 71bb9332da98cb97034413d342f4722331e7ee84 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 9 Jun 2015 14:57:08 +0200 Subject: ssh: change pwd->password for keyboard-interactive --- lib/ssh/src/ssh_auth.erl | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 585bf89539..58faee062e 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -251,7 +251,6 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, _, #ssh{opts = Opts, kb_tries_left = KbTriesLeft, userauth_supported_methods = Methods} = Ssh) -> -io:format('KbTriesLeft ~p~n',[KbTriesLeft]), case KbTriesLeft of N when N<1 -> {not_authorized, {User, {authmethod, "keyboard-interactive"}}, @@ -273,7 +272,7 @@ io:format('KbTriesLeft ~p~n',[KbTriesLeft]), %% SSH_MSG_USERAUTH_FAILURE, or SSH_MSG_USERAUTH_INFO_REQUEST message." Default = {"SSH server", "Enter password for \""++User++"\"", - "pwd: ", + "password: ", false}, {Name, Instruction, Prompt, Echo} = -- cgit v1.2.3 From 3cb23ddc6bea946a729630def0f76d06a37ec63d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 9 Jun 2015 15:02:35 +0200 Subject: ssh: doc change for keyboard-interaction, pwd->password --- lib/ssh/doc/src/ssh.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 5edd790400..878dcb33d0 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -388,14 +388,14 @@ kex is implicit but public_key is set explicitly.


where: -
PromptTexts = kb_int_tuple() | fun(PeerName::string(), User::string(), Service::string()) -> kb_int_tuple() +
PromptTexts = kb_int_tuple() | fun(Peer::{IP::tuple(),Port::integer()}, User::string(), Service::string()) -> kb_int_tuple()
kb_int_tuple() = {Name::string(), Instruction::string(), Prompt::string(), Echo::boolean()}

Sets the text strings that the daemon sends to the client for presentation to the user when using keyboar-interactive authentication. If the fun/3 is used, it is called when the actual authentication occurs and may therefore return dynamic data like time, remote ip etc.

The parameter Echo guides the client about need to hide the password.

The default value is: - {auth_method_kb_interactive_data, {"SSH server", "Enter password for \""++User++"\"", "pwd: ", false}>

+ {auth_method_kb_interactive_data, {"SSH server", "Enter password for \""++User++"\"", "password: ", false}>

 Date: Wed, 3 Jun 2015 12:17:22 +0200 Subject: ssh: Upgrade test suite This suite tests that upgrade/downgrade works from/to both minor and major versions. It is modelled after the ssl_upgrade_SUITE. A precondition for success is that the ssh.appup file is correct. --- lib/ssh/test/Makefile | 1 + lib/ssh/test/ssh_upgrade_SUITE.erl | 206 +++++++++++++++++++++ lib/ssh/test/ssh_upgrade_SUITE_data/id_dsa | 13 ++ lib/ssh/test/ssh_upgrade_SUITE_data/id_rsa | 15 ++ lib/ssh/test/ssh_upgrade_SUITE_data/known_hosts | 1 + .../test/ssh_upgrade_SUITE_data/ssh_host_dsa_key | 13 ++ .../ssh_upgrade_SUITE_data/ssh_host_dsa_key.pub | 11 ++ .../test/ssh_upgrade_SUITE_data/ssh_host_rsa_key | 16 ++ .../ssh_upgrade_SUITE_data/ssh_host_rsa_key.pub | 5 + 9 files changed, 281 insertions(+) create mode 100644 lib/ssh/test/ssh_upgrade_SUITE.erl create mode 100644 lib/ssh/test/ssh_upgrade_SUITE_data/id_dsa create mode 100644 lib/ssh/test/ssh_upgrade_SUITE_data/id_rsa create mode 100644 lib/ssh/test/ssh_upgrade_SUITE_data/known_hosts create mode 100644 lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_dsa_key create mode 100644 lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_dsa_key.pub create mode 100644 lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_rsa_key create mode 100644 lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_rsa_key.pub (limited to 'lib/ssh') diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile index 843b1d906d..50efc33f98 100644 --- a/lib/ssh/test/Makefile +++ b/lib/ssh/test/Makefile @@ -38,6 +38,7 @@ MODULES= \ ssh_sftp_SUITE \ ssh_sftpd_SUITE \ ssh_sftpd_erlclient_SUITE \ + ssh_upgrade_SUITE \ ssh_connection_SUITE \ ssh_echo_server \ ssh_peername_sockname_server \ diff --git a/lib/ssh/test/ssh_upgrade_SUITE.erl b/lib/ssh/test/ssh_upgrade_SUITE.erl new file mode 100644 index 0000000000..861c7ab3dd --- /dev/null +++ b/lib/ssh/test/ssh_upgrade_SUITE.erl @@ -0,0 +1,206 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2014-2015. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/.2 +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +-module(ssh_upgrade_SUITE). + +%% Note: This directive should only be used in test suites. +-compile(export_all). + +-include_lib("common_test/include/ct.hrl"). + +-record(state, { + config, + root_dir, + server, + client, + connection, + soft + }). + + +%%%================================================================ +%%% +%%% CommonTest callbacks +%%% +all() -> + [ + minor_upgrade, + major_upgrade + ]. + +init_per_suite(Config0) -> + catch crypto:stop(), + try {crypto:start(), erlang:system_info({wordsize, internal}) == + erlang:system_info({wordsize, external})} of + {ok, true} -> + case ct_release_test:init(Config0) of + {skip, Reason} -> + {skip, Reason}; + Config -> + ssh:start(), + Config + end; + {ok, false} -> + {skip, "Test server will not handle halfwordemulator correctly. Skip as halfwordemulator is deprecated"} + catch _:_ -> + {skip, "Crypto did not start"} + end. + +end_per_suite(Config) -> + ct_release_test:cleanup(Config), + ssh:stop(), + crypto:stop(), + UserDir = ?config(priv_dir, Config), + ssh_test_lib:clean_rsa(UserDir). + +init_per_testcase(_TestCase, Config) -> + Config. +end_per_testcase(_TestCase, Config) -> + Config. + +%%%================================================================ +%%% +%%% Test cases +%%% +major_upgrade(Config) when is_list(Config) -> + ct_release_test:upgrade(ssh, major,{?MODULE, #state{config = Config}}, Config). + +minor_upgrade(Config) when is_list(Config) -> + ct_release_test:upgrade(ssh, minor,{?MODULE, #state{config = Config}}, Config). + +%%%================================================================ +%%% +%%% ct_release_test callbacks +%%% + +%%%---------------------------------------------------------------- +%%% Initialyze system before upgrade test starts. +%%% Called by ct_release_test:upgrade/4 +upgrade_init(CTData, State) -> + {ok, AppUp={_, _, Up, _Down}} = ct_release_test:get_appup(CTData, ssh), + ct:pal("AppUp: ~p", [AppUp]), + ct:pal("Up: ~p", [Up]), + case Soft = is_soft(Up) of + %% It is symmetrical, if upgrade is soft so is downgrade + true -> + setup_server_client(State#state{soft = Soft}); + false -> + State#state{soft = Soft} + end. + +%%%---------------------------------------------------------------- +%%% Check that upgrade was successful +%%% Called by ct_release_test:upgrade/4 +upgrade_upgraded(_, #state{soft=false} = State) -> + test_hard(State, "upgrade"); + +upgrade_upgraded(_, State) -> + test_soft(State, "upgrade1"). + +%%%---------------------------------------------------------------- +%%% Check that downgrade was successful. +%%% Called by ct_release_test:upgrade/4 +upgrade_downgraded(_, #state{soft=false} = State) -> + test_hard(State, "downgrade"); + +upgrade_downgraded(_, #state{soft=true} = State) -> + test_soft(State, "downgrade1"). + +%%%================================================================ +%%% +%%% Private functions +%%% + +is_soft([{restart_application, ssh}]) -> + false; +is_soft(_) -> + true. + + +test_hard(State0, FileName) -> + ct:pal("test_hard State0=~p, FileName=~p",[State0, FileName]), + State = setup_server_client(State0), + test_connection(FileName, random_contents(), State). + +test_soft(State0, FileName) -> + ct:pal("test_soft State0=~p, FileName=~p",[State0, FileName]), + State = test_connection(FileName, random_contents(), State0), + setup_server_client( close(State) ). + + +setup_server_client(#state{config=Config} = State) -> + DataDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + + FtpRootDir = filename:join(PrivDir, "ftp_root"), + catch file:make_dir(FtpRootDir), + + SFTP = ssh_sftpd:subsystem_spec([{root,FtpRootDir},{cwd,FtpRootDir}]), + + {Server,Host,Port} = ssh_test_lib:daemon([{system_dir,DataDir}, + {user_passwords,[{"hej","hopp"}]}, + {subsystems,[SFTP]}]), + + {ok, ChannelPid, Connection} = + ssh_sftp:start_channel(Host, Port, [{user_interaction,false}, + {silently_accept_hosts,true}, + {user_dir,DataDir}, + {user,"hej"}, + {password,"hopp"}]), + State#state{server = Server, + client = ChannelPid, + connection = Connection}. + + +test_connection(FileName, FileContents, + #state{client = ChannelPid, + root_dir = FtpRootDir} = State) -> + ct:pal("test_connection Writing with ssh_sftp:write_file",[]), + case ssh_sftp:write_file(ChannelPid, FileName, FileContents) of + ok -> + case ssh_sftp:read_file(ChannelPid, FileName) of + {ok,FileContents} -> + State; + {ok,Unexpected} -> + ct:fail("Expected ~p but got ~p from sftp:read_file(~p,..) in RootDir ~p", + [FileContents,Unexpected,FileName,FtpRootDir] + ); + Other -> + ct:fail("ssh_sftp:read_file(~p,~p) -> ~p~n" + "ssh_sftp:list_dir(~p,\".\") -> ~p", + [ChannelPid,FileName,Other, + ChannelPid, catch ssh_sftp:list_dir(ChannelPid, ".")]) + end; + + Other -> + ct:fail("ssh_sftp:write_file(~p,~p,~p) -> ~p",[ChannelPid,FileName,FileContents,Other]) + end. + + +close(#state{server = Server, + connection = Connection} = State) -> + ssh:close(Connection), + ssh:stop_daemon(Server), + State#state{server = undefined, + client = undefined, + connection = undefined}. + + +random_contents() -> list_to_binary( random_chars(3) ). + +random_chars(N) -> [crypto:rand_uniform($a,$z) || _<-lists:duplicate(N,x)]. diff --git a/lib/ssh/test/ssh_upgrade_SUITE_data/id_dsa b/lib/ssh/test/ssh_upgrade_SUITE_data/id_dsa new file mode 100644 index 0000000000..d306f8b26e --- /dev/null +++ b/lib/ssh/test/ssh_upgrade_SUITE_data/id_dsa @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ +APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod +/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP +kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW +JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD +OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt ++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e +uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX +Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE +ZU8w8Q+H7z0j+a+70x2iAw== +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_upgrade_SUITE_data/id_rsa b/lib/ssh/test/ssh_upgrade_SUITE_data/id_rsa new file mode 100644 index 0000000000..9d7e0dd5fb --- /dev/null +++ b/lib/ssh/test/ssh_upgrade_SUITE_data/id_rsa @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQD1OET+3O/Bvj/dtjxDTXmj1oiJt4sIph5kGy0RfjoPrZfaS+CU +DhakCmS6t2ivxWFgtpKWaoGMZMJqWj6F6ZsumyFl3FPBtujwY/35cgifrI9Ns4Tl +zR1uuengNBmV+WRQ5cd9F2qS6Z8aDQihzt0r8JUqLcK+VQbrmNzboCCQQwIDAQAB +AoGAPQEyqPTt8JUT7mRXuaacjFXiweAXhp9NEDpyi9eLOjtFe9lElZCrsUOkq47V +TGUeRKEm9qSodfTbKPoqc8YaBJGJPhUaTAcha+7QcDdfHBvIsgxvU7ePVnlpXRp3 +CCUEMPhlnx6xBoTYP+fRU0e3+xJIPVyVCqX1jAdUMkzfRoECQQD6ux7B1QJAIWyK +SGkbDUbBilNmzCFNgIpOP6PA+bwfi5d16diTpra5AX09keQABAo/KaP1PdV8Vg0p +z4P3A7G3AkEA+l+AKG6m0kQTTBMJDqOdVPYwe+5GxunMaqmhokpEbuGsrZBl5Dvd +WpcBjR7jmenrhKZRIuA+Fz5HPo/UQJPl1QJBAKxstDkeED8j/S2XoFhPKAJ+6t39 +sUVICVTIZQeXdmzHJXCcUSkw8+WEhakqw/3SyW0oaK2FSWQJFWJUZ+8eJj8CQEh3 +xeduB5kKnS9CvzdeghZqX6QvVosSdtlUmfUYW/BgH5PpHKTP8wTaeld3XldZTpMJ +dKiMkUw2+XYROVUrubUCQD+Na1LhULlpn4ISEtIEfqpdlUhxDgO15Wg8USmsng+x +ICliVOSQtwaZjm8kwaFt0W7XnpnDxbRs37vIEbIMWak= +-----END RSA PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_upgrade_SUITE_data/known_hosts b/lib/ssh/test/ssh_upgrade_SUITE_data/known_hosts new file mode 100644 index 0000000000..8b13789179 --- /dev/null +++ b/lib/ssh/test/ssh_upgrade_SUITE_data/known_hosts @@ -0,0 +1 @@ + diff --git a/lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_dsa_key new file mode 100644 index 0000000000..51ab6fbd88 --- /dev/null +++ b/lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_dsa_key @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK +wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q +diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA +l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X +skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF +Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP +ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah +/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U +ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W +Lv62jKcdskxNyz2NQoBx +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_dsa_key.pub new file mode 100644 index 0000000000..4dbb1305b0 --- /dev/null +++ b/lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_dsa_key.pub @@ -0,0 +1,11 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j +YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2 +KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU +aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI +fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT +MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh +DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48 +wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2 +/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg== +---- END SSH2 PUBLIC KEY ---- diff --git a/lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_rsa_key b/lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_rsa_key new file mode 100644 index 0000000000..79968bdd7d --- /dev/null +++ b/lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_rsa_key @@ -0,0 +1,16 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8semM4q843337 +zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RWRWzjaxSB +6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4QIDAQAB +AoGANmvJzJO5hkLuvyDZHKfAnGTtpifcR1wtSa9DjdKUyn8vhKF0mIimnbnYQEmW +NUUb3gXCZLi9PvkpRSVRrASDOZwcjoU/Kvww163vBUVb2cOZfFhyn6o2Sk88Tt++ +udH3hdjpf9i7jTtUkUe+QYPsia+wgvvrmn4QrahLAH86+kECQQDx5gFeXTME3cnW +WMpFz3PPumduzjqgqMMWEccX4FtQkMX/gyGa5UC7OHFyh0N/gSWvPbRHa8A6YgIt +n8DO+fh5AkEAzbqX4DOn8NY6xJIi42q7l/2jIA0RkB6P7YugW5NblhqBZ0XDnpA5 +sMt+rz+K07u9XZtxgh1xi7mNfwY6lEAMqQJBAJBEauCKmRj35Z6OyeQku59SPsnY ++SJEREVvSNw2lH9SOKQQ4wPsYlTGbvKtNVZgAcen91L5MmYfeckYE/fdIZECQQCt +64zxsTnM1I8iFxj/gP/OYlJBikrKt8udWmjaghzvLMEw+T2DExJyb9ZNeT53+UMB +m6O+B/4xzU/djvp+0hbhAkAemIt+rA5kTmYlFndhpvzkSSM8a2EXsO4XIPgGWCTT +tQKS/tTly0ADMjN/TVy11+9d6zcqadNVuHXHGtR4W0GR +-----END RSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_rsa_key.pub b/lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_rsa_key.pub new file mode 100644 index 0000000000..75d2025c71 --- /dev/null +++ b/lib/ssh/test/ssh_upgrade_SUITE_data/ssh_host_rsa_key.pub @@ -0,0 +1,5 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8 +semM4q843337zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RW +RWzjaxSB6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4Q== +---- END SSH2 PUBLIC KEY ---- -- cgit v1.2.3 From 5ad46d56c097ef17b77ef4532b7eb264e005fde1 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 9 Jun 2015 16:31:01 +0200 Subject: ssh: Option unexpectedfun for ssh:daemon and ssh:connect This option has a fun as value. The fun will be called when an unexpected message arrives. The fun returns either 'skip' or 'report' to guide the connection_handler what to do. One usage is to filter out messages that are not wanted in the error logger as info reports. An example of such a message is the 'etimedout' tcp error message that will be received if a connection has keep_alive and the peer is restarted. --- lib/ssh/doc/src/ssh.xml | 16 +++++++ lib/ssh/src/ssh.erl | 6 ++- lib/ssh/src/ssh_connection_handler.erl | 50 ++++++++++++++++---- lib/ssh/test/ssh_basic_SUITE.erl | 84 ++++++++++++++++++++++++++++++++++ 4 files changed, 146 insertions(+), 10 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 5402d91e03..b39ca0852c 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -180,6 +180,14 @@

Provides a fun to implement your own logging when a server disconnects the client.

 + report | skip }]]> + +

Provides a fun to implement your own logging or other action when an unexpected message arrives. + If the fun returns report the usual info report is issued but if skip is returned no + report is generated.

+

Peer is in the format of {Host,Port}.

+ + @@ -532,6 +540,14 @@ kex is implicit but public_key is set explicitly.

Provides a fun to implement your own logging when a user disconnects from the server.

 + report | skip }]]> + +

Provides a fun to implement your own logging or other action when an unexpected message arrives. + If the fun returns report the usual info report is issued but if skip is returned no + report is generated.

+

Peer is in the format of {Host,Port}.

+ + _}]]>

Provide a fun to implement your own logging of the SSH message SSH_MSG_DEBUG. The last three parameters are from the message, see RFC4253, section 11.3. The ConnectionRef is the reference to the connection on which the message arrived. The return value from the fun is not checked.

diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 826c585d65..86c042781c 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -345,6 +345,8 @@ handle_option([{connectfun, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{disconnectfun, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{unexpectedfun, _} = Opt | Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{failfun, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{ssh_msg_debug_fun, _} = Opt | Rest], SocketOptions, SshOptions) -> @@ -450,7 +452,9 @@ handle_ssh_option({infofun, Value} = Opt) when is_function(Value) -> Opt; handle_ssh_option({connectfun, Value} = Opt) when is_function(Value) -> Opt; -handle_ssh_option({disconnectfun , Value} = Opt) when is_function(Value) -> +handle_ssh_option({disconnectfun, Value} = Opt) when is_function(Value) -> + Opt; +handle_ssh_option({unexpectedfun, Value} = Opt) when is_function(Value,2) -> Opt; handle_ssh_option({failfun, Value} = Opt) when is_function(Value) -> Opt; diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index ab1fc93a1b..e303f02922 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -984,15 +984,38 @@ handle_info({check_cache, _ , _}, #connection{channel_cache = Cache}} = State) -> {next_state, StateName, check_cache(State, Cache)}; -handle_info(UnexpectedMessage, StateName, #state{ssh_params = SshParams} = State) -> - Msg = lists:flatten(io_lib:format( - "Unexpected message '~p' received in state '~p'\n" - "Role: ~p\n" - "Peer: ~p\n" - "Local Address: ~p\n", [UnexpectedMessage, StateName, - SshParams#ssh.role, SshParams#ssh.peer, - proplists:get_value(address, SshParams#ssh.opts)])), - error_logger:info_report(Msg), +handle_info(UnexpectedMessage, StateName, #state{opts = Opts, + ssh_params = SshParams} = State) -> + case unexpected_fun(UnexpectedMessage, Opts, SshParams) of + report -> + Msg = lists:flatten( + io_lib:format( + "Unexpected message '~p' received in state '~p'\n" + "Role: ~p\n" + "Peer: ~p\n" + "Local Address: ~p\n", [UnexpectedMessage, StateName, + SshParams#ssh.role, SshParams#ssh.peer, + proplists:get_value(address, SshParams#ssh.opts)])), + error_logger:info_report(Msg); + + skip -> + ok; + + Other -> + Msg = lists:flatten( + io_lib:format("Call to fun in 'unexpectedfun' failed:~n" + "Return: ~p\n" + "Message: ~p\n" + "Role: ~p\n" + "Peer: ~p\n" + "Local Address: ~p\n", [Other, UnexpectedMessage, + SshParams#ssh.role, + element(2,SshParams#ssh.peer), + proplists:get_value(address, SshParams#ssh.opts)] + )), + + error_logger:error_report(Msg) + end, {next_state, StateName, State}. %%-------------------------------------------------------------------- @@ -1706,6 +1729,15 @@ disconnect_fun(Reason, Opts) -> catch Fun(Reason) end. +unexpected_fun(UnexpectedMessage, Opts, #ssh{peer={_,Peer}}) -> + case proplists:get_value(unexpectedfun, Opts) of + undefined -> + report; + Fun -> + catch Fun(UnexpectedMessage, Peer) + end. + + check_cache(#state{opts = Opts} = State, Cache) -> %% Check the number of entries in Cache case proplists:get_value(size, ets:info(Cache)) of diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index f737c436c8..b3a837f40f 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -60,6 +60,8 @@ all() -> ssh_msg_debug_fun_option_server, disconnectfun_option_server, disconnectfun_option_client, + unexpectedfun_option_server, + unexpectedfun_option_client, preferred_algorithms, id_string_no_opt_client, id_string_own_string_client, @@ -878,6 +880,88 @@ disconnectfun_option_client(Config) -> {fail,"Timeout waiting for disconnect"} end. +%%-------------------------------------------------------------------- +unexpectedfun_option_server(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + ConnFun = fun(_,_,_) -> Parent ! {connection_pid,self()} end, + UnexpFun = fun(Msg,Peer) -> + Parent ! {unexpected,Msg,Peer,self()}, + skip + end, + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}, + {connectfun, ConnFun}, + {unexpectedfun, UnexpFun}]), + _ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {user_interaction, false}]), + receive + {connection_pid,Server} -> + %% Beware, implementation knowledge: + Server ! unexpected_message, + receive + {unexpected, unexpected_message, {{_,_,_,_},_}, _} -> ok; + {unexpected, unexpected_message, Peer, _} -> ct:fail("Bad peer ~p",[Peer]); + M = {unexpected, _, _, _} -> ct:fail("Bad msg ~p",[M]) + after 3000 -> + ssh:stop_daemon(Pid), + {fail,timeout2} + end + after 3000 -> + ssh:stop_daemon(Pid), + {fail,timeout1} + end. + +%%-------------------------------------------------------------------- +unexpectedfun_option_client(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + UnexpFun = fun(Msg,Peer) -> + Parent ! {unexpected,Msg,Peer,self()}, + skip + end, + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}]), + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {user_interaction, false}, + {unexpectedfun, UnexpFun}]), + %% Beware, implementation knowledge: + ConnectionRef ! unexpected_message, + + receive + {unexpected, unexpected_message, {{_,_,_,_},_}, ConnectionRef} -> + ok; + {unexpected, unexpected_message, Peer, ConnectionRef} -> + ct:fail("Bad peer ~p",[Peer]); + M = {unexpected, _, _, _} -> + ct:fail("Bad msg ~p",[M]) + after 3000 -> + ssh:stop_daemon(Pid), + {fail,timeout} + end. + %%-------------------------------------------------------------------- known_hosts() -> [{doc, "check that known_hosts is updated correctly"}]. -- cgit v1.2.3 From 9ba9728528f309933fd95aa92f748682dd5204f2 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 9 Jun 2015 18:19:12 +0200 Subject: ssh: add test case + corr for ssh_info:print/1 Conflicts: lib/ssh/test/ssh_basic_SUITE.erl --- lib/ssh/src/ssh_info.erl | 9 ++--- lib/ssh/test/ssh_basic_SUITE.erl | 76 ++++++++++++++++++++++++++++++++++++++-- 2 files changed, 78 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl index 9c79d773a7..fc8f564bc3 100644 --- a/lib/ssh/src/ssh_info.erl +++ b/lib/ssh/src/ssh_info.erl @@ -79,7 +79,7 @@ print_clients(D) -> print_client(D, {undefined,Pid,supervisor,[ssh_connection_handler]}) -> {{Local,Remote},_Str} = ssh_connection_handler:get_print_info(Pid), - io:format(D, " Local=~s Remote=~s~n",[fmt_host_port(Local),fmt_host_port(Remote)]); + io:format(D, " Local=~s Remote=~s ConnectionRef=~p~n",[fmt_host_port(Local),fmt_host_port(Remote),Pid]); print_client(D, Other) -> io:format(D, " [[Other 1: ~p]]~n",[Other]). @@ -134,10 +134,11 @@ walk_sups(D, StartPid) -> io:format(D, "Start at ~p, ~s.~n",[StartPid,dead_or_alive(StartPid)]), walk_sups(D, children(StartPid), _Indent=?inc(0)). -walk_sups(D, [H={_,Pid,SupOrWorker,_}|T], Indent) -> +walk_sups(D, [H={_,Pid,_,_}|T], Indent) -> indent(D, Indent), io:format(D, '~200p ~p is ~s~n',[H,Pid,dead_or_alive(Pid)]), - case SupOrWorker of - supervisor -> walk_sups(D, children(Pid), ?inc(Indent)); + case H of + {_,_,supervisor,[ssh_connection_handler]} -> ok; + {_,Pid,supervisor,_} -> walk_sups(D, children(Pid), ?inc(Indent)); _ -> ok end, walk_sups(D, T, Indent); diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 873e9a42b1..2ff6aac3b6 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -71,7 +71,8 @@ all() -> id_string_no_opt_server, id_string_own_string_server, id_string_random_server, - {group, hardening_tests} + {group, hardening_tests}, + ssh_info_print ]. groups() -> @@ -157,7 +158,8 @@ init_per_group(dir_options, Config) -> case {file:read_file_info(Dir_unreadable), file:read_file_info(File_readable)} of {{ok, #file_info{type=directory, access=Md}}, - {ok, #file_info{type=regular, access=Mf}}} when Md=/=read, Md=/=read_write -> + {ok, #file_info{type=regular, access=Mf}}} when Md=/=read, Md=/=read_write, + Mf=/=read, Mf=/=read_write -> %% Save: [{unreadable_dir, Dir_unreadable}, {readable_file, File_readable} @@ -820,7 +822,7 @@ connectfun_disconnectfun_client(Config) -> {user_dir, UserDir}, {password, "morot"}, {failfun, fun ssh_test_lib:failfun/2}]), - ConnectionRef = + _ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, {user, "foo"}, {password, "morot"}, @@ -1694,6 +1696,74 @@ max_sessions(Config, ParallelLogin, Connect0) when is_function(Connect0,2) -> {fail,"Too few connections accepted"} end. +%%-------------------------------------------------------------------- +ssh_info_print(Config) -> + %% Just check that ssh_print:info() crashes + PrivDir = ?config(priv_dir, Config), + PrintFile = filename:join(PrivDir,info), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + UnexpFun = fun(Msg,_Peer) -> + Parent ! {unexpected,Msg,self()}, + skip + end, + ConnFun = fun(_,_,_) -> Parent ! {connect,self()} end, + + {DaemonRef, Host, Port} = + ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {unexpectedfun, UnexpFun}, + {connectfun, ConnFun}, + {failfun, fun ssh_test_lib:failfun/2}]), + ClientConnRef1 = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {unexpectedfun, UnexpFun}, + {user_interaction, false}]), + ClientConnRef2 = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {unexpectedfun, UnexpFun}, + {user_interaction, false}]), + receive + {connect,DaemonConnRef} -> + ct:log("DaemonRef=~p, DaemonConnRef=~p, ClientConnRefs=~p",[DaemonRef, DaemonConnRef, + [ClientConnRef1,ClientConnRef2] + ]) + after 2000 -> + ok + end, + + {ok,D} = file:open(PrintFile, write), + ssh_info:print(D), + ok = file:close(D), + + {ok,Bin} = file:read_file(PrintFile), + ct:log("~s",[Bin]), + + receive + {unexpected, Msg, Pid} -> + ct:log("~p got unexpected msg ~p",[Pid,Msg]), + ct:log("process_info(~p) = ~n~p",[Pid,process_info(Pid)]), + ok = ssh:close(ClientConnRef1), + ok = ssh:close(ClientConnRef2), + ok = ssh:stop_daemon(DaemonRef), + {fail,"unexpected msg"} + after 1000 -> + ok = ssh:close(ClientConnRef1), + ok = ssh:close(ClientConnRef2), + ok = ssh:stop_daemon(DaemonRef) + end. + + %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- -- cgit v1.2.3 From cf063cb5a3fe51319a483929a632b4b774136262 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 10 Jun 2015 12:48:14 +0200 Subject: ssh: fix bad ssh_basic_SUITE dir_options group --- lib/ssh/test/ssh_basic_SUITE.erl | 37 +++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 2ff6aac3b6..e62feb6857 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -154,19 +154,36 @@ init_per_group(dir_options, Config) -> %% Make readable file: File_readable = filename:join(PrivDir, "file"), ok = file:write_file(File_readable, <<>>), + %% Check: case {file:read_file_info(Dir_unreadable), file:read_file_info(File_readable)} of - {{ok, #file_info{type=directory, access=Md}}, - {ok, #file_info{type=regular, access=Mf}}} when Md=/=read, Md=/=read_write, - Mf=/=read, Mf=/=read_write -> - %% Save: - [{unreadable_dir, Dir_unreadable}, - {readable_file, File_readable} - | Config]; - X -> - ct:log("#file_info : ~p",[X]), - {skip, "File or dir mode settings failed"} + {{ok, Id=#file_info{type=directory, access=Md}}, + {ok, If=#file_info{type=regular, access=Mf}}} -> + AccessOK = + case {Md, Mf} of + {read, _} -> false; + {read_write, _} -> false; + {_, read} -> true; + {_, read_write} -> true; + _ -> false + end, + + case AccessOK of + true -> + %% Save: + [{unreadable_dir, Dir_unreadable}, + {readable_file, File_readable} + | Config]; + false -> + ct:log("File#file_info : ~p~n" + "Dir#file_info : ~p",[If,Id]), + {skip, "File or dir mode settings failed"} + end; + + NotDirFile -> + ct:log("{Dir,File} -> ~p",[NotDirFile]), + {skip, "File/Dir creation failed"} end; init_per_group(_, Config) -> Config. -- cgit v1.2.3 From 42cc43a5e88ac578249def663f665723ecc53c46 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 16 Jun 2015 15:54:07 +0200 Subject: ssh: Modernize type definitions --- lib/ssh/doc/src/ssh_connection.xml | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_connection.xml b/lib/ssh/doc/src/ssh_connection.xml index 5422633dc3..e2b4e2ceb7 100644 --- a/lib/ssh/doc/src/ssh_connection.xml +++ b/lib/ssh/doc/src/ssh_connection.xml @@ -85,7 +85,7 @@ data_events() - +

Data has arrived on the channel. This event is sent as a result of calling ssh_connection:send/[3,4,5].

 @@ -110,15 +110,15 @@ referred to are on OS-level and not something generated by an Erlang program.

 - +

A remote execution can terminate violently because of a signal. Then this message can be received. For details on valid string values, see RFC 4254 Section 6.10, which shows a special case of these signals.

 - +

When the command running at the other end terminates, the following message can be sent to return the exit status of the command. A zero exit_status usually means that the command @@ -148,18 +148,18 @@ with the boolean value of WantReply as the second argument.

- +

Environment variables can be passed to the shell/command to be started later. This event is sent as a result of calling ssh_connection:setenv/5.

+ WantReply :: boolean(), {Terminal :: string(), CharWidth :: integer(), + RowHeight :: integer(), PixelWidth :: integer(), PixelHeight :: integer(), + TerminalModes :: [{Opcode :: atom() | integer(), + Value :: integer()}]}}]]>

A pseudo-terminal has been requested for the session. Terminal is the value of the TERM environment variable value, that is, vt100. Zero dimension parameters must @@ -174,20 +174,20 @@ echo. This event is sent as a result of calling ssh_connection:ptty_alloc/4.

 - +

This message requests that the user default shell is started at the other end. This event is sent as a result of calling ssh_connection:shell/2.

- +

When the window (terminal) size changes on the client side, it can send a message to the server side to inform it of the new dimensions. No API function generates this event.

 + WantReply :: boolean(), Cmd :: string()}]]>

This message requests that the server starts execution of the given command. This event is sent as a result of calling ssh_connection:exec/4 . @@ -256,7 +256,7 @@ N x {ssh_cm, ssh_connection_ref(), - {data, ssh_channel_id(), ssh_data_type_code(), binary() = Data}} + {data, ssh_channel_id(), ssh_data_type_code(), Data :: binary()}}

The result of executing the command can be only one line or thousands of lines depending on the command.

 @@ -265,12 +265,12 @@ 0 or 1 x {ssh_cm, ssh_connection_ref(), {exit_signal, - ssh_channel_id(), string() = ExitSignal, string() = ErrorMsg, string() = LanguageString}} + ssh_channel_id(), ExitSignal :: string(), ErrorMsg :: string(), LanguageString :: string()}}

Not all systems send signals. For details on valid string values, see RFC 4254, Section 6.10

 0 or 1 x {ssh_cm, ssh_connection_ref(), {exit_status, - ssh_channel_id(), integer() = ExitStatus}} + ssh_channel_id(), ExitStatus :: integer()}}

It is recommended by the SSH Connection Protocol to send this message, but that is not always the case.

 -- cgit v1.2.3 From 738c34d4bb8f1a3811acd00af8c6c12107f8315b Mon Sep 17 00:00:00 2001 From: Bruce Yinhe Date: Thu, 18 Jun 2015 11:31:02 +0200 Subject: Change license text to APLv2 --- lib/ssh/Makefile | 21 +++++++++++---------- lib/ssh/doc/src/Makefile | 19 ++++++++++--------- lib/ssh/doc/src/book.xml | 19 ++++++++++--------- lib/ssh/doc/src/introduction.xml | 21 +++++++++++---------- lib/ssh/doc/src/notes.xml | 21 +++++++++++---------- lib/ssh/doc/src/part_notes.xml | 19 ++++++++++--------- lib/ssh/doc/src/ref_man.xml | 19 ++++++++++--------- lib/ssh/doc/src/ssh.xml | 21 +++++++++++---------- lib/ssh/doc/src/ssh_app.xml | 19 ++++++++++--------- lib/ssh/doc/src/ssh_channel.xml | 19 ++++++++++--------- lib/ssh/doc/src/ssh_client_key_api.xml | 21 +++++++++++---------- lib/ssh/doc/src/ssh_connection.xml | 21 +++++++++++---------- lib/ssh/doc/src/ssh_server_key_api.xml | 19 ++++++++++--------- lib/ssh/doc/src/ssh_sftp.xml | 21 +++++++++++---------- lib/ssh/doc/src/ssh_sftpd.xml | 19 ++++++++++--------- lib/ssh/doc/src/usersguide.xml | 19 ++++++++++--------- lib/ssh/doc/src/using_ssh.xml | 21 +++++++++++---------- lib/ssh/examples/Makefile | 19 ++++++++++--------- lib/ssh/examples/ssh_device.erl | 19 ++++++++++--------- lib/ssh/examples/ssh_sample_cli.erl | 19 ++++++++++--------- lib/ssh/src/Makefile | 19 ++++++++++--------- lib/ssh/src/ssh.appup.src | 19 ++++++++++--------- lib/ssh/src/ssh.erl | 19 ++++++++++--------- lib/ssh/src/ssh.hrl | 19 ++++++++++--------- lib/ssh/src/ssh_acceptor.erl | 19 ++++++++++--------- lib/ssh/src/ssh_acceptor_sup.erl | 19 ++++++++++--------- lib/ssh/src/ssh_app.erl | 21 +++++++++++---------- lib/ssh/src/ssh_auth.erl | 19 ++++++++++--------- lib/ssh/src/ssh_auth.hrl | 19 ++++++++++--------- lib/ssh/src/ssh_bits.erl | 19 ++++++++++--------- lib/ssh/src/ssh_channel.erl | 19 ++++++++++--------- lib/ssh/src/ssh_channel_sup.erl | 21 +++++++++++---------- lib/ssh/src/ssh_cli.erl | 19 ++++++++++--------- lib/ssh/src/ssh_client_key.erl | 19 ++++++++++--------- lib/ssh/src/ssh_client_key_api.erl | 19 ++++++++++--------- lib/ssh/src/ssh_connect.hrl | 19 ++++++++++--------- lib/ssh/src/ssh_connection.erl | 19 ++++++++++--------- lib/ssh/src/ssh_connection_handler.erl | 19 ++++++++++--------- lib/ssh/src/ssh_connection_sup.erl | 21 +++++++++++---------- lib/ssh/src/ssh_daemon_channel.erl | 19 ++++++++++--------- lib/ssh/src/ssh_file.erl | 19 ++++++++++--------- lib/ssh/src/ssh_info.erl | 19 ++++++++++--------- lib/ssh/src/ssh_io.erl | 19 ++++++++++--------- lib/ssh/src/ssh_math.erl | 21 +++++++++++---------- lib/ssh/src/ssh_message.erl | 19 ++++++++++--------- lib/ssh/src/ssh_no_io.erl | 21 +++++++++++---------- lib/ssh/src/ssh_server_key.erl | 19 ++++++++++--------- lib/ssh/src/ssh_server_key_api.erl | 19 ++++++++++--------- lib/ssh/src/ssh_sftp.erl | 19 ++++++++++--------- lib/ssh/src/ssh_sftpd.erl | 19 ++++++++++--------- lib/ssh/src/ssh_sftpd_file.erl | 19 ++++++++++--------- lib/ssh/src/ssh_sftpd_file_api.erl | 21 +++++++++++---------- lib/ssh/src/ssh_shell.erl | 19 ++++++++++--------- lib/ssh/src/ssh_subsystem_sup.erl | 19 ++++++++++--------- lib/ssh/src/ssh_sup.erl | 19 ++++++++++--------- lib/ssh/src/ssh_system_sup.erl | 19 ++++++++++--------- lib/ssh/src/ssh_transport.erl | 19 ++++++++++--------- lib/ssh/src/ssh_transport.hrl | 19 ++++++++++--------- lib/ssh/src/ssh_userauth.hrl | 19 ++++++++++--------- lib/ssh/src/ssh_xfer.erl | 19 ++++++++++--------- lib/ssh/src/ssh_xfer.hrl | 19 ++++++++++--------- lib/ssh/src/sshc_sup.erl | 19 ++++++++++--------- lib/ssh/src/sshd_sup.erl | 19 ++++++++++--------- lib/ssh/test/Makefile | 19 ++++++++++--------- .../test/property_test/ssh_eqc_client_server.erl | 21 +++++++++++---------- .../test/property_test/ssh_eqc_encode_decode.erl | 21 +++++++++++---------- lib/ssh/test/property_test/ssh_eqc_subsys.erl | 21 +++++++++++---------- lib/ssh/test/ssh_basic_SUITE.erl | 19 ++++++++++--------- lib/ssh/test/ssh_connection_SUITE.erl | 19 ++++++++++--------- lib/ssh/test/ssh_echo_server.erl | 19 ++++++++++--------- lib/ssh/test/ssh_peername_sockname_server.erl | 21 +++++++++++---------- lib/ssh/test/ssh_property_test_SUITE.erl | 21 +++++++++++---------- lib/ssh/test/ssh_sftp_SUITE.erl | 19 ++++++++++--------- lib/ssh/test/ssh_sftpd_SUITE.erl | 19 ++++++++++--------- lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl | 19 ++++++++++--------- .../ssh_sftpd_file_alt.erl | 19 ++++++++++--------- lib/ssh/test/ssh_sup_SUITE.erl | 19 ++++++++++--------- lib/ssh/test/ssh_test_lib.erl | 19 ++++++++++--------- lib/ssh/test/ssh_to_openssh_SUITE.erl | 19 ++++++++++--------- lib/ssh/test/ssh_unicode_SUITE.erl | 19 ++++++++++--------- lib/ssh/test/ssh_upgrade_SUITE.erl | 19 ++++++++++--------- 81 files changed, 829 insertions(+), 748 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/Makefile b/lib/ssh/Makefile index b8c7eebcc1..839aada22f 100644 --- a/lib/ssh/Makefile +++ b/lib/ssh/Makefile @@ -3,16 +3,17 @@ # # Copyright Ericsson AB 2004-2010. All Rights Reserved. # -# The contents of this file are subject to the Erlang Public License, -# Version 1.1, (the "License"); you may not use this file except in -# compliance with the License. You should have received a copy of the -# Erlang Public License along with this software. If not, it can be -# retrieved online at http://www.erlang.org/. -# -# Software distributed under the License is distributed on an "AS IS" -# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -# the License for the specific language governing rights and limitations -# under the License. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # %CopyrightEnd% # diff --git a/lib/ssh/doc/src/Makefile b/lib/ssh/doc/src/Makefile index 0e79d9979f..c0707f8004 100644 --- a/lib/ssh/doc/src/Makefile +++ b/lib/ssh/doc/src/Makefile @@ -3,16 +3,17 @@ # # Copyright Ericsson AB 2004-2012. All Rights Reserved. # -# The contents of this file are subject to the Erlang Public License, -# Version 1.1, (the "License"); you may not use this file except in -# compliance with the License. You should have received a copy of the -# Erlang Public License along with this software. If not, it can be -# retrieved online at http://www.erlang.org/. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# Software distributed under the License is distributed on an "AS IS" -# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -# the License for the specific language governing rights and limitations -# under the License. +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # %CopyrightEnd% # diff --git a/lib/ssh/doc/src/book.xml b/lib/ssh/doc/src/book.xml index c031d872d7..33b1e0036b 100644 --- a/lib/ssh/doc/src/book.xml +++ b/lib/ssh/doc/src/book.xml @@ -8,16 +8,17 @@ Ericsson AB. All Rights Reserved. - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/lib/ssh/doc/src/introduction.xml b/lib/ssh/doc/src/introduction.xml index 1efbc16016..187d458092 100644 --- a/lib/ssh/doc/src/introduction.xml +++ b/lib/ssh/doc/src/introduction.xml @@ -9,16 +9,17 @@ Ericsson AB, All Rights Reserved - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. - - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. The Initial Developer of the Original Code is Ericsson AB. diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index c77ee1e77a..74ea649377 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -8,16 +8,17 @@ Ericsson AB. All Rights Reserved. - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. - - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/lib/ssh/doc/src/part_notes.xml b/lib/ssh/doc/src/part_notes.xml index c5cc163717..664cadce57 100644 --- a/lib/ssh/doc/src/part_notes.xml +++ b/lib/ssh/doc/src/part_notes.xml @@ -8,16 +8,17 @@ Ericsson AB. All Rights Reserved. - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/lib/ssh/doc/src/ref_man.xml b/lib/ssh/doc/src/ref_man.xml index afe3f2ddf9..4a2f043948 100644 --- a/lib/ssh/doc/src/ref_man.xml +++ b/lib/ssh/doc/src/ref_man.xml @@ -8,16 +8,17 @@ Ericsson AB. All Rights Reserved. - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index c1235715cc..d24025ca4d 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -8,16 +8,17 @@ Ericsson AB. All Rights Reserved. - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. - - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 1dfe68b17d..4c85585820 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -8,16 +8,17 @@ Ericsson AB. All Rights Reserved. - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. SSH diff --git a/lib/ssh/doc/src/ssh_channel.xml b/lib/ssh/doc/src/ssh_channel.xml index 2fdecf9072..abfe590647 100644 --- a/lib/ssh/doc/src/ssh_channel.xml +++ b/lib/ssh/doc/src/ssh_channel.xml @@ -9,16 +9,17 @@ Ericsson AB, All Rights Reserved - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. The Initial Developer of the Original Code is Ericsson AB. diff --git a/lib/ssh/doc/src/ssh_client_key_api.xml b/lib/ssh/doc/src/ssh_client_key_api.xml index 9a892d71fd..6b8932e5a7 100644 --- a/lib/ssh/doc/src/ssh_client_key_api.xml +++ b/lib/ssh/doc/src/ssh_client_key_api.xml @@ -9,16 +9,17 @@ Ericsson AB, All Rights Reserved - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. - - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. The Initial Developer of the Original Code is Ericsson AB. diff --git a/lib/ssh/doc/src/ssh_connection.xml b/lib/ssh/doc/src/ssh_connection.xml index e2b4e2ceb7..9a7bb09b12 100644 --- a/lib/ssh/doc/src/ssh_connection.xml +++ b/lib/ssh/doc/src/ssh_connection.xml @@ -9,16 +9,17 @@ Ericsson AB, All Rights Reserved - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. - - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. The Initial Developer of the Original Code is Ericsson AB. diff --git a/lib/ssh/doc/src/ssh_server_key_api.xml b/lib/ssh/doc/src/ssh_server_key_api.xml index 73dd90c962..efb2c436e8 100644 --- a/lib/ssh/doc/src/ssh_server_key_api.xml +++ b/lib/ssh/doc/src/ssh_server_key_api.xml @@ -9,16 +9,17 @@ Ericsson AB, All Rights Reserved - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. The Initial Developer of the Original Code is Ericsson AB. diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index fc418bc934..17800fac5d 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -8,16 +8,17 @@ Ericsson AB. All Rights Reserved. - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. - - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/lib/ssh/doc/src/ssh_sftpd.xml b/lib/ssh/doc/src/ssh_sftpd.xml index 8b2497e6a3..cf50fb1b23 100644 --- a/lib/ssh/doc/src/ssh_sftpd.xml +++ b/lib/ssh/doc/src/ssh_sftpd.xml @@ -8,16 +8,17 @@ Ericsson AB. All Rights Reserved. - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/lib/ssh/doc/src/usersguide.xml b/lib/ssh/doc/src/usersguide.xml index a9ed5fe21e..7c925a3762 100644 --- a/lib/ssh/doc/src/usersguide.xml +++ b/lib/ssh/doc/src/usersguide.xml @@ -8,16 +8,17 @@ Ericsson AB. All Rights Reserved. - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index cd7b64ac43..91185a0f6e 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -9,16 +9,17 @@ Ericsson AB. All Rights Reserved. - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. - - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/lib/ssh/examples/Makefile b/lib/ssh/examples/Makefile index 9280c42076..d7d47eb3ae 100644 --- a/lib/ssh/examples/Makefile +++ b/lib/ssh/examples/Makefile @@ -3,16 +3,17 @@ # # Copyright Ericsson AB 2005-2015. All Rights Reserved. # -# The contents of this file are subject to the Erlang Public License, -# Version 1.1, (the "License"); you may not use this file except in -# compliance with the License. You should have received a copy of the -# Erlang Public License along with this software. If not, it can be -# retrieved online at http://www.erlang.org/. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# Software distributed under the License is distributed on an "AS IS" -# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -# the License for the specific language governing rights and limitations -# under the License. +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # %CopyrightEnd% # diff --git a/lib/ssh/examples/ssh_device.erl b/lib/ssh/examples/ssh_device.erl index f6be812915..17e3721541 100644 --- a/lib/ssh/examples/ssh_device.erl +++ b/lib/ssh/examples/ssh_device.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2015. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/examples/ssh_sample_cli.erl b/lib/ssh/examples/ssh_sample_cli.erl index 6f3092e567..2d8aa428ec 100644 --- a/lib/ssh/examples/ssh_sample_cli.erl +++ b/lib/ssh/examples/ssh_sample_cli.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2010. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile index a06d8acfd4..61d71d2cf7 100644 --- a/lib/ssh/src/Makefile +++ b/lib/ssh/src/Makefile @@ -3,16 +3,17 @@ # # Copyright Ericsson AB 2004-2013. All Rights Reserved. # -# The contents of this file are subject to the Erlang Public License, -# Version 1.1, (the "License"); you may not use this file except in -# compliance with the License. You should have received a copy of the -# Erlang Public License along with this software. If not, it can be -# retrieved online at http://www.erlang.org/. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# Software distributed under the License is distributed on an "AS IS" -# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -# the License for the specific language governing rights and limitations -# under the License. +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # %CopyrightEnd% # diff --git a/lib/ssh/src/ssh.appup.src b/lib/ssh/src/ssh.appup.src index e76c110c04..e38cecf226 100644 --- a/lib/ssh/src/ssh.appup.src +++ b/lib/ssh/src/ssh.appup.src @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2004-2015. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 86c042781c..370f086600 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2004-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index a02c87505d..8df5ee820c 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2004-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index 6c431af270..c5ad1d7b6c 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_acceptor_sup.erl b/lib/ssh/src/ssh_acceptor_sup.erl index e101ce8b39..a3dc64850f 100644 --- a/lib/ssh/src/ssh_acceptor_sup.erl +++ b/lib/ssh/src/ssh_acceptor_sup.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_app.erl b/lib/ssh/src/ssh_app.erl index 38659b1a2d..1a11938dd9 100644 --- a/lib/ssh/src/ssh_app.erl +++ b/lib/ssh/src/ssh_app.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2004-2010. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 020fb06530..a91b8c200e 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_auth.hrl b/lib/ssh/src/ssh_auth.hrl index 764c9f4246..71f222f6d7 100644 --- a/lib/ssh/src/ssh_auth.hrl +++ b/lib/ssh/src/ssh_auth.hrl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2012. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_bits.erl b/lib/ssh/src/ssh_bits.erl index d5f8df6fe4..4da3a6018b 100644 --- a/lib/ssh/src/ssh_bits.erl +++ b/lib/ssh/src/ssh_bits.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_channel.erl b/lib/ssh/src/ssh_channel.erl index 5c24f362b1..d15a2c8eba 100644 --- a/lib/ssh/src/ssh_channel.erl +++ b/lib/ssh/src/ssh_channel.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_channel_sup.erl b/lib/ssh/src/ssh_channel_sup.erl index ee37ed35f8..7c381553b8 100644 --- a/lib/ssh/src/ssh_channel_sup.erl +++ b/lib/ssh/src/ssh_channel_sup.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl index de6d246403..71f62a960e 100644 --- a/lib/ssh/src/ssh_cli.erl +++ b/lib/ssh/src/ssh_cli.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_client_key.erl b/lib/ssh/src/ssh_client_key.erl index 2c48884dc2..0758865ad1 100644 --- a/lib/ssh/src/ssh_client_key.erl +++ b/lib/ssh/src/ssh_client_key.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2011-2012. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_client_key_api.erl b/lib/ssh/src/ssh_client_key_api.erl index a17c7cbc77..7fe97b6c13 100644 --- a/lib/ssh/src/ssh_client_key_api.erl +++ b/lib/ssh/src/ssh_client_key_api.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2011-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_connect.hrl b/lib/ssh/src/ssh_connect.hrl index d14f7ce27d..6db89c5d80 100644 --- a/lib/ssh/src/ssh_connect.hrl +++ b/lib/ssh/src/ssh_connect.hrl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index d532d41009..64d2113125 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index e6e5749e07..a9c60d0674 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_connection_sup.erl b/lib/ssh/src/ssh_connection_sup.erl index c5abc8f23b..e8d0d49668 100644 --- a/lib/ssh/src/ssh_connection_sup.erl +++ b/lib/ssh/src/ssh_connection_sup.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_daemon_channel.erl b/lib/ssh/src/ssh_daemon_channel.erl index ab3efbcaff..560e8246de 100644 --- a/lib/ssh/src/ssh_daemon_channel.erl +++ b/lib/ssh/src/ssh_daemon_channel.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl index 5692138a8a..b98a8a8410 100644 --- a/lib/ssh/src/ssh_file.erl +++ b/lib/ssh/src/ssh_file.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2012. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl index fc8f564bc3..4e6e25bc70 100644 --- a/lib/ssh/src/ssh_info.erl +++ b/lib/ssh/src/ssh_info.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_io.erl b/lib/ssh/src/ssh_io.erl index 97e2dee27a..a5e627fdb3 100644 --- a/lib/ssh/src/ssh_io.erl +++ b/lib/ssh/src/ssh_io.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_math.erl b/lib/ssh/src/ssh_math.erl index 569c1cb58d..cace85bc93 100644 --- a/lib/ssh/src/ssh_math.erl +++ b/lib/ssh/src/ssh_math.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 483c6cb4aa..1f0f6fb15f 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2013-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_no_io.erl b/lib/ssh/src/ssh_no_io.erl index 825a0d4af5..e8d1afd0ed 100644 --- a/lib/ssh/src/ssh_no_io.erl +++ b/lib/ssh/src/ssh_no_io.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_server_key.erl b/lib/ssh/src/ssh_server_key.erl index 8140114990..4ab326374a 100644 --- a/lib/ssh/src/ssh_server_key.erl +++ b/lib/ssh/src/ssh_server_key.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2011-2012. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_server_key_api.erl b/lib/ssh/src/ssh_server_key_api.erl index 4fd660ecb5..7c05d82c03 100644 --- a/lib/ssh/src/ssh_server_key_api.erl +++ b/lib/ssh/src/ssh_server_key_api.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2011-2012. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl index bab688f226..9fe2d56759 100644 --- a/lib/ssh/src/ssh_sftp.erl +++ b/lib/ssh/src/ssh_sftp.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl index 04ae6b11e2..a6549f1c73 100644 --- a/lib/ssh/src/ssh_sftpd.erl +++ b/lib/ssh/src/ssh_sftpd.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2015. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_sftpd_file.erl b/lib/ssh/src/ssh_sftpd_file.erl index 91ba228e38..a287e8891b 100644 --- a/lib/ssh/src/ssh_sftpd_file.erl +++ b/lib/ssh/src/ssh_sftpd_file.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2006-2010. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_sftpd_file_api.erl b/lib/ssh/src/ssh_sftpd_file_api.erl index 83d90907f5..c61d4e7ecf 100644 --- a/lib/ssh/src/ssh_sftpd_file_api.erl +++ b/lib/ssh/src/ssh_sftpd_file_api.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2007-2012. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_shell.erl b/lib/ssh/src/ssh_shell.erl index 8031450617..22ad4da948 100644 --- a/lib/ssh/src/ssh_shell.erl +++ b/lib/ssh/src/ssh_shell.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2009-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_subsystem_sup.erl b/lib/ssh/src/ssh_subsystem_sup.erl index e8855b09ac..ebe33ec7da 100644 --- a/lib/ssh/src/ssh_subsystem_sup.erl +++ b/lib/ssh/src/ssh_subsystem_sup.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_sup.erl b/lib/ssh/src/ssh_sup.erl index 6d2b9c107d..649ea00a06 100644 --- a/lib/ssh/src/ssh_sup.erl +++ b/lib/ssh/src/ssh_sup.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_system_sup.erl b/lib/ssh/src/ssh_system_sup.erl index acf94b4b73..18a5d8071a 100644 --- a/lib/ssh/src/ssh_system_sup.erl +++ b/lib/ssh/src/ssh_system_sup.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index ea9bca2390..f4e6a23a1e 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2004-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_transport.hrl b/lib/ssh/src/ssh_transport.hrl index 27d3e32355..2faf8a9316 100644 --- a/lib/ssh/src/ssh_transport.hrl +++ b/lib/ssh/src/ssh_transport.hrl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2010. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_userauth.hrl b/lib/ssh/src/ssh_userauth.hrl index 7c38719d92..935999b9d1 100644 --- a/lib/ssh/src/ssh_userauth.hrl +++ b/lib/ssh/src/ssh_userauth.hrl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2011. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_xfer.erl b/lib/ssh/src/ssh_xfer.erl index 2743b704f1..b8dff1c533 100644 --- a/lib/ssh/src/ssh_xfer.erl +++ b/lib/ssh/src/ssh_xfer.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/ssh_xfer.hrl b/lib/ssh/src/ssh_xfer.hrl index 8dc9a40f92..fe1405ccae 100644 --- a/lib/ssh/src/ssh_xfer.hrl +++ b/lib/ssh/src/ssh_xfer.hrl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/sshc_sup.erl b/lib/ssh/src/sshc_sup.erl index e6b4b681a4..8ee6aacfb5 100644 --- a/lib/ssh/src/sshc_sup.erl +++ b/lib/ssh/src/sshc_sup.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/src/sshd_sup.erl b/lib/ssh/src/sshd_sup.erl index e879629ccb..7975b146fb 100644 --- a/lib/ssh/src/sshd_sup.erl +++ b/lib/ssh/src/sshd_sup.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile index 50efc33f98..6503d5b643 100644 --- a/lib/ssh/test/Makefile +++ b/lib/ssh/test/Makefile @@ -3,16 +3,17 @@ # # Copyright Ericsson AB 2004-2013. All Rights Reserved. # -# The contents of this file are subject to the Erlang Public License, -# Version 1.1, (the "License"); you may not use this file except in -# compliance with the License. You should have received a copy of the -# Erlang Public License along with this software. If not, it can be -# retrieved online at http://www.erlang.org/. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at # -# Software distributed under the License is distributed on an "AS IS" -# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -# the License for the specific language governing rights and limitations -# under the License. +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # %CopyrightEnd% # diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server.erl b/lib/ssh/test/property_test/ssh_eqc_client_server.erl index 123b48412b..4fcb5aea69 100644 --- a/lib/ssh/test/property_test/ssh_eqc_client_server.erl +++ b/lib/ssh/test/property_test/ssh_eqc_client_server.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2004-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl b/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl index 57ea2012c1..803c8aa2ad 100644 --- a/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl +++ b/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2004-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/property_test/ssh_eqc_subsys.erl b/lib/ssh/test/property_test/ssh_eqc_subsys.erl index e4b6af166f..3b395b9285 100644 --- a/lib/ssh/test/property_test/ssh_eqc_subsys.erl +++ b/lib/ssh/test/property_test/ssh_eqc_subsys.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2004-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index e62feb6857..2b3fadbbf4 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index f0c337cf2f..eb7c641d8a 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/ssh_echo_server.erl b/lib/ssh/test/ssh_echo_server.erl index 315ffecfd7..96c9aad135 100644 --- a/lib/ssh/test/ssh_echo_server.erl +++ b/lib/ssh/test/ssh_echo_server.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/ssh_peername_sockname_server.erl b/lib/ssh/test/ssh_peername_sockname_server.erl index bc505695d3..88c96fe444 100644 --- a/lib/ssh/test/ssh_peername_sockname_server.erl +++ b/lib/ssh/test/ssh_peername_sockname_server.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/ssh_property_test_SUITE.erl b/lib/ssh/test/ssh_property_test_SUITE.erl index ffad8ebbb7..2278719f6a 100644 --- a/lib/ssh/test/ssh_property_test_SUITE.erl +++ b/lib/ssh/test/ssh_property_test_SUITE.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2004-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 850b1cbf6b..c19ede296f 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl index 925b02a437..f38fcc5521 100644 --- a/lib/ssh/test/ssh_sftpd_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_SUITE.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2006-2015. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl index eac7575486..321e3546cf 100644 --- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2007-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_sftpd_file_alt.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_sftpd_file_alt.erl index 8ad383d8c9..4f494cf829 100644 --- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_sftpd_file_alt.erl +++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_sftpd_file_alt.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2007-2013. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/ssh_sup_SUITE.erl b/lib/ssh/test/ssh_sup_SUITE.erl index 6e1595f9fa..5c77fcf1ef 100644 --- a/lib/ssh/test/ssh_sup_SUITE.erl +++ b/lib/ssh/test/ssh_sup_SUITE.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2015-2015. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index d08afdfb90..97c35e549c 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2004-2015. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 277e3a1b08..b7283202a3 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2008-2015. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/ssh_unicode_SUITE.erl b/lib/ssh/test/ssh_unicode_SUITE.erl index 07d51335c6..f0b97554b3 100644 --- a/lib/ssh/test/ssh_unicode_SUITE.erl +++ b/lib/ssh/test/ssh_unicode_SUITE.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2005-2014. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% diff --git a/lib/ssh/test/ssh_upgrade_SUITE.erl b/lib/ssh/test/ssh_upgrade_SUITE.erl index 861c7ab3dd..c0645f3b01 100644 --- a/lib/ssh/test/ssh_upgrade_SUITE.erl +++ b/lib/ssh/test/ssh_upgrade_SUITE.erl @@ -3,16 +3,17 @@ %% %% Copyright Ericsson AB 2014-2015. All Rights Reserved. %% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/.2 +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at %% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. %% %% %CopyrightEnd% %% -- cgit v1.2.3 From 2955ddebc32837b66d9bacb4e925ad0ed0033168 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 23 Jun 2015 10:24:26 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 208 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 208 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 74ea649377..9d498c0fdc 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,214 @@ notes.xml +
Ssh 4.0 + +
Fixed Bugs and Malfunctions + + +

+ Ssh crashed if a message was sent on a channel with + packet_size = 0.

+

+ A new option for ssh:daemon is also introduced: + minimal_remote_max_packet_size. This option sets + the least max packet size declaration that the daemon + will accept from a client. The default value is 0 to + maintain compatibility with OpenSSH and the rfc:s.

+

+ Own Id: OTP-12645 Aux Id: seq12816

+ + +

+ Included test of the 'e' and 'f' parameters in + diffie-hellman key exchange as specified in rfc 4253 + section 8.

+

+ Own Id: OTP-12649

+ + +

+ Fixes the bug that once the rekey_limit bytes (by + default, 1GB) had been transmitted the connection was + rekeyed every minute, not after the next transferred + 'rekey_limit' chunk.

+

+ Thanks to Simon Cornish for the report and the fix!

+

+ Own Id: OTP-12692

+ + +

+ Fixes a bug that causes an SFTP connection to always fail + when {timeout, Timeout} option is used with + ssh_sftp:start_channel.

+

+ Thanks to Simon Cornish

+

+ Own Id: OTP-12708

+ + +

+ Fix various ssh key exchange problems.

+

+ Thanks to Simon Cornish

+

+ Own Id: OTP-12760 Aux Id: pull req + 715

+ + +

+ The options system_dir and user_dir assumes + that the value is a path to a directory which is + readable. This is now checked early, so ssh:daemon + and ssh:connect will fail with an error message + immediately.

+

+ Own Id: OTP-12788

+ + +

+ A daemon now checks that a client doesn't try to + authorize with methods not in the option auth_methods.

+

+ Own Id: OTP-12790

+ + +

+ Disconnectfun now should trigger on all disconnects.

+

+ Own Id: OTP-12811

+ + +
+ + +
Improvements and New Features + + +

+ Better usage of binary matching in ssh_auth.erl and + ssh_message.erl

+

+ Own Id: OTP-11697

+ + +

+ A new option 'preferred_algorithms' is available for + ssh:daemon and ssh:connect.

+

+ This option defines the algorithms presented to the peer + in the algorithm negotiation phase of the ssh protocol.

+

+ The default list can be obtained from the new function + ssh:default_algorithms/0.

+

+ *** INCOMPATIBILITY with removed undocumented options + 'role' and 'compression' ***

+

+ Own Id: OTP-12029

+ + +

+ The internal group to user_drv protocol has been changed + to be synchronous in order to guarantee that output sent + to a process implementing the user_drv protocol is + printed before replying. This protocol is used by the + standard_output device and the ssh application when + acting as a client.

+

+ This change changes the previous unlimited buffer when + printing to standard_io and other devices that end up in + user_drv to 1KB.

+

+ *** POTENTIAL INCOMPATIBILITY ***

+

+ Own Id: OTP-12240

+ + +

+ If ssh_connection:subsystem/4 fails we do not want to + crash but rather terminate gracefully.

+

+ Own Id: OTP-12648 Aux Id: seq12834

+ + +

+ New option id_string for ssh:daemon and + ssh:connect for limiting banner grabbing attempts.

+

+ The possible values are: {id_string,string()} and + {id_string,random}. The latter will make ssh + generate a random nonsence id-string for each new + connection.

+

+ Own Id: OTP-12659

+ + +

+ To enable the ssh daemon to run in a virtualized + environment, where there can be more that one server that + has the same ip-address and port, we add a new option + profile.

+

+ Own Id: OTP-12675

+ + +

+ Upgrade test suite added.

+

+ Own Id: OTP-12676

+ + +

+ A new option for handling the SSH_MSG_DEBUG message's + printouts. A fun could be given in the options that will + be called whenever the SSH_MSG_DEBUG message arrives. + This enables the user to format the printout or just + discard it.

+

+ Own Id: OTP-12738 Aux Id: seq12860

+ + +

+ Testcase improvements and corrections:

+

+ * Add testcases for the disconnectfun option on + both server and client sides

+

+ * Timeout testcases adjusted for slow machines where they + sometimes failed

+

+ Own Id: OTP-12786

+ + +

+ The option disconnectfun can now be used both on + the client and server side.

+

+ Own Id: OTP-12789

+ + +

+ A new option unknown_msgfun/2 for ssh:connect and + ssh:daemon for handling unknown messages. With the option + it is possible to intercept before an INFO log message is + generated.

+

+ One usage is to filter out messages that are not wanted + in the error logger as info reports. An example of such a + message is the 'etimedout' tcp error message that will be + received if a connection has keep_alive and the peer is + restarted.

+

+ Own Id: OTP-12813 Aux Id: seq12881

+ + +
+ +
+
Ssh 3.2.4
Fixed Bugs and Malfunctions -- cgit v1.2.3 From a5c3feee7bfa77eb385334272505ed562c7ef0f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn-Egil=20Dahlberg?= Date: Thu, 18 Jun 2015 17:56:58 +0200 Subject: erts: Remove halfword specific tests --- lib/ssh/test/ssh_upgrade_SUITE.erl | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_upgrade_SUITE.erl b/lib/ssh/test/ssh_upgrade_SUITE.erl index c0645f3b01..eca8b3663d 100644 --- a/lib/ssh/test/ssh_upgrade_SUITE.erl +++ b/lib/ssh/test/ssh_upgrade_SUITE.erl @@ -46,20 +46,17 @@ all() -> init_per_suite(Config0) -> catch crypto:stop(), - try {crypto:start(), erlang:system_info({wordsize, internal}) == - erlang:system_info({wordsize, external})} of - {ok, true} -> - case ct_release_test:init(Config0) of - {skip, Reason} -> - {skip, Reason}; - Config -> - ssh:start(), - Config - end; - {ok, false} -> - {skip, "Test server will not handle halfwordemulator correctly. Skip as halfwordemulator is deprecated"} + try crypto:start() of + ok -> + case ct_release_test:init(Config0) of + {skip, Reason} -> + {skip, Reason}; + Config -> + ssh:start(), + Config + end catch _:_ -> - {skip, "Crypto did not start"} + {skip, "Crypto did not start"} end. end_per_suite(Config) -> -- cgit v1.2.3 From 1be39649f2996c20f4afd6772c7f6fa27c859416 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 22 Jun 2015 20:03:49 +0200 Subject: ssh: delete ssh_unicode_SUITE The tests now have supersets in ssh_basic_SUITE and ssh_sftp_SUITE. --- lib/ssh/test/ssh_unicode_SUITE.erl | 589 --------------------- lib/ssh/test/ssh_unicode_SUITE_data/sftp.txt | 1 - .../sftp\347\221\236\347\202\271.txt" | 1 - .../test/ssh_unicode_SUITE_data/ssh_host_dsa_key | 13 - .../ssh_unicode_SUITE_data/ssh_host_dsa_key.pub | 11 - 5 files changed, 615 deletions(-) delete mode 100644 lib/ssh/test/ssh_unicode_SUITE.erl delete mode 100644 lib/ssh/test/ssh_unicode_SUITE_data/sftp.txt delete mode 100644 "lib/ssh/test/ssh_unicode_SUITE_data/sftp\347\221\236\347\202\271.txt" delete mode 100644 lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key delete mode 100644 lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key.pub (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_unicode_SUITE.erl b/lib/ssh/test/ssh_unicode_SUITE.erl deleted file mode 100644 index f0b97554b3..0000000000 --- a/lib/ssh/test/ssh_unicode_SUITE.erl +++ /dev/null @@ -1,589 +0,0 @@ -%% -%% %CopyrightBegin% -%% -%% Copyright Ericsson AB 2005-2014. All Rights Reserved. -%% -%% Licensed under the Apache License, Version 2.0 (the "License"); -%% you may not use this file except in compliance with the License. -%% You may obtain a copy of the License at -%% -%% http://www.apache.org/licenses/LICENSE-2.0 -%% -%% Unless required by applicable law or agreed to in writing, software -%% distributed under the License is distributed on an "AS IS" BASIS, -%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -%% See the License for the specific language governing permissions and -%% limitations under the License. -%% -%% %CopyrightEnd% -%% - -%% gerl +fnu -%% ct:run_test([{suite,"ssh_unicode_SUITE"}, {logdir,"LOG"}]). - --module(ssh_unicode_SUITE). - -%% Note: This directive should only be used in test suites. --compile(export_all). - --include_lib("common_test/include/ct.hrl"). --include_lib("kernel/include/file.hrl"). - -% Default timetrap timeout --define(default_timeout, ?t:minutes(1)). - --define(USER, "Ã¥ke高兴"). --define(PASSWD, "ärlig日本ã˜ã‚“"). --define('sftp.txt', "sftp瑞点.txt"). --define('test.txt', "testãƒãƒ³ã‚¹.txt"). --define('link_test.txt', "link_test語.txt"). - --define(bindata, unicode:characters_to_binary("foobar Ã¥ 一二三四ã„ã¡ã«ã•ã‚“ã¡") ). - --define(NEWLINE, <<"\r\n">>). - -%%-------------------------------------------------------------------- -%% Common Test interface functions ----------------------------------- -%%-------------------------------------------------------------------- - -%% suite() -> -%% [{ct_hooks,[ts_install_cth]}]. - -all() -> - [{group, sftp}, - {group, shell} - ]. - - -init_per_suite(Config) -> - catch crypto:stop(), - case {file:native_name_encoding(), (catch crypto:start())} of - {utf8, ok} -> - ssh:start(), - Config; - {utf8, _} -> - {skip,"Could not start crypto!"}; - _ -> - {skip,"Not unicode filename enabled emulator"} - end. - -end_per_suite(Config) -> - ssh:stop(), - crypto:stop(), - Config. - -%%-------------------------------------------------------------------- -groups() -> - [{shell, [], [shell_no_unicode, shell_unicode_string]}, - {sftp, [], [open_close_file, open_close_dir, read_file, read_dir, - write_file, rename_file, mk_rm_dir, remove_file, links, - retrieve_attributes, set_attributes, async_read, async_read_bin, - async_write - %% , position, pos_read, pos_write - ]}]. - -init_per_group(Group, Config) when Group==sftp - ; Group==shell -> - PrivDir = ?config(priv_dir, Config), - SysDir = ?config(data_dir, Config), - Sftpd = - ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, PrivDir}, - {user_passwords, [{?USER, ?PASSWD}]}]), - [{group,Group}, {sftpd, Sftpd} | Config]; - -init_per_group(Group, Config) -> - [{group,Group} | Config]. - - -end_per_group(erlang_server, Config) -> - Config; -end_per_group(_, Config) -> - Config. - -%%-------------------------------------------------------------------- -init_per_testcase(_Case, Config) -> - prep(Config), - TmpConfig0 = lists:keydelete(watchdog, 1, Config), - TmpConfig = lists:keydelete(sftp, 1, TmpConfig0), - Dog = ct:timetrap(?default_timeout), - - case ?config(group, Config) of - sftp -> - {_Pid, Host, Port} = ?config(sftpd, Config), - {ok, ChannelPid, Connection} = - ssh_sftp:start_channel(Host, Port, - [{user, ?USER}, - {password, ?PASSWD}, - {user_interaction, false}, - {silently_accept_hosts, true}]), - Sftp = {ChannelPid, Connection}, - [{sftp, Sftp}, {watchdog, Dog} | TmpConfig]; - shell -> - UserDir = ?config(priv_dir, Config), - process_flag(trap_exit, true), - {_Pid, _Host, Port} = ?config(sftpd, Config), - ct:sleep(500), - IO = ssh_test_lib:start_io_server(), - Shell = ssh_test_lib:start_shell(Port, IO, UserDir, - [{silently_accept_hosts, true}, - {user,?USER},{password,?PASSWD}]), -%%ct:pal("IO=~p, Shell=~p, self()=~p",[IO,Shell,self()]), - wait_for_erlang_first_line([{io,IO}, {shell,Shell} | Config]) - end. - - -wait_for_erlang_first_line(Config) -> - receive - {'EXIT', _, _} -> - {fail,no_ssh_connection}; - <<"Eshell ",_/binary>> = ErlShellStart -> -%% ct:pal("Erlang shell start: ~p~n", [ErlShellStart]), - Config; - Other -> - ct:pal("Unexpected answer from ssh server: ~p",[Other]), - {fail,unexpected_answer} - after 10000 -> - ct:pal("No answer from ssh-server"), - {fail,timeout} - end. - - - -end_per_testcase(rename_file, Config) -> - PrivDir = ?config(priv_dir, Config), - NewFileName = filename:join(PrivDir, ?'test.txt'), - file:delete(NewFileName), - end_per_testcase(Config); -end_per_testcase(_TC, Config) -> - end_per_testcase(Config). - -end_per_testcase(Config) -> - catch exit(?config(shell,Config), kill), - case ?config(sftp, Config) of - {Sftp, Connection} -> - ssh_sftp:stop_channel(Sftp), - ssh:close(Connection); - _ -> - ok - end. - -%%-------------------------------------------------------------------- -%% Test Cases -------------------------------------------------------- - --define(chk_expected(Received,Expected), - (fun(R_,E_) when R_==E_ -> ok; - (R_,E_) -> ct:pal("Expected: ~p~nReceived: ~p~n", [E_,R_]), - E_ = R_ - end)(Received,Expected)). - --define(receive_chk(Ref,Expected), - (fun(E__) -> - receive - {async_reply, Ref, Received} when Received==E__ -> - ?chk_expected(Received, E__); - {async_reply, Ref, Received} when Received=/=E__ -> - ct:pal("Expected: ~p~nReceived: ~p~n", [E__,Received]), - E__ = Received; - Msg -> - ct:pal("Expected (Ref=~p): ~p", [Ref,E__]), - ct:fail(Msg) - end - end)(Expected)). - -%%-------------------------------------------------------------------- - - -open_close_file() -> - [{doc, "Test API functions open/3 and close/2"}]. -open_close_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, ?'sftp.txt'), - {Sftp, _} = ?config(sftp, Config), - - lists:foreach( - fun(Mode) -> - ct:log("Mode: ~p",[Mode]), - %% list_dir(PrivDir), - ok = open_close_file(Sftp, FileName, Mode) - end, - [ - [read], - [write], - [write, creat], - [write, trunc], - [append], - [read, binary] - ]). - -open_close_file(Server, File, Mode) -> - {ok, Handle} = ssh_sftp:open(Server, File, Mode), - ok = ssh_sftp:close(Server, Handle). - -%%-------------------------------------------------------------------- -open_close_dir() -> - [{doc, "Test API functions opendir/2 and close/2"}]. -open_close_dir(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - {Sftp, _} = ?config(sftp, Config), - FileName = filename:join(PrivDir, ?'sftp.txt'), - - {ok, Handle} = ssh_sftp:opendir(Sftp, PrivDir), - ok = ssh_sftp:close(Sftp, Handle), - {error, _} = ssh_sftp:opendir(Sftp, FileName). - -%%-------------------------------------------------------------------- -read_file() -> - [{doc, "Test API funtion read_file/2"}]. -read_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, ?'sftp.txt'), - {Sftp, _} = ?config(sftp, Config), - ?chk_expected(ssh_sftp:read_file(Sftp,FileName), file:read_file(FileName)). - -%%-------------------------------------------------------------------- -read_dir() -> - [{doc,"Test API function list_dir/2"}]. -read_dir(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - {Sftp, _} = ?config(sftp, Config), - {ok, Files} = ssh_sftp:list_dir(Sftp, PrivDir), - ct:pal("sftp list dir: ~ts~n", [Files]). - -%%-------------------------------------------------------------------- -write_file() -> - [{doc, "Test API function write_file/2"}]. -write_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, ?'sftp.txt'), - {Sftp, _} = ?config(sftp, Config), - ok = ssh_sftp:write_file(Sftp, FileName, [?bindata]), - ?chk_expected(file:read_file(FileName), {ok,?bindata}). - -%%-------------------------------------------------------------------- -remove_file() -> - [{doc,"Test API function delete/2"}]. -remove_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, ?'sftp.txt'), - {Sftp, _} = ?config(sftp, Config), - - {ok, Files} = ssh_sftp:list_dir(Sftp, PrivDir), - true = lists:member(filename:basename(FileName), Files), - ok = ssh_sftp:delete(Sftp, FileName), - {ok, NewFiles} = ssh_sftp:list_dir(Sftp, PrivDir), - false = lists:member(filename:basename(FileName), NewFiles), - {error, _} = ssh_sftp:delete(Sftp, FileName). -%%-------------------------------------------------------------------- -rename_file() -> - [{doc, "Test API function rename_file/2"}]. -rename_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, ?'sftp.txt'), - NewFileName = filename:join(PrivDir, ?'test.txt'), - - {Sftp, _} = ?config(sftp, Config), - {ok, Files} = ssh_sftp:list_dir(Sftp, PrivDir), - ct:pal("FileName: ~ts~nFiles: ~ts~n", [FileName, [[$\n,$ ,F]||F<-Files] ]), - true = lists:member(filename:basename(FileName), Files), - false = lists:member(filename:basename(NewFileName), Files), - ok = ssh_sftp:rename(Sftp, FileName, NewFileName), - {ok, NewFiles} = ssh_sftp:list_dir(Sftp, PrivDir), - ct:pal("FileName: ~ts, Files: ~ts~n", [FileName, [[$\n,F]||F<-NewFiles] ]), - - false = lists:member(filename:basename(FileName), NewFiles), - true = lists:member(filename:basename(NewFileName), NewFiles). - -%%-------------------------------------------------------------------- -mk_rm_dir() -> - [{doc,"Test API functions make_dir/2, del_dir/2"}]. -mk_rm_dir(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - {Sftp, _} = ?config(sftp, Config), - - DirName = filename:join(PrivDir, "test"), - ok = ssh_sftp:make_dir(Sftp, DirName), - ok = ssh_sftp:del_dir(Sftp, DirName), - NewDirName = filename:join(PrivDir, "foo/bar"), - {error, _} = ssh_sftp:make_dir(Sftp, NewDirName), - {error, _} = ssh_sftp:del_dir(Sftp, PrivDir). - -%%-------------------------------------------------------------------- -links() -> - [{doc,"Tests API function make_symlink/3"}]. -links(Config) when is_list(Config) -> - case os:type() of - {win32, _} -> - {skip, "Links are not fully supported by windows"}; - _ -> - {Sftp, _} = ?config(sftp, Config), - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, ?'sftp.txt'), - LinkFileName = filename:join(PrivDir, ?'link_test.txt'), - - ok = ssh_sftp:make_symlink(Sftp, LinkFileName, FileName), - {ok, FileName} = ssh_sftp:read_link(Sftp, LinkFileName) - end. - -%%-------------------------------------------------------------------- -retrieve_attributes() -> - [{doc, "Test API function read_file_info/3"}]. -retrieve_attributes(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, ?'sftp.txt'), - - {Sftp, _} = ?config(sftp, Config), - {ok, FileInfo} = ssh_sftp:read_file_info(Sftp, FileName), - {ok, NewFileInfo} = file:read_file_info(FileName), - - %% TODO comparison. There are some differences now is that ok? - ct:pal("SFTP: ~p~nFILE: ~p~n", [FileInfo, NewFileInfo]). - -%%-------------------------------------------------------------------- -set_attributes() -> - [{doc,"Test API function write_file_info/3"}]. -set_attributes(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, ?'test.txt'), - - {Sftp, _} = ?config(sftp, Config), - {ok,Fd} = file:open(FileName, write), - io:put_chars(Fd,"foo"), - ok = ssh_sftp:write_file_info(Sftp, FileName, #file_info{mode=8#400}), - {error, eacces} = file:write_file(FileName, "hello again"), - ssh_sftp:write_file_info(Sftp, FileName, #file_info{mode=8#600}), - ok = file:write_file(FileName, "hello again"). - -%%-------------------------------------------------------------------- - -async_read() -> - [{doc,"Test API aread/3"}]. -async_read(Config) when is_list(Config) -> - do_async_read(Config, false). - -async_read_bin() -> - [{doc,"Test API aread/3"}]. -async_read_bin(Config) when is_list(Config) -> - do_async_read(Config, true). - -do_async_read(Config, BinaryFlag) -> - {Sftp, _} = ?config(sftp, Config), - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, ?'sftp.txt'), - {ok,ExpDataBin} = file:read_file(FileName), - ExpData = case BinaryFlag of - true -> ExpDataBin; - false -> binary_to_list(ExpDataBin) - end, - {ok, Handle} = ssh_sftp:open(Sftp, FileName, [read|case BinaryFlag of - true -> [binary]; - false -> [] - end]), - {async, Ref} = ssh_sftp:aread(Sftp, Handle, 20), - ?receive_chk(Ref, {ok,ExpData}). - -%%-------------------------------------------------------------------- -async_write() -> - [{doc,"Test API awrite/3"}]. -async_write(Config) when is_list(Config) -> - {Sftp, _} = ?config(sftp, Config), - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, ?'test.txt'), - {ok, Handle} = ssh_sftp:open(Sftp, FileName, [write]), - Expected = ?bindata, - {async, Ref} = ssh_sftp:awrite(Sftp, Handle, Expected), - - receive - {async_reply, Ref, ok} -> - {ok, Data} = file:read_file(FileName), - ?chk_expected(Data, Expected); - Msg -> - ct:fail(Msg) - end. - -%%-------------------------------------------------------------------- - -position() -> - [{doc, "Test API functions position/3"}]. -position(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, ?'test.txt'), - {Sftp, _} = ?config(sftp, Config), - - Data = list_to_binary("1234567890"), - ssh_sftp:write_file(Sftp, FileName, [Data]), - {ok, Handle} = ssh_sftp:open(Sftp, FileName, [read]), - - {ok, 3} = ssh_sftp:position(Sftp, Handle, {bof, 3}), - {ok, "4"} = ssh_sftp:read(Sftp, Handle, 1), - - {ok, 10} = ssh_sftp:position(Sftp, Handle, eof), - eof = ssh_sftp:read(Sftp, Handle, 1), - - {ok, 6} = ssh_sftp:position(Sftp, Handle, {bof, 6}), - {ok, "7"} = ssh_sftp:read(Sftp, Handle, 1), - - {ok, 9} = ssh_sftp:position(Sftp, Handle, {cur, 2}), - {ok, "0"} = ssh_sftp:read(Sftp, Handle, 1), - - {ok, 0} = ssh_sftp:position(Sftp, Handle, bof), - {ok, "1"} = ssh_sftp:read(Sftp, Handle, 1), - - {ok, 1} = ssh_sftp:position(Sftp, Handle, cur), - {ok, "2"} = ssh_sftp:read(Sftp, Handle, 1). - -%%-------------------------------------------------------------------- -pos_read() -> - [{doc,"Test API functions pread/3 and apread/3"}]. -pos_read(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, ?'test.txt'), - {Sftp, _} = ?config(sftp, Config), - Data = ?bindata, - ssh_sftp:write_file(Sftp, FileName, [Data]), - - {ok, Handle} = ssh_sftp:open(Sftp, FileName, [read]), - {async, Ref} = ssh_sftp:apread(Sftp, Handle, {bof,5}, 4), - - ?receive_chk(Ref, {ok,binary_part(Data,5,4)}), - ?chk_expected(ssh_sftp:pread(Sftp,Handle,{bof,4},4), {ok,binary_part(Data,4,4)}). - - -%%-------------------------------------------------------------------- -pos_write() -> - [{doc,"Test API functions pwrite/4 and apwrite/4"}]. -pos_write(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, ?'test.txt'), - {Sftp, _} = ?config(sftp, Config), - - {ok, Handle} = ssh_sftp:open(Sftp, FileName, [write]), - - Data = unicode:characters_to_list("å†è§"), - ssh_sftp:write_file(Sftp, FileName, [Data]), - - NewData = unicode:characters_to_list(" ã•ã‚ˆã†ãªã‚‰"), - {async, Ref} = ssh_sftp:apwrite(Sftp, Handle, {bof, 2}, NewData), - ?receive_chk(Ref, ok), - - ok = ssh_sftp:pwrite(Sftp, Handle, eof, unicode:characters_to_list(" adjö ")), - - ?chk_expected(ssh_sftp:read_file(Sftp,FileName), - {ok,unicode:characters_to_binary("å†è§ ã•ã‚ˆã†ãªã‚‰ adjö ")}). - -%%-------------------------------------------------------------------- -sftp_nonexistent_subsystem() -> - [{doc, "Try to execute sftp subsystem on a server that does not support it"}]. -sftp_nonexistent_subsystem(Config) when is_list(Config) -> - {_,Host, Port} = ?config(sftpd, Config), - {error,"server failed to start sftp subsystem"} = - ssh_sftp:start_channel(Host, Port, - [{user_interaction, false}, - {user, ?USER}, - {password, ?PASSWD}, - {silently_accept_hosts, true}]). - -%%-------------------------------------------------------------------- -shell_no_unicode(Config) -> - do_shell(?config(io,Config), - [new_prompt, - {type,"io:format(\"hej ~p~n\",[42])."}, - {expect,"hej 42"} - ]). - -%%-------------------------------------------------------------------- -shell_unicode_string(Config) -> - do_shell(?config(io,Config), - [new_prompt, - {type,"io:format(\"ã“ã«ã¡ã‚~ts~n\",[\"四二\"])."}, - {expect,"ã“ã«ã¡ã‚四二"}, - {expect,"ok"} - ]). - -%%-------------------------------------------------------------------- -%% Internal functions ------------------------------------------------ -%%-------------------------------------------------------------------- -prep(Config) -> - PrivDir = ?config(priv_dir, Config), - TestFile = filename:join(PrivDir, ?'sftp.txt'), - TestFile1 = filename:join(PrivDir, ?'test.txt'), - TestLink = filename:join(PrivDir, ?'link_test.txt'), - - file:delete(TestFile), - file:delete(TestFile1), - file:delete(TestLink), - - %% Initial config - DataDir = ?config(data_dir, Config), - FileName = filename:join(DataDir, ?'sftp.txt'), - {ok,_BytesCopied} = file:copy(FileName, TestFile), - Mode = 8#00400 bor 8#00200 bor 8#00040, % read & write owner, read group - {ok, FileInfo} = file:read_file_info(TestFile), - ok = file:write_file_info(TestFile, - FileInfo#file_info{mode = Mode}). - - -%% list_dir(Dir) -> -%% ct:pal("prep/1: ls(~p):~n~p~n~ts",[Dir, file:list_dir(Dir), -%% begin -%% {ok,DL} = file:list_dir(Dir), -%% [[$\n|FN] || FN <- DL] -%% end]). - - -%%-------------------------------------------------------------------- -do_shell(IO, List) -> do_shell(IO, 0, List). - -do_shell(IO, N, [new_prompt|More]) -> - do_shell(IO, N+1, More); - -do_shell(IO, N, Ops=[{Order,Arg}|More]) -> - receive - X = <<"\r\n">> -> -%% ct:pal("Skip newline ~p",[X]), - do_shell(IO, N, Ops); - - < ">> when (P1-$0)==N -> - do_shell_prompt(IO, N, Order, Arg, More); - - < ">> when (P1-$0)*10 + (P2-$0) == N -> - do_shell_prompt(IO, N, Order, Arg, More); - - Err when element(1,Err)==error -> - ct:fail("do_shell error: ~p~n",[Err]); - - RecBin when Order==expect ; Order==expect_echo -> -%% ct:pal("received ~p",[RecBin]), - RecStr = string:strip(unicode:characters_to_list(RecBin)), - ExpStr = string:strip(Arg), - case lists:prefix(ExpStr, RecStr) of - true when Order==expect -> - ct:pal("Matched ~ts",[RecStr]), - do_shell(IO, N, More); - true when Order==expect_echo -> - ct:pal("Matched echo ~ts",[RecStr]), - do_shell(IO, N, More); - false -> - ct:fail("*** Expected ~p, but got ~p",[string:strip(ExpStr),RecStr]) - end - after 10000 -> - case Order of - expect -> ct:fail("timeout, expected ~p",[string:strip(Arg)]); - type -> ct:fail("timeout, no prompt") - end - end; - -do_shell(_, _, []) -> - ok. - - -do_shell_prompt(IO, N, type, Str, More) -> -%% ct:pal("Matched prompt ~p to trigger sending of next line to server",[N]), - IO ! {input, self(), Str++"\r\n"}, - ct:pal("Promt '~p> ', Sent ~ts",[N,Str++"\r\n"]), - do_shell(IO, N, [{expect_echo,Str}|More]); % expect echo of the sent line -do_shell_prompt(IO, N, Op, Str, More) -> -%% ct:pal("Matched prompt ~p",[N]), - do_shell(IO, N, [{Op,Str}|More]). - -%%-------------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_unicode_SUITE_data/sftp.txt b/lib/ssh/test/ssh_unicode_SUITE_data/sftp.txt deleted file mode 100644 index 3eaaddca21..0000000000 --- a/lib/ssh/test/ssh_unicode_SUITE_data/sftp.txt +++ /dev/null @@ -1 +0,0 @@ -åäöÅÄÖ瑞語 diff --git "a/lib/ssh/test/ssh_unicode_SUITE_data/sftp\347\221\236\347\202\271.txt" "b/lib/ssh/test/ssh_unicode_SUITE_data/sftp\347\221\236\347\202\271.txt" deleted file mode 100644 index 3eaaddca21..0000000000 --- "a/lib/ssh/test/ssh_unicode_SUITE_data/sftp\347\221\236\347\202\271.txt" +++ /dev/null @@ -1 +0,0 @@ -åäöÅÄÖ瑞語 diff --git a/lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key deleted file mode 100644 index 51ab6fbd88..0000000000 --- a/lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN DSA PRIVATE KEY----- -MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK -wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q -diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA -l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X -skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF -Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP -ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah -/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U -ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W -Lv62jKcdskxNyz2NQoBx ------END DSA PRIVATE KEY----- - diff --git a/lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key.pub deleted file mode 100644 index 4dbb1305b0..0000000000 --- a/lib/ssh/test/ssh_unicode_SUITE_data/ssh_host_dsa_key.pub +++ /dev/null @@ -1,11 +0,0 @@ ----- BEGIN SSH2 PUBLIC KEY ---- -AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j -YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2 -KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU -aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI -fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT -MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh -DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48 -wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2 -/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg== ----- END SSH2 PUBLIC KEY ---- -- cgit v1.2.3 From ab5fa21f07203af27d5c685c9698de5149eae8d0 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 22 Jun 2015 19:52:33 +0200 Subject: ssh: new unicode tests --- lib/ssh/test/ssh_basic_SUITE.erl | 137 +- lib/ssh/test/ssh_relay.erl | 2 +- lib/ssh/test/ssh_sftp_SUITE.erl | 301 +- .../F\344\270\200.txt" | 1 + .../big.txt" | 16384 +++++++++++++++++++ .../d1/f1" | 1 + .../d1/f2" | 1 + .../f2.txt" | 1 + 8 files changed, 16724 insertions(+), 104 deletions(-) create mode 100644 "lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/F\344\270\200.txt" create mode 100644 "lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/big.txt" create mode 100644 "lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/d1/f1" create mode 100644 "lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/d1/f2" create mode 100644 "lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/f2.txt" (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 2b3fadbbf4..9ff3eb8d0b 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -99,7 +99,9 @@ groups() -> basic_tests() -> [send, close, peername_sockname, - exec, exec_compressed, shell, cli, known_hosts, + exec, exec_compressed, + shell, shell_no_unicode, shell_unicode_string, + cli, known_hosts, idle_time, openssh_zlib_basic_test, misc_ssh_options, inet_option]. @@ -215,6 +217,25 @@ end_per_group(internal_error, Config) -> end_per_group(_, Config) -> Config. %%-------------------------------------------------------------------- +init_per_testcase(TC, Config) when TC==shell_no_unicode ; + TC==shell_unicode_string -> + PrivDir = ?config(priv_dir, Config), + UserDir = ?config(priv_dir, Config), + SysDir = ?config(data_dir, Config), + ssh:start(), + Sftpd = {_Pid, _Host, Port} = + ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, PrivDir}, + {user_passwords, [{"foo", "bar"}]}]), + ct:sleep(500), + IO = ssh_test_lib:start_io_server(), + Shell = ssh_test_lib:start_shell(Port, IO, UserDir, + [{silently_accept_hosts, true}, + {user,"foo"},{password,"bar"}]), + ct:pal("IO=~p, Shell=~p, self()=~p",[IO,Shell,self()]), + ct:pal("file:native_name_encoding() = ~p,~nio:getopts() = ~p", + [file:native_name_encoding(),io:getopts()]), + wait_for_erlang_first_line([{io,IO}, {shell,Shell}, {sftpd, Sftpd} | Config]); init_per_testcase(_TestCase, Config) -> ssh:start(), Config. @@ -224,6 +245,15 @@ end_per_testcase(TestCase, Config) when TestCase == server_password_option; UserDir = filename:join(?config(priv_dir, Config), nopubkey), ssh_test_lib:del_dirs(UserDir), end_per_testcase(Config); +end_per_testcase(TC, Config) when TC==shell_no_unicode ; + TC==shell_unicode_string -> + case ?config(sftpd, Config) of + {Pid, _, _} -> + ssh:stop_daemon(Pid), + ssh:stop(); + _ -> + ssh:stop() + end; end_per_testcase(_TestCase, Config) -> end_per_testcase(Config). end_per_testcase(_Config) -> @@ -1597,7 +1627,23 @@ one_shell_op(IO, TimeOut) -> end. %%-------------------------------------------------------------------- +shell_no_unicode(Config) -> + new_do_shell(?config(io,Config), + [new_prompt, + {type,"io:format(\"hej ~p~n\",[42])."}, + {expect,"hej 42"} + ]). + +%%-------------------------------------------------------------------- +shell_unicode_string(Config) -> + new_do_shell(?config(io,Config), + [new_prompt, + {type,"io:format(\"ã“ã«ã¡ã‚~ts~n\",[\"四二\"])."}, + {expect,"ã“ã«ã¡ã‚四二"}, + {expect,"ok"} + ]). +%%-------------------------------------------------------------------- openssh_zlib_basic_test() -> [{doc, "Test basic connection with openssh_zlib"}]. openssh_zlib_basic_test(Config) -> @@ -1855,6 +1901,95 @@ do_shell(IO, Shell) -> %% end. +%%-------------------------------------------------------------------- +wait_for_erlang_first_line(Config) -> + receive + {'EXIT', _, _} -> + {fail,no_ssh_connection}; + <<"Eshell ",_/binary>> = _ErlShellStart -> + ct:pal("Erlang shell start: ~p~n", [_ErlShellStart]), + Config; + Other -> + ct:pal("Unexpected answer from ssh server: ~p",[Other]), + {fail,unexpected_answer} + after 10000 -> + ct:pal("No answer from ssh-server"), + {fail,timeout} + end. + + + +new_do_shell(IO, List) -> new_do_shell(IO, 0, List). + +new_do_shell(IO, N, [new_prompt|More]) -> + new_do_shell(IO, N+1, More); + +new_do_shell(IO, N, Ops=[{Order,Arg}|More]) -> + Pfx = prompt_prefix(), + PfxSize = size(Pfx), + receive + _X = <<"\r\n">> -> + ct:pal("Skip newline ~p",[_X]), + new_do_shell(IO, N, Ops); + + < ">> when (P1-$0)==N -> + new_do_shell_prompt(IO, N, Order, Arg, More); + + < ">> when (P1-$0)*10 + (P2-$0) == N -> + new_do_shell_prompt(IO, N, Order, Arg, More); + + < ">> when (P1-$0)*100 + (P2-$0)*10 + (P3-$0) == N -> + new_do_shell_prompt(IO, N, Order, Arg, More); + + Err when element(1,Err)==error -> + ct:fail("new_do_shell error: ~p~n",[Err]); + + RecBin when Order==expect ; Order==expect_echo -> + ct:pal("received ~p",[RecBin]), + RecStr = string:strip(unicode:characters_to_list(RecBin)), + ExpStr = string:strip(Arg), + case lists:prefix(ExpStr, RecStr) of + true when Order==expect -> + ct:pal("Matched ~ts",[RecStr]), + new_do_shell(IO, N, More); + true when Order==expect_echo -> + ct:pal("Matched echo ~ts",[RecStr]), + new_do_shell(IO, N, More); + false -> + ct:fail("*** Expected ~p, but got ~p",[string:strip(ExpStr),RecStr]) + end + after 30000 -> + ct:log("Meassage queue of ~p:~n~p", + [self(), erlang:process_info(self(), messages)]), + case Order of + expect -> ct:fail("timeout, expected ~p",[string:strip(Arg)]); + type -> ct:fail("timeout, no prompt") + end + end; + +new_do_shell(_, _, []) -> + ok. + +prompt_prefix() -> + case node() of + nonode@nohost -> <<>>; + Node -> list_to_binary( + lists:concat(["(",Node,")"])) + end. + + +new_do_shell_prompt(IO, N, type, Str, More) -> + ct:pal("Matched prompt ~p to trigger sending of next line to server",[N]), + IO ! {input, self(), Str++"\r\n"}, + ct:pal("Promt '~p> ', Sent ~ts",[N,Str++"\r\n"]), + new_do_shell(IO, N, [{expect_echo,Str}|More]); % expect echo of the sent line +new_do_shell_prompt(IO, N, Op, Str, More) -> + ct:pal("Matched prompt ~p",[N]), + new_do_shell(IO, N, [{Op,Str}|More]). + +%%-------------------------------------------------------------------- + + std_daemon(Config, ExtraOpts) -> SystemDir = ?config(data_dir, Config), PrivDir = ?config(priv_dir, Config), diff --git a/lib/ssh/test/ssh_relay.erl b/lib/ssh/test/ssh_relay.erl index a4f2bad2e2..28000fbb97 100644 --- a/lib/ssh/test/ssh_relay.erl +++ b/lib/ssh/test/ssh_relay.erl @@ -117,7 +117,7 @@ stop(Srv) -> %% {stop, Reason} %% @end %%-------------------------------------------------------------------- -init([ListenAddr, ListenPort, PeerAddr, PeerPort | Options]) -> +init([ListenAddr, ListenPort, PeerAddr, PeerPort | _Options]) -> IfAddr = case ListenAddr of {0,0,0,0} -> []; diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index c19ede296f..6c631e6f6e 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -30,11 +30,6 @@ % Default timetrap timeout -define(default_timeout, ?t:minutes(1)). --define(USER, "Alladin"). --define(PASSWD, "Sesame"). - --define(tar_file_name, "sftp_tar_test.tar"). - %%-------------------------------------------------------------------- %% Common Test interface functions ----------------------------------- %%-------------------------------------------------------------------- @@ -43,9 +38,8 @@ suite() -> [{ct_hooks,[ts_install_cth]}]. all() -> - [{group, erlang_server}, - {group, openssh_server}, - sftp_nonexistent_subsystem + [{group, not_unicode}, + {group, unicode} ]. @@ -53,6 +47,8 @@ init_per_suite(Config) -> catch crypto:stop(), case (catch crypto:start()) of ok -> + ct:pal("file:native_name_encoding() = ~p,~nio:getopts() = ~p", + [file:native_name_encoding(),io:getopts()]), ssh:start(), Config; _ -> @@ -66,18 +62,19 @@ end_per_suite(Config) -> %%-------------------------------------------------------------------- groups() -> - [{erlang_server, [], [open_close_file, open_close_dir, read_file, read_dir, - write_file, write_big_file, sftp_read_big_file, - rename_file, mk_rm_dir, remove_file, links, - retrieve_attributes, set_attributes, async_read, - async_write, position, pos_read, pos_write, version_option, + [{not_unicode, [], [{group,erlang_server}, + {group,openssh_server}, + sftp_nonexistent_subsystem]}, + + {unicode, [], [{group,erlang_server}, + {group,openssh_server}, + sftp_nonexistent_subsystem]}, + + {erlang_server, [], [{group,write_read_tests}, + version_option, {group,remote_tar}]}, - {openssh_server, [], [open_close_file, open_close_dir, read_file, read_dir, - write_file, write_big_file, sftp_read_big_file, - rename_file, mk_rm_dir, remove_file, links, - retrieve_attributes, set_attributes, async_read, - async_write, position, pos_read, pos_write, + {openssh_server, [], [{group,write_read_tests}, {group,remote_tar}]}, {remote_tar, [], [create_empty_tar, files_to_tar, big_file_to_tar, files_chunked_to_tar, @@ -85,21 +82,74 @@ groups() -> simple_crypto_tar_small, simple_crypto_tar_big, read_tar, read_null_crypto_tar, read_crypto_tar, aes_cbc256_crypto_tar, aes_ctr_stream_crypto_tar - ]} + ]}, + + {write_read_tests, [], [open_close_file, open_close_dir, read_file, read_dir, + write_file, write_file_iolist, write_big_file, sftp_read_big_file, + rename_file, mk_rm_dir, remove_file, links, + retrieve_attributes, set_attributes, async_read, + async_write, position, pos_read, pos_write + ]} ]. - +init_per_group(not_unicode, Config) -> + ct:comment("Begin ~p",[grps(Config)]), + DataDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + [{user, "Alladin"}, + {passwd, "Sesame"}, + {data, <<"Hello world!">>}, + {filename, filename:join(PrivDir, "sftp.txt")}, + {testfile, filename:join(PrivDir, "test.txt")}, + {linktest, filename:join(PrivDir, "link_test.txt")}, + {tar_filename, filename:join(PrivDir, "sftp_tar_test.tar")}, + {tar_F1_txt, "f1.txt"}, + {datadir_tar, filename:join(DataDir,"sftp_tar_test_data")} + | Config]; + +init_per_group(unicode, Config) -> + case file:native_name_encoding() of + utf8 -> + ct:comment("Begin ~p",[grps(Config)]), + DataDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + [{user, "Ã¥ke高兴"}, + {passwd, "ärlig日本ã˜ã‚“"}, + {data, <<"foobar Ã¥ 一二三四ã„ã¡ã«ã•ã‚“ã¡">>}, + {filename, filename:join(PrivDir, "sftp瑞点.txt")}, + {testfile, filename:join(PrivDir, "testãƒãƒ³ã‚¹.txt")}, + {linktest, filename:join(PrivDir, "link_test語.txt")}, + {tar_filename, filename:join(PrivDir, "sftp_tar_test一二三.tar")}, + {tar_F1_txt, "F一.txt"}, + {datadir_tar, filename:join(DataDir,"sftp_tar_test_data_高兴")} + | lists:foldl(fun(K,Cf) -> lists:keydelete(K,1,Cf) end, + Config, + [user, passwd, data, + filename, testfile, linktest, + tar_filename, tar_F1_txt, datadir_tar + ] + ) + ]; + + _ -> + {skip, "Not unicode file encoding"} + end; + init_per_group(erlang_server, Config) -> + ct:comment("Begin ~p",[grps(Config)]), PrivDir = ?config(priv_dir, Config), SysDir = ?config(data_dir, Config), + User = ?config(user, Config), + Passwd = ?config(passwd, Config), Sftpd = {_, HostX, PortX} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, PrivDir}, {user_passwords, - [{?USER, ?PASSWD}]}]), + [{User, Passwd}]}]), [{peer, {fmt_host(HostX),PortX}}, {group, erlang_server}, {sftpd, Sftpd} | Config]; init_per_group(openssh_server, Config) -> + ct:comment("Begin ~p",[grps(Config)]), Host = ssh_test_lib:hostname(), case (catch ssh_sftp:start_channel(Host, [{user_interaction, false}, @@ -113,14 +163,17 @@ init_per_group(openssh_server, Config) -> end; init_per_group(remote_tar, Config) -> + ct:comment("Begin ~p",[grps(Config)]), {Host,Port} = ?config(peer, Config), ct:log("Server (~p) at ~p:~p",[?config(group,Config),Host,Port]), + User = ?config(user, Config), + Passwd = ?config(passwd, Config), {ok, Connection} = case ?config(group, Config) of erlang_server -> ssh:connect(Host, Port, - [{user, ?USER}, - {password, ?PASSWD}, + [{user, User}, + {password, Passwd}, {user_interaction, false}, {silently_accept_hosts, true}]); openssh_server -> @@ -129,11 +182,24 @@ init_per_group(remote_tar, Config) -> {silently_accept_hosts, true}]) end, [{remote_tar, true}, - {connection, Connection} | Config]. + {connection, Connection} | Config]; + +init_per_group(write_read_tests, Config) -> + ct:comment("Begin ~p",[grps(Config)]), + Config. + +grps(Config) -> + proplists:get_all_values( + name, + lists:flatten([proplists:get_value(tc_group_properties,Config,[]), + proplists:get_value(tc_group_path,Config,[])])). + end_per_group(erlang_server, Config) -> + ct:comment("End ~p",[grps(Config)]), Config; end_per_group(_, Config) -> + ct:comment("End ~p",[grps(Config)]), Config. %%-------------------------------------------------------------------- @@ -141,11 +207,13 @@ end_per_group(_, Config) -> init_per_testcase(sftp_nonexistent_subsystem, Config) -> PrivDir = ?config(priv_dir, Config), SysDir = ?config(data_dir, Config), + User = ?config(user, Config), + Passwd = ?config(passwd, Config), Sftpd = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, PrivDir}, {subsystems, []}, {user_passwords, - [{?USER, ?PASSWD}]} + [{User, Passwd}]} ]), [{sftpd, Sftpd} | Config]; @@ -155,11 +223,13 @@ init_per_testcase(version_option, Config) -> TmpConfig = lists:keydelete(sftp, 1, TmpConfig0), Dog = ct:timetrap(?default_timeout), {_,Host, Port} = ?config(sftpd, Config), + User = ?config(user, Config), + Passwd = ?config(passwd, Config), {ok, ChannelPid, Connection} = ssh_sftp:start_channel(Host, Port, [{sftp_vsn, 3}, - {user, ?USER}, - {password, ?PASSWD}, + {user, User}, + {password, Passwd}, {user_interaction, false}, {silently_accept_hosts, true}]), Sftp = {ChannelPid, Connection}, @@ -170,6 +240,8 @@ init_per_testcase(Case, Config0) -> Config1 = lists:keydelete(watchdog, 1, Config0), Config2 = lists:keydelete(sftp, 1, Config1), Dog = ct:timetrap(?default_timeout), + User = ?config(user, Config0), + Passwd = ?config(passwd, Config0), Config = case ?config(group,Config2) of @@ -177,8 +249,8 @@ init_per_testcase(Case, Config0) -> {_,Host, Port} = ?config(sftpd, Config2), {ok, ChannelPid, Connection} = ssh_sftp:start_channel(Host, Port, - [{user, ?USER}, - {password, ?PASSWD}, + [{user, User}, + {password, Passwd}, {user_interaction, false}, {silently_accept_hosts, true}]), Sftp = {ChannelPid, Connection}, @@ -208,8 +280,7 @@ init_per_testcase(Case, Config0) -> end_per_testcase(sftp_nonexistent_subsystem, Config) -> Config; end_per_testcase(rename_file, Config) -> - PrivDir = ?config(priv_dir, Config), - NewFileName = filename:join(PrivDir, "test.txt"), + NewFileName = ?config(testfile, Config), file:delete(NewFileName), end_per_testcase(Config); end_per_testcase(_, Config) -> @@ -227,8 +298,7 @@ end_per_testcase(Config) -> open_close_file() -> [{doc, "Test API functions open/3 and close/2"}]. open_close_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "sftp.txt"), + FileName = ?config(filename, Config), {Sftp, _} = ?config(sftp, Config), @@ -249,7 +319,7 @@ open_close_dir() -> open_close_dir(Config) when is_list(Config) -> PrivDir = ?config(priv_dir, Config), {Sftp, _} = ?config(sftp, Config), - FileName = filename:join(PrivDir, "sftp.txt"), + FileName = ?config(filename, Config), {ok, Handle} = ssh_sftp:opendir(Sftp, PrivDir), ok = ssh_sftp:close(Sftp, Handle), @@ -259,8 +329,7 @@ open_close_dir(Config) when is_list(Config) -> read_file() -> [{doc, "Test API funtion read_file/2"}]. read_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "sftp.txt"), + FileName = ?config(filename, Config), {Sftp, _} = ?config(sftp, Config), {ok, Data} = ssh_sftp:read_file(Sftp, FileName), {ok, Data} = ssh_sftp:read_file(Sftp, FileName), @@ -279,20 +348,39 @@ read_dir(Config) when is_list(Config) -> write_file() -> [{doc, "Test API function write_file/2"}]. write_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "sftp.txt"), + FileName = ?config(filename, Config), {Sftp, _} = ?config(sftp, Config), Data = list_to_binary("Hej hopp!"), ssh_sftp:write_file(Sftp, FileName, [Data]), {ok, Data} = file:read_file(FileName). +%%-------------------------------------------------------------------- +write_file_iolist() -> + [{doc, "Test API function write_file/2 with iolists"}]. +write_file_iolist(Config) when is_list(Config) -> + FileName = ?config(filename, Config), + {Sftp, _} = ?config(sftp, Config), + + Data = list_to_binary("Hej hopp!"), + lists:foreach( + fun(D) -> + ssh_sftp:write_file(Sftp, FileName, [D]), + Expected = if is_binary(D) -> D; + is_list(D) -> list_to_binary(D) + end, + {ok, Expected} = file:read_file(FileName) + end, + [Data, [Data,Data], [[Data],[Data]], [[[Data]],[[[[Data]],Data]]], + [[[[Data]],Data],binary_to_list(Data)], + [[[[Data]],Data],[[binary_to_list(Data)],[[binary_to_list(Data)]]]] + ]). + %%-------------------------------------------------------------------- write_big_file() -> [{doc, "Test API function write_file/2 with big data"}]. write_big_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "sftp.txt"), + FileName = ?config(filename, Config), {Sftp, _} = ?config(sftp, Config), Data = list_to_binary(lists:duplicate(750000,"a")), @@ -303,8 +391,7 @@ write_big_file(Config) when is_list(Config) -> sftp_read_big_file() -> [{doc, "Test API function read_file/2 with big data"}]. sftp_read_big_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "sftp.txt"), + FileName = ?config(filename, Config), {Sftp, _} = ?config(sftp, Config), Data = list_to_binary(lists:duplicate(750000,"a")), @@ -317,7 +404,7 @@ remove_file() -> [{doc,"Test API function delete/2"}]. remove_file(Config) when is_list(Config) -> PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "sftp.txt"), + FileName = ?config(filename, Config), {Sftp, _} = ?config(sftp, Config), {ok, Files} = ssh_sftp:list_dir(Sftp, PrivDir), @@ -331,8 +418,8 @@ rename_file() -> [{doc, "Test API function rename_file/2"}]. rename_file(Config) when is_list(Config) -> PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "sftp.txt"), - NewFileName = filename:join(PrivDir, "test.txt"), + FileName = ?config(filename, Config), + NewFileName = ?config(testfile, Config), {Sftp, _} = ?config(sftp, Config), {ok, Files} = ssh_sftp:list_dir(Sftp, PrivDir), @@ -369,9 +456,8 @@ links(Config) when is_list(Config) -> {skip, "Links are not fully supported by windows"}; _ -> {Sftp, _} = ?config(sftp, Config), - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "sftp.txt"), - LinkFileName = filename:join(PrivDir, "link_test.txt"), + FileName = ?config(filename, Config), + LinkFileName = ?config(linktest, Config), ok = ssh_sftp:make_symlink(Sftp, LinkFileName, FileName), {ok, FileName} = ssh_sftp:read_link(Sftp, LinkFileName) @@ -381,8 +467,7 @@ links(Config) when is_list(Config) -> retrieve_attributes() -> [{doc, "Test API function read_file_info/3"}]. retrieve_attributes(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "sftp.txt"), + FileName = ?config(filename, Config), {Sftp, _} = ?config(sftp, Config), {ok, FileInfo} = ssh_sftp:read_file_info(Sftp, FileName), @@ -395,8 +480,7 @@ retrieve_attributes(Config) when is_list(Config) -> set_attributes() -> [{doc,"Test API function write_file_info/3"}]. set_attributes(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "test.txt"), + FileName = ?config(testfile, Config), {Sftp, _} = ?config(sftp, Config), {ok,Fd} = file:open(FileName, write), @@ -412,9 +496,8 @@ async_read() -> [{doc,"Test API aread/3"}]. async_read(Config) when is_list(Config) -> {Sftp, _} = ?config(sftp, Config), - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "sftp.txt"), + FileName = ?config(filename, Config), {ok, Handle} = ssh_sftp:open(Sftp, FileName, [read]), {async, Ref} = ssh_sftp:aread(Sftp, Handle, 20), @@ -430,8 +513,7 @@ async_write() -> [{doc,"Test API awrite/3"}]. async_write(Config) when is_list(Config) -> {Sftp, _} = ?config(sftp, Config), - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "test.txt"), + FileName = ?config(testfile, Config), {ok, Handle} = ssh_sftp:open(Sftp, FileName, [write]), Data = list_to_binary("foobar"), {async, Ref} = ssh_sftp:awrite(Sftp, Handle, Data), @@ -448,8 +530,7 @@ async_write(Config) when is_list(Config) -> position() -> [{doc, "Test API functions position/3"}]. position(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "test.txt"), + FileName = ?config(testfile, Config), {Sftp, _} = ?config(sftp, Config), Data = list_to_binary("1234567890"), @@ -478,8 +559,7 @@ position(Config) when is_list(Config) -> pos_read() -> [{doc,"Test API functions pread/3 and apread/3"}]. pos_read(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "test.txt"), + FileName = ?config(testfile, Config), {Sftp, _} = ?config(sftp, Config), Data = list_to_binary("Hej hopp!"), ssh_sftp:write_file(Sftp, FileName, [Data]), @@ -504,8 +584,7 @@ pos_read(Config) when is_list(Config) -> pos_write() -> [{doc,"Test API functions pwrite/4 and apwrite/4"}]. pos_write(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - FileName = filename:join(PrivDir, "test.txt"), + FileName = ?config(testfile, Config), {Sftp, _} = ?config(sftp, Config), {ok, Handle} = ssh_sftp:open(Sftp, FileName, [write]), @@ -532,10 +611,13 @@ sftp_nonexistent_subsystem() -> [{doc, "Try to execute sftp subsystem on a server that does not support it"}]. sftp_nonexistent_subsystem(Config) when is_list(Config) -> {_,Host, Port} = ?config(sftpd, Config), + User = ?config(user, Config), + Passwd = ?config(passwd, Config), {error,"server failed to start sftp subsystem"} = ssh_sftp:start_channel(Host, Port, [{user_interaction, false}, - {user, ?USER}, {password, ?PASSWD}, + {user, User}, + {password, Passwd}, {silently_accept_hosts, true}]). %%-------------------------------------------------------------------- @@ -547,25 +629,29 @@ version_option(Config) when is_list(Config) -> %%-------------------------------------------------------------------- create_empty_tar(Config) -> ChPid2 = ?config(channel_pid2, Config), - {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write]), + TarFileName = ?config(tar_filename, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), erl_tar:close(Handle), {ChPid,_} = ?config(sftp,Config), {ok, #file_info{type=regular}} = - ssh_sftp:read_file_info(ChPid,fnp(?tar_file_name,Config)). + ssh_sftp:read_file_info(ChPid, TarFileName). %%-------------------------------------------------------------------- files_to_tar(Config) -> ChPid2 = ?config(channel_pid2, Config), - {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write]), - ok = erl_tar:add(Handle, fn("f1.txt",Config), "f1.txt", [verbose]), + TarFileName = ?config(tar_filename, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), + F1 = ?config(tar_F1_txt, Config), + ok = erl_tar:add(Handle, fn(F1,Config), F1, [verbose]), ok = erl_tar:add(Handle, fn("f2.txt",Config), "f2.txt", [verbose]), ok = erl_tar:close(Handle), - chk_tar(["f1.txt", "f2.txt"], Config). + chk_tar([F1, "f2.txt"], Config). %%-------------------------------------------------------------------- big_file_to_tar(Config) -> ChPid2 = ?config(channel_pid2, Config), - {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write]), + TarFileName = ?config(tar_filename, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), ok = erl_tar:add(Handle, fn("big.txt",Config), "big.txt", [verbose]), ok = erl_tar:close(Handle), chk_tar(["big.txt"], Config). @@ -574,15 +660,18 @@ big_file_to_tar(Config) -> %%-------------------------------------------------------------------- files_chunked_to_tar(Config) -> ChPid2 = ?config(channel_pid2, Config), - {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write]), - ok = erl_tar:add(Handle, fn("f1.txt",Config), "f1.txt", [verbose,{chunks,2}]), + TarFileName = ?config(tar_filename, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), + F1 = ?config(tar_F1_txt, Config), + ok = erl_tar:add(Handle, fn(F1,Config), F1, [verbose,{chunks,2}]), ok = erl_tar:close(Handle), - chk_tar(["f1.txt"], Config). + chk_tar([F1], Config). %%-------------------------------------------------------------------- directory_to_tar(Config) -> ChPid2 = ?config(channel_pid2, Config), - {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write]), + TarFileName = ?config(tar_filename, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), ok = erl_tar:add(Handle, fn("d1",Config), "d1", [verbose]), ok = erl_tar:close(Handle), chk_tar(["d1"], Config). @@ -590,7 +679,8 @@ directory_to_tar(Config) -> %%-------------------------------------------------------------------- binaries_to_tar(Config) -> ChPid2 = ?config(channel_pid2, Config), - {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write]), + TarFileName = ?config(tar_filename, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), Bin = <<"A binary">>, ok = erl_tar:add(Handle, Bin, "b1", [verbose]), ok = erl_tar:close(Handle), @@ -603,13 +693,15 @@ null_crypto_tar(Config) -> Cenc = fun(Bin,CState) -> {ok,Bin,CState,_SendSize=5} end, Cend = fun(Bin,_CState) -> {ok,Bin} end, C = {Cinit,Cenc,Cend}, - {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write,{crypto,C}]), + TarFileName = ?config(tar_filename, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write,{crypto,C}]), Bin = <<"A binary">>, + F1 = ?config(tar_F1_txt, Config), ok = erl_tar:add(Handle, Bin, "b1", [verbose]), - ok = erl_tar:add(Handle, fn("f1.txt",Config), "f1.txt", [verbose,{chunks,2}]), + ok = erl_tar:add(Handle, fn(F1,Config), F1, [verbose,{chunks,2}]), ok = erl_tar:add(Handle, fn("big.txt",Config), "big.txt", [verbose,{chunks,15000}]), ok = erl_tar:close(Handle), - chk_tar([{"b1",Bin}, "f1.txt", "big.txt"], Config). + chk_tar([{"b1",Bin}, F1, "big.txt"], Config). %%-------------------------------------------------------------------- simple_crypto_tar_small(Config) -> @@ -619,12 +711,14 @@ simple_crypto_tar_small(Config) -> Cdec = fun(Bin,CState) -> {ok,unstuff(Bin),CState,_Size=4} end, Cend = fun(Bin,_CState) -> {ok,stuff(Bin)} end, C = {Cinit,Cenc,Cend}, - {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write,{crypto,C}]), + TarFileName = ?config(tar_filename, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write,{crypto,C}]), Bin = <<"A binary">>, + F1 = ?config(tar_F1_txt, Config), ok = erl_tar:add(Handle, Bin, "b1", [verbose]), - ok = erl_tar:add(Handle, fn("f1.txt",Config), "f1.txt", [verbose,{chunks,2}]), + ok = erl_tar:add(Handle, fn(F1,Config), F1, [verbose,{chunks,2}]), ok = erl_tar:close(Handle), - chk_tar([{"b1",Bin}, "f1.txt"], Config, [{crypto,{Cinit,Cdec}}]). + chk_tar([{"b1",Bin}, F1], Config, [{crypto,{Cinit,Cdec}}]). %%-------------------------------------------------------------------- simple_crypto_tar_big(Config) -> @@ -634,13 +728,15 @@ simple_crypto_tar_big(Config) -> Cdec = fun(Bin,CState) -> {ok,unstuff(Bin),CState,_SendSize=4} end, Cend = fun(Bin,_CState) -> {ok,stuff(Bin)} end, C = {Cinit,Cenc,Cend}, - {ok,Handle} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write,{crypto,C}]), + TarFileName = ?config(tar_filename, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write,{crypto,C}]), Bin = <<"A binary">>, + F1 = ?config(tar_F1_txt, Config), ok = erl_tar:add(Handle, Bin, "b1", [verbose]), - ok = erl_tar:add(Handle, fn("f1.txt",Config), "f1.txt", [verbose,{chunks,2}]), + ok = erl_tar:add(Handle, fn(F1,Config), F1, [verbose,{chunks,2}]), ok = erl_tar:add(Handle, fn("big.txt",Config), "big.txt", [verbose,{chunks,15000}]), ok = erl_tar:close(Handle), - chk_tar([{"b1",Bin}, "f1.txt", "big.txt"], Config, [{crypto,{Cinit,Cdec}}]). + chk_tar([{"b1",Bin}, F1, "big.txt"], Config, [{crypto,{Cinit,Cdec}}]). stuff(Bin) -> << <> || <> <= Bin >>. @@ -653,7 +749,8 @@ read_tar(Config) -> [{"b1",<<"A binary">>}, {"b2",list_to_binary(lists:duplicate(750000,"a"))} ]), - {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write]), + TarFileName = ?config(tar_filename, Config), + {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) || {Name,Bin} <- NameBins], ok = erl_tar:close(HandleWrite), @@ -675,7 +772,8 @@ read_null_crypto_tar(Config) -> Cw = {Cinitw,Cenc,Cendw}, Cr = {Cinitr,Cdec}, - {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write,{crypto,Cw}]), + TarFileName = ?config(tar_filename, Config), + {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, TarFileName, [write,{crypto,Cw}]), [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) || {Name,Bin} <- NameBins], ok = erl_tar:close(HandleWrite), @@ -698,7 +796,8 @@ read_crypto_tar(Config) -> Cw = {Cinitw,Cenc,Cendw}, Cr = {Cinitr,Cdec}, - {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write,{crypto,Cw}]), + TarFileName = ?config(tar_filename, Config), + {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, TarFileName, [write,{crypto,Cw}]), [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) || {Name,Bin} <- NameBins], ok = erl_tar:close(HandleWrite), @@ -737,7 +836,8 @@ aes_cbc256_crypto_tar(Config) -> end, Cw = {Cinitw,Cenc,Cendw}, - {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write,{crypto,Cw}]), + TarFileName = ?config(tar_filename, Config), + {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, TarFileName, [write,{crypto,Cw}]), [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) || {Name,Bin} <- NameBins], ok = erl_tar:close(HandleWrite), @@ -779,7 +879,8 @@ aes_ctr_stream_crypto_tar(Config) -> end, Cw = {Cinitw,Cenc,Cendw}, - {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, fnp(?tar_file_name,Config), [write,{crypto,Cw}]), + TarFileName = ?config(tar_filename, Config), + {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, TarFileName, [write,{crypto,Cw}]), [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) || {Name,Bin} <- NameBins], ok = erl_tar:close(HandleWrite), @@ -790,18 +891,18 @@ aes_ctr_stream_crypto_tar(Config) -> %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- prep(Config) -> - PrivDir = ?config(priv_dir, Config), - TestFile = filename:join(PrivDir, "sftp.txt"), - TestFile1 = filename:join(PrivDir, "test.txt"), - TestLink = filename:join(PrivDir, "link_test.txt"), + DataDir = ?config(data_dir, Config), + TestFile = ?config(filename, Config), + TestFile1 = ?config(testfile, Config), + TestLink = ?config(linktest, Config), + TarFileName = ?config(tar_filename, Config), file:delete(TestFile), file:delete(TestFile1), file:delete(TestLink), - file:delete(fnp(?tar_file_name,Config)), + file:delete(TarFileName), %% Initial config - DataDir = ?config(data_dir, Config), FileName = filename:join(DataDir, "sftp.txt"), file:copy(FileName, TestFile), Mode = 8#00400 bor 8#00200 bor 8#00040, % read & write owner, read group @@ -815,7 +916,8 @@ chk_tar(Items, Config) -> chk_tar(Items, Config, []). chk_tar(Items, Config, Opts) -> - chk_tar(Items, fnp(?tar_file_name,Config), Config, Opts). + TarFileName = ?config(tar_filename, Config), + chk_tar(Items, TarFileName, Config, Opts). chk_tar(Items, TarFileName, Config, Opts) when is_list(Opts) -> tar_size(TarFileName, Config), @@ -888,13 +990,8 @@ read_item_contents(ItemName, FileName) -> end. fn(Name, Config) -> - Dir = ?config(data_dir, Config), - filename:join([Dir,"sftp_tar_test_data",Name]). - -fnp(Name, Config) -> - Dir = ?config(priv_dir, Config), - filename:join([Dir,Name]). - + Dir = ?config(datadir_tar, Config), + filename:join(Dir,Name). fmt_host({A,B,C,D}) -> lists:concat([A,".",B,".",C,".",D]); fmt_host(S) -> S. diff --git "a/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/F\344\270\200.txt" "b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/F\344\270\200.txt" new file mode 100644 index 0000000000..e6076a05b5 --- /dev/null +++ "b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/F\344\270\200.txt" @@ -0,0 +1 @@ +你好 diff --git "a/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/big.txt" "b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/big.txt" new file mode 100644 index 0000000000..f597b69d4c --- /dev/null +++ "b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/big.txt" @@ -0,0 +1,16384 @@ +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. +All work and no play makes Jack a dull boy. diff --git "a/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/d1/f1" "b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/d1/f1" new file mode 100644 index 0000000000..1bafa9761e --- /dev/null +++ "b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/d1/f1" @@ -0,0 +1 @@ +And hi from the subdirectory too! diff --git "a/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/d1/f2" "b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/d1/f2" new file mode 100644 index 0000000000..8566adaeef --- /dev/null +++ "b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/d1/f2" @@ -0,0 +1 @@ +one more file diff --git "a/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/f2.txt" "b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/f2.txt" new file mode 100644 index 0000000000..d18c6b11fc --- /dev/null +++ "b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/f2.txt" @@ -0,0 +1 @@ +How are you? -- cgit v1.2.3 From 747e32d7e5cfcd580da0a57e94cf9fda7adfb6e3 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 22 Jun 2015 19:53:03 +0200 Subject: ssh: correct sftp unicode and iolist bug Ssh_sftp.erl handled incorrectly unicode data in ssh_ftp:write_file. There was also problems with some deeper iolists. --- lib/ssh/src/ssh_sftp.erl | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl index 9fe2d56759..dbacf730cc 100644 --- a/lib/ssh/src/ssh_sftp.erl +++ b/lib/ssh/src/ssh_sftp.erl @@ -439,7 +439,7 @@ write_file(Pid, Name, List) -> write_file(Pid, Name, List, ?FILEOP_TIMEOUT). write_file(Pid, Name, List, FileOpTimeout) when is_list(List) -> - write_file(Pid, Name, unicode:characters_to_binary(List), FileOpTimeout); + write_file(Pid, Name, list_to_binary(List), FileOpTimeout); write_file(Pid, Name, Bin, FileOpTimeout) -> case open(Pid, Name, [write, binary], FileOpTimeout) of {ok, Handle} -> @@ -611,8 +611,7 @@ do_handle_call({pread,Async,Handle,At,Length}, From, State) -> fun({ok,Data}, State2) -> case get_mode(Handle, State2) of binary -> {{ok,Data}, State2}; - text -> - {{ok,unicode:characters_to_list(Data)}, State2} + text -> {{ok,binary_to_list(Data)}, State2} end; (Rep, State2) -> {Rep, State2} -- cgit v1.2.3 From 941ddfbeab3357177ce6eac709456fd881ac2429 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 15 Jun 2015 22:09:53 +0200 Subject: ssh: Initial ssh_tprt_test_lib.erl and ssh_protocol_SUITE This test lib is intended for deeper testing of the SSH application. It makes it possible to do exact steps in the message exchange to test "corner cases" --- lib/ssh/test/Makefile | 2 + lib/ssh/test/ssh_protocol_SUITE.erl | 314 ++++++++++ lib/ssh/test/ssh_protocol_SUITE_data/id_dsa | 13 + lib/ssh/test/ssh_protocol_SUITE_data/id_rsa | 15 + .../test/ssh_protocol_SUITE_data/ssh_host_dsa_key | 13 + .../ssh_protocol_SUITE_data/ssh_host_dsa_key.pub | 11 + .../test/ssh_protocol_SUITE_data/ssh_host_rsa_key | 16 + .../ssh_protocol_SUITE_data/ssh_host_rsa_key.pub | 5 + lib/ssh/test/ssh_trpt_test_lib.erl | 691 +++++++++++++++++++++ 9 files changed, 1080 insertions(+) create mode 100644 lib/ssh/test/ssh_protocol_SUITE.erl create mode 100644 lib/ssh/test/ssh_protocol_SUITE_data/id_dsa create mode 100644 lib/ssh/test/ssh_protocol_SUITE_data/id_rsa create mode 100644 lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_dsa_key create mode 100644 lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_dsa_key.pub create mode 100644 lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_rsa_key create mode 100644 lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_rsa_key.pub create mode 100644 lib/ssh/test/ssh_trpt_test_lib.erl (limited to 'lib/ssh') diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile index 6503d5b643..47c189c162 100644 --- a/lib/ssh/test/Makefile +++ b/lib/ssh/test/Makefile @@ -33,8 +33,10 @@ VSN=$(GS_VSN) MODULES= \ ssh_test_lib \ + ssh_trpt_test_lib \ ssh_sup_SUITE \ ssh_basic_SUITE \ + ssh_protocol_SUITE \ ssh_to_openssh_SUITE \ ssh_sftp_SUITE \ ssh_sftpd_SUITE \ diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl new file mode 100644 index 0000000000..3fb2840a19 --- /dev/null +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -0,0 +1,314 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2015. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +%% + +-module(ssh_protocol_SUITE). + +-include_lib("common_test/include/ct.hrl"). +-include_lib("kernel/include/inet.hrl"). +-include_lib("ssh/src/ssh.hrl"). % ?UINT32, ?BYTE, #ssh{} ... +-include_lib("ssh/src/ssh_transport.hrl"). +-include_lib("ssh/src/ssh_auth.hrl"). + +%% Note: This directive should only be used in test suites. +-compile(export_all). + +-define(NEWLINE, <<"\r\n">>). +-define(REKEY_DATA_TMO, 65000). + +-define(v(Key, Config), proplists:get_value(Key, Config)). +-define(v(Key, Config, Default), proplists:get_value(Key, Config, Default)). + + +%%-------------------------------------------------------------------- +%% Common Test interface functions ----------------------------------- +%%-------------------------------------------------------------------- + +suite() -> + [{ct_hooks,[ts_install_cth]}]. + +all() -> + [{group,tool_tests} + ]. + +groups() -> + [{tool_tests, [], [lib_works_as_client, + lib_works_as_server, + lib_match, + lib_no_match + ]} + ]. + + +init_per_suite(Config) -> + start_std_daemon( setup_dirs( start_apps(Config))). + +end_per_suite(Config) -> + stop_apps(Config). + + +init_per_testcase(_TestCase, Config) -> + check_std_daemon_works(Config, ?LINE). + +end_per_testcase(_TestCase, Config) -> + check_std_daemon_works(Config, ?LINE). + + +%%%-------------------------------------------------------------------- +%%% Test Cases -------------------------------------------------------- +%%%-------------------------------------------------------------------- + +%%%-------------------------------------------------------------------- +%%% Connect to an erlang server and check that the testlib acts as a client. +lib_works_as_client(Config) -> + %% Connect and negotiate keys + {ok,InitialState} = + ssh_trpt_test_lib:exec( + [{set_options, [print_ops, print_seqnums, print_messages]}, + {connect, + server_host(Config),server_port(Config), + [{silently_accept_hosts, true}, + {user_dir, user_dir(Config)}, + {user_interaction, false}]}, + receive_hello, + {send, hello}, + {send, ssh_msg_kexinit}, + {match, #ssh_msg_kexinit{_='_'}, receive_msg}, + {send, ssh_msg_kexdh_init}, + {match,# ssh_msg_kexdh_reply{_='_'}, receive_msg}, + {send, #ssh_msg_newkeys{}}, + {match, #ssh_msg_newkeys{_='_'}, receive_msg} + ] + ), + + %% Do the authentcation + {User,Pwd} = server_user_password(Config), + {ok,EndState} = + ssh_trpt_test_lib:exec( + [{send, #ssh_msg_service_request{name = "ssh-userauth"}}, + {match, #ssh_msg_service_accept{name = "ssh-userauth"}, receive_msg}, + {send, #ssh_msg_userauth_request{user = User, + service = "ssh-connection", + method = "password", + data = <> + }}, + {match, #ssh_msg_userauth_success{_='_'}, receive_msg} + ], InitialState), + + %% Disconnect + {ok,_} = + ssh_trpt_test_lib:exec( + [{send, #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + description = "End of the fun", + language = "" + }}, + close_socket + ], EndState). + + +%%-------------------------------------------------------------------- +%%% Connect an erlang client and check that the testlib can act as a server. +lib_works_as_server(Config) -> + {User,_Pwd} = server_user_password(Config), + + %% Create a listening socket as server socket: + {ok,InitialState} = ssh_trpt_test_lib:exec(listen), + HostPort = ssh_trpt_test_lib:server_host_port(InitialState), + + %% Start a process handling one connection on the server side: + spawn_link( + fun() -> + {ok,_} = + ssh_trpt_test_lib:exec( + [{set_options, [print_ops, print_messages]}, + {accept, [{system_dir, system_dir(Config)}, + {user_dir, user_dir(Config)}]}, + receive_hello, + {send, hello}, + + {send, ssh_msg_kexinit}, + {match, #ssh_msg_kexinit{_='_'}, receive_msg}, + + {match, #ssh_msg_kexdh_init{_='_'}, receive_msg}, + {send, ssh_msg_kexdh_reply}, + + {send, #ssh_msg_newkeys{}}, + {match, #ssh_msg_newkeys{_='_'}, receive_msg}, + + {match, #ssh_msg_service_request{name="ssh-userauth"}, receive_msg}, + {send, #ssh_msg_service_accept{name="ssh-userauth"}}, + + {match, #ssh_msg_userauth_request{service="ssh-connection", + method="none", + user=User, + _='_'}, receive_msg}, + + {send, #ssh_msg_userauth_failure{authentications = "password", + partial_success = false}}, + + {match, #ssh_msg_userauth_request{service="ssh-connection", + method="password", + user=User, + _='_'}, receive_msg}, + {send, #ssh_msg_userauth_success{}}, + close_socket, + print_state + ], + InitialState) + end), + + %% and finally connect to it with a regular Erlang SSH client: + {ok,_} = std_connect(HostPort, Config). + +%%-------------------------------------------------------------------- +%%% Matching +lib_match(_Config) -> + {ok,_} = + ssh_trpt_test_lib:exec([{set_options, [print_ops]}, + {match, abc, abc}, + {match, '$a', {cde,fgh}}, + {match, {cde,fgh}, '$a'}, + {match, '_', {cde,fgh}}, + {match, [a,'$a',b], [a,{cde,fgh},b]}, + {match, [a,'$a'|'$b'], [a,{cde,fgh},b,c]}, + {match, '$b', [b,c]} + ]). + +%%-------------------------------------------------------------------- +%%% Not matching +lib_no_match(_Config) -> + case ssh_trpt_test_lib:exec([{set_options, [print_ops]}, + {match, '$x', b}, + {match, a, '$x'}]) + of + {ok,_} -> {fail,"Unexpected match"}; + {error, {_Op,{expected,a,b},_State}} -> ok + end. + +%%%================================================================ +%%%==== Internal functions ======================================== +%%%================================================================ + +%%%---- init_suite and end_suite --------------------------------------- +start_apps(Config) -> + catch crypto:stop(), + case catch crypto:start() of + ok -> + catch ssh:stop(), + ok = ssh:start(), + [{stop_apps, + fun() -> + ssh:stop(), + crypto:stop() + end} | Config]; + _Else -> + {skip, "Crypto could not be started!"} + end. + + +stop_apps(Config) -> + (?v(stop_apps, Config, fun()-> ok end))(), + ssh:stop(). + + +setup_dirs(Config) -> + DataDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + ssh_test_lib:setup_rsa(DataDir, PrivDir), + Config. + +system_dir(Config) -> filename:join(?config(priv_dir, Config), system). + +user_dir(Config) -> ?config(priv_dir, Config). + +%%%---------------------------------------------------------------- +start_std_daemon(Config) -> + start_std_daemon(Config, []). + +start_std_daemon(Config, ExtraOpts) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + UserPasswords = [{"user1","pwd1"}], + Options = [{system_dir, system_dir(Config)}, + {user_dir, user_dir(Config)}, + {user_passwords, UserPasswords}, + {failfun, fun ssh_test_lib:failfun/2} + | ExtraOpts], + Ref = {Server, Host, Port} = ssh_test_lib:daemon(Options), + ct:log("Std server ~p started at ~p:~p~nOptions=~p",[Server, Host, Port, Options]), + [{server,Ref}, {user_passwords, UserPasswords} | Config]. + + +stop_std_daemon(Config) -> + ssh:stop_daemon(server_pid(Config)), + ct:log("Std server ~p at ~p:~p stopped", [server_pid(Config), server_host(Config), server_port(Config)]), + lists:keydelete(server, 1, Config). + +check_std_daemon_works(Config, Line) -> + case std_connect(Config) of + {ok,C} -> + ct:log("Server ~p:~p ~p is ok at line ~p", + [server_host(Config), server_port(Config), + server_pid(Config), Line]), + ok = ssh:close(C), + Config; + Error = {error,_} -> + {fail, + lists:flatten( + io_lib:format("Standard server ~p:~p ~p is ill at line ~p: ~p", + [server_host(Config), server_port(Config), + server_pid(Config), Line, Error]) + ) + } + end. + +server_pid(Config) -> element(1,?v(server,Config)). +server_host(Config) -> element(2,?v(server,Config)). +server_port(Config) -> element(3,?v(server,Config)). + +server_user_password(Config) -> server_user_password(1, Config). + +server_user_password(N, Config) -> lists:nth(N, ?v(user_passwords,Config)). + + +std_connect(Config) -> + {User,Pwd} = server_user_password(Config), + std_connect(server_host(Config), server_port(Config), + Config, + [{user,User},{password,Pwd}]). + +std_connect({Host,Port}, Config) -> + {User,Pwd} = server_user_password(Config), + std_connect(Host, Port, Config, [{user,User},{password,Pwd}]). + +std_connect({Host,Port}, Config, Opts) -> + std_connect(Host, Port, Config, Opts). + +std_connect(Host, Port, Config, Opts) -> + ssh:connect(Host, Port, + [{silently_accept_hosts, true}, + {user_dir, user_dir(Config)}, + {user_interaction, false} | Opts], + 30000). + + +%%%---------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_protocol_SUITE_data/id_dsa b/lib/ssh/test/ssh_protocol_SUITE_data/id_dsa new file mode 100644 index 0000000000..d306f8b26e --- /dev/null +++ b/lib/ssh/test/ssh_protocol_SUITE_data/id_dsa @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ +APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod +/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP +kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW +JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD +OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt ++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e +uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX +Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE +ZU8w8Q+H7z0j+a+70x2iAw== +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_protocol_SUITE_data/id_rsa b/lib/ssh/test/ssh_protocol_SUITE_data/id_rsa new file mode 100644 index 0000000000..9d7e0dd5fb --- /dev/null +++ b/lib/ssh/test/ssh_protocol_SUITE_data/id_rsa @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQD1OET+3O/Bvj/dtjxDTXmj1oiJt4sIph5kGy0RfjoPrZfaS+CU +DhakCmS6t2ivxWFgtpKWaoGMZMJqWj6F6ZsumyFl3FPBtujwY/35cgifrI9Ns4Tl +zR1uuengNBmV+WRQ5cd9F2qS6Z8aDQihzt0r8JUqLcK+VQbrmNzboCCQQwIDAQAB +AoGAPQEyqPTt8JUT7mRXuaacjFXiweAXhp9NEDpyi9eLOjtFe9lElZCrsUOkq47V +TGUeRKEm9qSodfTbKPoqc8YaBJGJPhUaTAcha+7QcDdfHBvIsgxvU7ePVnlpXRp3 +CCUEMPhlnx6xBoTYP+fRU0e3+xJIPVyVCqX1jAdUMkzfRoECQQD6ux7B1QJAIWyK +SGkbDUbBilNmzCFNgIpOP6PA+bwfi5d16diTpra5AX09keQABAo/KaP1PdV8Vg0p +z4P3A7G3AkEA+l+AKG6m0kQTTBMJDqOdVPYwe+5GxunMaqmhokpEbuGsrZBl5Dvd +WpcBjR7jmenrhKZRIuA+Fz5HPo/UQJPl1QJBAKxstDkeED8j/S2XoFhPKAJ+6t39 +sUVICVTIZQeXdmzHJXCcUSkw8+WEhakqw/3SyW0oaK2FSWQJFWJUZ+8eJj8CQEh3 +xeduB5kKnS9CvzdeghZqX6QvVosSdtlUmfUYW/BgH5PpHKTP8wTaeld3XldZTpMJ +dKiMkUw2+XYROVUrubUCQD+Na1LhULlpn4ISEtIEfqpdlUhxDgO15Wg8USmsng+x +ICliVOSQtwaZjm8kwaFt0W7XnpnDxbRs37vIEbIMWak= +-----END RSA PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_dsa_key new file mode 100644 index 0000000000..51ab6fbd88 --- /dev/null +++ b/lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_dsa_key @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK +wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q +diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA +l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X +skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF +Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP +ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah +/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U +ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W +Lv62jKcdskxNyz2NQoBx +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_dsa_key.pub new file mode 100644 index 0000000000..4dbb1305b0 --- /dev/null +++ b/lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_dsa_key.pub @@ -0,0 +1,11 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j +YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2 +KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU +aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI +fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT +MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh +DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48 +wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2 +/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg== +---- END SSH2 PUBLIC KEY ---- diff --git a/lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_rsa_key b/lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_rsa_key new file mode 100644 index 0000000000..79968bdd7d --- /dev/null +++ b/lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_rsa_key @@ -0,0 +1,16 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8semM4q843337 +zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RWRWzjaxSB +6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4QIDAQAB +AoGANmvJzJO5hkLuvyDZHKfAnGTtpifcR1wtSa9DjdKUyn8vhKF0mIimnbnYQEmW +NUUb3gXCZLi9PvkpRSVRrASDOZwcjoU/Kvww163vBUVb2cOZfFhyn6o2Sk88Tt++ +udH3hdjpf9i7jTtUkUe+QYPsia+wgvvrmn4QrahLAH86+kECQQDx5gFeXTME3cnW +WMpFz3PPumduzjqgqMMWEccX4FtQkMX/gyGa5UC7OHFyh0N/gSWvPbRHa8A6YgIt +n8DO+fh5AkEAzbqX4DOn8NY6xJIi42q7l/2jIA0RkB6P7YugW5NblhqBZ0XDnpA5 +sMt+rz+K07u9XZtxgh1xi7mNfwY6lEAMqQJBAJBEauCKmRj35Z6OyeQku59SPsnY ++SJEREVvSNw2lH9SOKQQ4wPsYlTGbvKtNVZgAcen91L5MmYfeckYE/fdIZECQQCt +64zxsTnM1I8iFxj/gP/OYlJBikrKt8udWmjaghzvLMEw+T2DExJyb9ZNeT53+UMB +m6O+B/4xzU/djvp+0hbhAkAemIt+rA5kTmYlFndhpvzkSSM8a2EXsO4XIPgGWCTT +tQKS/tTly0ADMjN/TVy11+9d6zcqadNVuHXHGtR4W0GR +-----END RSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_rsa_key.pub b/lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_rsa_key.pub new file mode 100644 index 0000000000..75d2025c71 --- /dev/null +++ b/lib/ssh/test/ssh_protocol_SUITE_data/ssh_host_rsa_key.pub @@ -0,0 +1,5 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8 +semM4q843337zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RW +RWzjaxSB6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4Q== +---- END SSH2 PUBLIC KEY ---- diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl new file mode 100644 index 0000000000..8623020a31 --- /dev/null +++ b/lib/ssh/test/ssh_trpt_test_lib.erl @@ -0,0 +1,691 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2004-2015. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +%% + +-module(ssh_trpt_test_lib). + +%%-compile(export_all). + +-export([exec/1, exec/2, + format_msg/1, + server_host_port/1 + ] + ). + +-include_lib("common_test/include/ct.hrl"). +-include_lib("ssh/src/ssh.hrl"). % ?UINT32, ?BYTE, #ssh{} ... +-include_lib("ssh/src/ssh_transport.hrl"). +-include_lib("ssh/src/ssh_auth.hrl"). + +%%%---------------------------------------------------------------- +-record(s, { + socket, + listen_socket, + opts = [], + timeout = 5000, % ms + seen_hello = false, + enc = <<>>, + ssh = #ssh{}, % #ssh{} + own_kexinit, + peer_kexinit, + vars = dict:new(), + reply = [], % Some repy msgs are generated hidden in ssh_transport :[ + prints = [], + return_value + }). + +-define(role(S), ((S#s.ssh)#ssh.role) ). + + +server_host_port(S=#s{}) -> + {Host,Port} = ok(inet:sockname(S#s.listen_socket)), + {host(Host), Port}. + + +%%% Options: {print_messages, false} true|detail +%%% {print_seqnums,false} true +%%% {print_ops,false} true + +exec(L) -> exec(L, #s{}). + +exec(L, S) when is_list(L) -> lists:foldl(fun exec/2, S, L); + +exec(Op, S0=#s{}) -> + S1 = init_op_traces(Op, S0), + try seqnum_trace( + op(Op, S1)) + of + S = #s{} -> + print_traces(S), + {ok,S} + catch + {fail,Reason,Se} -> + report_trace('', Reason, Se), + {error,{Op,Reason,Se}}; + + throw:Term -> + report_trace(throw, Term, S1), + throw(Term); + + error:Error -> + report_trace(error, Error, S1), + error(Error); + + exit:Exit -> + report_trace(exit, Exit, S1), + exit(Exit) + end; +exec(Op, {ok,S=#s{}}) -> exec(Op, S); +exec(_, Error) -> Error. + + +%%%---- Server ops +op(listen, S) when ?role(S) == undefined -> op({listen,0}, S); + +op({listen,Port}, S) when ?role(S) == undefined -> + S#s{listen_socket = ok(gen_tcp:listen(Port, mangle_opts([]))), + ssh = (S#s.ssh)#ssh{role=server} + }; + +op({accept,Opts}, S) when ?role(S) == server -> + {ok,Socket} = gen_tcp:accept(S#s.listen_socket, S#s.timeout), + {Host,_Port} = ok(inet:sockname(Socket)), + S#s{socket = Socket, + ssh = init_ssh(server,Socket,[{host,host(Host)}|Opts]), + return_value = ok}; + +%%%---- Client ops +op({connect,Host,Port,Opts}, S) when ?role(S) == undefined -> + Socket = ok(gen_tcp:connect(host(Host), Port, mangle_opts([]))), + S#s{socket = Socket, + ssh = init_ssh(client, Socket, [{host,host(Host)}|Opts]), + return_value = ok}; + +%%%---- ops for both client and server +op(close_socket, S) -> + catch tcp_gen:close(S#s.socket), + catch tcp_gen:close(S#s.listen_socket), + S#s{socket = undefined, + listen_socket = undefined, + return_value = ok}; + +op({set_options,Opts}, S) -> + S#s{opts = Opts}; + +op({send,X}, S) -> + send(S, instantiate(X,S)); + +op(receive_hello, S0) when S0#s.seen_hello =/= true -> + case recv(S0) of + S1=#s{return_value={hello,_}} -> S1; + S1=#s{} -> op(receive_hello, receive_wait(S1)) + end; + +op(receive_msg, S) when S#s.seen_hello == true -> + try recv(S) + catch + {tcp,Exc} -> S#s{return_value=Exc} + end; + + +op({expect,timeout,E}, S0) -> + try op(E, S0) + of + S=#s{} -> fail({expected,timeout,S#s.return_value}, S) + catch + {receive_timeout,_} -> S0#s{return_value=timeout} + end; + +op({match,M,E}, S0) -> + {Val,S2} = op_val(E, S0), + case match(M, Val, S2) of + {true,S3} -> + opt(print_ops,S3, + fun(true) -> + case dict:fold( + fun(K,V,Acc) -> + case dict:find(K,S0#s.vars) of + error -> [{K,V}|Acc]; + _ -> Acc + end + end, [], S3#s.vars) + of + [] -> {"Matches! No new bindings.",[]}; + New -> + Width = lists:max([length(atom_to_list(K)) || {K,_} <- New]), + {lists:flatten( + ["Matches! New bindings:~n" | + [io_lib:format(" ~*s = ~p~n",[Width,K,V]) || {K,V}<-New]]), + []} + end + end); + false -> + fail({expected,M,Val}, + opt(print_ops,S2,fun(true) -> {"nomatch!!~n",[]} end) + ) + end; + +op({print,E}, S0) -> + {Val,S} = op_val(E, S0), + io:format("Result of ~p ~p =~n~s~n",[?role(S0),E,format_msg(Val)]), + S; + +op(print_state, S) -> + io:format("State(~p)=~n~s~n",[?role(S), format_msg(S)]), + S; + +op('$$', S) -> + %% For matching etc + S. + + +op_val(E, S0) -> + case catch op(E, S0) of + {'EXIT',{function_clause,[{ssh_trpt_test_lib,op,[E,S0],_}|_]}} -> + {instantiate(E,S0), S0}; + S=#s{} -> + {S#s.return_value, S} + end. + + +fail(Reason, S) -> + throw({fail, Reason, S}). + +%%%---------------------------------------------------------------- +%% No optimizations :) + +match('$$', V, S) -> + match(S#s.return_value, V, S); + +match('_', _, S) -> + {true, S}; + +match(P, V, S) when is_atom(P) -> + case atom_to_list(P) of + "$"++_ -> + %% Variable + case dict:find(P,S#s.vars) of + {ok,Val} -> match(Val, V, S); + error -> {true,S#s{vars = dict:store(P,V,S#s.vars)}} + end; + _ when P==V -> + {true,S}; + _ -> + false + end; + +match(P, V, S) when P==V -> + {true, S}; + +match(P, V, S) when is_tuple(P), + is_tuple(V) -> + match(tuple_to_list(P), tuple_to_list(V), S); + +match([Hp|Tp], [Hv|Tv], S0) -> + case match(Hp, Hv, S0) of + {true,S} -> match(Tp, Tv, S); + false -> false + end; + +match(_, _, _) -> + false. + + + +instantiate('$$', S) -> + S#s.return_value; % FIXME: What if $$ or $... in return_value? + +instantiate(A, S) when is_atom(A) -> + case atom_to_list(A) of + "$"++_ -> + %% Variable + case dict:find(A,S#s.vars) of + {ok,Val} -> Val; % FIXME: What if $$ or $... in Val? + error -> throw({unbound,A}) + end; + _ -> + A + end; + +instantiate(T, S) when is_tuple(T) -> + list_to_tuple( instantiate(tuple_to_list(T),S) ); + +instantiate([H|T], S) -> + [instantiate(H,S) | instantiate(T,S)]; + +instantiate(X, _S) -> + X. + +%%%================================================================ +%%% +init_ssh(Role, Socket, Options0) -> + Options = [{user_interaction,false} + | Options0], + ssh_connection_handler:init_ssh(Role, + {2,0}, + lists:concat(["SSH-2.0-ErlangTestLib ",Role]), + Options, Socket). + +mangle_opts(Options) -> + SysOpts = [{reuseaddr, true}, + {active, false}, + {mode, binary} + ], + SysOpts ++ lists:foldl(fun({K,_},Opts) -> + lists:keydelete(K,1,Opts) + end, Options, SysOpts). + +host({0,0,0,0}) -> "localhost"; +host(H) -> H. + +%%%---------------------------------------------------------------- +send(S=#s{ssh=C}, hello) -> + Hello = case ?role(S) of + client -> C#ssh.c_version; + server -> C#ssh.s_version + end ++ "\r\n", + send(S, list_to_binary(Hello)); + +send(S0, ssh_msg_kexinit) -> + {Msg, Bytes, C0} = ssh_transport:key_exchange_init_msg(S0#s.ssh), + S1 = opt(print_messages, S0, + fun(X) when X==true;X==detail -> {"Send~n~s~n",[format_msg(Msg)]} end), + S = case ?role(S1) of + server when is_record(S1#s.peer_kexinit, ssh_msg_kexinit) -> + {ok, C} = + ssh_transport:handle_kexinit_msg(S1#s.peer_kexinit, Msg, C0), + S1#s{peer_kexinit = used, + own_kexinit = used, + ssh = C}; + _ -> + S1#s{ssh = C0, + own_kexinit = Msg} + end, + send_bytes(Bytes, S#s{return_value = Msg}); + +send(S0, ssh_msg_kexdh_init) when ?role(S0) == client, + is_record(S0#s.peer_kexinit, ssh_msg_kexinit), + is_record(S0#s.own_kexinit, ssh_msg_kexinit) -> + {ok, NextKexMsgBin, C} = + ssh_transport:handle_kexinit_msg(S0#s.peer_kexinit, S0#s.own_kexinit, S0#s.ssh), + + S = opt(print_messages, S0, + fun(X) when X==true;X==detail -> + #ssh{keyex_key = {{_Private, Public}, {_G, _P}}} = C, + Msg = #ssh_msg_kexdh_init{e = Public}, + {"Send (reconstructed)~n~s~n",[format_msg(Msg)]} + end), + + send_bytes(NextKexMsgBin, S#s{ssh = C, + peer_kexinit = used, + own_kexinit = used}); + +send(S0, ssh_msg_kexdh_reply) -> + Bytes = proplists:get_value(ssh_msg_kexdh_reply, S0#s.reply), + S = opt(print_messages, S0, + fun(X) when X==true;X==detail -> + {{_Private, Public}, _} = (S0#s.ssh)#ssh.keyex_key, + Msg = #ssh_msg_kexdh_reply{public_host_key = 'Key', + f = Public, + h_sig = 'H_SIG' + }, + {"Send (reconstructed)~n~s~n",[format_msg(Msg)]} + end), + send_bytes(Bytes, S#s{return_value = Bytes}); + +send(S0, Line) when is_binary(Line) -> + S = opt(print_messages, S0, + fun(X) when X==true;X==detail -> {"Send line~n~p~n",[Line]} end), + send_bytes(Line, S#s{return_value = Line}); + +%%% Msg = #ssh_msg_*{} +send(S0, Msg) when is_tuple(Msg) -> + S = opt(print_messages, S0, + fun(X) when X==true;X==detail -> {"Send~n~s~n",[format_msg(Msg)]} end), + {Packet, C} = ssh_transport:ssh_packet(Msg, S#s.ssh), + send_bytes(Packet, S#s{ssh = C, %%inc_send_seq_num(C), + return_value = Msg}). + +send_bytes(B, S0) -> + S = opt(print_messages, S0, fun(detail) -> {"Send bytes~n~p~n",[B]} end), + ok(gen_tcp:send(S#s.socket, B)), + S. + +%%%---------------------------------------------------------------- +recv(S0 = #s{}) -> + S1 = receive_poll(S0), + case S1#s.seen_hello of + {more,Seen} -> + %% Has received parts of a line. Has not seen a complete hello. + try_find_crlf(Seen, S1); + false -> + %% Must see hello before binary messages + try_find_crlf(<<>>, S1); + true -> + %% Has seen hello, therefore no more crlf-messages are alowed. + S = receive_binary_msg(S1), + case M=S#s.return_value of + #ssh_msg_kexinit{} when ?role(S) == server, + S#s.own_kexinit =/= undefined -> + {ok, C} = + ssh_transport:handle_kexinit_msg(M, S#s.own_kexinit, S#s.ssh), + S#s{peer_kexinit = used, + own_kexinit = used, + ssh = C}; + #ssh_msg_kexinit{} -> + S#s{peer_kexinit = M}; + #ssh_msg_kexdh_init{} -> % Always the server + {ok, Reply, C} = ssh_transport:handle_kexdh_init(M, S#s.ssh), + S#s{ssh = C, + reply = [{ssh_msg_kexdh_reply,Reply} | S#s.reply] + }; + #ssh_msg_kexdh_reply{} -> + {ok, _NewKeys, C} = ssh_transport:handle_kexdh_reply(M, S#s.ssh), + S#s{ssh=C#ssh{send_sequence=S#s.ssh#ssh.send_sequence}}; % Back the number + #ssh_msg_newkeys{} -> + {ok, C} = ssh_transport:handle_new_keys(M, S#s.ssh), + S#s{ssh=C}; + _ -> + S + end + end. + +%%%================================================================ +try_find_crlf(Seen, S0) -> + case erlang:decode_packet(line,S0#s.enc,[]) of + {more,_} -> + Line = <>, + S0#s{seen_hello = {more,Line}, + enc = <<>>, % didn't find a complete line + % -> no more characters to test + return_value = {more,Line} + }; + {ok,Used,Rest} -> + Line = <>, + case handle_hello(Line, S0) of + false -> + S = opt(print_messages, S0, + fun(X) when X==true;X==detail -> {"Recv info~n~p~n",[Line]} end), + S#s{seen_hello = false, + enc = Rest, + return_value = {info,Line}}; + S1=#s{} -> + S = opt(print_messages, S1, + fun(X) when X==true;X==detail -> {"Recv hello~n~p~n",[Line]} end), + S#s{seen_hello = true, + enc = Rest, + return_value = {hello,Line}} + end + end. + + +handle_hello(Bin, S=#s{ssh=C}) -> + case {ssh_transport:handle_hello_version(binary_to_list(Bin)), + ?role(S)} + of + {{undefined,_}, _} -> false; + {{Vp,Vs}, client} -> S#s{ssh = C#ssh{s_vsn=Vp, s_version=Vs}}; + {{Vp,Vs}, server} -> S#s{ssh = C#ssh{c_vsn=Vp, c_version=Vs}} + end. + +receive_binary_msg(S0=#s{ssh=C0=#ssh{decrypt_block_size = BlockSize, + recv_mac_size = MacSize + } + }) -> + case size(S0#s.enc) >= max(8,BlockSize) of + false -> + %% Need more bytes to decode the packet_length field + Remaining = max(8,BlockSize) - size(S0#s.enc), + receive_binary_msg( receive_wait(Remaining, S0) ); + true -> + %% Has enough bytes to decode the packet_length field + {_, <>, _} = + ssh_transport:decrypt_blocks(S0#s.enc, BlockSize, C0), % FIXME: BlockSize should be at least 4 + + %% FIXME: Check that ((4+PacketLen) rem BlockSize) == 0 ? + + S1 = if + PacketLen > ?SSH_MAX_PACKET_SIZE -> + fail({too_large_message,PacketLen},S0); % FIXME: disconnect + + ((4+PacketLen) rem BlockSize) =/= 0 -> + fail(bad_packet_length_modulo, S0); % FIXME: disconnect + + size(S0#s.enc) >= (4 + PacketLen + MacSize) -> + %% has the whole packet + S0; + + true -> + %% need more bytes to get have the whole packet + Remaining = (4 + PacketLen + MacSize) - size(S0#s.enc), + receive_wait(Remaining, S0) + end, + + %% Decrypt all, including the packet_length part (re-use the initial #ssh{}) + {C1, SshPacket = <>, EncRest} = + ssh_transport:decrypt_blocks(S1#s.enc, PacketLen+4, C0), + + PayloadLen = PacketLen - 1 - PadLen, + <> = Tail, + + {C2, Payload} = ssh_transport:decompress(C1, CompressedPayload), + + <> = EncRest, + + case {ssh_transport:is_valid_mac(Mac, SshPacket, C2), + catch ssh_message:decode(Payload)} + of + {false, _} -> fail(bad_mac,S1); + {_, {'EXIT',_}} -> fail(decode_failed,S1); + + {true, Msg} -> + C3 = case Msg of + #ssh_msg_kexinit{} -> + ssh_transport:key_init(opposite_role(C2), C2, Payload); + _ -> + C2 + end, + S2 = opt(print_messages, S1, + fun(X) when X==true;X==detail -> {"Recv~n~s~n",[format_msg(Msg)]} end), + S3 = opt(print_messages, S2, + fun(detail) -> {"decrypted bytes ~p~n",[SshPacket]} end), + S3#s{ssh = inc_recv_seq_num(C3), + enc = Rest, + return_value = Msg + } + end + end. + + +receive_poll(S=#s{socket=Sock}) -> + inet:setopts(Sock, [{active,once}]), + receive + {tcp,Sock,Data} -> + receive_poll( S#s{enc = <<(S#s.enc)/binary,Data/binary>>} ); + {tcp_closed,Sock} -> + throw({tcp,tcp_closed}); + {tcp_error, Sock, Reason} -> + throw({tcp,{tcp_error,Reason}}) + after 0 -> + S + end. + +receive_wait(S=#s{socket=Sock, + timeout=Timeout}) -> + inet:setopts(Sock, [{active,once}]), + receive + {tcp,Sock,Data} -> + S#s{enc = <<(S#s.enc)/binary,Data/binary>>}; + {tcp_closed,Sock} -> + throw({tcp,tcp_closed}); + {tcp_error, Sock, Reason} -> + throw({tcp,{tcp_error,Reason}}) + after Timeout -> + fail(receive_timeout,S) + end. + +receive_wait(N, S=#s{socket=Sock, + timeout=Timeout, + enc=Enc0}) when N>0 -> + inet:setopts(Sock, [{active,once}]), + receive + {tcp,Sock,Data} -> + receive_wait(N-size(Data), S#s{enc = <>}); + {tcp_closed,Sock} -> + throw({tcp,tcp_closed}); + {tcp_error, Sock, Reason} -> + throw({tcp,{tcp_error,Reason}}) + after Timeout -> + fail(receive_timeout, S) + end; +receive_wait(_N, S) -> + S. + +%% random_padding_len(PaddingLen1, ChunkSize) -> +%% MaxAdditionalRandomPaddingLen = % max 255 bytes padding totaö +%% (255 - PaddingLen1) - ((255 - PaddingLen1) rem ChunkSize), +%% AddLen0 = crypto:rand_uniform(0,MaxAdditionalRandomPaddingLen), +%% AddLen0 - (AddLen0 rem ChunkSize). % preserve the blocking + +inc_recv_seq_num(C=#ssh{recv_sequence=N}) -> C#ssh{recv_sequence=(N+1) band 16#ffffffff}. +%%%inc_send_seq_num(C=#ssh{send_sequence=N}) -> C#ssh{send_sequence=(N+1) band 16#ffffffff}. + +opposite_role(#ssh{role=R}) -> opposite_role(R); +opposite_role(client) -> server; +opposite_role(server) -> client. + +ok(ok) -> ok; +ok({ok,R}) -> R; +ok({error,E}) -> erlang:error(E). + + +%%%================================================================ +%%% +%%% Formating of records +%%% + +format_msg(M) -> format_msg(M, 0). + +format_msg(M, I0) -> + case fields(M) of + undefined -> io_lib:format('~p',[M]); + Fields -> + [Name|Args] = tuple_to_list(M), + Head = io_lib:format('#~p{',[Name]), + I = lists:flatlength(Head)+I0, + NL = io_lib:format('~n~*c',[I,$ ]), + Sep = io_lib:format(',~n~*c',[I,$ ]), + Tail = [begin + S0 = io_lib:format('~p = ',[F]), + I1 = I + lists:flatlength(S0), + [S0,format_msg(A,I1)] + end + || {F,A} <- lists:zip(Fields,Args)], + [[Head|string:join(Tail,Sep)],NL,"}"] + end. + +fields(M) -> + case M of + #ssh_msg_debug{} -> record_info(fields, ssh_msg_debug); + #ssh_msg_disconnect{} -> record_info(fields, ssh_msg_disconnect); + #ssh_msg_ignore{} -> record_info(fields, ssh_msg_ignore); + #ssh_msg_kex_dh_gex_group{} -> record_info(fields, ssh_msg_kex_dh_gex_group); + #ssh_msg_kex_dh_gex_init{} -> record_info(fields, ssh_msg_kex_dh_gex_init); + #ssh_msg_kex_dh_gex_reply{} -> record_info(fields, ssh_msg_kex_dh_gex_reply); + #ssh_msg_kex_dh_gex_request{} -> record_info(fields, ssh_msg_kex_dh_gex_request); + #ssh_msg_kex_dh_gex_request_old{} -> record_info(fields, ssh_msg_kex_dh_gex_request_old); + #ssh_msg_kexdh_init{} -> record_info(fields, ssh_msg_kexdh_init); + #ssh_msg_kexdh_reply{} -> record_info(fields, ssh_msg_kexdh_reply); + #ssh_msg_kexinit{} -> record_info(fields, ssh_msg_kexinit); + #ssh_msg_newkeys{} -> record_info(fields, ssh_msg_newkeys); + #ssh_msg_service_accept{} -> record_info(fields, ssh_msg_service_accept); + #ssh_msg_service_request{} -> record_info(fields, ssh_msg_service_request); + #ssh_msg_unimplemented{} -> record_info(fields, ssh_msg_unimplemented); + #ssh_msg_userauth_request{} -> record_info(fields, ssh_msg_userauth_request); + #ssh_msg_userauth_failure{} -> record_info(fields, ssh_msg_userauth_failure); + #ssh_msg_userauth_success{} -> record_info(fields, ssh_msg_userauth_success); + #ssh_msg_userauth_banner{} -> record_info(fields, ssh_msg_userauth_banner); + #ssh_msg_userauth_passwd_changereq{} -> record_info(fields, ssh_msg_userauth_passwd_changereq); + #ssh_msg_userauth_pk_ok{} -> record_info(fields, ssh_msg_userauth_pk_ok); + #ssh_msg_userauth_info_request{} -> record_info(fields, ssh_msg_userauth_info_request); + #ssh_msg_userauth_info_response{} -> record_info(fields, ssh_msg_userauth_info_response); + #s{} -> record_info(fields, s); + #ssh{} -> record_info(fields, ssh); + #alg{} -> record_info(fields, alg); + _ -> undefined + end. + +%%%================================================================ +%%% +%%% Trace handling +%%% + +init_op_traces(Op, S0) -> + opt(print_ops, S0#s{prints=[]}, + fun(true) -> + case ?role(S0) of + undefined -> {"-- ~p~n",[Op]}; + Role -> {"-- ~p ~p~n",[Role,Op]} + end + end + ). + +report_trace(Class, Term, S) -> + print_traces( + opt(print_ops, S, + fun(true) -> {"~s ~p",[Class,Term]} end) + ). + +seqnum_trace(S) -> + opt(print_seqnums, S, + fun(true) when S#s.ssh#ssh.send_sequence =/= S#s.ssh#ssh.send_sequence, + S#s.ssh#ssh.recv_sequence =/= S#s.ssh#ssh.recv_sequence -> + {"~p seq num: send ~p->~p, recv ~p->~p~n", + [?role(S), + S#s.ssh#ssh.send_sequence, S#s.ssh#ssh.send_sequence, + S#s.ssh#ssh.recv_sequence, S#s.ssh#ssh.recv_sequence + ]}; + (true) when S#s.ssh#ssh.send_sequence =/= S#s.ssh#ssh.send_sequence -> + {"~p seq num: send ~p->~p~n", + [?role(S), + S#s.ssh#ssh.send_sequence, S#s.ssh#ssh.send_sequence]}; + (true) when S#s.ssh#ssh.recv_sequence =/= S#s.ssh#ssh.recv_sequence -> + {"~p seq num: recv ~p->~p~n", + [?role(S), + S#s.ssh#ssh.recv_sequence, S#s.ssh#ssh.recv_sequence]} + end). + +print_traces(S) when S#s.prints == [] -> S; +print_traces(S) -> + ct:log("~s", + [lists:foldl(fun({Fmt,Args}, Acc) -> + [io_lib:format(Fmt,Args) | Acc] + end, "", S#s.prints)] + ). + +opt(Flag, S, Fun) when is_function(Fun,1) -> + try Fun(proplists:get_value(Flag,S#s.opts)) + of P={Fmt,Args} when is_list(Fmt), is_list(Args) -> + save_prints(P, S) + catch _:_ -> + S + end. + +save_prints({Fmt,Args}, S) -> + S#s{prints = [{Fmt,Args}|S#s.prints]}. -- cgit v1.2.3 From a9bedfb5b9a469642c0e8bf315f41a2505444cd6 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 30 Jun 2015 15:40:16 +0200 Subject: ssh: testcases for no common algorithms in key exchange --- lib/ssh/src/ssh_transport.erl | 33 +++++++++---- lib/ssh/test/ssh_basic_SUITE.erl | 2 + lib/ssh/test/ssh_protocol_SUITE.erl | 93 ++++++++++++++++++++++++++++++++++++- lib/ssh/test/ssh_trpt_test_lib.erl | 4 +- 4 files changed, 120 insertions(+), 12 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index f4e6a23a1e..2e7391e1f8 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -246,26 +246,41 @@ handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own, Ssh0#ssh{algorithms = Algoritms}); _ -> %% TODO: Correct code? - throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, description = "Selection of key exchange" " algorithm failed", - language = "en"}) + language = ""}) end; handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own, #ssh{role = server} = Ssh) -> {ok, Algoritms} = select_algorithm(server, CounterPart, Own), - {ok, Ssh#ssh{algorithms = Algoritms}}. + case verify_algorithm(Algoritms) of + true -> + {ok, Ssh#ssh{algorithms = Algoritms}}; + _ -> + throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Selection of key exchange" + " algorithm failed", + language = ""}) + end. %% TODO: diffie-hellman-group14-sha1 should also be supported. %% Maybe check more things ... -verify_algorithm(#alg{kex = 'diffie-hellman-group1-sha1'}) -> - true; -verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha1'}) -> - true; -verify_algorithm(_) -> - false. + +verify_algorithm(#alg{kex = undefined}) -> false; +verify_algorithm(#alg{hkey = undefined}) -> false; +verify_algorithm(#alg{send_mac = undefined}) -> false; +verify_algorithm(#alg{recv_mac = undefined}) -> false; +verify_algorithm(#alg{encrypt = undefined}) -> false; +verify_algorithm(#alg{decrypt = undefined}) -> false; +verify_algorithm(#alg{compress = undefined}) -> false; +verify_algorithm(#alg{decompress = undefined}) -> false; + +verify_algorithm(#alg{kex = 'diffie-hellman-group1-sha1'}) -> true; +verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha1'}) -> true; +verify_algorithm(_) -> false. key_exchange_first_msg('diffie-hellman-group1-sha1', Ssh0) -> {G, P} = dh_group1(), diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 9ff3eb8d0b..bf9fe54c57 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -1838,6 +1838,8 @@ check_error("Invalid state") -> ok; check_error("Connection closed") -> ok; +check_error("Selection of key exchange algorithm failed") -> + ok; check_error(Error) -> ct:fail(Error). diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 3fb2840a19..58c8306c31 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -45,7 +45,8 @@ suite() -> [{ct_hooks,[ts_install_cth]}]. all() -> - [{group,tool_tests} + [{group,tool_tests}, + {group,kex} ]. groups() -> @@ -53,7 +54,10 @@ groups() -> lib_works_as_server, lib_match, lib_no_match - ]} + ]}, + {kex, [], [no_common_alg_server_disconnects, + no_common_alg_client_disconnects + ]} ]. @@ -203,6 +207,91 @@ lib_no_match(_Config) -> {error, {_Op,{expected,a,b},_State}} -> ok end. +%%-------------------------------------------------------------------- +%%% Algo negotiation fail. This should result in a ssh_msg_disconnect +%%% being sent from the server. +no_common_alg_server_disconnects(Config) -> + {ok,_} = + ssh_trpt_test_lib:exec( + [{set_options, [print_ops, print_seqnums, print_messages]}, + {connect, + server_host(Config),server_port(Config), + [{silently_accept_hosts, true}, + {user_dir, user_dir(Config)}, + {user_interaction, false}, + {preferred_algorithms,[{public_key,['ssh-dss']}]} + ]}, + receive_hello, + {send, hello}, + {match, #ssh_msg_kexinit{_='_'}, receive_msg}, + {send, ssh_msg_kexinit}, + {match, + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, _='_'}, + receive_msg} + ] + ). + +%%-------------------------------------------------------------------- +%%% Algo negotiation fail. This should result in a ssh_msg_disconnect +%%% being sent from the client. +no_common_alg_client_disconnects(Config) -> + %% Create a listening socket as server socket: + {ok,InitialState} = ssh_trpt_test_lib:exec(listen), + HostPort = ssh_trpt_test_lib:server_host_port(InitialState), + Parent = self(), + + %% Start a process handling one connection on the server side: + Pid = + spawn_link( + fun() -> + Parent ! + {result,self(), + ssh_trpt_test_lib:exec( + [{set_options, [print_ops, print_messages]}, + {accept, [{system_dir, system_dir(Config)}, + {user_dir, user_dir(Config)}]}, + receive_hello, + {send, hello}, + + {match, #ssh_msg_kexinit{_='_'}, receive_msg}, + {send, #ssh_msg_kexinit{ + cookie = 247381486335508958743193106082599558706, + kex_algorithms = ["diffie-hellman-group1-sha1"], + server_host_key_algorithms = ["some-unknown"], + encryption_algorithms_client_to_server = ["aes128-ctr"], + encryption_algorithms_server_to_client = ["aes128-ctr"], + mac_algorithms_client_to_server = ["hmac-sha2-256"], + mac_algorithms_server_to_client = ["hmac-sha2-256"], + compression_algorithms_client_to_server = ["none"], + compression_algorithms_server_to_client = ["none"], + languages_client_to_server = [], + languages_server_to_client = [], + first_kex_packet_follows = false, + reserved = 0 + }}, + + {match, + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, _='_'}, + receive_msg} + ], + InitialState) + } + end), + + %% and finally connect to it with a regular Erlang SSH client: + Result = std_connect(HostPort, Config, [{preferred_algorithms,[{public_key,['ssh-dss']}]}]), + ct:log("Result of connect is ~p",[Result]), + + receive + {result,Pid,{ok,_}} -> + ok; + {result,Pid,{error,{Op,ExecResult,S}}} -> + ct:pal("ERROR!~nOp = ~p~nExecResult = ~p~nState =~n~s", + [Op,ExecResult,ssh_trpt_test_lib:format_msg(S)]), + {fail, ExecResult}; + X -> ct:fail(X) + end. + %%%================================================================ %%%==== Internal functions ======================================== %%%================================================================ diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl index 8623020a31..a604fca1ac 100644 --- a/lib/ssh/test/ssh_trpt_test_lib.erl +++ b/lib/ssh/test/ssh_trpt_test_lib.erl @@ -200,7 +200,9 @@ op_val(E, S0) -> {'EXIT',{function_clause,[{ssh_trpt_test_lib,op,[E,S0],_}|_]}} -> {instantiate(E,S0), S0}; S=#s{} -> - {S#s.return_value, S} + {S#s.return_value, S}; + F={fail,receive_timeout,_St} -> + throw(F) end. -- cgit v1.2.3 From e0694680a8b59641369a478b1aec58c2c2acc5d4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Sat, 4 Jul 2015 10:49:33 +0200 Subject: ssh: add disjunction to ssh_trpt_test_lib:match --- lib/ssh/test/ssh_trpt_test_lib.erl | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl index a604fca1ac..75f495b6d7 100644 --- a/lib/ssh/test/ssh_trpt_test_lib.erl +++ b/lib/ssh/test/ssh_trpt_test_lib.erl @@ -218,6 +218,13 @@ match('$$', V, S) -> match('_', _, S) -> {true, S}; +match({'or',[P]}, V, S) -> match(P,V,S); +match({'or',[Ph|Pt]}, V, S) -> + case match(Ph,V,S) of + false -> match({'or',Pt}, V, S); + {true,S} -> {true,S} + end; + match(P, V, S) when is_atom(P) -> case atom_to_list(P) of "$"++_ -> -- cgit v1.2.3 From 9931cad6d5f653a8be2bb324450c1d4b2c5637cf Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Sat, 4 Jul 2015 10:50:22 +0200 Subject: ssh: be more generous about disconnect expects --- lib/ssh/test/ssh_protocol_SUITE.erl | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 58c8306c31..d82cdaf2c7 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -226,7 +226,8 @@ no_common_alg_server_disconnects(Config) -> {match, #ssh_msg_kexinit{_='_'}, receive_msg}, {send, ssh_msg_kexinit}, {match, - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, _='_'}, + {'or',[#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, _='_'}, + tcp_closed]}, receive_msg} ] ). @@ -269,10 +270,10 @@ no_common_alg_client_disconnects(Config) -> first_kex_packet_follows = false, reserved = 0 }}, - - {match, - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, _='_'}, - receive_msg} + {match, + {'or',[#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, _='_'}, + tcp_closed]}, + receive_msg} ], InitialState) } -- cgit v1.2.3 From 67e156b0472b06a04fd5b1b8ab830efc22e4466d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 30 Jun 2015 22:33:27 +0200 Subject: ssh: Repair/add experimental diffie-hellman-group-exchange-sha1 support DO NOT USE IN PRODUCTION!!! This is a bug fixing of the previously partly impelmented kex algorithm. There are more things to do, for example genrate/select better g,p pair obeying the min||n||max request. It is not enabled by default, but may be enabled with the option {preferred_algorithms, [{kex, ['diffie-hellman-group-exchange-sha1']}]} --- lib/ssh/src/ssh_connection_handler.erl | 42 ++++-- lib/ssh/src/ssh_message.erl | 17 ++- lib/ssh/src/ssh_transport.erl | 247 ++++++++++++++++++++++----------- lib/ssh/test/ssh_basic_SUITE.erl | 51 +++++++ lib/ssh/test/ssh_sftp_SUITE.erl | 61 +++++--- 5 files changed, 303 insertions(+), 115 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index a9c60d0674..c059834b27 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -46,7 +46,9 @@ get_print_info/1]). %% gen_fsm callbacks --export([hello/2, kexinit/2, key_exchange/2, new_keys/2, +-export([hello/2, kexinit/2, key_exchange/2, + key_exchange_dh_gex_init/2, key_exchange_dh_gex_reply/2, + new_keys/2, userauth/2, connected/2, error/2]). @@ -417,26 +419,38 @@ key_exchange(#ssh_msg_kexdh_reply{} = Msg, send_msg(NewKeys, State), {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}; -key_exchange(#ssh_msg_kex_dh_gex_group{} = Msg, +key_exchange(#ssh_msg_kex_dh_gex_request{} = Msg, #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> - {ok, NextKexMsg, Ssh1} = ssh_transport:handle_kex_dh_gex_group(Msg, Ssh0), - send_msg(NextKexMsg, State), - {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), - send_msg(NewKeys, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}; + {ok, GexGroup, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0), + send_msg(GexGroup, State), + {next_state, key_exchange_dh_gex_init, next_packet(State#state{ssh_params = Ssh})}; -key_exchange(#ssh_msg_kex_dh_gex_request{} = Msg, +key_exchange(#ssh_msg_kex_dh_gex_group{} = Msg, #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> - {ok, NextKexMsg, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0), - send_msg(NextKexMsg, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}; + {ok, KexGexInit, Ssh} = ssh_transport:handle_kex_dh_gex_group(Msg, Ssh0), + send_msg(KexGexInit, State), + {next_state, key_exchange_dh_gex_reply, next_packet(State#state{ssh_params = Ssh})}. -key_exchange(#ssh_msg_kex_dh_gex_reply{} = Msg, - #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> - {ok, NewKeys, Ssh} = ssh_transport:handle_kex_dh_gex_reply(Msg, Ssh0), +%%-------------------------------------------------------------------- +-spec key_exchange_dh_gex_init(#ssh_msg_kex_dh_gex_init{}, #state{}) -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- +key_exchange_dh_gex_init(#ssh_msg_kex_dh_gex_init{} = Msg, + #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> + {ok, KexGexReply, Ssh1} = ssh_transport:handle_kex_dh_gex_init(Msg, Ssh0), + send_msg(KexGexReply, State), + {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), send_msg(NewKeys, State), {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}. +%%-------------------------------------------------------------------- +-spec key_exchange_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{}, #state{}) -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- +key_exchange_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{} = Msg, + #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> + {ok, NewKeys, Ssh1} = ssh_transport:handle_kex_dh_gex_reply(Msg, Ssh0), + send_msg(NewKeys, State), + {next_state, new_keys, next_packet(State#state{ssh_params = Ssh1})}. + %%-------------------------------------------------------------------- -spec new_keys(#ssh_msg_newkeys{}, #state{}) -> gen_fsm_state_return(). %%-------------------------------------------------------------------- diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 1f0f6fb15f..7b786b8fff 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -237,7 +237,7 @@ encode(#ssh_msg_kex_dh_gex_request{ max = Max }) -> ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_REQUEST, Min, N, Max], - [byte, uint32, uint32, uint32, uint32]); + [byte, uint32, uint32, uint32]); encode(#ssh_msg_kex_dh_gex_request_old{n = N}) -> ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_REQUEST_OLD, N], [byte, uint32]); @@ -257,7 +257,7 @@ encode(#ssh_msg_kex_dh_gex_reply{ }) -> EncKey = encode_host_key(Key), EncSign = encode_sign(Key, Signature), - ssh_bits:encode([?SSH_MSG_KEXDH_REPLY, EncKey, F, EncSign], [byte, binary, mpint, binary]); + ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_REPLY, EncKey, F, EncSign], [byte, binary, mpint, binary]); encode(#ssh_msg_ignore{data = Data}) -> ssh_bits:encode([?SSH_MSG_IGNORE, Data], [byte, string]); @@ -442,6 +442,19 @@ decode(<>) -> + #ssh_msg_kex_dh_gex_init{ + e = E + }; +decode(<>) -> + #ssh_msg_kex_dh_gex_reply{ + public_host_key = decode_host_key(Key), + f = F, + h_sig = decode_sign(Hashsign) + }; decode(<>) -> diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 2e7391e1f8..ce0762bf96 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -39,7 +39,7 @@ key_exchange_init_msg/1, key_init/3, new_keys_message/1, handle_kexinit_msg/3, handle_kexdh_init/2, - handle_kex_dh_gex_group/2, handle_kex_dh_gex_reply/2, + handle_kex_dh_gex_group/2, handle_kex_dh_gex_init/2, handle_kex_dh_gex_reply/2, handle_new_keys/2, handle_kex_dh_gex_request/2, handle_kexdh_reply/2, unpack/3, decompress/2, ssh_packet/2, pack/2, msg_data/1, @@ -66,6 +66,8 @@ algo_classes() -> [kex, public_key, cipher, mac, compression]. default_algorithms(compression) -> %% Do not announce 'zlib@openssh.com' because there seem to be problems supported_algorithms(compression, same(['zlib@openssh.com'])); +default_algorithms(kex) -> + supported_algorithms(kex, ['diffie-hellman-group-exchange-sha1']); default_algorithms(Alg) -> supported_algorithms(Alg). @@ -73,7 +75,8 @@ default_algorithms(Alg) -> supported_algorithms() -> [{K,supported_algorithms(K)} || K <- algo_classes()]. supported_algorithms(kex) -> - ['diffie-hellman-group1-sha1']; + ['diffie-hellman-group1-sha1', + 'diffie-hellman-group-exchange-sha1']; supported_algorithms(public_key) -> ssh_auth:default_public_key_algorithms(); supported_algorithms(cipher) -> @@ -135,7 +138,7 @@ ssh_vsn() -> _:_ -> "" end. -random_id(Nlo, Nup) -> +random_id(Nlo, Nup) -> [crypto:rand_uniform($a,$z+1) || _<- lists:duplicate(crypto:rand_uniform(Nlo,Nup+1),x) ]. hello_version_msg(Data) -> @@ -144,7 +147,7 @@ hello_version_msg(Data) -> next_seqnum(SeqNum) -> (SeqNum + 1) band 16#ffffffff. -decrypt_first_block(Bin, #ssh{decrypt_block_size = BlockSize} = Ssh0) -> +decrypt_first_block(Bin, #ssh{decrypt_block_size = BlockSize} = Ssh0) -> <> = Bin, {Ssh, <> = DecData} = decrypt(Ssh0, EncBlock), @@ -282,9 +285,14 @@ verify_algorithm(#alg{kex = 'diffie-hellman-group1-sha1'}) -> true; verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha1'}) -> true; verify_algorithm(_) -> false. +%%%---------------------------------------------------------------- +%%% +%%% Key exchange initialization +%%% key_exchange_first_msg('diffie-hellman-group1-sha1', Ssh0) -> {G, P} = dh_group1(), {Private, Public} = dh_gen_key(G, P, 1024), + %% Public = G^Private mod P (def) {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_init{e = Public}, Ssh0), {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}}}; @@ -295,13 +303,18 @@ key_exchange_first_msg('diffie-hellman-group-exchange-sha1', Ssh0) -> Max = ?DEFAULT_DH_GROUP_MAX, {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kex_dh_gex_request{min = Min, - n = NBits, max = Max}, + n = NBits, + max = Max}, Ssh0), {ok, SshPacket, Ssh1#ssh{keyex_info = {Min, Max, NBits}}}. - +%%%---------------------------------------------------------------- +%%% +%%% diffie-hellman-group1-sha1 +%%% handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) -> + %% server {G, P} = dh_group1(), if 1= @@ -314,101 +327,176 @@ handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) -> f = Public, h_sig = H_SIG }, Ssh0), - {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}, shared_secret = K, exchanged_hash = H, session_id = sid(Ssh1, H)}}; + true -> - Error = {error,bad_e_from_peer}, - Disconnect = #ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Key exchange failed, 'f' out of bounds", - language = "en"}, - throw({Error, Disconnect}) + throw({{error,bad_e_from_peer}, + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'e' out of bounds", + language = ""} + }) end. -handle_kex_dh_gex_group(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0) -> - {Private, Public} = dh_gen_key(G,P,1024), - {SshPacket, Ssh1} = - ssh_packet(#ssh_msg_kex_dh_gex_init{e = Public}, Ssh0), - {ok, SshPacket, - Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}}}. +handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, + f = F, + h_sig = H_SIG}, + #ssh{keyex_key = {{Private, Public}, {_G, P}}} = Ssh0) -> + %% client + if + 1= + K = ssh_math:ipow(F, Private, P), + H = kex_h(Ssh0, HostKey, Public, F, K), + + case verify_host_key(Ssh0, HostKey, H, H_SIG) of + ok -> + {SshPacket, Ssh} = ssh_packet(#ssh_msg_newkeys{}, Ssh0), + {ok, SshPacket, Ssh#ssh{shared_secret = K, + exchanged_hash = H, + session_id = sid(Ssh, H)}}; + Error -> + throw({Error, + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed", + language = "en"} + }) + end; -handle_new_keys(#ssh_msg_newkeys{}, Ssh0) -> - try install_alg(Ssh0) of - #ssh{} = Ssh -> - {ok, Ssh} - catch - error:_Error -> %% TODO: Throw earlier .... - throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Install alg failed", - language = "en"}) - end. + true -> + throw({{error,bad_f_from_peer}, + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'f' out of bounds", + language = ""} + }) + end. -%% %% Select algorithms -handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, f = F, - h_sig = H_SIG}, - #ssh{keyex_key = {{Private, Public}, {_G, P}}} = Ssh0) when 1= - K = ssh_math:ipow(F, Private, P), - H = kex_h(Ssh0, HostKey, Public, F, K), - - case verify_host_key(Ssh0, HostKey, H, H_SIG) of - ok -> - {SshPacket, Ssh} = ssh_packet(#ssh_msg_newkeys{}, Ssh0), - {ok, SshPacket, Ssh#ssh{shared_secret = K, - exchanged_hash = H, - session_id = sid(Ssh, H)}}; - Error -> - Disconnect = #ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Key exchange failed", - language = "en"}, - throw({Error, Disconnect}) - end; -handle_kexdh_reply(#ssh_msg_kexdh_reply{}, _SSH) -> - Error = {error,bad_f_from_peer}, - Disconnect = #ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Key exchange failed, 'f' out of bounds", - language = "en"}, - throw({Error, Disconnect}). - - -handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request{min = _Min, - n = _NBits, - max = _Max}, Ssh0) -> +%%%---------------------------------------------------------------- +%%% +%%% diffie-hellman-group-exchange-sha1 +%%% +handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request{min = Min, + n = NBits, + max = Max}, Ssh0) -> + %% server {G,P} = dh_group1(), %% TODO real imp this seems to be a hack?! {Private, Public} = dh_gen_key(G, P, 1024), {SshPacket, Ssh} = ssh_packet(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0), {ok, SshPacket, - Ssh#ssh{keyex_key = {{Private, Public}, {G, P}}}}. + Ssh#ssh{keyex_key = {{Private, Public}, {G, P}}, + keyex_info = {Min, Max, NBits} + }}. + +handle_kex_dh_gex_group(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0) -> + %% client + {Private, Public} = dh_gen_key(G, P, 1024), + {SshPacket, Ssh1} = + ssh_packet(#ssh_msg_kex_dh_gex_init{e = Public}, Ssh0), % Pub = G^Priv mod P (def) + + {ok, SshPacket, + Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}}}. + +handle_kex_dh_gex_init(#ssh_msg_kex_dh_gex_init{e = E}, + #ssh{keyex_key = {{Private, Public}, {G, P}}, + keyex_info = {Min, Max, NBits}} = + Ssh0) -> + %% server + if + 1= + K = ssh_math:ipow(E, Private, P), + if + 1 + HostKey = get_host_key(Ssh0), + H = kex_h(Ssh0, HostKey, Min, NBits, Max, P, G, E, Public, K), + H_SIG = sign_host_key(Ssh0, HostKey, H), + {SshPacket, Ssh} = + ssh_packet(#ssh_msg_kex_dh_gex_reply{public_host_key = HostKey, + f = Public, + h_sig = H_SIG}, Ssh0), + {ok, SshPacket, Ssh#ssh{shared_secret = K, + exchanged_hash = H, + session_id = sid(Ssh, H) + }}; + true -> + throw({{error,bad_K}, + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'K' out of bounds", + language = ""} + }) + end; + true -> + throw({{error,bad_e_from_peer}, + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'e' out of bounds", + language = ""} + }) + end. handle_kex_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{public_host_key = HostKey, f = F, h_sig = H_SIG}, #ssh{keyex_key = {{Private, Public}, {G, P}}, keyex_info = {Min, Max, NBits}} = - Ssh0) -> - K = ssh_math:ipow(F, Private, P), - H = kex_h(Ssh0, HostKey, Min, NBits, Max, P, G, Public, F, K), - - case verify_host_key(Ssh0, HostKey, H, H_SIG) of - ok -> - {SshPacket, Ssh} = ssh_packet(#ssh_msg_newkeys{}, Ssh0), - {ok, SshPacket, Ssh#ssh{shared_secret = K, - exchanged_hash = H, - session_id = sid(Ssh, H)}}; - _Error -> - Disconnect = #ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Key exchange failed", - language = "en"}, - throw(Disconnect) + Ssh0) -> + %% client + if + 1= + K = ssh_math:ipow(F, Private, P), + if + 1 + H = kex_h(Ssh0, HostKey, Min, NBits, Max, P, G, Public, F, K), + + case verify_host_key(Ssh0, HostKey, H, H_SIG) of + ok -> + {SshPacket, Ssh} = ssh_packet(#ssh_msg_newkeys{}, Ssh0), + {ok, SshPacket, Ssh#ssh{shared_secret = K, + exchanged_hash = H, + session_id = sid(Ssh, H)}}; + _Error -> + throw(#ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed", + language = ""} + ) + end; + + true -> + throw({{error,bad_K}, + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'K' out of bounds", + language = ""} + }) + end; + true -> + throw({{error,bad_f_from_peer}, + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'f' out of bounds", + language = ""} + }) end. +%%%---------------------------------------------------------------- +handle_new_keys(#ssh_msg_newkeys{}, Ssh0) -> + try install_alg(Ssh0) of + #ssh{} = Ssh -> + {ok, Ssh} + catch + error:_Error -> %% TODO: Throw earlier .... + throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Install alg failed", + language = "en"}) + end. + %% select session id sid(#ssh{session_id = undefined}, H) -> H; @@ -511,7 +599,6 @@ select_algorithm(Role, Client, Server) -> decompress = Decompression, c_lng = C_Lng, s_lng = S_Lng}, -%%ct:pal("~p~n Client=~p~n Server=~p~n Alg=~p~n",[Role,Client,Server,Alg]), {ok, Alg}. select_encrypt_decrypt(client, Client, Server) -> @@ -1001,7 +1088,7 @@ recv_mac_init(SSH) -> recv_mac_final(SSH) -> {ok, SSH#ssh { recv_mac = none, recv_mac_key = undefined }}. -mac(none, _ , _, _) -> +mac(none, _ , _, _) -> <<>>; mac('hmac-sha1', Key, SeqNum, Data) -> crypto:hmac(sha, Key, [<>, Data]); diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index bf9fe54c57..c71463db30 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -42,6 +42,7 @@ suite() -> all() -> [app_test, appup_test, + {group, 'diffie-hellman-group-exchange-sha1'}, {group, dsa_key}, {group, rsa_key}, {group, dsa_pass_key}, @@ -92,6 +93,8 @@ groups() -> max_sessions_sftp_start_channel_parallel, max_sessions_sftp_start_channel_sequential ]}, + {'diffie-hellman-group-exchange-sha1', [], ['diffie-hellman-group-exchange-sha1' + ]}, {dir_options, [], [user_dir_option, system_dir_option]} ]. @@ -146,6 +149,17 @@ init_per_group(internal_error, Config) -> ssh_test_lib:setup_dsa(DataDir, PrivDir), file:delete(filename:join(PrivDir, "system/ssh_host_dsa_key")), Config; +init_per_group('diffie-hellman-group-exchange-sha1', Config) -> + case lists:member('diffie-hellman-group-exchange-sha1', + ssh_transport:supported_algorithms(kex)) of + true -> + DataDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + ssh_test_lib:setup_rsa(DataDir, PrivDir), + Config; + false -> + {skip,"diffie-hellman-group-exchange-sha1 is not supported"} + end; init_per_group(dir_options, Config) -> PrivDir = ?config(priv_dir, Config), %% Make unreadable dir: @@ -817,6 +831,43 @@ ssh_msg_debug_fun_option_client(Config) -> {fail,timeout} end. +%%-------------------------------------------------------------------- +'diffie-hellman-group-exchange-sha1'(Config) -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {user_passwords, [{"foo", "bar"}]}, + {preferred_algorithms, + [{kex, ['diffie-hellman-group-exchange-sha1']}]}, + {failfun, fun ssh_test_lib:failfun/2}]), + + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "bar"}, + {user_dir, UserDir}, + {preferred_algorithms, + [{kex, ['diffie-hellman-group-exchange-sha1']}]}, + {user_interaction, false}]), + check(ConnectionRef, Pid). + +check(ConnectionRef, Pid) -> + {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + success = ssh_connection:exec(ConnectionRef, ChannelId, + "1+1.", infinity), + Data = {ssh_cm, ConnectionRef, {data, ChannelId, 0, <<"2\n">>}}, + case ssh_test_lib:receive_exec_result(Data) of + expected -> + ok; + Other -> + ct:fail(Other) + end, + ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId), + ssh:stop_daemon(Pid). + %%-------------------------------------------------------------------- connectfun_disconnectfun_server(Config) -> PrivDir = ?config(priv_dir, Config), diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 6c631e6f6e..86ab503c20 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -64,12 +64,16 @@ end_per_suite(Config) -> groups() -> [{not_unicode, [], [{group,erlang_server}, {group,openssh_server}, + {group,'diffie-hellman-group-exchange-sha1'}, sftp_nonexistent_subsystem]}, {unicode, [], [{group,erlang_server}, {group,openssh_server}, sftp_nonexistent_subsystem]}, + {'diffie-hellman-group-exchange-sha1', [], [{group,erlang_server}, + {group,openssh_server}]}, + {erlang_server, [], [{group,write_read_tests}, version_option, {group,remote_tar}]}, @@ -142,22 +146,26 @@ init_per_group(erlang_server, Config) -> User = ?config(user, Config), Passwd = ?config(passwd, Config), Sftpd = {_, HostX, PortX} = - ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, PrivDir}, - {user_passwords, - [{User, Passwd}]}]), + ssh_test_lib:daemon(extra_opts(Config) ++ + [{system_dir, SysDir}, + {user_dir, PrivDir}, + {user_passwords, + [{User, Passwd}]}]), [{peer, {fmt_host(HostX),PortX}}, {group, erlang_server}, {sftpd, Sftpd} | Config]; init_per_group(openssh_server, Config) -> ct:comment("Begin ~p",[grps(Config)]), Host = ssh_test_lib:hostname(), - case (catch ssh_sftp:start_channel(Host, - [{user_interaction, false}, - {silently_accept_hosts, true}])) of + case (catch ssh_sftp:start_channel(Host, + extra_opts(Config) ++ + [{user_interaction, false}, + {silently_accept_hosts, true}])) of {ok, _ChannelPid, Connection} -> [{peer, {_HostName,{IPx,Portx}}}] = ssh:connection_info(Connection,[peer]), ssh:close(Connection), [{peer, {fmt_host(IPx),Portx}}, {group, openssh_server} | Config]; + {error,"Key exchange failed"} -> + {skip, "openssh server lacks 'diffie-hellman-group-exchange-sha1'"}; _ -> {skip, "No openssh server"} end; @@ -172,10 +180,11 @@ init_per_group(remote_tar, Config) -> case ?config(group, Config) of erlang_server -> ssh:connect(Host, Port, - [{user, User}, - {password, Passwd}, - {user_interaction, false}, - {silently_accept_hosts, true}]); + extra_opts(Config) ++ + [{user, User}, + {password, Passwd}, + {user_interaction, false}, + {silently_accept_hosts, true}]); openssh_server -> ssh:connect(Host, Port, [{user_interaction, false}, @@ -184,6 +193,17 @@ init_per_group(remote_tar, Config) -> [{remote_tar, true}, {connection, Connection} | Config]; +init_per_group('diffie-hellman-group-exchange-sha1', Config) -> + case lists:member('diffie-hellman-group-exchange-sha1', + ssh_transport:supported_algorithms(kex)) of + true -> + [{extra_opts, [{preferred_algorithms, [{kex,['diffie-hellman-group-exchange-sha1']}]}]} + | Config]; + + false -> + {skip,"'diffie-hellman-group-exchange-sha1' not supported by this version of erlang ssh"} + end; + init_per_group(write_read_tests, Config) -> ct:comment("Begin ~p",[grps(Config)]), Config. @@ -194,7 +214,6 @@ grps(Config) -> lists:flatten([proplists:get_value(tc_group_properties,Config,[]), proplists:get_value(tc_group_path,Config,[])])). - end_per_group(erlang_server, Config) -> ct:comment("End ~p",[grps(Config)]), Config; @@ -249,10 +268,12 @@ init_per_testcase(Case, Config0) -> {_,Host, Port} = ?config(sftpd, Config2), {ok, ChannelPid, Connection} = ssh_sftp:start_channel(Host, Port, - [{user, User}, - {password, Passwd}, - {user_interaction, false}, - {silently_accept_hosts, true}]), + extra_opts(Config2) ++ + [{user, User}, + {password, Passwd}, + {user_interaction, false}, + {silently_accept_hosts, true}] + ), Sftp = {ChannelPid, Connection}, [{sftp, Sftp}, {watchdog, Dog} | Config2]; openssh_server when Case == links -> @@ -261,8 +282,9 @@ init_per_testcase(Case, Config0) -> Host = ssh_test_lib:hostname(), {ok, ChannelPid, Connection} = ssh_sftp:start_channel(Host, - [{user_interaction, false}, - {silently_accept_hosts, true}]), + extra_opts(Config2) ++ + [{user_interaction, false}, + {silently_accept_hosts, true}]), Sftp = {ChannelPid, Connection}, [{sftp, Sftp}, {watchdog, Dog} | Config2] end, @@ -910,7 +932,8 @@ prep(Config) -> ok = file:write_file_info(TestFile, FileInfo#file_info{mode = Mode}). - +extra_opts(Config) -> + proplists:get_value(extra_opts, Config, []). chk_tar(Items, Config) -> chk_tar(Items, Config, []). -- cgit v1.2.3 From 2a9f5054f89ca02c1a35dcb96c3ad747663afd51 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 2 Jul 2015 12:49:17 +0200 Subject: ssh: Add experimental 'diffie-hellman-group-exchange-sha256 support DO NOT USE IN PRODUCTION!!! It is not enabled by default, but may be enabled with the option {preferred_algorithms, [{kex, ['diffie-hellman-group-exchange-sha256']}]} --- lib/ssh/src/ssh_transport.erl | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index ce0762bf96..a0714ac97c 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -67,7 +67,10 @@ default_algorithms(compression) -> %% Do not announce 'zlib@openssh.com' because there seem to be problems supported_algorithms(compression, same(['zlib@openssh.com'])); default_algorithms(kex) -> - supported_algorithms(kex, ['diffie-hellman-group-exchange-sha1']); + %% Do not announce the experimental 'diffie-hellman-group-exchange-sha*' yet + supported_algorithms(kex, ['diffie-hellman-group-exchange-sha1', + 'diffie-hellman-group-exchange-sha256' + ]); default_algorithms(Alg) -> supported_algorithms(Alg). @@ -76,7 +79,9 @@ supported_algorithms() -> [{K,supported_algorithms(K)} || K <- algo_classes()]. supported_algorithms(kex) -> ['diffie-hellman-group1-sha1', - 'diffie-hellman-group-exchange-sha1']; + 'diffie-hellman-group-exchange-sha1', + 'diffie-hellman-group-exchange-sha256' + ]; supported_algorithms(public_key) -> ssh_auth:default_public_key_algorithms(); supported_algorithms(cipher) -> @@ -283,6 +288,7 @@ verify_algorithm(#alg{decompress = undefined}) -> false; verify_algorithm(#alg{kex = 'diffie-hellman-group1-sha1'}) -> true; verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha1'}) -> true; +verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha256'}) -> true; verify_algorithm(_) -> false. %%%---------------------------------------------------------------- @@ -297,7 +303,8 @@ key_exchange_first_msg('diffie-hellman-group1-sha1', Ssh0) -> {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}}}; -key_exchange_first_msg('diffie-hellman-group-exchange-sha1', Ssh0) -> +key_exchange_first_msg(Kex, Ssh0) when Kex == 'diffie-hellman-group-exchange-sha1' ; + Kex == 'diffie-hellman-group-exchange-sha256' -> Min = ?DEFAULT_DH_GROUP_MIN, NBits = ?DEFAULT_DH_GROUP_NBITS, Max = ?DEFAULT_DH_GROUP_MAX, @@ -1109,6 +1116,8 @@ hash(SSH, Char, Bits) -> fun(Data) -> crypto:hash(sha, Data) end; 'diffie-hellman-group-exchange-sha1' -> fun(Data) -> crypto:hash(sha, Data) end; + 'diffie-hellman-group-exchange-sha256' -> + fun(Data) -> crypto:hash(sha256, Data) end; _ -> exit({bad_algorithm,SSH#ssh.kex}) end, @@ -1158,8 +1167,11 @@ kex_h(SSH, Key, Min, NBits, Max, Prime, Gen, E, F, K) -> ssh_message:encode_host_key(Key), Min, NBits, Max, Prime, Gen, E,F,K], Ts) end, - crypto:hash(sha,L). + crypto:hash(sha((SSH#ssh.algorithms)#alg.kex), L). +sha('diffie-hellman-group-exchange-sha1') -> sha; +sha('diffie-hellman-group-exchange-sha256') -> sha256. + mac_key_size('hmac-sha1') -> 20*8; mac_key_size('hmac-sha1-96') -> 20*8; mac_key_size('hmac-md5') -> 16*8; -- cgit v1.2.3 From b87115416297a57f8e303c6bc75483f943ea4954 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 2 Jul 2015 12:56:59 +0200 Subject: ssh: add test group --- lib/ssh/test/ssh_sftp_SUITE.erl | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 86ab503c20..a95e16a0b3 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -65,6 +65,7 @@ groups() -> [{not_unicode, [], [{group,erlang_server}, {group,openssh_server}, {group,'diffie-hellman-group-exchange-sha1'}, + {group,'diffie-hellman-group-exchange-sha256'}, sftp_nonexistent_subsystem]}, {unicode, [], [{group,erlang_server}, @@ -74,6 +75,9 @@ groups() -> {'diffie-hellman-group-exchange-sha1', [], [{group,erlang_server}, {group,openssh_server}]}, + {'diffie-hellman-group-exchange-sha256', [], [{group,erlang_server}, + {group,openssh_server}]}, + {erlang_server, [], [{group,write_read_tests}, version_option, {group,remote_tar}]}, @@ -165,7 +169,7 @@ init_per_group(openssh_server, Config) -> ssh:close(Connection), [{peer, {fmt_host(IPx),Portx}}, {group, openssh_server} | Config]; {error,"Key exchange failed"} -> - {skip, "openssh server lacks 'diffie-hellman-group-exchange-sha1'"}; + {skip, "openssh server doesn't support the tested kex algorithm"}; _ -> {skip, "No openssh server"} end; @@ -204,6 +208,17 @@ init_per_group('diffie-hellman-group-exchange-sha1', Config) -> {skip,"'diffie-hellman-group-exchange-sha1' not supported by this version of erlang ssh"} end; +init_per_group('diffie-hellman-group-exchange-sha256', Config) -> + case lists:member('diffie-hellman-group-exchange-sha256', + ssh_transport:supported_algorithms(kex)) of + true -> + [{extra_opts, [{preferred_algorithms, [{kex,['diffie-hellman-group-exchange-sha256']}]}]} + | Config]; + + false -> + {skip,"'diffie-hellman-group-exchange-sha256' not supported by this version of erlang ssh"} + end; + init_per_group(write_read_tests, Config) -> ct:comment("Begin ~p",[grps(Config)]), Config. @@ -246,11 +261,12 @@ init_per_testcase(version_option, Config) -> Passwd = ?config(passwd, Config), {ok, ChannelPid, Connection} = ssh_sftp:start_channel(Host, Port, - [{sftp_vsn, 3}, - {user, User}, - {password, Passwd}, - {user_interaction, false}, - {silently_accept_hosts, true}]), + extra_opts(Config) ++ + [{sftp_vsn, 3}, + {user, User}, + {password, Passwd}, + {user_interaction, false}, + {silently_accept_hosts, true}]), Sftp = {ChannelPid, Connection}, [{sftp,Sftp}, {watchdog, Dog} | TmpConfig]; -- cgit v1.2.3 From d964a7bfb9b87bf69f8a131aea517f4f0bfdfdd1 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 3 Jul 2015 12:47:19 +0200 Subject: ssh: filter algs unknown to crypto (except pk) --- lib/ssh/src/ssh_transport.erl | 44 ++++++++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 17 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index a0714ac97c..a0a0217fe2 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -78,26 +78,28 @@ default_algorithms(Alg) -> supported_algorithms() -> [{K,supported_algorithms(K)} || K <- algo_classes()]. supported_algorithms(kex) -> - ['diffie-hellman-group1-sha1', - 'diffie-hellman-group-exchange-sha1', - 'diffie-hellman-group-exchange-sha256' - ]; + select_crypto_supported( + [{'diffie-hellman-group1-sha1', [{hashs,sha}]}, + {'diffie-hellman-group-exchange-sha1', [{hashs,sha}]}, + {'diffie-hellman-group-exchange-sha256', [{hashs,sha256}]} + ]); supported_algorithms(public_key) -> ssh_auth:default_public_key_algorithms(); supported_algorithms(cipher) -> - Supports = crypto:supports(), - CipherAlgos = [{aes_ctr, 'aes128-ctr'}, {aes_cbc128, 'aes128-cbc'}, {des3_cbc, '3des-cbc'}], - Algs = [SshAlgo || - {CryptoAlgo, SshAlgo} <- CipherAlgos, - lists:member(CryptoAlgo, proplists:get_value(ciphers, Supports, []))], - same(Algs); + same( + select_crypto_supported( + [{'aes128-ctr', [{ciphers,aes_ctr}]}, + {'aes128-cbc', [{ciphers,aes_cbc128}]}, + {'3des-cbc', [{ciphers,des3_cbc}]} + ] + )); supported_algorithms(mac) -> - Supports = crypto:supports(), - HashAlgos = [{sha256, 'hmac-sha2-256'}, {sha, 'hmac-sha1'}], - Algs = [SshAlgo || - {CryptoAlgo, SshAlgo} <- HashAlgos, - lists:member(CryptoAlgo, proplists:get_value(hashs, Supports, []))], - same(Algs); + same( + select_crypto_supported( + [{'hmac-sha2-256', [{hashs,sha256}]}, + {'hmac-sha1', [{hashs,sha}]} + ] + )); supported_algorithms(compression) -> same(['none','zlib','zlib@openssh.com']). @@ -108,7 +110,15 @@ supported_algorithms(Key, [{client2server,BL1},{server2client,BL2}]) -> supported_algorithms(Key, BlackList) -> supported_algorithms(Key) -- BlackList. - +select_crypto_supported(L) -> + Sup = crypto:supports(), + [Name || {Name,CryptoRequires} <- L, + crypto_supported(CryptoRequires, Sup)]. + +crypto_supported(Conditions, Supported) -> + lists:all(fun({Tag,CryptoName}) -> + lists:member(CryptoName, proplists:get_value(Tag,Supported,[])) + end, Conditions). same(Algs) -> [{client2server,Algs}, {server2client,Algs}]. -- cgit v1.2.3 From ec0da994d1c223cc7b1fde18061464a6c44cdf0b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 3 Aug 2015 16:50:53 +0200 Subject: ssh: rm ssh_math and use crypto:compute_key instead --- lib/ssh/src/Makefile | 1 - lib/ssh/src/ssh.app.src | 1 - lib/ssh/src/ssh_math.erl | 42 ------------------------------------------ lib/ssh/src/ssh_transport.erl | 15 ++++++++++----- 4 files changed, 10 insertions(+), 49 deletions(-) delete mode 100644 lib/ssh/src/ssh_math.erl (limited to 'lib/ssh') diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile index 61d71d2cf7..98fb90d7c4 100644 --- a/lib/ssh/src/Makefile +++ b/lib/ssh/src/Makefile @@ -67,7 +67,6 @@ MODULES= \ ssh_file \ ssh_io \ ssh_info \ - ssh_math \ ssh_message \ ssh_no_io \ ssh_sftp \ diff --git a/lib/ssh/src/ssh.app.src b/lib/ssh/src/ssh.app.src index bc01c539e0..4a76fd9cd3 100644 --- a/lib/ssh/src/ssh.app.src +++ b/lib/ssh/src/ssh.app.src @@ -24,7 +24,6 @@ ssh_file, ssh_io, ssh_info, - ssh_math, ssh_no_io, ssh_server_key_api, ssh_sftp, diff --git a/lib/ssh/src/ssh_math.erl b/lib/ssh/src/ssh_math.erl deleted file mode 100644 index cace85bc93..0000000000 --- a/lib/ssh/src/ssh_math.erl +++ /dev/null @@ -1,42 +0,0 @@ -%% -%% %CopyrightBegin% -%% -%% Copyright Ericsson AB 2005-2013. All Rights Reserved. -%% -%% Licensed under the Apache License, Version 2.0 (the "License"); -%% you may not use this file except in compliance with the License. -%% You may obtain a copy of the License at -%% -%% http://www.apache.org/licenses/LICENSE-2.0 -%% -%% Unless required by applicable law or agreed to in writing, software -%% distributed under the License is distributed on an "AS IS" BASIS, -%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -%% See the License for the specific language governing permissions and -%% limitations under the License. -%% -%% %CopyrightEnd% -%% - -%% - -%%% Description: SSH math utilities - --module(ssh_math). - --export([ipow/3]). - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% -%% INTEGER utils -%% -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -%% calculate A^B mod M -ipow(A, B, M) when M > 0, B >= 0 -> - crypto:bytes_to_integer(crypto:mod_pow(A, B, M)). - - - - - diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index a0a0217fe2..74e25e1641 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -336,7 +336,7 @@ handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) -> if 1= {Private, Public} = dh_gen_key(G, P, 1024), - K = ssh_math:ipow(E, Private, P), + K = dh_compute_key(G, P, E, Private), Key = get_host_key(Ssh0), H = kex_h(Ssh0, Key, E, Public, K), H_SIG = sign_host_key(Ssh0, Key, H), @@ -361,11 +361,11 @@ handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) -> handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, f = F, h_sig = H_SIG}, - #ssh{keyex_key = {{Private, Public}, {_G, P}}} = Ssh0) -> + #ssh{keyex_key = {{Private, Public}, {G, P}}} = Ssh0) -> %% client if 1= - K = ssh_math:ipow(F, Private, P), + K = dh_compute_key(G, P, F, Private), H = kex_h(Ssh0, HostKey, Public, F, K), case verify_host_key(Ssh0, HostKey, H, H_SIG) of @@ -426,7 +426,7 @@ handle_kex_dh_gex_init(#ssh_msg_kex_dh_gex_init{e = E}, %% server if 1= - K = ssh_math:ipow(E, Private, P), + K = dh_compute_key(G, P, E, Private), if 1 HostKey = get_host_key(Ssh0), @@ -466,7 +466,7 @@ handle_kex_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{public_host_key = HostKey, %% client if 1= - K = ssh_math:ipow(F, Private, P), + K = dh_compute_key(G, P, F, Private), if 1 H = kex_h(Ssh0, HostKey, Min, NBits, Max, P, G, Public, F, K), @@ -1212,6 +1212,11 @@ dh_gen_key(G, P, _) -> {Public, Private} = crypto:generate_key(dh, [P, G]), {crypto:bytes_to_integer(Private), crypto:bytes_to_integer(Public)}. +dh_compute_key(G, P, OthersPublic, MyPrivate) -> + crypto:bytes_to_integer( + crypto:compute_key(dh, OthersPublic, MyPrivate, [P,G]) + ). + trim_tail(Str) -> lists:reverse(trim_head(lists:reverse(Str))). -- cgit v1.2.3 From 481eb2c445eeb350cd370aa4880e7c72c5173cfc Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 3 Aug 2015 18:08:41 +0200 Subject: ssh: added more groups for gex --- lib/ssh/src/ssh_transport.erl | 41 ++++++++++++++++++++++++++++++++++++--- lib/ssh/src/ssh_transport.hrl | 45 ------------------------------------------- 2 files changed, 38 insertions(+), 48 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 74e25e1641..9be8e45aed 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -399,16 +399,23 @@ handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, %%% handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request{min = Min, n = NBits, - max = Max}, Ssh0) -> + max = Max}, Ssh0) when Min= %% server - {G,P} = dh_group1(), %% TODO real imp this seems to be a hack?! + {G, P} = dh_gex_group(Min, NBits, Max), {Private, Public} = dh_gen_key(G, P, 1024), {SshPacket, Ssh} = ssh_packet(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0), {ok, SshPacket, Ssh#ssh{keyex_key = {{Private, Public}, {G, P}}, keyex_info = {Min, Max, NBits} - }}. + }}; +handle_kex_dh_gex_request(_, _) -> + throw({{error,bad_ssh_msg_kex_dh_gex_request}, + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, bad values in ssh_msg_kex_dh_gex_request", + language = ""} + }). handle_kex_dh_gex_group(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0) -> %% client @@ -1205,9 +1212,35 @@ peer_name({Host, _}) -> %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%%% rfc 2489, ch 6.2 dh_group1() -> {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF}. +%%% rfc 3526, ch3 +dh_group14() -> + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF}. + +%%% rfc 3526, ch4 +dh_group15() -> + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF}. + +%%% rfc 3526, ch5 +dh_group16() -> + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF}. + + +%%% First try exact match: +dh_gex_group(_Min, N, _Max) when N==1024 -> dh_group1(); +dh_gex_group(_Min, N, _Max) when N==2048 -> dh_group14(); +dh_gex_group(_Min, N, _Max) when N==3072 -> dh_group15(); +dh_gex_group(_Min, N, _Max) when N==4096 -> dh_group16(); +%%% If not an exact match, select the largest possible: +dh_gex_group(Min, _N, Max) when Min=<4096, 4096= dh_group16(); +dh_gex_group(Min, _N, Max) when Min=<3072, 3072= dh_group15(); +dh_gex_group(Min, _N, Max) when Min=<2048, 2048= dh_group14(); +dh_gex_group(Min, _N, Max) when Min=<1024, 1024= dh_group1(). + + dh_gen_key(G, P, _) -> {Public, Private} = crypto:generate_key(dh, [P, G]), {crypto:bytes_to_integer(Private), crypto:bytes_to_integer(Public)}. @@ -1217,6 +1250,8 @@ dh_compute_key(G, P, OthersPublic, MyPrivate) -> crypto:compute_key(dh, OthersPublic, MyPrivate, [P,G]) ). + + trim_tail(Str) -> lists:reverse(trim_head(lists:reverse(Str))). diff --git a/lib/ssh/src/ssh_transport.hrl b/lib/ssh/src/ssh_transport.hrl index 2faf8a9316..ab59742b96 100644 --- a/lib/ssh/src/ssh_transport.hrl +++ b/lib/ssh/src/ssh_transport.hrl @@ -188,49 +188,4 @@ -define(SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE, 14). -define(SSH_DISCONNECT_ILLEGAL_USER_NAME, 15). - -%%%---------------------------------------------------------------------- -%%% # DH_14_xxx -%%% Description: Oakley group 14 prime numbers and generator. Used in -%%% diffie-hellman-group1-sha1 key exchange method. -%%%---------------------------------------------------------------------- -%%%---------------------------------------------------------------------- -%%% # DH_14_P -%%% Description: Prime for this group -%%%---------------------------------------------------------------------- - --define(DH_14_P, - <<000,000,000,129,000,255,255,255,255,255,255,255,255,201,015,218, - 162,033,104,194,052,196,198,098,139,128,220,028,209,041,002,078, - 008,138,103,204,116,002,011,190,166,059,019,155,034,081,074,008, - 121,142,052,004,221,239,149,025,179,205,058,067,027,048,043,010, - 109,242,095,020,055,079,225,053,109,109,081,194,069,228,133,181, - 118,098,094,126,198,244,076,066,233,166,055,237,107,011,255,092, - 182,244,006,183,237,238,056,107,251,090,137,159,165,174,159,036, - 017,124,075,031,230,073,040,102,081,236,230,083,129,255,255,255, - 255,255,255,255,255>>). - -%%%---------------------------------------------------------------------- -%%% # DH_14_G -%%% Description: Generator for DH_14_P. -%%%---------------------------------------------------------------------- - --define(DH_14_G, <<0,0,0,1,2>>). - -%%%---------------------------------------------------------------------- -%%% # DH_14_Q -%%% Description: Group order (DH_14_P - 1) / 2. -%%%---------------------------------------------------------------------- - --define(DH_14_Q, - <<000,000,000,128,127,255,255,255,255,255,255,255,228,135,237,081, - 016,180,097,026,098,099,049,069,192,110,014,104,148,129,039,004, - 069,051,230,058,001,005,223,083,029,137,205,145,040,165,004,060, - 199,026,002,110,247,202,140,217,230,157,033,141,152,021,133,054, - 249,047,138,027,167,240,154,182,182,168,225,034,242,066,218,187, - 049,047,063,099,122,038,033,116,211,027,246,181,133,255,174,091, - 122,003,091,246,247,028,053,253,173,068,207,210,215,079,146,008, - 190,037,143,243,036,148,051,040,246,115,041,192,255,255,255,255, - 255,255,255,255>>). - -endif. % -ifdef(ssh_transport). -- cgit v1.2.3 From 277bbb049662cb0b15489097d066bdb09366e538 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 4 Aug 2015 15:05:17 +0200 Subject: ssh: diffie-hellman-group14-sha1 --- lib/ssh/src/ssh_transport.erl | 32 +++++++--- lib/ssh/test/ssh_basic_SUITE.erl | 107 +++++++++++++++++-------------- lib/ssh/test/ssh_to_openssh_SUITE.erl | 116 +++++++++++++++++++++++++++++++++- 3 files changed, 200 insertions(+), 55 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 9be8e45aed..69ba797faf 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -79,9 +79,10 @@ supported_algorithms() -> [{K,supported_algorithms(K)} || K <- algo_classes()]. supported_algorithms(kex) -> select_crypto_supported( - [{'diffie-hellman-group1-sha1', [{hashs,sha}]}, - {'diffie-hellman-group-exchange-sha1', [{hashs,sha}]}, - {'diffie-hellman-group-exchange-sha256', [{hashs,sha256}]} + [{'diffie-hellman-group14-sha1', [{hashs,sha}]}, + {'diffie-hellman-group1-sha1', [{hashs,sha}]}, + {'diffie-hellman-group-exchange-sha256', [{hashs,sha256}]}, + {'diffie-hellman-group-exchange-sha1', [{hashs,sha}]} ]); supported_algorithms(public_key) -> ssh_auth:default_public_key_algorithms(); @@ -297,6 +298,7 @@ verify_algorithm(#alg{compress = undefined}) -> false; verify_algorithm(#alg{decompress = undefined}) -> false; verify_algorithm(#alg{kex = 'diffie-hellman-group1-sha1'}) -> true; +verify_algorithm(#alg{kex = 'diffie-hellman-group14-sha1'}) -> true; verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha1'}) -> true; verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha256'}) -> true; verify_algorithm(_) -> false. @@ -305,8 +307,9 @@ verify_algorithm(_) -> false. %%% %%% Key exchange initialization %%% -key_exchange_first_msg('diffie-hellman-group1-sha1', Ssh0) -> - {G, P} = dh_group1(), +key_exchange_first_msg(Kex, Ssh0) when Kex == 'diffie-hellman-group1-sha1' ; + Kex == 'diffie-hellman-group14-sha1' -> + {G, P} = dh_group(Kex), {Private, Public} = dh_gen_key(G, P, 1024), %% Public = G^Private mod P (def) {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_init{e = Public}, Ssh0), @@ -329,10 +332,12 @@ key_exchange_first_msg(Kex, Ssh0) when Kex == 'diffie-hellman-group-exchange-sha %%%---------------------------------------------------------------- %%% %%% diffie-hellman-group1-sha1 +%%% diffie-hellman-group14-sha1 %%% -handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, Ssh0) -> +handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, + Ssh0 = #ssh{algorithms = #alg{kex=Kex}}) -> %% server - {G, P} = dh_group1(), + {G, P} = dh_group(Kex), if 1= {Private, Public} = dh_gen_key(G, P, 1024), @@ -817,6 +822,7 @@ verify(PlainText, Hash, Sig, Key) -> %% key exchange %% %% diffie-hellman-group1-sha1 REQUIRED +%% diffie-hellman-group14-sha1 REQUIRED %% %% @@ -1131,6 +1137,8 @@ hash(SSH, Char, Bits) -> case SSH#ssh.kex of 'diffie-hellman-group1-sha1' -> fun(Data) -> crypto:hash(sha, Data) end; + 'diffie-hellman-group14-sha1' -> + fun(Data) -> crypto:hash(sha, Data) end; 'diffie-hellman-group-exchange-sha1' -> fun(Data) -> crypto:hash(sha, Data) end; 'diffie-hellman-group-exchange-sha256' -> @@ -1229,6 +1237,10 @@ dh_group16() -> {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF}. +dh_group('diffie-hellman-group1-sha1') -> dh_group1(); +dh_group('diffie-hellman-group14-sha1') -> dh_group14(). + + %%% First try exact match: dh_gex_group(_Min, N, _Max) when N==1024 -> dh_group1(); dh_gex_group(_Min, N, _Max) when N==2048 -> dh_group14(); @@ -1250,7 +1262,11 @@ dh_compute_key(G, P, OthersPublic, MyPrivate) -> crypto:compute_key(dh, OthersPublic, MyPrivate, [P,G]) ). - +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%% +%% Other utils +%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% trim_tail(Str) -> lists:reverse(trim_head(lists:reverse(Str))). diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index c71463db30..39ea2c9609 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -42,7 +42,7 @@ suite() -> all() -> [app_test, appup_test, - {group, 'diffie-hellman-group-exchange-sha1'}, + {group, key_exchange}, {group, dsa_key}, {group, rsa_key}, {group, dsa_pass_key}, @@ -93,8 +93,11 @@ groups() -> max_sessions_sftp_start_channel_parallel, max_sessions_sftp_start_channel_sequential ]}, - {'diffie-hellman-group-exchange-sha1', [], ['diffie-hellman-group-exchange-sha1' - ]}, + {key_exchange, [], ['diffie-hellman-group-exchange-sha1', + 'diffie-hellman-group-exchange-sha256', + 'diffie-hellman-group1-sha1', + 'diffie-hellman-group14-sha1' + ]}, {dir_options, [], [user_dir_option, system_dir_option]} ]. @@ -149,17 +152,11 @@ init_per_group(internal_error, Config) -> ssh_test_lib:setup_dsa(DataDir, PrivDir), file:delete(filename:join(PrivDir, "system/ssh_host_dsa_key")), Config; -init_per_group('diffie-hellman-group-exchange-sha1', Config) -> - case lists:member('diffie-hellman-group-exchange-sha1', - ssh_transport:supported_algorithms(kex)) of - true -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), - ssh_test_lib:setup_rsa(DataDir, PrivDir), - Config; - false -> - {skip,"diffie-hellman-group-exchange-sha1 is not supported"} - end; +init_per_group(key_exchange, Config) -> + DataDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + ssh_test_lib:setup_rsa(DataDir, PrivDir), + Config; init_per_group(dir_options, Config) -> PrivDir = ?config(priv_dir, Config), %% Make unreadable dir: @@ -207,6 +204,8 @@ init_per_group(_, Config) -> end_per_group(hardening_tests, Config) -> end_per_group(dsa_key, Config); +end_per_group(key_exchange, Config) -> + end_per_group(rsa_key, Config); end_per_group(dsa_key, Config) -> PrivDir = ?config(priv_dir, Config), ssh_test_lib:clean_dsa(PrivDir), @@ -833,40 +832,56 @@ ssh_msg_debug_fun_option_client(Config) -> %%-------------------------------------------------------------------- 'diffie-hellman-group-exchange-sha1'(Config) -> - process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + kextest('diffie-hellman-group-exchange-sha1',Config). - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {user_dir, UserDir}, - {user_passwords, [{"foo", "bar"}]}, - {preferred_algorithms, - [{kex, ['diffie-hellman-group-exchange-sha1']}]}, - {failfun, fun ssh_test_lib:failfun/2}]), - - ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "bar"}, - {user_dir, UserDir}, - {preferred_algorithms, - [{kex, ['diffie-hellman-group-exchange-sha1']}]}, - {user_interaction, false}]), - check(ConnectionRef, Pid). +'diffie-hellman-group-exchange-sha256'(Config) -> + kextest('diffie-hellman-group-exchange-sha256',Config). -check(ConnectionRef, Pid) -> - {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), - success = ssh_connection:exec(ConnectionRef, ChannelId, - "1+1.", infinity), - Data = {ssh_cm, ConnectionRef, {data, ChannelId, 0, <<"2\n">>}}, - case ssh_test_lib:receive_exec_result(Data) of - expected -> - ok; - Other -> - ct:fail(Other) - end, - ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId), - ssh:stop_daemon(Pid). +'diffie-hellman-group1-sha1'(Config) -> + kextest('diffie-hellman-group1-sha1',Config). + +'diffie-hellman-group14-sha1'(Config) -> + kextest('diffie-hellman-group14-sha1',Config). + + +kextest(Kex, Config) -> + case lists:member(Kex, ssh_transport:supported_algorithms(kex)) of + true -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {user_passwords, [{"foo", "bar"}]}, + {preferred_algorithms, + [{kex, [Kex]}]}, + {failfun, fun ssh_test_lib:failfun/2}]), + + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "bar"}, + {user_dir, UserDir}, + {preferred_algorithms, + [{kex, [Kex]}]}, + {user_interaction, false}]), + + {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + success = ssh_connection:exec(ConnectionRef, ChannelId, + "1+1.", infinity), + Data = {ssh_cm, ConnectionRef, {data, ChannelId, 0, <<"2\n">>}}, + case ssh_test_lib:receive_exec_result(Data) of + expected -> + ok; + Other -> + ct:fail(Other) + end, + ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId), + ssh:stop_daemon(Pid); + false -> + {skip, lists:concat([Kex, " is not supported"])} + end. %%-------------------------------------------------------------------- connectfun_disconnectfun_server(Config) -> diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index b7283202a3..fb1c6a1b61 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -51,13 +51,15 @@ groups() -> erlang_client_openssh_server_publickey_rsa, erlang_client_openssh_server_publickey_dsa, erlang_client_openssh_server_password, + erlang_client_openssh_server_kexs, erlang_client_openssh_server_nonexistent_subsystem ]}, {erlang_server, [], [erlang_server_openssh_client_exec, erlang_server_openssh_client_exec_compressed, erlang_server_openssh_client_pulic_key_dsa, erlang_server_openssh_client_cipher_suites, - erlang_server_openssh_client_macs]} + erlang_server_openssh_client_macs, + erlang_server_openssh_client_kexs]} ]. init_per_suite(Config) -> @@ -99,6 +101,12 @@ init_per_testcase(erlang_server_openssh_client_cipher_suites, Config) -> init_per_testcase(erlang_server_openssh_client_macs, Config) -> check_ssh_client_support(Config); +init_per_testcase(erlang_server_openssh_client_kexs, Config) -> + check_ssh_client_support(Config); + +init_per_testcase(erlang_client_openssh_server_kexs, Config) -> + check_ssh_client_support(Config); + init_per_testcase(_TestCase, Config) -> ssh:start(), Config. @@ -188,6 +196,48 @@ erlang_client_openssh_server_exec_compressed(Config) when is_list(Config) -> ct:fail(Other) end. +%%-------------------------------------------------------------------- +erlang_client_openssh_server_kexs() -> + [{doc, "Test that we can connect with different KEXs."}]. + +erlang_client_openssh_server_kexs(Config) when is_list(Config) -> + Success = + lists:foldl( + fun(Kex, Acc) -> + ConnectionRef = + ssh_test_lib:connect(?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, + {user_interaction, false}, + {preferred_algorithms, + [{kex,[Kex]}]}]), + + {ok, ChannelId} = + ssh_connection:session_channel(ConnectionRef, infinity), + success = + ssh_connection:exec(ConnectionRef, ChannelId, + "echo testing", infinity), + + ExpectedData = {ssh_cm, ConnectionRef, {data, ChannelId, 0, <<"testing\n">>}}, + case ssh_test_lib:receive_exec_result(ExpectedData) of + expected -> + ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId), + Acc; + {unexpected_msg,{ssh_cm, ConnectionRef, + {exit_status, ChannelId, 0}} = ExitStatus} -> + ct:pal("0: Collected data ~p", [ExitStatus]), + ssh_test_lib:receive_exec_result(ExpectedData, ConnectionRef, ChannelId), + Acc; + Other -> + ct:pal("~p failed: ~p",[Kex,Other]), + false + end + end, true, ssh_transport:supported_algorithms(kex)), + case Success of + true -> + ok; + false -> + {fail, "Kex failed for one or more algos"} + end. + %%-------------------------------------------------------------------- erlang_server_openssh_client_exec() -> [{doc, "Test that exec command works."}]. @@ -321,6 +371,70 @@ erlang_server_openssh_client_macs(Config) when is_list(Config) -> ssh:stop_daemon(Pid). +%%-------------------------------------------------------------------- +erlang_server_openssh_client_kexs() -> + [{doc, "Test that we can connect with different KEXs."}]. + +erlang_server_openssh_client_kexs(Config) when is_list(Config) -> + SystemDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + KnownHosts = filename:join(PrivDir, "known_hosts"), + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {failfun, fun ssh_test_lib:failfun/2}, + {preferred_algorithms, + [{kex,ssh_transport:supported_algorithms(kex)}]} + ]), + ct:sleep(500), + + ErlKexs = lists:map(fun erlang:atom_to_list/1, + ssh_transport:supported_algorithms(kex)), + OpenSshKexs = string:tokens(os:cmd("ssh -Q kex"), "\n"), + + Kexs = [{OpenSshKex,lists:member(OpenSshKex,ErlKexs)} + || OpenSshKex <- OpenSshKexs], + + Success = + lists:foldl( + fun({Kex, Expect}, Acc) -> + Cmd = "ssh -p " ++ integer_to_list(Port) ++ + " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++ + " -o KexAlgorithms=" ++ Kex ++ " 1+1.", + + ct:pal("Cmd: ~p~n", [Cmd]), + + SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), + + case Expect of + true -> + receive + {SshPort,{data, <<"2\n">>}} -> + Acc + after ?TIMEOUT -> + ct:pal("Did not receive answer for ~p",[Kex]), + false + end; + false -> + receive + {SshPort,{data, <<"Unable to negotiate a key exchange method", _/binary>>}} -> + Acc + after ?TIMEOUT -> + ct:pal("Did not receive no matching kex message for ~p",[Kex]), + false + end + end + end, true, Kexs), + + ssh:stop_daemon(Pid), + + case Success of + true -> + ok; + false -> + {fail, "Kex failed for one or more algos"} + end. + + %%-------------------------------------------------------------------- erlang_server_openssh_client_exec_compressed() -> [{doc, "Test that exec command works."}]. -- cgit v1.2.3 From 3e8d8f4595182d0e695cc166d5c6cf4490d17e75 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 4 Aug 2015 16:46:46 +0200 Subject: ssh: options 'dh_gex_groups' and 'dh_gex_limits' --- lib/ssh/src/ssh.erl | 31 +++++++++++++++++++++++++ lib/ssh/src/ssh_transport.erl | 54 ++++++++++++++++++++++++++++++++----------- 2 files changed, 71 insertions(+), 14 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 370f086600..cc2c591735 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -373,6 +373,10 @@ handle_option([{auth_method_kb_interactive_data, _} = Opt | Rest], SocketOptions handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{preferred_algorithms,_} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{dh_gex_groups,_} = Opt | Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{dh_gex_limits,_} = Opt | Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{quiet_mode, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{idle_time, _} = Opt | Rest], SocketOptions, SshOptions) -> @@ -411,6 +415,33 @@ handle_ssh_option({user_interaction, Value} = Opt) when is_boolean(Value) -> Opt; handle_ssh_option({preferred_algorithms,[_|_]} = Opt) -> handle_pref_algs(Opt); +handle_ssh_option({dh_gex_groups,L=[{I1,I2,I3}|_]}) when is_integer(I1), I1>0, + is_integer(I2), I2>0, + is_integer(I3), I3>0 -> + {dh_gex_groups, [{N,{G,P}} || {N,P,G} <- L]}; +handle_ssh_option({dh_gex_groups,{file,File=[C|_]}}=Opt) when is_integer(C), C>0 -> + %% A string, (file name) + case file:consult(File) of + {ok, List} -> + case lists:all(fun({I1,I2,I3}) when is_integer(I1), I1>0, + is_integer(I2), I2>0, + is_integer(I3), I3>0 -> + true; + (_) -> + false + end, List) of + true -> + handle_ssh_option({dh_gex_groups,List}); + false -> + throw({error, {{eoptions, Opt}, "Bad format in file "++File}}) + end; + Error -> + throw({error, {{eoptions, Opt},{"Error reading file",Error}}}) + end; +handle_ssh_option({dh_gex_limits,{Min,I,Max}} = Opt) when is_integer(Min), Min>0, + is_integer(I), I>0, + is_integer(Max), Max>0 -> + Opt; handle_ssh_option({connect_timeout, Value} = Opt) when is_integer(Value); Value == infinity -> Opt; handle_ssh_option({max_sessions, Value} = Opt) when is_integer(Value), Value>0 -> diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 69ba797faf..dda9192284 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -404,9 +404,10 @@ handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, %%% handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request{min = Min, n = NBits, - max = Max}, Ssh0) when Min= + max = Max}, + Ssh0=#ssh{opts=Opts}) when Min= %% server - {G, P} = dh_gex_group(Min, NBits, Max), + {G, P} = dh_gex_group(Min, NBits, Max, proplists:get_value(dh_gex_groups,Opts)), {Private, Public} = dh_gen_key(G, P, 1024), {SshPacket, Ssh} = ssh_packet(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0), @@ -1236,21 +1237,46 @@ dh_group15() -> dh_group16() -> {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF}. - dh_group('diffie-hellman-group1-sha1') -> dh_group1(); dh_group('diffie-hellman-group14-sha1') -> dh_group14(). - -%%% First try exact match: -dh_gex_group(_Min, N, _Max) when N==1024 -> dh_group1(); -dh_gex_group(_Min, N, _Max) when N==2048 -> dh_group14(); -dh_gex_group(_Min, N, _Max) when N==3072 -> dh_group15(); -dh_gex_group(_Min, N, _Max) when N==4096 -> dh_group16(); -%%% If not an exact match, select the largest possible: -dh_gex_group(Min, _N, Max) when Min=<4096, 4096= dh_group16(); -dh_gex_group(Min, _N, Max) when Min=<3072, 3072= dh_group15(); -dh_gex_group(Min, _N, Max) when Min=<2048, 2048= dh_group14(); -dh_gex_group(Min, _N, Max) when Min=<1024, 1024= dh_group1(). +dh_gex_default_groups() -> + [{1024, dh_group1() }, + {2048, dh_group14()}, + {3072, dh_group15()}, + {4096, dh_group16()}]. + + +dh_gex_group(Min, N, Max, undefined) -> + dh_gex_group(Min, N, Max, dh_gex_default_groups()); +dh_gex_group(Min, N, Max, Groups) -> + %% First try to find an exact match. If not an exact match, select the largest possible. + {_,Group} = + lists:foldl( + fun(_, {I,G}) when I==N -> + %% If we have an exact match already: use that one + {I,G}; + ({I,G}, _) when I==N -> + %% If we now found an exact match: use that very one + {I,G}; + ({I,G}, {Imax,_Gmax}) when Min=Imax -> % b) {I,G} is larger than current max + %% A group within the limits and better than the one we have + {I,G}; + (_, IGmax) -> + %% Keep the one we have + IGmax + end, {-1,undefined}, Groups), + + case Group of + undefined -> + throw(#ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "No possible diffie-hellman-group-exchange group found", + language = ""}); + _ -> + Group + end. dh_gen_key(G, P, _) -> -- cgit v1.2.3 From 99825046c9e17510d5e627f9d2cb61b5e5eb7110 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 5 Aug 2015 13:10:14 +0200 Subject: ssh: more dh_gex test cases --- lib/ssh/src/ssh.erl | 23 +++--- lib/ssh/src/ssh_transport.erl | 28 ++------ lib/ssh/src/ssh_transport.hrl | 20 ++++++ lib/ssh/test/ssh_protocol_SUITE.erl | 82 +++++++++++++++++++--- lib/ssh/test/ssh_protocol_SUITE_data/dh_group_test | 3 + 5 files changed, 112 insertions(+), 44 deletions(-) create mode 100644 lib/ssh/test/ssh_protocol_SUITE_data/dh_group_test (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index cc2c591735..5b2e0a988c 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -418,29 +418,24 @@ handle_ssh_option({preferred_algorithms,[_|_]} = Opt) -> handle_ssh_option({dh_gex_groups,L=[{I1,I2,I3}|_]}) when is_integer(I1), I1>0, is_integer(I2), I2>0, is_integer(I3), I3>0 -> - {dh_gex_groups, [{N,{G,P}} || {N,P,G} <- L]}; + {dh_gex_groups, lists:map(fun({N,G,P}) -> {N,{G,P}} end, L)}; handle_ssh_option({dh_gex_groups,{file,File=[C|_]}}=Opt) when is_integer(C), C>0 -> %% A string, (file name) case file:consult(File) of {ok, List} -> - case lists:all(fun({I1,I2,I3}) when is_integer(I1), I1>0, - is_integer(I2), I2>0, - is_integer(I3), I3>0 -> - true; - (_) -> - false - end, List) of - true -> - handle_ssh_option({dh_gex_groups,List}); - false -> - throw({error, {{eoptions, Opt}, "Bad format in file "++File}}) + try handle_ssh_option({dh_gex_groups,List}) of + {dh_gex_groups,_} = NewOpt -> + NewOpt + catch + _:_ -> + throw({error, {{eoptions, Opt}, "Bad format in file"}}) end; Error -> throw({error, {{eoptions, Opt},{"Error reading file",Error}}}) end; handle_ssh_option({dh_gex_limits,{Min,I,Max}} = Opt) when is_integer(Min), Min>0, - is_integer(I), I>0, - is_integer(Max), Max>0 -> + is_integer(I), I>=Min, + is_integer(Max), Max>=I -> Opt; handle_ssh_option({connect_timeout, Value} = Opt) when is_integer(Value); Value == infinity -> Opt; diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index dda9192284..d9dc7df73d 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -1221,30 +1221,14 @@ peer_name({Host, _}) -> %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%%% rfc 2489, ch 6.2 -dh_group1() -> - {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF}. +dh_group('diffie-hellman-group1-sha1') -> ?dh_group1; +dh_group('diffie-hellman-group14-sha1') -> ?dh_group14. -%%% rfc 3526, ch3 -dh_group14() -> - {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF}. - -%%% rfc 3526, ch4 -dh_group15() -> - {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF}. - -%%% rfc 3526, ch5 -dh_group16() -> - {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF}. - -dh_group('diffie-hellman-group1-sha1') -> dh_group1(); -dh_group('diffie-hellman-group14-sha1') -> dh_group14(). - dh_gex_default_groups() -> - [{1024, dh_group1() }, - {2048, dh_group14()}, - {3072, dh_group15()}, - {4096, dh_group16()}]. + [{1024, ?dh_group1 }, + {2048, ?dh_group14}, + {3072, ?dh_group15}, + {4096, ?dh_group16}]. dh_gex_group(Min, N, Max, undefined) -> diff --git a/lib/ssh/src/ssh_transport.hrl b/lib/ssh/src/ssh_transport.hrl index ab59742b96..9e1de171c2 100644 --- a/lib/ssh/src/ssh_transport.hrl +++ b/lib/ssh/src/ssh_transport.hrl @@ -188,4 +188,24 @@ -define(SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE, 14). -define(SSH_DISCONNECT_ILLEGAL_USER_NAME, 15). +%% groups + +%%% rfc 2489, ch 6.2 +-define(dh_group1, + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF}). + +%%% rfc 3526, ch3 +-define(dh_group14, + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF}). + +%%% rfc 3526, ch4 +-define(dh_group15, + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF}). + +%%% rfc 3526, ch5 +-define(dh_group16, + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF}). + + + -endif. % -ifdef(ssh_transport). diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index d82cdaf2c7..246e3d4898 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -56,7 +56,11 @@ groups() -> lib_no_match ]}, {kex, [], [no_common_alg_server_disconnects, - no_common_alg_client_disconnects + no_common_alg_client_disconnects, + gex_client_init_default_noexact, + gex_client_init_default_exact, + gex_client_init_option_groups, + gex_client_init_option_groups_file ]} ]. @@ -68,9 +72,32 @@ end_per_suite(Config) -> stop_apps(Config). + +init_per_testcase(TC, Config) when TC == gex_client_init_default_noexact ; + TC == gex_client_init_default_exact ; + TC == gex_client_init_option_groups ; + TC == gex_client_init_option_groups_file -> + Opts = case TC of + gex_client_init_option_groups -> + [{dh_gex_groups, [{2345, 3, 41}]}]; + gex_client_init_option_groups_file -> + DataDir = ?config(data_dir, Config), + F = filename:join(DataDir, "dh_group_test"), + [{dh_gex_groups, {file,F}}]; + _ -> + [] + end, + start_std_daemon(Config, + [{preferred_algorithms, ssh_transport:supported_algorithms()} + | Opts]); init_per_testcase(_TestCase, Config) -> check_std_daemon_works(Config, ?LINE). +end_per_testcase(TC, Config) when TC == gex_client_init_default_noexact ; + TC == gex_client_init_default_exact ; + TC == gex_client_init_option_groups ; + TC == gex_client_init_option_groups_file -> + stop_std_daemon(Config); end_per_testcase(_TestCase, Config) -> check_std_daemon_works(Config, ?LINE). @@ -293,6 +320,48 @@ no_common_alg_client_disconnects(Config) -> X -> ct:fail(X) end. +%%%-------------------------------------------------------------------- +gex_client_init_default_noexact(Config) -> + do_gex_client_init(Config, {2000, 3000, 4000}, + %% Warning, app knowledege: + ?dh_group15). + + +gex_client_init_default_exact(Config) -> + do_gex_client_init(Config, {2000, 2048, 4000}, + %% Warning, app knowledege: + ?dh_group14). + + +gex_client_init_option_groups(Config) -> + do_gex_client_init(Config, {2000, 2048, 4000}, {3,41}). + + +gex_client_init_option_groups_file(Config) -> + do_gex_client_init(Config, {2000, 2048, 4000}, {5,61}). + +do_gex_client_init(Config, {Min,N,Max}, {G,P}) -> + {ok,_} = + ssh_trpt_test_lib:exec( + [{set_options, [print_ops, print_seqnums, print_messages]}, + {connect, + server_host(Config),server_port(Config), + [{silently_accept_hosts, true}, + {user_dir, user_dir(Config)}, + {user_interaction, false}, + {preferred_algorithms,[{kex,['diffie-hellman-group-exchange-sha1']}]} + ]}, + receive_hello, + {send, hello}, + {send, ssh_msg_kexinit}, + {match, #ssh_msg_kexinit{_='_'}, receive_msg}, + {send, #ssh_msg_kex_dh_gex_request{min = Min, + n = N, + max = Max}}, + {match, #ssh_msg_kex_dh_gex_group{p=P, g=G, _='_'}, receive_msg} + ] + ). + %%%================================================================ %%%==== Internal functions ======================================== %%%================================================================ @@ -353,6 +422,7 @@ stop_std_daemon(Config) -> ct:log("Std server ~p at ~p:~p stopped", [server_pid(Config), server_host(Config), server_port(Config)]), lists:keydelete(server, 1, Config). + check_std_daemon_works(Config, Line) -> case std_connect(Config) of {ok,C} -> @@ -362,13 +432,9 @@ check_std_daemon_works(Config, Line) -> ok = ssh:close(C), Config; Error = {error,_} -> - {fail, - lists:flatten( - io_lib:format("Standard server ~p:~p ~p is ill at line ~p: ~p", - [server_host(Config), server_port(Config), - server_pid(Config), Line, Error]) - ) - } + ct:fail("Standard server ~p:~p ~p is ill at line ~p: ~p", + [server_host(Config), server_port(Config), + server_pid(Config), Line, Error]) end. server_pid(Config) -> element(1,?v(server,Config)). diff --git a/lib/ssh/test/ssh_protocol_SUITE_data/dh_group_test b/lib/ssh/test/ssh_protocol_SUITE_data/dh_group_test new file mode 100644 index 0000000000..2887bb4b60 --- /dev/null +++ b/lib/ssh/test/ssh_protocol_SUITE_data/dh_group_test @@ -0,0 +1,3 @@ +{2222, 5, 61}. +{1111, 7, 91}. + -- cgit v1.2.3 From 25db64119ec6369156129a77330c64753a6706eb Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 5 Aug 2015 13:41:35 +0200 Subject: ssh: document new options in doc/ssh.xml --- lib/ssh/doc/src/ssh.xml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index d24025ca4d..cf5e8f1aff 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -43,7 +43,7 @@ Supported public key algorithms: ssh-rsa and ssh-dss. Supported MAC algorithms: hmac-sha2-256 and hmac-sha1. Supported encryption algorithms: aes128-ctr, aes128-cb and 3des-cbc. - Supported key exchange algorithms: diffie-hellman-group1-sha1. + Supported key exchange algorithms: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256. Supported compression algorithms: none, zlib, zlib@openssh.com, Supports unicode filenames if the emulator and the underlaying OS support it. See section DESCRIPTION in the @@ -240,6 +240,13 @@ kex is implicit but public_key is set explicitly.

 + + +

Sets the three diffie-hellman-group-exchange parameters that guides the connected server in choosing a group. + See RFC 4419 for the function of thoose. The default value is {512, 1024, 4096}. +

+ +

Sets a time-out on the transport layer @@ -449,6 +456,15 @@ kex is implicit but public_key is set explicitly.

 + + +

Sets the groups that the server may choose among when diffie-hellman-group-exchange is negotiated. + See RFC 4419 for details. +

+

If the parameter is {file,filename()}, the file must exist and have one or more three-tuples terminated by a dot. The interpretation is as if the tuples had been given directly in the option. The file is read when the daemon starts. +

+ + boolean()}]]>

Provides a function for password validation. This function is called -- cgit v1.2.3 From b2e9955be035d1dce8ef118b341a79cc05339f44 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 5 Aug 2015 14:02:17 +0200 Subject: ssh: announce dh-group-exchange --- lib/ssh/src/ssh_transport.erl | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index d9dc7df73d..38a0b7ec7c 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -67,10 +67,7 @@ default_algorithms(compression) -> %% Do not announce 'zlib@openssh.com' because there seem to be problems supported_algorithms(compression, same(['zlib@openssh.com'])); default_algorithms(kex) -> - %% Do not announce the experimental 'diffie-hellman-group-exchange-sha*' yet - supported_algorithms(kex, ['diffie-hellman-group-exchange-sha1', - 'diffie-hellman-group-exchange-sha256' - ]); + supported_algorithms(kex, []); default_algorithms(Alg) -> supported_algorithms(Alg). -- cgit v1.2.3 From e2024d8830892fb8822c30d7c1140e3c54d0c84d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 3 Aug 2015 12:45:46 +0200 Subject: ssh: Unicode test improvments --- lib/ssh/test/ssh_sftp_SUITE.erl | 90 +++++++++++++++++----- .../f3.txt" | 1 + .../g\345\233\233.txt" | 1 + 3 files changed, 74 insertions(+), 18 deletions(-) create mode 100644 "lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/f3.txt" create mode 100644 "lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/g\345\233\233.txt" (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index a95e16a0b3..c3de063c17 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -85,7 +85,12 @@ groups() -> {openssh_server, [], [{group,write_read_tests}, {group,remote_tar}]}, - {remote_tar, [], [create_empty_tar, files_to_tar, big_file_to_tar, files_chunked_to_tar, + {remote_tar, [], [create_empty_tar, + ascii_filename_ascii_contents_to_tar, + ascii_filename_unicode_contents_to_tar, + unicode_filename_ascii_contents_to_tar, + files_to_tar, + big_file_to_tar, files_chunked_to_tar, directory_to_tar, binaries_to_tar, null_crypto_tar, simple_crypto_tar_small, simple_crypto_tar_big, read_tar, read_null_crypto_tar, read_crypto_tar, @@ -121,23 +126,35 @@ init_per_group(unicode, Config) -> ct:comment("Begin ~p",[grps(Config)]), DataDir = ?config(data_dir, Config), PrivDir = ?config(priv_dir, Config), - [{user, "Ã¥ke高兴"}, - {passwd, "ärlig日本ã˜ã‚“"}, - {data, <<"foobar Ã¥ 一二三四ã„ã¡ã«ã•ã‚“ã¡">>}, - {filename, filename:join(PrivDir, "sftp瑞点.txt")}, - {testfile, filename:join(PrivDir, "testãƒãƒ³ã‚¹.txt")}, - {linktest, filename:join(PrivDir, "link_test語.txt")}, - {tar_filename, filename:join(PrivDir, "sftp_tar_test一二三.tar")}, - {tar_F1_txt, "F一.txt"}, - {datadir_tar, filename:join(DataDir,"sftp_tar_test_data_高兴")} - | lists:foldl(fun(K,Cf) -> lists:keydelete(K,1,Cf) end, - Config, - [user, passwd, data, - filename, testfile, linktest, - tar_filename, tar_F1_txt, datadir_tar - ] - ) - ]; + NewConfig = + [{user, "Ã¥ke高兴"}, + {passwd, "ärlig日本ã˜ã‚“"}, + {data, <<"foobar Ã¥ 一二三四ã„ã¡ã«ã•ã‚“ã¡">>}, + {filename, filename:join(PrivDir, "sftp瑞点.txt")}, + {testfile, filename:join(PrivDir, "testãƒãƒ³ã‚¹.txt")}, + {linktest, filename:join(PrivDir, "link_test語.txt")}, + {tar_filename, filename:join(PrivDir, "sftp_tar_test一二三.tar")}, + {tar_F1_txt, "F一.txt"}, + {tar_F3_txt, "f3.txt"}, + {tar_F4_txt, "gå››.txt"}, + {datadir_tar, filename:join(DataDir,"sftp_tar_test_data_高兴")} + | lists:foldl(fun(K,Cf) -> lists:keydelete(K,1,Cf) end, + Config, + [user, passwd, data, + filename, testfile, linktest, + tar_filename, tar_F1_txt, datadir_tar + ] + ) + ], + FN = fn(?config(tar_F1_txt,NewConfig), NewConfig), + case catch file:read_file(FN) of + {ok,FN_contents} -> + ct:log("Readable file:read_file(~tp) ->~n~tp",[FN,FN_contents]), + NewConfig; + Other -> + ct:log("Unreadable file:read_file(~tp) ->~n~p",[FN,Other]), + {skip, "Not unicode file reading"} + end; _ -> {skip, "Not unicode file encoding"} @@ -685,6 +702,43 @@ files_to_tar(Config) -> ok = erl_tar:close(Handle), chk_tar([F1, "f2.txt"], Config). +%%-------------------------------------------------------------------- +ascii_filename_ascii_contents_to_tar(Config) -> + ChPid2 = ?config(channel_pid2, Config), + TarFileName = ?config(tar_filename, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), + ok = erl_tar:add(Handle, fn("f2.txt",Config), "f2.txt", [verbose]), + ok = erl_tar:close(Handle), + chk_tar(["f2.txt"], Config). + +%%-------------------------------------------------------------------- +ascii_filename_unicode_contents_to_tar(Config) -> + case ?config(tar_F3_txt, Config) of + undefined -> + {skip, "Unicode test"}; + Fn -> + ChPid2 = ?config(channel_pid2, Config), + TarFileName = ?config(tar_filename, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), + ok = erl_tar:add(Handle, fn(Fn,Config), Fn, [verbose]), + ok = erl_tar:close(Handle), + chk_tar([Fn], Config) + end. + +%%-------------------------------------------------------------------- +unicode_filename_ascii_contents_to_tar(Config) -> + case ?config(tar_F4_txt, Config) of + undefined -> + {skip, "Unicode test"}; + Fn -> + ChPid2 = ?config(channel_pid2, Config), + TarFileName = ?config(tar_filename, Config), + {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), + ok = erl_tar:add(Handle, fn(Fn,Config), Fn, [verbose]), + ok = erl_tar:close(Handle), + chk_tar([Fn], Config) + end. + %%-------------------------------------------------------------------- big_file_to_tar(Config) -> ChPid2 = ?config(channel_pid2, Config), diff --git "a/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/f3.txt" "b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/f3.txt" new file mode 100644 index 0000000000..e6076a05b5 --- /dev/null +++ "b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/f3.txt" @@ -0,0 +1 @@ +你好 diff --git "a/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/g\345\233\233.txt" "b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/g\345\233\233.txt" new file mode 100644 index 0000000000..d18c6b11fc --- /dev/null +++ "b/lib/ssh/test/ssh_sftp_SUITE_data/sftp_tar_test_data_\351\253\230\345\205\264/g\345\233\233.txt" @@ -0,0 +1 @@ +How are you? -- cgit v1.2.3 From 9d1cf458e616c93779d783820a59d04d3c628a3e Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 6 Aug 2015 17:46:27 +0200 Subject: ssh: ssh_trpt_test_lib improvments - negotiation state - better printouts --- lib/ssh/test/ssh_protocol_SUITE.erl | 18 ++--- lib/ssh/test/ssh_trpt_test_lib.erl | 129 ++++++++++++++++++++++++------------ 2 files changed, 96 insertions(+), 51 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 246e3d4898..732892ae37 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -240,7 +240,7 @@ lib_no_match(_Config) -> no_common_alg_server_disconnects(Config) -> {ok,_} = ssh_trpt_test_lib:exec( - [{set_options, [print_ops, print_seqnums, print_messages]}, + [{set_options, [print_ops, {print_messages,detail}]}, {connect, server_host(Config),server_port(Config), [{silently_accept_hosts, true}, @@ -251,7 +251,7 @@ no_common_alg_server_disconnects(Config) -> receive_hello, {send, hello}, {match, #ssh_msg_kexinit{_='_'}, receive_msg}, - {send, ssh_msg_kexinit}, + {send, ssh_msg_kexinit}, % with server unsupported 'ssh-dss' ! {match, {'or',[#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, _='_'}, tcp_closed]}, @@ -275,17 +275,16 @@ no_common_alg_client_disconnects(Config) -> Parent ! {result,self(), ssh_trpt_test_lib:exec( - [{set_options, [print_ops, print_messages]}, + [{set_options, [print_ops, {print_messages,detail}]}, {accept, [{system_dir, system_dir(Config)}, {user_dir, user_dir(Config)}]}, receive_hello, {send, hello}, - {match, #ssh_msg_kexinit{_='_'}, receive_msg}, - {send, #ssh_msg_kexinit{ + {send, #ssh_msg_kexinit{ % with unsupported "SOME-UNSUPPORTED" cookie = 247381486335508958743193106082599558706, kex_algorithms = ["diffie-hellman-group1-sha1"], - server_host_key_algorithms = ["some-unknown"], + server_host_key_algorithms = ["SOME-UNSUPPORTED"], % SIC! encryption_algorithms_client_to_server = ["aes128-ctr"], encryption_algorithms_server_to_client = ["aes128-ctr"], mac_algorithms_client_to_server = ["hmac-sha2-256"], @@ -306,7 +305,8 @@ no_common_alg_client_disconnects(Config) -> } end), - %% and finally connect to it with a regular Erlang SSH client: + %% and finally connect to it with a regular Erlang SSH client + %% which of course does not support SOME-UNSUPPORTED as pub key algo: Result = std_connect(HostPort, Config, [{preferred_algorithms,[{public_key,['ssh-dss']}]}]), ct:log("Result of connect is ~p",[Result]), @@ -317,7 +317,9 @@ no_common_alg_client_disconnects(Config) -> ct:pal("ERROR!~nOp = ~p~nExecResult = ~p~nState =~n~s", [Op,ExecResult,ssh_trpt_test_lib:format_msg(S)]), {fail, ExecResult}; - X -> ct:fail(X) + X -> + ct:pal("¤¤¤¤¤"), + ct:fail(X) end. %%%-------------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl index 75f495b6d7..38b2789742 100644 --- a/lib/ssh/test/ssh_trpt_test_lib.erl +++ b/lib/ssh/test/ssh_trpt_test_lib.erl @@ -42,8 +42,8 @@ seen_hello = false, enc = <<>>, ssh = #ssh{}, % #ssh{} - own_kexinit, - peer_kexinit, + alg_neg = {undefined,undefined}, % {own_kexinit, peer_kexinit} + alg, % #alg{} vars = dict:new(), reply = [], % Some repy msgs are generated hidden in ssh_transport :[ prints = [], @@ -140,7 +140,10 @@ op(receive_hello, S0) when S0#s.seen_hello =/= true -> op(receive_msg, S) when S#s.seen_hello == true -> try recv(S) catch - {tcp,Exc} -> S#s{return_value=Exc} + {tcp,Exc} -> + S1 = opt(print_messages, S, + fun(X) when X==true;X==detail -> {"Recv~n~p~n",[Exc]} end), + S1#s{return_value=Exc} end; @@ -206,6 +209,9 @@ op_val(E, S0) -> end. +fail(Reason, {Fmt,Args}, S) when is_list(Fmt), is_list(Args) -> + fail(Reason, save_prints({Fmt,Args}, S)). + fail(Reason, S) -> throw({fail, Reason, S}). @@ -312,38 +318,51 @@ send(S=#s{ssh=C}, hello) -> send(S, list_to_binary(Hello)); send(S0, ssh_msg_kexinit) -> - {Msg, Bytes, C0} = ssh_transport:key_exchange_init_msg(S0#s.ssh), - S1 = opt(print_messages, S0, - fun(X) when X==true;X==detail -> {"Send~n~s~n",[format_msg(Msg)]} end), - S = case ?role(S1) of - server when is_record(S1#s.peer_kexinit, ssh_msg_kexinit) -> - {ok, C} = - ssh_transport:handle_kexinit_msg(S1#s.peer_kexinit, Msg, C0), - S1#s{peer_kexinit = used, - own_kexinit = used, - ssh = C}; - _ -> - S1#s{ssh = C0, - own_kexinit = Msg} - end, - send_bytes(Bytes, S#s{return_value = Msg}); + {Msg, _Bytes, _C0} = ssh_transport:key_exchange_init_msg(S0#s.ssh), + send(S0, Msg); -send(S0, ssh_msg_kexdh_init) when ?role(S0) == client, - is_record(S0#s.peer_kexinit, ssh_msg_kexinit), - is_record(S0#s.own_kexinit, ssh_msg_kexinit) -> +send(S0=#s{alg_neg={undefined,PeerMsg}}, Msg=#ssh_msg_kexinit{}) -> + S1 = opt(print_messages, S0, + fun(X) when X==true;X==detail -> {"Send~n~s~n",[format_msg(Msg)]} end), + S2 = case PeerMsg of + #ssh_msg_kexinit{} -> + try ssh_transport:handle_kexinit_msg(PeerMsg, Msg, S1#s.ssh) of + {ok,Cx} when ?role(S1) == server -> + S1#s{alg = Cx#ssh.algorithms}; + {ok,_NextKexMsgBin,Cx} when ?role(S1) == client -> + S1#s{alg = Cx#ssh.algorithms} + catch + Class:Exc -> + save_prints({"Algoritm negotiation failed at line ~p:~p~n~p:~s~nPeer: ~s~n Own: ~s~n", + [?MODULE,?LINE,Class,format_msg(Exc),format_msg(PeerMsg),format_msg(Msg)]}, + S1) + end; + undefined -> + S1 + end, + {Bytes, C} = ssh_transport:ssh_packet(Msg, S2#s.ssh), + send_bytes(Bytes, S2#s{return_value = Msg, + alg_neg = {Msg,PeerMsg}, + ssh = C}); + +send(S0, ssh_msg_kexdh_init) when ?role(S0) == client -> + {OwnMsg, PeerMsg} = S0#s.alg_neg, {ok, NextKexMsgBin, C} = - ssh_transport:handle_kexinit_msg(S0#s.peer_kexinit, S0#s.own_kexinit, S0#s.ssh), - + try ssh_transport:handle_kexinit_msg(PeerMsg, OwnMsg, S0#s.ssh) + catch + Class:Exc -> + fail("Algoritm negotiation failed!", + {"Algoritm negotiation failed at line ~p:~p~n~p:~s~nPeer: ~s~n Own: ~s", + [?MODULE,?LINE,Class,format_msg(Exc),format_msg(PeerMsg),format_msg(OwnMsg)]}, + S0) + end, S = opt(print_messages, S0, fun(X) when X==true;X==detail -> #ssh{keyex_key = {{_Private, Public}, {_G, _P}}} = C, Msg = #ssh_msg_kexdh_init{e = Public}, {"Send (reconstructed)~n~s~n",[format_msg(Msg)]} end), - - send_bytes(NextKexMsgBin, S#s{ssh = C, - peer_kexinit = used, - own_kexinit = used}); + send_bytes(NextKexMsgBin, S#s{ssh = C}); send(S0, ssh_msg_kexdh_reply) -> Bytes = proplists:get_value(ssh_msg_kexdh_reply, S0#s.reply), @@ -389,26 +408,42 @@ recv(S0 = #s{}) -> true -> %% Has seen hello, therefore no more crlf-messages are alowed. S = receive_binary_msg(S1), - case M=S#s.return_value of - #ssh_msg_kexinit{} when ?role(S) == server, - S#s.own_kexinit =/= undefined -> - {ok, C} = - ssh_transport:handle_kexinit_msg(M, S#s.own_kexinit, S#s.ssh), - S#s{peer_kexinit = used, - own_kexinit = used, - ssh = C}; - #ssh_msg_kexinit{} -> - S#s{peer_kexinit = M}; + case PeerMsg = S#s.return_value of + #ssh_msg_kexinit{} -> + case S#s.alg_neg of + {undefined,undefined} -> + S#s{alg_neg = {undefined,PeerMsg}}; + + {undefined,_} -> + fail("2 kexint received!!", S); + + {OwnMsg, _} -> + try ssh_transport:handle_kexinit_msg(PeerMsg, OwnMsg, S#s.ssh) of + {ok,C} when ?role(S) == server -> + S#s{alg_neg = {OwnMsg, PeerMsg}, + alg = C#ssh.algorithms, + ssh = C}; + {ok,_NextKexMsgBin,C} when ?role(S) == client -> + S#s{alg_neg = {OwnMsg, PeerMsg}, + alg = C#ssh.algorithms} + catch + Class:Exc -> + save_prints({"Algoritm negotiation failed at line ~p:~p~n~p:~s~nPeer: ~s~n Own: ~s~n", + [?MODULE,?LINE,Class,format_msg(Exc),format_msg(PeerMsg),format_msg(OwnMsg)]}, + S#s{alg_neg = {OwnMsg, PeerMsg}}) + end + end; + #ssh_msg_kexdh_init{} -> % Always the server - {ok, Reply, C} = ssh_transport:handle_kexdh_init(M, S#s.ssh), + {ok, Reply, C} = ssh_transport:handle_kexdh_init(PeerMsg, S#s.ssh), S#s{ssh = C, reply = [{ssh_msg_kexdh_reply,Reply} | S#s.reply] }; #ssh_msg_kexdh_reply{} -> - {ok, _NewKeys, C} = ssh_transport:handle_kexdh_reply(M, S#s.ssh), + {ok, _NewKeys, C} = ssh_transport:handle_kexdh_reply(PeerMsg, S#s.ssh), S#s{ssh=C#ssh{send_sequence=S#s.ssh#ssh.send_sequence}}; % Back the number #ssh_msg_newkeys{} -> - {ok, C} = ssh_transport:handle_new_keys(M, S#s.ssh), + {ok, C} = ssh_transport:handle_new_keys(PeerMsg, S#s.ssh), S#s{ssh=C}; _ -> S @@ -682,10 +717,18 @@ seqnum_trace(S) -> print_traces(S) when S#s.prints == [] -> S; print_traces(S) -> + Len = length(S#s.prints), ct:log("~s", - [lists:foldl(fun({Fmt,Args}, Acc) -> - [io_lib:format(Fmt,Args) | Acc] - end, "", S#s.prints)] + [lists:foldl( + fun({Fmt,Args}, Acc) -> + [case Len-length(Acc)-1 of + 0 -> + io_lib:format(Fmt,Args); + N -> + io_lib:format(lists:concat(['~p --------~n',Fmt]), + [Len-length(Acc)-1|Args]) + end | Acc] + end, "", S#s.prints)] ). opt(Flag, S, Fun) when is_function(Fun,1) -> -- cgit v1.2.3 From 1edbcc648f87ad66b047fbc73654764b618c37ae Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 7 Aug 2015 13:48:46 +0200 Subject: ssh: ct:pal -> ct:log in lib/ssh/test --- lib/ssh/test/ssh_basic_SUITE.erl | 66 +++++++++++++++--------------- lib/ssh/test/ssh_connection_SUITE.erl | 14 +++---- lib/ssh/test/ssh_protocol_SUITE.erl | 4 +- lib/ssh/test/ssh_sftp_SUITE.erl | 12 +++--- lib/ssh/test/ssh_sftpd_SUITE.erl | 14 +++---- lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl | 6 +-- lib/ssh/test/ssh_test_lib.erl | 22 +++++----- lib/ssh/test/ssh_to_openssh_SUITE.erl | 46 ++++++++++----------- lib/ssh/test/ssh_upgrade_SUITE.erl | 10 ++--- 9 files changed, 97 insertions(+), 97 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 39ea2c9609..f30e86f193 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -245,8 +245,8 @@ init_per_testcase(TC, Config) when TC==shell_no_unicode ; Shell = ssh_test_lib:start_shell(Port, IO, UserDir, [{silently_accept_hosts, true}, {user,"foo"},{password,"bar"}]), - ct:pal("IO=~p, Shell=~p, self()=~p",[IO,Shell,self()]), - ct:pal("file:native_name_encoding() = ~p,~nio:getopts() = ~p", + ct:log("IO=~p, Shell=~p, self()=~p",[IO,Shell,self()]), + ct:log("file:native_name_encoding() = ~p,~nio:getopts() = ~p", [file:native_name_encoding(),io:getopts()]), wait_for_erlang_first_line([{io,IO}, {shell,Shell}, {sftpd, Sftpd} | Config]); init_per_testcase(_TestCase, Config) -> @@ -620,7 +620,7 @@ shell(Config) when is_list(Config) -> {'EXIT', _, _} -> ct:fail(no_ssh_connection); ErlShellStart -> - ct:pal("Erlang shell start: ~p~n", [ErlShellStart]), + ct:log("Erlang shell start: ~p~n", [ErlShellStart]), do_shell(IO, Shell) end. @@ -704,7 +704,7 @@ server_password_option(Config) when is_list(Config) -> {user_interaction, false}, {user_dir, UserDir}]), - ct:pal("Test of wrong password: Error msg: ~p ~n", [Reason]), + ct:log("Test of wrong password: Error msg: ~p ~n", [Reason]), ssh:close(ConnectionRef), ssh:stop_daemon(Pid). @@ -1259,13 +1259,13 @@ peername_sockname(Config) when is_list(Config) -> ssh:connection_info(ConnectionRef, [peer]), [{sockname, {HostSockClient,PortSockClient} = ClientSock}] = ssh:connection_info(ConnectionRef, [sockname]), - ct:pal("Client: ~p ~p", [ClientPeer, ClientSock]), + ct:log("Client: ~p ~p", [ClientPeer, ClientSock]), receive {ssh_cm, ConnectionRef, {data, ChannelId, _, Response}} -> {PeerNameSrv,SockNameSrv} = binary_to_term(Response), {HostPeerSrv,PortPeerSrv} = PeerNameSrv, {HostSockSrv,PortSockSrv} = SockNameSrv, - ct:pal("Server: ~p ~p", [PeerNameSrv, SockNameSrv]), + ct:log("Server: ~p ~p", [PeerNameSrv, SockNameSrv]), host_equal(HostPeerSrv, HostSockClient), PortPeerSrv = PortSockClient, host_equal(HostSockSrv, HostPeerClient), @@ -1443,7 +1443,7 @@ packet_size_zero(Config) -> receive {ssh_cm,Conn,{data,Chan,_Type,_Msg1}} = M -> - ct:pal("Got ~p",[M]), + ct:log("Got ~p",[M]), ct:fail(doesnt_obey_max_packet_size_0) after 5000 -> ok @@ -1520,7 +1520,7 @@ chan_exec(ConnectionRef, Cmnd, Expected) -> ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId0); {unexpected_msg,{ssh_cm, ConnectionRef, {exit_status, ChannelId0, 0}} = ExitStatus0} -> - ct:pal("0: Collected data ~p", [ExitStatus0]), + ct:log("0: Collected data ~p", [ExitStatus0]), ssh_test_lib:receive_exec_result(Data0, ConnectionRef, ChannelId0); Other0 -> @@ -1612,7 +1612,7 @@ ssh_connect_negtimeout(Config, Parallel) -> {ok,Socket} = gen_tcp:connect(Host, Port, []), Factor = 2, - ct:pal("And now sleeping ~p*NegTimeOut (~p ms)...", [Factor, round(Factor * NegTimeOut)]), + ct:log("And now sleeping ~p*NegTimeOut (~p ms)...", [Factor, round(Factor * NegTimeOut)]), ct:sleep(round(Factor * NegTimeOut)), case inet:sockname(Socket) of @@ -1643,22 +1643,22 @@ ssh_connect_nonegtimeout_connected(Config, Parallel) -> {parallel_login, Parallel}, {negotiation_timeout, NegTimeOut}, {failfun, fun ssh_test_lib:failfun/2}]), - ct:pal("~p Listen ~p:~p",[_Pid,_Host,Port]), + ct:log("~p Listen ~p:~p",[_Pid,_Host,Port]), ct:sleep(500), IO = ssh_test_lib:start_io_server(), Shell = ssh_test_lib:start_shell(Port, IO, UserDir), receive Error = {'EXIT', _, _} -> - ct:pal("~p",[Error]), + ct:log("~p",[Error]), ct:fail(no_ssh_connection); ErlShellStart -> - ct:pal("---Erlang shell start: ~p~n", [ErlShellStart]), + ct:log("---Erlang shell start: ~p~n", [ErlShellStart]), one_shell_op(IO, NegTimeOut), one_shell_op(IO, NegTimeOut), Factor = 2, - ct:pal("And now sleeping ~p*NegTimeOut (~p ms)...", [Factor, round(Factor * NegTimeOut)]), + ct:log("And now sleeping ~p*NegTimeOut (~p ms)...", [Factor, round(Factor * NegTimeOut)]), ct:sleep(round(Factor * NegTimeOut)), one_shell_op(IO, NegTimeOut) @@ -1667,7 +1667,7 @@ ssh_connect_nonegtimeout_connected(Config, Parallel) -> one_shell_op(IO, TimeOut) -> - ct:pal("One shell op: Waiting for prompter"), + ct:log("One shell op: Waiting for prompter"), receive ErlPrompt0 -> ct:log("Erlang prompt: ~p~n", [ErlPrompt0]) after TimeOut -> ct:fail("Timeout waiting for promter") @@ -1770,7 +1770,7 @@ connect_fun(ssh_sftp__start_channel, _Config) -> max_sessions(Config, ParallelLogin, Connect0) when is_function(Connect0,2) -> Connect = fun(Host,Port) -> R = Connect0(Host,Port), - ct:pal("Connect(~p,~p) -> ~p",[Host,Port,R]), + ct:log("Connect(~p,~p) -> ~p",[Host,Port,R]), R end, SystemDir = filename:join(?config(priv_dir, Config), system), @@ -1783,7 +1783,7 @@ max_sessions(Config, ParallelLogin, Connect0) when is_function(Connect0,2) -> {parallel_login, ParallelLogin}, {max_sessions, MaxSessions} ]), - ct:pal("~p Listen ~p:~p for max ~p sessions",[Pid,Host,Port,MaxSessions]), + ct:log("~p Listen ~p:~p for max ~p sessions",[Pid,Host,Port,MaxSessions]), try [Connect(Host,Port) || _ <- lists:seq(1,MaxSessions)] of Connections -> @@ -1792,7 +1792,7 @@ max_sessions(Config, ParallelLogin, Connect0) when is_function(Connect0,2) -> [_|_] = Connections, %% Now try one more than alowed: - ct:pal("Info Report might come here...",[]), + ct:log("Info Report might come here...",[]), try Connect(Host,Port) of _ConnectionRef1 -> @@ -1921,12 +1921,12 @@ basic_test(Config) -> do_shell(IO, Shell) -> receive ErlPrompt0 -> - ct:pal("Erlang prompt: ~p~n", [ErlPrompt0]) + ct:log("Erlang prompt: ~p~n", [ErlPrompt0]) end, IO ! {input, self(), "1+1.\r\n"}, receive Echo0 -> - ct:pal("Echo: ~p ~n", [Echo0]) + ct:log("Echo: ~p ~n", [Echo0]) end, receive ?NEWLINE -> @@ -1934,7 +1934,7 @@ do_shell(IO, Shell) -> end, receive Result0 = <<"2">> -> - ct:pal("Result: ~p~n", [Result0]) + ct:log("Result: ~p~n", [Result0]) end, receive ?NEWLINE -> @@ -1942,7 +1942,7 @@ do_shell(IO, Shell) -> end, receive ErlPrompt1 -> - ct:pal("Erlang prompt: ~p~n", [ErlPrompt1]) + ct:log("Erlang prompt: ~p~n", [ErlPrompt1]) end, exit(Shell, kill). %%Does not seem to work in the testserver! @@ -1953,7 +1953,7 @@ do_shell(IO, Shell) -> %% end, %% receive %% Echo1 -> - %% ct:pal("Echo: ~p ~n", [Echo1]) + %% ct:log("Echo: ~p ~n", [Echo1]) %% end, %% receive %% ?NEWLINE -> @@ -1961,7 +1961,7 @@ do_shell(IO, Shell) -> %% end, %% receive %% Result1 -> - %% ct:pal("Result: ~p~n", [Result1]) + %% ct:log("Result: ~p~n", [Result1]) %% end, %% receive %% {'EXIT', Shell, killed} -> @@ -1975,13 +1975,13 @@ wait_for_erlang_first_line(Config) -> {'EXIT', _, _} -> {fail,no_ssh_connection}; <<"Eshell ",_/binary>> = _ErlShellStart -> - ct:pal("Erlang shell start: ~p~n", [_ErlShellStart]), + ct:log("Erlang shell start: ~p~n", [_ErlShellStart]), Config; Other -> - ct:pal("Unexpected answer from ssh server: ~p",[Other]), + ct:log("Unexpected answer from ssh server: ~p",[Other]), {fail,unexpected_answer} after 10000 -> - ct:pal("No answer from ssh-server"), + ct:log("No answer from ssh-server"), {fail,timeout} end. @@ -1997,7 +1997,7 @@ new_do_shell(IO, N, Ops=[{Order,Arg}|More]) -> PfxSize = size(Pfx), receive _X = <<"\r\n">> -> - ct:pal("Skip newline ~p",[_X]), + ct:log("Skip newline ~p",[_X]), new_do_shell(IO, N, Ops); < ">> when (P1-$0)==N -> @@ -2013,15 +2013,15 @@ new_do_shell(IO, N, Ops=[{Order,Arg}|More]) -> ct:fail("new_do_shell error: ~p~n",[Err]); RecBin when Order==expect ; Order==expect_echo -> - ct:pal("received ~p",[RecBin]), + ct:log("received ~p",[RecBin]), RecStr = string:strip(unicode:characters_to_list(RecBin)), ExpStr = string:strip(Arg), case lists:prefix(ExpStr, RecStr) of true when Order==expect -> - ct:pal("Matched ~ts",[RecStr]), + ct:log("Matched ~ts",[RecStr]), new_do_shell(IO, N, More); true when Order==expect_echo -> - ct:pal("Matched echo ~ts",[RecStr]), + ct:log("Matched echo ~ts",[RecStr]), new_do_shell(IO, N, More); false -> ct:fail("*** Expected ~p, but got ~p",[string:strip(ExpStr),RecStr]) @@ -2047,12 +2047,12 @@ prompt_prefix() -> new_do_shell_prompt(IO, N, type, Str, More) -> - ct:pal("Matched prompt ~p to trigger sending of next line to server",[N]), + ct:log("Matched prompt ~p to trigger sending of next line to server",[N]), IO ! {input, self(), Str++"\r\n"}, - ct:pal("Promt '~p> ', Sent ~ts",[N,Str++"\r\n"]), + ct:log("Promt '~p> ', Sent ~ts",[N,Str++"\r\n"]), new_do_shell(IO, N, [{expect_echo,Str}|More]); % expect echo of the sent line new_do_shell_prompt(IO, N, Op, Str, More) -> - ct:pal("Matched prompt ~p",[N]), + ct:log("Matched prompt ~p",[N]), new_do_shell(IO, N, [{Op,Str}|More]). %%-------------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index eb7c641d8a..fbcf06290a 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -186,7 +186,7 @@ big_cat(Config) when is_list(Config) -> %% pre-adjust receive window so the other end doesn't block ssh_connection:adjust_window(ConnectionRef, ChannelId0, size(Data)), - ct:pal("sending ~p byte binary~n",[size(Data)]), + ct:log("sending ~p byte binary~n",[size(Data)]), ok = ssh_connection:send(ConnectionRef, ChannelId0, Data, 10000), ok = ssh_connection:send_eof(ConnectionRef, ChannelId0), @@ -197,10 +197,10 @@ big_cat(Config) when is_list(Config) -> {ok, Other} -> case size(Data) =:= size(Other) of true -> - ct:pal("received and sent data are same" + ct:log("received and sent data are same" "size but do not match~n",[]); false -> - ct:pal("sent ~p but only received ~p~n", + ct:log("sent ~p but only received ~p~n", [size(Data), size(Other)]) end, ct:fail(receive_data_mismatch); @@ -450,7 +450,7 @@ gracefull_invalid_version(Config) when is_list(Config) -> ok = gen_tcp:send(S, ["SSH-8.-1","\r\n"]), receive Verstring -> - ct:pal("Server version: ~p~n", [Verstring]), + ct:log("Server version: ~p~n", [Verstring]), receive {tcp_closed, S} -> ok @@ -470,7 +470,7 @@ gracefull_invalid_start(Config) when is_list(Config) -> ok = gen_tcp:send(S, ["foobar","\r\n"]), receive Verstring -> - ct:pal("Server version: ~p~n", [Verstring]), + ct:log("Server version: ~p~n", [Verstring]), receive {tcp_closed, S} -> ok @@ -490,7 +490,7 @@ gracefull_invalid_long_start(Config) when is_list(Config) -> ok = gen_tcp:send(S, [lists:duplicate(257, $a), "\r\n"]), receive Verstring -> - ct:pal("Server version: ~p~n", [Verstring]), + ct:log("Server version: ~p~n", [Verstring]), receive {tcp_closed, S} -> ok @@ -511,7 +511,7 @@ gracefull_invalid_long_start_no_nl(Config) when is_list(Config) -> ok = gen_tcp:send(S, [lists:duplicate(257, $a), "\r\n"]), receive Verstring -> - ct:pal("Server version: ~p~n", [Verstring]), + ct:log("Server version: ~p~n", [Verstring]), receive {tcp_closed, S} -> ok diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 732892ae37..dc02b940d7 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -314,11 +314,11 @@ no_common_alg_client_disconnects(Config) -> {result,Pid,{ok,_}} -> ok; {result,Pid,{error,{Op,ExecResult,S}}} -> - ct:pal("ERROR!~nOp = ~p~nExecResult = ~p~nState =~n~s", + ct:log("ERROR!~nOp = ~p~nExecResult = ~p~nState =~n~s", [Op,ExecResult,ssh_trpt_test_lib:format_msg(S)]), {fail, ExecResult}; X -> - ct:pal("¤¤¤¤¤"), + ct:log("¤¤¤¤¤"), ct:fail(X) end. diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index c3de063c17..bab5bf9fe9 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -47,7 +47,7 @@ init_per_suite(Config) -> catch crypto:stop(), case (catch crypto:start()) of ok -> - ct:pal("file:native_name_encoding() = ~p,~nio:getopts() = ~p", + ct:log("file:native_name_encoding() = ~p,~nio:getopts() = ~p", [file:native_name_encoding(),io:getopts()]), ssh:start(), Config; @@ -397,7 +397,7 @@ read_dir(Config) when is_list(Config) -> PrivDir = ?config(priv_dir, Config), {Sftp, _} = ?config(sftp, Config), {ok, Files} = ssh_sftp:list_dir(Sftp, PrivDir), - ct:pal("sftp list dir: ~p~n", [Files]). + ct:log("sftp list dir: ~p~n", [Files]). %%-------------------------------------------------------------------- write_file() -> @@ -478,12 +478,12 @@ rename_file(Config) when is_list(Config) -> {Sftp, _} = ?config(sftp, Config), {ok, Files} = ssh_sftp:list_dir(Sftp, PrivDir), - ct:pal("FileName: ~p, Files: ~p~n", [FileName, Files]), + ct:log("FileName: ~p, Files: ~p~n", [FileName, Files]), true = lists:member(filename:basename(FileName), Files), false = lists:member(filename:basename(NewFileName), Files), ok = ssh_sftp:rename(Sftp, FileName, NewFileName), {ok, NewFiles} = ssh_sftp:list_dir(Sftp, PrivDir), - ct:pal("FileName: ~p, Files: ~p~n", [FileName, NewFiles]), + ct:log("FileName: ~p, Files: ~p~n", [FileName, NewFiles]), false = lists:member(filename:basename(FileName), NewFiles), true = lists:member(filename:basename(NewFileName), NewFiles). @@ -529,7 +529,7 @@ retrieve_attributes(Config) when is_list(Config) -> {ok, NewFileInfo} = file:read_file_info(FileName), %% TODO comparison. There are some differences now is that ok? - ct:pal("SFTP: ~p FILE: ~p~n", [FileInfo, NewFileInfo]). + ct:log("SFTP: ~p FILE: ~p~n", [FileInfo, NewFileInfo]). %%-------------------------------------------------------------------- set_attributes() -> @@ -558,7 +558,7 @@ async_read(Config) when is_list(Config) -> receive {async_reply, Ref, {ok, Data}} -> - ct:pal("Data: ~p~n", [Data]), + ct:log("Data: ~p~n", [Data]), ok; Msg -> ct:fail(Msg) diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl index f38fcc5521..94a54ec9db 100644 --- a/lib/ssh/test/ssh_sftpd_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_SUITE.erl @@ -152,7 +152,7 @@ init_per_testcase(TestCase, Config) -> {ok, <>, _} = reply(Cm, Channel), - ct:pal("Client: ~p Server ~p~n", [ProtocolVer, Version]), + ct:log("Client: ~p Server ~p~n", [ProtocolVer, Version]), [{sftp, {Cm, Channel}}, {sftpd, Sftpd }| Config]. @@ -418,7 +418,7 @@ real_path(Config) when is_list(Config) -> RealPath = filename:absname(binary_to_list(Path)), AbsPrivDir = filename:absname(PrivDir), - ct:pal("Path: ~p PrivDir: ~p~n", [RealPath, AbsPrivDir]), + ct:log("Path: ~p PrivDir: ~p~n", [RealPath, AbsPrivDir]), true = RealPath == AbsPrivDir end. @@ -447,7 +447,7 @@ links(Config) when is_list(Config) -> true = binary_to_list(Path) == FileName, - ct:pal("Path: ~p~n", [binary_to_list(Path)]) + ct:log("Path: ~p~n", [binary_to_list(Path)]) end. %%-------------------------------------------------------------------- @@ -548,10 +548,10 @@ set_attributes(Config) when is_list(Config) -> %% Can not test that NewPermissions = Permissions as %% on Unix platforms, other bits than those listed in the %% API may be set. - ct:pal("Org: ~p New: ~p~n", [OrigPermissions, NewPermissions]), + ct:log("Org: ~p New: ~p~n", [OrigPermissions, NewPermissions]), true = OrigPermissions =/= NewPermissions, - ct:pal("Try to open the file"), + ct:log("Try to open the file"), NewReqId = 2, {ok, <>, _} = open_file(FileName, Cm, Channel, NewReqId, @@ -563,7 +563,7 @@ set_attributes(Config) when is_list(Config) -> NewReqId1 = 3, - ct:pal("Set original permissions on the now open file"), + ct:log("Set original permissions on the now open file"), {ok, <>, _} = @@ -786,7 +786,7 @@ read_dir(Handle, Cm, Channel, ReqId) -> case reply(Cm, Channel) of {ok, <>, _} -> - ct:pal("Count: ~p Listing: ~p~n", + ct:log("Count: ~p Listing: ~p~n", [Count, binary_to_list(Listing)]), read_dir(Handle, Cm, Channel, ReqId); {ok, < NumOfPorts = length(erlang:ports()), - ct:pal("Number of open ports: ~p~n", [NumOfPorts]), + ct:log("Number of open ports: ~p~n", [NumOfPorts]), {ok, <<_/binary>>} = ssh_sftp:read_file(Sftp, FileName), @@ -255,14 +255,14 @@ root_dir(Config) when is_list(Config) -> {ok, Bin} = ssh_sftp:read_file(Sftp, FileName), {ok, Listing} = ssh_sftp:list_dir(Sftp, "."), - ct:pal("Listing: ~p~n", [Listing]). + ct:log("Listing: ~p~n", [Listing]). %%-------------------------------------------------------------------- list_dir_limited(Config) when is_list(Config) -> {Sftp, _} = ?config(sftp, Config), {ok, Listing} = ssh_sftp:list_dir(Sftp, "."), - ct:pal("Listing: ~p~n", [Listing]). + ct:log("Listing: ~p~n", [Listing]). %%-------------------------------------------------------------------- ver6_basic() -> diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 97c35e549c..988ea47bd8 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -97,10 +97,10 @@ loop_io_server(TestCase, Buff0) -> {input, TestCase, Line} -> loop_io_server(TestCase, Buff0 ++ [Line]); {io_request, From, ReplyAs, Request} -> -%%ct:pal("~p",[{io_request, From, ReplyAs, Request}]), +%%ct:log("~p",[{io_request, From, ReplyAs, Request}]), {ok, Reply, Buff} = io_request(Request, TestCase, From, ReplyAs, Buff0), -%%ct:pal("io_request(~p)-->~p",[Request,{ok, Reply, Buff}]), +%%ct:log("io_request(~p)-->~p",[Request,{ok, Reply, Buff}]), io_reply(From, ReplyAs, Reply), loop_io_server(TestCase, Buff); {'EXIT',_, _} -> @@ -134,26 +134,26 @@ io_request({get_line, _Enc,_}, _, _, _, [Line | Buff]) -> io_reply(_, _, []) -> ok; io_reply(From, ReplyAs, Reply) -> -%%ct:pal("io_reply ~p sending ~p ! ~p",[self(),From, {io_reply, ReplyAs, Reply}]), +%%ct:log("io_reply ~p sending ~p ! ~p",[self(),From, {io_reply, ReplyAs, Reply}]), From ! {io_reply, ReplyAs, Reply}. reply(_, []) -> ok; reply(TestCase, Result) -> -%%ct:pal("reply ~p sending ~p ! ~p",[self(), TestCase, Result]), +%%ct:log("reply ~p sending ~p ! ~p",[self(), TestCase, Result]), TestCase ! Result. receive_exec_result(Msg) -> - ct:pal("Expect data! ~p", [Msg]), + ct:log("Expect data! ~p", [Msg]), receive {ssh_cm,_,{data,_,1, Data}} -> - ct:pal("StdErr: ~p~n", [Data]), + ct:log("StdErr: ~p~n", [Data]), receive_exec_result(Msg); Msg -> - ct:pal("1: Collected data ~p", [Msg]), + ct:log("1: Collected data ~p", [Msg]), expected; Other -> - ct:pal("Other ~p", [Other]), + ct:log("Other ~p", [Other]), {unexpected_msg, Other} end. @@ -165,15 +165,15 @@ receive_exec_end(ConnectionRef, ChannelId) -> case receive_exec_result(ExitStatus) of {unexpected_msg, Eof} -> %% Open ssh seems to not allways send these messages %% in the same order! - ct:pal("2: Collected data ~p", [Eof]), + ct:log("2: Collected data ~p", [Eof]), case receive_exec_result(ExitStatus) of expected -> expected = receive_exec_result(Closed); {unexpected_msg, Closed} -> - ct:pal("3: Collected data ~p", [Closed]) + ct:log("3: Collected data ~p", [Closed]) end; expected -> - ct:pal("4: Collected data ~p", [ExitStatus]), + ct:log("4: Collected data ~p", [ExitStatus]), expected = receive_exec_result(Eof), expected = receive_exec_result(Closed); Other -> diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index fb1c6a1b61..06bf264033 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -148,7 +148,7 @@ erlang_client_openssh_server_exec(Config) when is_list(Config) -> ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId0); {unexpected_msg,{ssh_cm, ConnectionRef, {exit_status, ChannelId0, 0}} = ExitStatus0} -> - ct:pal("0: Collected data ~p", [ExitStatus0]), + ct:log("0: Collected data ~p", [ExitStatus0]), ssh_test_lib:receive_exec_result(Data0, ConnectionRef, ChannelId0); Other0 -> @@ -164,7 +164,7 @@ erlang_client_openssh_server_exec(Config) when is_list(Config) -> ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId1); {unexpected_msg,{ssh_cm, ConnectionRef, {exit_status, ChannelId1, 0}} = ExitStatus1} -> - ct:pal("0: Collected data ~p", [ExitStatus1]), + ct:log("0: Collected data ~p", [ExitStatus1]), ssh_test_lib:receive_exec_result(Data1, ConnectionRef, ChannelId1); Other1 -> @@ -190,7 +190,7 @@ erlang_client_openssh_server_exec_compressed(Config) when is_list(Config) -> ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId); {unexpected_msg,{ssh_cm, ConnectionRef, {exit_status, ChannelId, 0}} = ExitStatus} -> - ct:pal("0: Collected data ~p", [ExitStatus]), + ct:log("0: Collected data ~p", [ExitStatus]), ssh_test_lib:receive_exec_result(Data, ConnectionRef, ChannelId); Other -> ct:fail(Other) @@ -223,11 +223,11 @@ erlang_client_openssh_server_kexs(Config) when is_list(Config) -> Acc; {unexpected_msg,{ssh_cm, ConnectionRef, {exit_status, ChannelId, 0}} = ExitStatus} -> - ct:pal("0: Collected data ~p", [ExitStatus]), + ct:log("0: Collected data ~p", [ExitStatus]), ssh_test_lib:receive_exec_result(ExpectedData, ConnectionRef, ChannelId), Acc; Other -> - ct:pal("~p failed: ~p",[Kex,Other]), + ct:log("~p failed: ~p",[Kex,Other]), false end end, true, ssh_transport:supported_algorithms(kex)), @@ -256,7 +256,7 @@ erlang_server_openssh_client_exec(Config) when is_list(Config) -> Cmd = "ssh -p " ++ integer_to_list(Port) ++ " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " 1+1.", - ct:pal("Cmd: ~p~n", [Cmd]), + ct:log("Cmd: ~p~n", [Cmd]), SshPort = open_port({spawn, Cmd}, [binary]), @@ -297,7 +297,7 @@ erlang_server_openssh_client_cipher_suites(Config) when is_list(Config) -> " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++ " -c " ++ Cipher ++ " 1+1.", - ct:pal("Cmd: ~p~n", [Cmd]), + ct:log("Cmd: ~p~n", [Cmd]), SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), @@ -347,7 +347,7 @@ erlang_server_openssh_client_macs(Config) when is_list(Config) -> " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++ " -o MACs=" ++ MAC ++ " 1+1.", - ct:pal("Cmd: ~p~n", [Cmd]), + ct:log("Cmd: ~p~n", [Cmd]), SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), @@ -401,7 +401,7 @@ erlang_server_openssh_client_kexs(Config) when is_list(Config) -> " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++ " -o KexAlgorithms=" ++ Kex ++ " 1+1.", - ct:pal("Cmd: ~p~n", [Cmd]), + ct:log("Cmd: ~p~n", [Cmd]), SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), @@ -411,7 +411,7 @@ erlang_server_openssh_client_kexs(Config) when is_list(Config) -> {SshPort,{data, <<"2\n">>}} -> Acc after ?TIMEOUT -> - ct:pal("Did not receive answer for ~p",[Kex]), + ct:log("Did not receive answer for ~p",[Kex]), false end; false -> @@ -419,7 +419,7 @@ erlang_server_openssh_client_kexs(Config) when is_list(Config) -> {SshPort,{data, <<"Unable to negotiate a key exchange method", _/binary>>}} -> Acc after ?TIMEOUT -> - ct:pal("Did not receive no matching kex message for ~p",[Kex]), + ct:log("Did not receive no matching kex message for ~p",[Kex]), false end end @@ -494,11 +494,11 @@ erlang_client_openssh_server_setenv(Config) when is_list(Config) -> {data,0,1, UnxpectedData}}} -> %% Some os may return things as %% ENV_TEST: Undefined variable.\n" - ct:pal("UnxpectedData: ~p", [UnxpectedData]), + ct:log("UnxpectedData: ~p", [UnxpectedData]), ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId); {unexpected_msg,{ssh_cm, ConnectionRef, {exit_status, ChannelId, 0}} = ExitStatus} -> - ct:pal("0: Collected data ~p", [ExitStatus]), + ct:log("0: Collected data ~p", [ExitStatus]), ssh_test_lib:receive_exec_result(Data, ConnectionRef, ChannelId); Other -> @@ -601,7 +601,7 @@ erlang_client_openssh_server_password(Config) when is_list(Config) -> {user_interaction, false}, {user_dir, UserDir}]), - ct:pal("Test of user foo that does not exist. " + ct:log("Test of user foo that does not exist. " "Error msg: ~p~n", [Reason0]), User = string:strip(os:cmd("whoami"), right, $\n), @@ -615,10 +615,10 @@ erlang_client_openssh_server_password(Config) when is_list(Config) -> {password, "foo"}, {user_interaction, false}, {user_dir, UserDir}]), - ct:pal("Test of wrong Pasword. " + ct:log("Test of wrong Pasword. " "Error msg: ~p~n", [Reason1]); _ -> - ct:pal("Whoami failed reason: ~n", []) + ct:log("Whoami failed reason: ~n", []) end. %%-------------------------------------------------------------------- @@ -646,19 +646,19 @@ erlang_client_openssh_server_nonexistent_subsystem(Config) when is_list(Config) receive_hej() -> receive <<"Hej", _binary>> = Hej -> - ct:pal("Expected result: ~p~n", [Hej]); + ct:log("Expected result: ~p~n", [Hej]); <<"Hej\n", _binary>> = Hej -> - ct:pal("Expected result: ~p~n", [Hej]); + ct:log("Expected result: ~p~n", [Hej]); <<"Hej\r\n", _/binary>> = Hej -> - ct:pal("Expected result: ~p~n", [Hej]); + ct:log("Expected result: ~p~n", [Hej]); Info -> Lines = binary:split(Info, [<<"\r\n">>], [global]), case lists:member(<<"Hej">>, Lines) of true -> - ct:pal("Expected result found in lines: ~p~n", [Lines]), + ct:log("Expected result found in lines: ~p~n", [Lines]), ok; false -> - ct:pal("Extra info: ~p~n", [Info]), + ct:log("Extra info: ~p~n", [Info]), receive_hej() end end. @@ -672,7 +672,7 @@ receive_logout() -> ok end; Info -> - ct:pal("Extra info when logging out: ~p~n", [Info]), + ct:log("Extra info when logging out: ~p~n", [Info]), receive_logout() end. @@ -715,6 +715,6 @@ check_ssh_client_support2(P) -> {P, {exit_status, E}} -> E after 5000 -> - ct:pal("Openssh command timed out ~n"), + ct:log("Openssh command timed out ~n"), -1 end. diff --git a/lib/ssh/test/ssh_upgrade_SUITE.erl b/lib/ssh/test/ssh_upgrade_SUITE.erl index c0645f3b01..85f4d36258 100644 --- a/lib/ssh/test/ssh_upgrade_SUITE.erl +++ b/lib/ssh/test/ssh_upgrade_SUITE.erl @@ -94,8 +94,8 @@ minor_upgrade(Config) when is_list(Config) -> %%% Called by ct_release_test:upgrade/4 upgrade_init(CTData, State) -> {ok, AppUp={_, _, Up, _Down}} = ct_release_test:get_appup(CTData, ssh), - ct:pal("AppUp: ~p", [AppUp]), - ct:pal("Up: ~p", [Up]), + ct:log("AppUp: ~p", [AppUp]), + ct:log("Up: ~p", [Up]), case Soft = is_soft(Up) of %% It is symmetrical, if upgrade is soft so is downgrade true -> @@ -134,12 +134,12 @@ is_soft(_) -> test_hard(State0, FileName) -> - ct:pal("test_hard State0=~p, FileName=~p",[State0, FileName]), + ct:log("test_hard State0=~p, FileName=~p",[State0, FileName]), State = setup_server_client(State0), test_connection(FileName, random_contents(), State). test_soft(State0, FileName) -> - ct:pal("test_soft State0=~p, FileName=~p",[State0, FileName]), + ct:log("test_soft State0=~p, FileName=~p",[State0, FileName]), State = test_connection(FileName, random_contents(), State0), setup_server_client( close(State) ). @@ -171,7 +171,7 @@ setup_server_client(#state{config=Config} = State) -> test_connection(FileName, FileContents, #state{client = ChannelPid, root_dir = FtpRootDir} = State) -> - ct:pal("test_connection Writing with ssh_sftp:write_file",[]), + ct:log("test_connection Writing with ssh_sftp:write_file",[]), case ssh_sftp:write_file(ChannelPid, FileName, FileContents) of ok -> case ssh_sftp:read_file(ChannelPid, FileName) of -- cgit v1.2.3 From 528b41c676cedeb88859c910d7384c20e3407dc7 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 24 Aug 2015 16:00:13 +0200 Subject: ssh: dependencies added in ssh/src/Makefile --- lib/ssh/src/Makefile | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile index 98fb90d7c4..b44c8eef35 100644 --- a/lib/ssh/src/Makefile +++ b/lib/ssh/src/Makefile @@ -144,3 +144,78 @@ release_spec: opt release_docs_spec: + +deps: + erlc -M $(ERL_FILES) \ + | sed 's@$(ERL_TOP)/lib@../..@g' \ + | sed 's/\.$(EMULATOR)/\.$$\(EMULATOR\)/' \ + | sed 's@^ssh_@$$(EBIN)/ssh_@' + +ssh.$(EMULATOR): ssh.erl ssh.hrl ssh_connect.hrl \ + ../../public_key/include/public_key.hrl \ + ../../public_key/include/OTP-PUB-KEY.hrl \ + ../../public_key/include/PKCS-FRAME.hrl \ + ../../kernel/include/file.hrl +$(EBIN)/ssh_sup.$(EMULATOR): ssh_sup.erl +sshc_sup.$(EMULATOR): sshc_sup.erl +sshd_sup.$(EMULATOR): sshd_sup.erl ssh.hrl +$(EBIN)/ssh_connection_sup.$(EMULATOR): ssh_connection_sup.erl +$(EBIN)/ssh_connection.$(EMULATOR): ssh_connection.erl ssh.hrl ssh_connect.hrl \ + ssh_transport.hrl +$(EBIN)/ssh_connection_handler.$(EMULATOR): ssh_connection_handler.erl ssh.hrl \ + ssh_transport.hrl ssh_auth.hrl ssh_connect.hrl +$(EBIN)/ssh_shell.$(EMULATOR): ssh_shell.erl ssh_connect.hrl +$(EBIN)/ssh_system_sup.$(EMULATOR): ssh_system_sup.erl ssh.hrl +$(EBIN)/ssh_subsystem_sup.$(EMULATOR): ssh_subsystem_sup.erl +$(EBIN)/ssh_channel_sup.$(EMULATOR): ssh_channel_sup.erl +$(EBIN)/ssh_acceptor_sup.$(EMULATOR): ssh_acceptor_sup.erl ssh.hrl +$(EBIN)/ssh_acceptor.$(EMULATOR): ssh_acceptor.erl ssh.hrl +$(EBIN)/ssh_app.$(EMULATOR): ssh_app.erl +$(EBIN)/ssh_auth.$(EMULATOR): ssh_auth.erl \ + ../../public_key/include/public_key.hrl \ + ../../public_key/include/OTP-PUB-KEY.hrl \ + ../../public_key/include/PKCS-FRAME.hrl \ + ssh.hrl ssh_auth.hrl ssh_transport.hrl +$(EBIN)/ssh_bits.$(EMULATOR): ssh_bits.erl ssh.hrl +$(EBIN)/ssh_cli.$(EMULATOR): ssh_cli.erl ssh.hrl ssh_connect.hrl +$(EBIN)/ssh_file.$(EMULATOR): ssh_file.erl \ + ../../public_key/include/public_key.hrl \ + ../../public_key/include/OTP-PUB-KEY.hrl \ + ../../public_key/include/PKCS-FRAME.hrl \ + ../../kernel/include/file.hrl ssh.hrl +$(EBIN)/ssh_io.$(EMULATOR): ssh_io.erl ssh.hrl +$(EBIN)/ssh_info.$(EMULATOR): ssh_info.erl +$(EBIN)/ssh_message.$(EMULATOR): ssh_message.erl \ + ../../public_key/include/public_key.hrl \ + ../../public_key/include/OTP-PUB-KEY.hrl \ + ../../public_key/include/PKCS-FRAME.hrl \ + ssh.hrl ssh_connect.hrl ssh_auth.hrl ssh_transport.hrl +$(EBIN)/ssh_no_io.$(EMULATOR): ssh_no_io.erl ssh_transport.hrl +$(EBIN)/ssh_sftp.$(EMULATOR): ssh_sftp.erl \ + ../../kernel/include/file.hrl ssh.hrl \ + ssh_xfer.hrl +$(EBIN)/ssh_sftpd.$(EMULATOR): ssh_sftpd.erl \ + ../../kernel/include/file.hrl ssh.hrl \ + ssh_xfer.hrl +$(EBIN)/ssh_sftpd_file.$(EMULATOR): ssh_sftpd_file.erl +$(EBIN)/ssh_transport.$(EMULATOR): ssh_transport.erl \ + ../../public_key/include/public_key.hrl \ + ../../public_key/include/OTP-PUB-KEY.hrl \ + ../../public_key/include/PKCS-FRAME.hrl \ + ../../kernel/include/inet.hrl \ + ssh_transport.hrl ssh.hrl +$(EBIN)/ssh_xfer.$(EMULATOR): ssh_xfer.erl ssh.hrl ssh_xfer.hrl +$(EBIN)/ssh_sftpd_file_api.$(EMULATOR): ssh_sftpd_file_api.erl +$(EBIN)/ssh_channel.$(EMULATOR): ssh_channel.erl ssh_connect.hrl +$(EBIN)/ssh_daemon_channel.$(EMULATOR): ssh_daemon_channel.erl +$(EBIN)/ssh_client_key_api.$(EMULATOR): ssh_client_key_api.erl \ + ../../public_key/include/public_key.hrl \ + ../../public_key/include/OTP-PUB-KEY.hrl \ + ../../public_key/include/PKCS-FRAME.hrl \ + ssh.hrl +$(EBIN)/ssh_server_key_api.$(EMULATOR): ssh_server_key_api.erl \ + ../../public_key/include/public_key.hrl \ + ../../public_key/include/OTP-PUB-KEY.hrl \ + ../../public_key/include/PKCS-FRAME.hrl \ + ssh.hrl + -- cgit v1.2.3 From bc28d2308209ffc7cec0218028fc62b88a413f0f Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 24 Aug 2015 17:18:25 +0200 Subject: ssh: doubled short timetrap in testcase --- lib/ssh/test/ssh_sftp_SUITE.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index bab5bf9fe9..8d0b887d83 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -291,7 +291,7 @@ init_per_testcase(Case, Config0) -> prep(Config0), Config1 = lists:keydelete(watchdog, 1, Config0), Config2 = lists:keydelete(sftp, 1, Config1), - Dog = ct:timetrap(?default_timeout), + Dog = ct:timetrap(2 * ?default_timeout), User = ?config(user, Config0), Passwd = ?config(passwd, Config0), -- cgit v1.2.3 From 2564e317e34fe7f928bf6e234998b295848a5c91 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 20 Aug 2015 14:40:39 +0200 Subject: ssh: add extra random length padding in packets A new experimental option 'max_random_length_padding', not documented so it might change... --- lib/ssh/src/ssh.erl | 5 +++++ lib/ssh/src/ssh.hrl | 1 + lib/ssh/src/ssh_connection_handler.erl | 10 ++++++++-- lib/ssh/src/ssh_transport.erl | 15 +++++++++++---- lib/ssh/test/ssh_basic_SUITE.erl | 2 ++ 5 files changed, 27 insertions(+), 6 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 5b2e0a988c..132de71aed 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -397,6 +397,8 @@ handle_option([{id_string, _ID} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{profile, _ID} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{max_random_length_padding, _Bool} = Opt|Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, [handle_inet_option(Opt) | SocketOptions], SshOptions). @@ -515,6 +517,9 @@ handle_ssh_option({id_string, random}) -> {id_string, {random,2,5}}; %% 2 - 5 random characters handle_ssh_option({id_string, ID} = Opt) when is_list(ID) -> Opt; +handle_ssh_option({max_random_length_padding, Value} = Opt) when is_integer(Value), + Value =< 255 -> + Opt; handle_ssh_option({profile, Value} = Opt) when is_atom(Value) -> Opt; handle_ssh_option(Opt) -> diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index 8df5ee820c..462c98f503 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -124,6 +124,7 @@ recv_sequence = 0, keyex_key, keyex_info, + random_length_padding = 255, % From RFC 4253 section 6. %% User auth user, diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index c059834b27..180698d741 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1187,7 +1187,10 @@ init_ssh(client = Role, Vsn, Version, Options, Socket) -> opts = Options, userauth_supported_methods = AuthMethods, peer = {PeerName, PeerAddr}, - available_host_keys = supported_host_keys(Role, KeyCb, Options) + available_host_keys = supported_host_keys(Role, KeyCb, Options), + random_length_padding = proplists:get_value(max_random_length_padding, + Options, + (#ssh{})#ssh.random_length_padding) }; init_ssh(server = Role, Vsn, Version, Options, Socket) -> @@ -1207,7 +1210,10 @@ init_ssh(server = Role, Vsn, Version, Options, Socket) -> userauth_methods = AuthMethodsAsList, kb_tries_left = 3, peer = {undefined, PeerAddr}, - available_host_keys = supported_host_keys(Role, KeyCb, Options) + available_host_keys = supported_host_keys(Role, KeyCb, Options), + random_length_padding = proplists:get_value(max_random_length_padding, + Options, + (#ssh{})#ssh.random_length_padding) }. supported_host_keys(client, _, Options) -> diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 38a0b7ec7c..9ed6c85ff7 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -745,13 +745,20 @@ ssh_packet(Msg, Ssh) -> pack(Data0, #ssh{encrypt_block_size = BlockSize, send_sequence = SeqNum, send_mac = MacAlg, - send_mac_key = MacKey} + send_mac_key = MacKey, + random_length_padding = RandomLengthPadding} = Ssh0) when is_binary(Data0) -> {Ssh1, Data} = compress(Ssh0, Data0), PL = (BlockSize - ((4 + 1 + size(Data)) rem BlockSize)) rem BlockSize, - PaddingLen = if PL < 4 -> PL + BlockSize; - true -> PL - end, + MinPaddingLen = if PL < 4 -> PL + BlockSize; + true -> PL + end, + PadBlockSize = max(BlockSize,4), + MaxExtraBlocks = (max(RandomLengthPadding,MinPaddingLen) - MinPaddingLen) div PadBlockSize, + ExtraPaddingLen = try crypto:rand_uniform(0,MaxExtraBlocks)*PadBlockSize + catch _:_ -> 0 + end, + PaddingLen = MinPaddingLen + ExtraPaddingLen, Padding = ssh_bits:random(PaddingLen), PacketLen = 1 + PaddingLen + size(Data), PacketData = < DataFile = filename:join(UserDir, "rekey.data"), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {max_random_length_padding, 0}, {user_dir, UserDir}, {user_passwords, [{"simon", "says"}]}]), @@ -475,6 +476,7 @@ rekey_limit(Config) -> {user, "simon"}, {password, "says"}, {rekey_limit, 2500}, + {max_random_length_padding, 0}, {user_interaction, false}, {silently_accept_hosts, true}]), -- cgit v1.2.3 From 657def9c42b096217b9a4483b8c8c3d462f181dc Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 28 Aug 2015 14:51:08 +0200 Subject: ssh: update vsn.mk --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index cef9992f1b..b305eedcdc 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,4 +1,4 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 4.0 +SSH_VSN = 4.1 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From ba7b10c4fa2787e11bde6ddacc97ab90fe858484 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 5 Aug 2015 22:12:18 +0200 Subject: ssh: Elliptic Curve Diffie-Hellman (ECDH) Adds ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp512 and OTP-12938 hmac-sha2-512 --- lib/ssh/src/ssh_connection_handler.erl | 44 +++++++- lib/ssh/src/ssh_message.erl | 49 ++++++-- lib/ssh/src/ssh_transport.erl | 197 ++++++++++++++++++++++++++------- lib/ssh/src/ssh_transport.hrl | 47 +++++++- lib/ssh/test/ssh_basic_SUITE.erl | 14 ++- lib/ssh/test/ssh_protocol_SUITE.erl | 27 +++-- lib/ssh/test/ssh_to_openssh_SUITE.erl | 21 ++-- lib/ssh/test/ssh_trpt_test_lib.erl | 20 +++- 8 files changed, 338 insertions(+), 81 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 180698d741..fcd66b80c0 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -429,7 +429,21 @@ key_exchange(#ssh_msg_kex_dh_gex_group{} = Msg, #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> {ok, KexGexInit, Ssh} = ssh_transport:handle_kex_dh_gex_group(Msg, Ssh0), send_msg(KexGexInit, State), - {next_state, key_exchange_dh_gex_reply, next_packet(State#state{ssh_params = Ssh})}. + {next_state, key_exchange_dh_gex_reply, next_packet(State#state{ssh_params = Ssh})}; + +key_exchange(#ssh_msg_kex_ecdh_init{} = Msg, + #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> + {ok, KexEcdhReply, Ssh1} = ssh_transport:handle_kex_ecdh_init(Msg, Ssh0), + send_msg(KexEcdhReply, State), + {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), + send_msg(NewKeys, State), + {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}; + +key_exchange(#ssh_msg_kex_ecdh_reply{} = Msg, + #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> + {ok, NewKeys, Ssh} = ssh_transport:handle_kex_ecdh_reply(Msg, Ssh0), + send_msg(NewKeys, State), + {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}. %%-------------------------------------------------------------------- -spec key_exchange_dh_gex_init(#ssh_msg_kex_dh_gex_init{}, #state{}) -> gen_fsm_state_return(). @@ -1307,7 +1321,7 @@ event(Event, StateName, State) -> handle_disconnect(DisconnectMsg, State); throw:{ErrorToDisplay, #ssh_msg_disconnect{} = DisconnectMsg} -> handle_disconnect(DisconnectMsg, State, ErrorToDisplay); - _:_ -> + _C:_Error -> handle_disconnect(#ssh_msg_disconnect{code = error_code(StateName), description = "Invalid state", language = "en"}, State) @@ -1376,9 +1390,10 @@ generate_event(<> = Msg, StateName, {stop, {shutdown, Error}, State#state{connection_state = Connection}} end; + generate_event(Msg, StateName, State0, EncData) -> try - Event = ssh_message:decode(Msg), + Event = ssh_message:decode(set_prefix_if_trouble(Msg,State0)), State = generate_event_new_state(State0, EncData), case Event of #ssh_msg_kexinit{} -> @@ -1388,7 +1403,7 @@ generate_event(Msg, StateName, State0, EncData) -> event(Event, StateName, State) end catch - _:_ -> + _C:_E -> DisconnectMsg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, description = "Encountered unexpected input", @@ -1397,6 +1412,26 @@ generate_event(Msg, StateName, State0, EncData) -> end. +set_prefix_if_trouble(Msg = <>, #state{ssh_params=SshParams}) + when Op == 30; + Op == 31 + -> + case catch atom_to_list(kex(SshParams)) of + "ecdh-sha2-" ++ _ -> + <<"ecdh",Msg/binary>>; + "diffie-hellman-group-exchange-" ++ _ -> + <<"dh_gex",Msg/binary>>; + "diffie-hellman-group" ++ _ -> + <<"dh",Msg/binary>>; + _ -> + Msg + end; +set_prefix_if_trouble(Msg, _) -> + Msg. + +kex(#ssh{algorithms=#alg{kex=Kex}}) -> Kex; +kex(_) -> undefined. + handle_request(ChannelPid, ChannelId, Type, Data, WantReply, From, #state{connection_state = @@ -1491,6 +1526,7 @@ new_channel_id(#state{connection_state = #connection{channel_id_seed = Id} = = State) -> {Id, State#state{connection_state = Connection#connection{channel_id_seed = Id + 1}}}. + generate_event_new_state(#state{ssh_params = #ssh{recv_sequence = SeqNum0} = Ssh} = State, EncData) -> diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 7b786b8fff..cb1dcb67c5 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -259,6 +259,14 @@ encode(#ssh_msg_kex_dh_gex_reply{ EncSign = encode_sign(Key, Signature), ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_REPLY, EncKey, F, EncSign], [byte, binary, mpint, binary]); +encode(#ssh_msg_kex_ecdh_init{q_c = Q_c}) -> + ssh_bits:encode([?SSH_MSG_KEX_ECDH_INIT, Q_c], [byte, mpint]); + +encode(#ssh_msg_kex_ecdh_reply{public_host_key = Key, q_s = Q_s, h_sig = Sign}) -> + EncKey = encode_host_key(Key), + EncSign = encode_sign(Key, Sign), + ssh_bits:encode([?SSH_MSG_KEX_ECDH_REPLY, EncKey, Q_s, EncSign], [byte, binary, mpint, binary]); + encode(#ssh_msg_ignore{data = Data}) -> ssh_bits:encode([?SSH_MSG_IGNORE, Data], [byte, string]); @@ -422,30 +430,45 @@ decode(<>) -> decode(<>) -> decode_kex_init(Data, [Cookie, ssh_msg_kexinit], 10); -decode(<>) -> +decode(<<"dh",?BYTE(?SSH_MSG_KEXDH_INIT), ?UINT32(Len), E:Len/big-signed-integer-unit:8>>) -> #ssh_msg_kexdh_init{e = E }; + +decode(<<"dh", ?BYTE(?SSH_MSG_KEXDH_REPLY), + ?UINT32(Len0), Key:Len0/binary, + ?UINT32(Len1), F:Len1/big-signed-integer-unit:8, + ?UINT32(Len2), Hashsign:Len2/binary>>) -> + #ssh_msg_kexdh_reply{ + public_host_key = decode_host_key(Key), + f = F, + h_sig = decode_sign(Hashsign) + }; + decode(<>) -> #ssh_msg_kex_dh_gex_request{ min = Min, n = N, max = Max }; -decode(<>) -> + +decode(<<"dh_gex",?BYTE(?SSH_MSG_KEX_DH_GEX_REQUEST_OLD), ?UINT32(N)>>) -> #ssh_msg_kex_dh_gex_request_old{ n = N }; -decode(<>) -> #ssh_msg_kex_dh_gex_group{ p = Prime, g = Generator }; + decode(<>) -> #ssh_msg_kex_dh_gex_init{ e = E }; + decode(<>) -> - #ssh_msg_kexdh_reply{ + +decode(<<"ecdh",?BYTE(?SSH_MSG_KEX_ECDH_INIT), + ?UINT32(Len0), Q_c:Len0/big-signed-integer-unit:8>>) -> + #ssh_msg_kex_ecdh_init{ + q_c = Q_c + }; + +decode(<<"ecdh",?BYTE(?SSH_MSG_KEX_ECDH_REPLY), + ?UINT32(Len1), Key:Len1/binary, + ?UINT32(Len2), Q_s:Len2/big-signed-integer-unit:8, + ?UINT32(Len3), Sig:Len3/binary>>) -> + #ssh_msg_kex_ecdh_reply{ public_host_key = decode_host_key(Key), - f = F, - h_sig = decode_sign(Hashsign) + q_s = Q_s, + h_sig = decode_sign(Sig) }; decode(<>) -> diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 9ed6c85ff7..235d8918f3 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -42,6 +42,8 @@ handle_kex_dh_gex_group/2, handle_kex_dh_gex_init/2, handle_kex_dh_gex_reply/2, handle_new_keys/2, handle_kex_dh_gex_request/2, handle_kexdh_reply/2, + handle_kex_ecdh_init/2, + handle_kex_ecdh_reply/2, unpack/3, decompress/2, ssh_packet/2, pack/2, msg_data/1, sign/3, verify/4]). @@ -53,7 +55,7 @@ %%% user. %%% %%% A supported algorithm can be requested in the option 'preferred_algorithms', -%%% but may give unexpected results because of being promoted to default. +%%% but may give unexpected results before being promoted to default. %%% %%% This makes it possible to add experimental algorithms (in supported_algorithms) %%% and test them without letting the default users know about them. @@ -66,8 +68,6 @@ algo_classes() -> [kex, public_key, cipher, mac, compression]. default_algorithms(compression) -> %% Do not announce 'zlib@openssh.com' because there seem to be problems supported_algorithms(compression, same(['zlib@openssh.com'])); -default_algorithms(kex) -> - supported_algorithms(kex, []); default_algorithms(Alg) -> supported_algorithms(Alg). @@ -76,10 +76,14 @@ supported_algorithms() -> [{K,supported_algorithms(K)} || K <- algo_classes()]. supported_algorithms(kex) -> select_crypto_supported( - [{'diffie-hellman-group14-sha1', [{hashs,sha}]}, - {'diffie-hellman-group1-sha1', [{hashs,sha}]}, - {'diffie-hellman-group-exchange-sha256', [{hashs,sha256}]}, - {'diffie-hellman-group-exchange-sha1', [{hashs,sha}]} + [ + {'ecdh-sha2-nistp256', [{public_keys,ecdh}, {ec_curve,secp256r1}, {hashs,sha256}]}, + {'ecdh-sha2-nistp384', [{public_keys,ecdh}, {ec_curve,secp384r1}, {hashs,sha384}]}, + {'ecdh-sha2-nistp521', [{public_keys,ecdh}, {ec_curve,secp521r1}, {hashs,sha512}]}, + {'diffie-hellman-group14-sha1', [{public_keys,dh}, {hashs,sha}]}, + {'diffie-hellman-group-exchange-sha256', [{public_keys,dh}, {hashs,sha256}]}, + {'diffie-hellman-group-exchange-sha1', [{public_keys,dh}, {hashs,sha}]}, + {'diffie-hellman-group1-sha1', [{public_keys,dh}, {hashs,sha}]} ]); supported_algorithms(public_key) -> ssh_auth:default_public_key_algorithms(); @@ -94,7 +98,8 @@ supported_algorithms(cipher) -> supported_algorithms(mac) -> same( select_crypto_supported( - [{'hmac-sha2-256', [{hashs,sha256}]}, + [{'hmac-sha2-512', [{hashs,sha512}]}, + {'hmac-sha2-256', [{hashs,sha256}]}, {'hmac-sha1', [{hashs,sha}]} ] )); @@ -109,14 +114,19 @@ supported_algorithms(Key, BlackList) -> supported_algorithms(Key) -- BlackList. select_crypto_supported(L) -> - Sup = crypto:supports(), + Sup = [{ec_curve,crypto_supported_curves()} | crypto:supports()], [Name || {Name,CryptoRequires} <- L, crypto_supported(CryptoRequires, Sup)]. +crypto_supported_curves() -> + try crypto:ec_curves() + catch _:_ -> [] + end. + crypto_supported(Conditions, Supported) -> - lists:all(fun({Tag,CryptoName}) -> - lists:member(CryptoName, proplists:get_value(Tag,Supported,[])) - end, Conditions). + lists:all( fun({Tag,CryptoName}) -> + lists:member(CryptoName, proplists:get_value(Tag,Supported,[])) + end, Conditions). same(Algs) -> [{client2server,Algs}, {server2client,Algs}]. @@ -294,10 +304,7 @@ verify_algorithm(#alg{decrypt = undefined}) -> false; verify_algorithm(#alg{compress = undefined}) -> false; verify_algorithm(#alg{decompress = undefined}) -> false; -verify_algorithm(#alg{kex = 'diffie-hellman-group1-sha1'}) -> true; -verify_algorithm(#alg{kex = 'diffie-hellman-group14-sha1'}) -> true; -verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha1'}) -> true; -verify_algorithm(#alg{kex = 'diffie-hellman-group-exchange-sha256'}) -> true; +verify_algorithm(#alg{kex = Kex}) -> lists:member(Kex, supported_algorithms(kex)); verify_algorithm(_) -> false. %%%---------------------------------------------------------------- @@ -307,8 +314,7 @@ verify_algorithm(_) -> false. key_exchange_first_msg(Kex, Ssh0) when Kex == 'diffie-hellman-group1-sha1' ; Kex == 'diffie-hellman-group14-sha1' -> {G, P} = dh_group(Kex), - {Private, Public} = dh_gen_key(G, P, 1024), - %% Public = G^Private mod P (def) + {Public, Private} = generate_key(dh, [P,G]), {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_init{e = Public}, Ssh0), {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}}}; @@ -324,7 +330,16 @@ key_exchange_first_msg(Kex, Ssh0) when Kex == 'diffie-hellman-group-exchange-sha max = Max}, Ssh0), {ok, SshPacket, - Ssh1#ssh{keyex_info = {Min, Max, NBits}}}. + Ssh1#ssh{keyex_info = {Min, Max, NBits}}}; + +key_exchange_first_msg(Kex, Ssh0) when Kex == 'ecdh-sha2-nistp256' ; + Kex == 'ecdh-sha2-nistp384' ; + Kex == 'ecdh-sha2-nistp521' -> + Curve = ecdh_curve(Kex), + {Public, Private} = generate_key(ecdh, Curve), + {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kex_ecdh_init{q_c=Public}, Ssh0), + {ok, SshPacket, + Ssh1#ssh{keyex_key = {{Public,Private},Curve}}}. %%%---------------------------------------------------------------- %%% @@ -337,8 +352,8 @@ handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, {G, P} = dh_group(Kex), if 1= - {Private, Public} = dh_gen_key(G, P, 1024), - K = dh_compute_key(G, P, E, Private), + {Public, Private} = generate_key(dh, [P,G]), + K = compute_key(dh, E, Private, [P,G]), Key = get_host_key(Ssh0), H = kex_h(Ssh0, Key, E, Public, K), H_SIG = sign_host_key(Ssh0, Key, H), @@ -367,7 +382,7 @@ handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, %% client if 1= - K = dh_compute_key(G, P, F, Private), + K = compute_key(dh, F, Private, [P,G]), H = kex_h(Ssh0, HostKey, Public, F, K), case verify_host_key(Ssh0, HostKey, H, H_SIG) of @@ -405,7 +420,7 @@ handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request{min = Min, Ssh0=#ssh{opts=Opts}) when Min= %% server {G, P} = dh_gex_group(Min, NBits, Max, proplists:get_value(dh_gex_groups,Opts)), - {Private, Public} = dh_gen_key(G, P, 1024), + {Public, Private} = generate_key(dh, [P,G]), {SshPacket, Ssh} = ssh_packet(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0), {ok, SshPacket, @@ -422,7 +437,7 @@ handle_kex_dh_gex_request(_, _) -> handle_kex_dh_gex_group(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0) -> %% client - {Private, Public} = dh_gen_key(G, P, 1024), + {Public, Private} = generate_key(dh, [P,G]), {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kex_dh_gex_init{e = Public}, Ssh0), % Pub = G^Priv mod P (def) @@ -436,7 +451,7 @@ handle_kex_dh_gex_init(#ssh_msg_kex_dh_gex_init{e = E}, %% server if 1= - K = dh_compute_key(G, P, E, Private), + K = compute_key(dh, E, Private, [P,G]), if 1 HostKey = get_host_key(Ssh0), @@ -476,7 +491,7 @@ handle_kex_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{public_host_key = HostKey, %% client if 1= - K = dh_compute_key(G, P, F, Private), + K = compute_key(dh, F, Private, [P,G]), if 1 H = kex_h(Ssh0, HostKey, Min, NBits, Max, P, G, Public, F, K), @@ -512,13 +527,84 @@ handle_kex_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{public_host_key = HostKey, }) end. +%%%---------------------------------------------------------------- +%%% +%%% diffie-hellman-ecdh-sha2-* +%%% +handle_kex_ecdh_init(#ssh_msg_kex_ecdh_init{q_c = PeerPublic}, + Ssh0 = #ssh{algorithms = #alg{kex=Kex}}) -> + %% at server + Curve = ecdh_curve(Kex), + case ecdh_validate_public_key(PeerPublic, Curve) of + true -> + {MyPublic, MyPrivate} = generate_key(ecdh, Curve), + K = compute_key(ecdh, PeerPublic, MyPrivate, Curve), + HostKey = get_host_key(Ssh0), + H = kex_h(Ssh0, Curve, HostKey, PeerPublic, MyPublic, K), + H_SIG = sign_host_key(Ssh0, HostKey, H), + {SshPacket, Ssh1} = + ssh_packet(#ssh_msg_kex_ecdh_reply{public_host_key = HostKey, + q_s = MyPublic, + h_sig = H_SIG}, + Ssh0), + {ok, SshPacket, Ssh1#ssh{keyex_key = {{MyPublic,MyPrivate},Curve}, + shared_secret = K, + exchanged_hash = H, + session_id = sid(Ssh1, H)}}; + + false -> + throw({{error,invalid_peer_public_key}, + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Peer ECDH public key is invalid", + language = ""} + }) + end. + +handle_kex_ecdh_reply(#ssh_msg_kex_ecdh_reply{public_host_key = HostKey, + q_s = PeerPublic, + h_sig = H_SIG}, + #ssh{keyex_key = {{MyPublic,MyPrivate}, Curve}} = Ssh0 + ) -> + %% at client + case ecdh_validate_public_key(PeerPublic, Curve) of + true -> + K = compute_key(ecdh, PeerPublic, MyPrivate, Curve), + H = kex_h(Ssh0, Curve, HostKey, MyPublic, PeerPublic, K), + case verify_host_key(Ssh0, HostKey, H, H_SIG) of + ok -> + {SshPacket, Ssh} = ssh_packet(#ssh_msg_newkeys{}, Ssh0), + {ok, SshPacket, Ssh#ssh{shared_secret = K, + exchanged_hash = H, + session_id = sid(Ssh, H)}}; + Error -> + throw({Error, + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed", + language = ""} + }) + end; + + false -> + throw({{error,invalid_peer_public_key}, + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Peer ECDH public key is invalid", + language = ""} + }) + end. + + +ecdh_validate_public_key(_, _) -> true. % FIXME: Far too many false positives :) + %%%---------------------------------------------------------------- handle_new_keys(#ssh_msg_newkeys{}, Ssh0) -> try install_alg(Ssh0) of #ssh{} = Ssh -> {ok, Ssh} catch - error:_Error -> %% TODO: Throw earlier .... + _C:_Error -> %% TODO: Throw earlier .... throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, description = "Install alg failed", language = "en"}) @@ -546,10 +632,10 @@ get_host_key(SSH) -> end. sign_host_key(_Ssh, #'RSAPrivateKey'{} = Private, H) -> - Hash = sha, %% Option ?! + Hash = sha, _Signature = sign(H, Hash, Private); sign_host_key(_Ssh, #'DSAPrivateKey'{} = Private, H) -> - Hash = sha, %% Option ?! + Hash = sha, _RawSignature = sign(H, Hash, Private). verify_host_key(SSH, PublicKey, Digest, Signature) -> @@ -1134,7 +1220,9 @@ mac('hmac-md5', Key, SeqNum, Data) -> mac('hmac-md5-96', Key, SeqNum, Data) -> crypto:hmac(md5, Key, [<>, Data], mac_digest_size('hmac-md5-96')); mac('hmac-sha2-256', Key, SeqNum, Data) -> - crypto:hmac(sha256, Key, [<>, Data]). + crypto:hmac(sha256, Key, [<>, Data]); +mac('hmac-sha2-512', Key, SeqNum, Data) -> + crypto:hmac(sha512, Key, [<>, Data]). %% return N hash bytes (HASH) hash(SSH, Char, Bits) -> @@ -1144,10 +1232,18 @@ hash(SSH, Char, Bits) -> fun(Data) -> crypto:hash(sha, Data) end; 'diffie-hellman-group14-sha1' -> fun(Data) -> crypto:hash(sha, Data) end; + 'diffie-hellman-group-exchange-sha1' -> fun(Data) -> crypto:hash(sha, Data) end; 'diffie-hellman-group-exchange-sha256' -> fun(Data) -> crypto:hash(sha256, Data) end; + + 'ecdh-sha2-nistp256' -> + fun(Data) -> crypto:hash(sha256,Data) end; + 'ecdh-sha2-nistp384' -> + fun(Data) -> crypto:hash(sha384,Data) end; + 'ecdh-sha2-nistp521' -> + fun(Data) -> crypto:hash(sha512,Data) end; _ -> exit({bad_algorithm,SSH#ssh.kex}) end, @@ -1176,8 +1272,16 @@ kex_h(SSH, Key, E, F, K) -> ssh_message:encode_host_key(Key), E,F,K], [string,string,binary,binary,binary, mpint,mpint,mpint]), - crypto:hash(sha,L). - + crypto:hash(sha((SSH#ssh.algorithms)#alg.kex), L). +%% crypto:hash(sha,L). + +kex_h(SSH, Curve, Key, Q_c, Q_s, K) -> + L = ssh_bits:encode([SSH#ssh.c_version, SSH#ssh.s_version, + SSH#ssh.c_keyinit, SSH#ssh.s_keyinit, + ssh_message:encode_host_key(Key), Q_c, Q_s, K], + [string,string,binary,binary,binary, + mpint,mpint,mpint]), + crypto:hash(sha(Curve), L). kex_h(SSH, Key, Min, NBits, Max, Prime, Gen, E, F, K) -> L = if Min==-1; Max==-1 -> @@ -1199,6 +1303,14 @@ kex_h(SSH, Key, Min, NBits, Max, Prime, Gen, E, F, K) -> end, crypto:hash(sha((SSH#ssh.algorithms)#alg.kex), L). +sha('nistp256') -> sha256; +sha('secp256r1')-> sha256; +sha('nistp384') -> sha384; +sha('secp384r1')-> sha384; +sha('nistp521') -> sha512; +sha('secp521r1')-> sha512; +sha('diffie-hellman-group1-sha1') -> sha; +sha('diffie-hellman-group14-sha1') -> sha; sha('diffie-hellman-group-exchange-sha1') -> sha; sha('diffie-hellman-group-exchange-sha256') -> sha256. @@ -1207,6 +1319,7 @@ mac_key_size('hmac-sha1-96') -> 20*8; mac_key_size('hmac-md5') -> 16*8; mac_key_size('hmac-md5-96') -> 16*8; mac_key_size('hmac-sha2-256')-> 32*8; +mac_key_size('hmac-sha2-512')-> 512; mac_key_size(none) -> 0. mac_digest_size('hmac-sha1') -> 20; @@ -1214,6 +1327,7 @@ mac_digest_size('hmac-sha1-96') -> 12; mac_digest_size('hmac-md5') -> 20; mac_digest_size('hmac-md5-96') -> 12; mac_digest_size('hmac-sha2-256') -> 32; +mac_digest_size('hmac-sha2-512') -> 64; mac_digest_size(none) -> 0. peer_name({Host, _}) -> @@ -1267,14 +1381,19 @@ dh_gex_group(Min, N, Max, Groups) -> end. -dh_gen_key(G, P, _) -> - {Public, Private} = crypto:generate_key(dh, [P, G]), - {crypto:bytes_to_integer(Private), crypto:bytes_to_integer(Public)}. +generate_key(Algorithm, Args) -> + {Public,Private} = crypto:generate_key(Algorithm, Args), + {crypto:bytes_to_integer(Public), crypto:bytes_to_integer(Private)}. + + +compute_key(Algorithm, OthersPublic, MyPrivate, Args) -> + Shared = crypto:compute_key(Algorithm, OthersPublic, MyPrivate, Args), + crypto:bytes_to_integer(Shared). + -dh_compute_key(G, P, OthersPublic, MyPrivate) -> - crypto:bytes_to_integer( - crypto:compute_key(dh, OthersPublic, MyPrivate, [P,G]) - ). +ecdh_curve('ecdh-sha2-nistp256') -> secp256r1; +ecdh_curve('ecdh-sha2-nistp384') -> secp384r1; +ecdh_curve('ecdh-sha2-nistp521') -> secp521r1. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% diff --git a/lib/ssh/src/ssh_transport.hrl b/lib/ssh/src/ssh_transport.hrl index 9e1de171c2..e6449e93c5 100644 --- a/lib/ssh/src/ssh_transport.hrl +++ b/lib/ssh/src/ssh_transport.hrl @@ -29,9 +29,6 @@ -define(DEFAULT_CLIENT_VERSION, {2, 0}). -define(DEFAULT_SERVER_VERSION, {2, 0}). --define(DEFAULT_DH_GROUP_MIN, 512). --define(DEFAULT_DH_GROUP_NBITS, 1024). --define(DEFAULT_DH_GROUP_MAX, 4096). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% @@ -109,8 +106,8 @@ %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% diffie-hellman-group1-sha1 --define(SSH_MSG_KEXDH_INIT, 30). +%% diffie-hellman-group1-sha1 | diffie-hellman-group14-sha1 +-define(SSH_MSG_KEXDH_INIT, 30). -define(SSH_MSG_KEXDH_REPLY, 31). -record(ssh_msg_kexdh_init, @@ -134,7 +131,11 @@ %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% diffie-hellman-group-exchange-sha1 +%% diffie-hellman-group-exchange-sha1 | diffie-hellman-group-exchange-sha256 +-define(DEFAULT_DH_GROUP_MIN, 512). +-define(DEFAULT_DH_GROUP_NBITS, 1024). +-define(DEFAULT_DH_GROUP_MAX, 4096). + -define(SSH_MSG_KEX_DH_GEX_REQUEST_OLD, 30). -define(SSH_MSG_KEX_DH_GEX_REQUEST, 34). -define(SSH_MSG_KEX_DH_GEX_GROUP, 31). @@ -171,7 +172,36 @@ h_sig }). +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%% +%% KEY ECDH messages +%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +%% ecdh-sha2-nistp256 | ecdh-sha2-nistp384 | ecdh-sha2-nistp521 + +-define(SSH_MSG_KEX_ECDH_INIT, 30). +-define(SSH_MSG_KEX_ECDH_REPLY, 31). + +-record(ssh_msg_kex_ecdh_init, + { + q_c % string (client's ephemeral public key octet string) + }). + +-record(ssh_msg_kex_ecdh_reply, + { + public_host_key, % string (server's public host key) (k_s) + q_s, % string (server's ephemeral public key octet string) + h_sig % string (the signature on the exchange hash) + }). + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%% %% error codes +%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + -define(SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT, 1). -define(SSH_DISCONNECT_PROTOCOL_ERROR, 2). -define(SSH_DISCONNECT_KEY_EXCHANGE_FAILED, 3). @@ -188,7 +218,12 @@ -define(SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE, 14). -define(SSH_DISCONNECT_ILLEGAL_USER_NAME, 15). + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%% %% groups +%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% rfc 2489, ch 6.2 -define(dh_group1, diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 6dfff945ac..27b611780d 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -96,7 +96,10 @@ groups() -> {key_exchange, [], ['diffie-hellman-group-exchange-sha1', 'diffie-hellman-group-exchange-sha256', 'diffie-hellman-group1-sha1', - 'diffie-hellman-group14-sha1' + 'diffie-hellman-group14-sha1', + 'ecdh-sha2-nistp256', + 'ecdh-sha2-nistp384', + 'ecdh-sha2-nistp521' ]}, {dir_options, [], [user_dir_option, system_dir_option]} @@ -845,6 +848,15 @@ ssh_msg_debug_fun_option_client(Config) -> 'diffie-hellman-group14-sha1'(Config) -> kextest('diffie-hellman-group14-sha1',Config). +'ecdh-sha2-nistp256'(Config) -> + kextest('ecdh-sha2-nistp256',Config). + +'ecdh-sha2-nistp384'(Config) -> + kextest('ecdh-sha2-nistp384',Config). + +'ecdh-sha2-nistp521'(Config) -> + kextest('ecdh-sha2-nistp521',Config). + kextest(Kex, Config) -> case lists:member(Kex, ssh_transport:supported_algorithms(kex)) of diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index dc02b940d7..132be3beb2 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -115,7 +115,8 @@ lib_works_as_client(Config) -> [{set_options, [print_ops, print_seqnums, print_messages]}, {connect, server_host(Config),server_port(Config), - [{silently_accept_hosts, true}, + [{preferred_algorithms,[{kex,['diffie-hellman-group1-sha1']}]}, + {silently_accept_hosts, true}, {user_dir, user_dir(Config)}, {user_interaction, false}]}, receive_hello, @@ -207,7 +208,9 @@ lib_works_as_server(Config) -> end), %% and finally connect to it with a regular Erlang SSH client: - {ok,_} = std_connect(HostPort, Config). + {ok,_} = std_connect(HostPort, Config, + [{preferred_algorithms,[{kex,['diffie-hellman-group1-sha1']}]}] + ). %%-------------------------------------------------------------------- %%% Matching @@ -449,24 +452,24 @@ server_user_password(N, Config) -> lists:nth(N, ?v(user_passwords,Config)). std_connect(Config) -> - {User,Pwd} = server_user_password(Config), - std_connect(server_host(Config), server_port(Config), - Config, - [{user,User},{password,Pwd}]). + std_connect({server_host(Config), server_port(Config)}, Config). std_connect({Host,Port}, Config) -> - {User,Pwd} = server_user_password(Config), - std_connect(Host, Port, Config, [{user,User},{password,Pwd}]). + std_connect({Host,Port}, Config, []). std_connect({Host,Port}, Config, Opts) -> std_connect(Host, Port, Config, Opts). std_connect(Host, Port, Config, Opts) -> + {User,Pwd} = server_user_password(Config), ssh:connect(Host, Port, - [{silently_accept_hosts, true}, - {user_dir, user_dir(Config)}, - {user_interaction, false} | Opts], + %% Prefere User's Opts to the default opts + [O || O = {Tag,_} <- [{user,User},{password,Pwd}, + {silently_accept_hosts, true}, + {user_dir, user_dir(Config)}, + {user_interaction, false}], + not lists:keymember(Tag, 1, Opts) + ] ++ Opts, 30000). - %%%---------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 06bf264033..663168b169 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -204,6 +204,7 @@ erlang_client_openssh_server_kexs(Config) when is_list(Config) -> Success = lists:foldl( fun(Kex, Acc) -> + ct:log("============= ~p ============= ~p",[Kex,Acc]), ConnectionRef = ssh_test_lib:connect(?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, {user_interaction, false}, @@ -228,13 +229,14 @@ erlang_client_openssh_server_kexs(Config) when is_list(Config) -> Acc; Other -> ct:log("~p failed: ~p",[Kex,Other]), - false + [Kex|Acc] end - end, true, ssh_transport:supported_algorithms(kex)), + end, [], ssh_transport:supported_algorithms(kex)), case Success of - true -> + [] -> ok; - false -> + BadKex -> + ct:log("Bad kex algos: ~p",[BadKex]), {fail, "Kex failed for one or more algos"} end. @@ -412,7 +414,7 @@ erlang_server_openssh_client_kexs(Config) when is_list(Config) -> Acc after ?TIMEOUT -> ct:log("Did not receive answer for ~p",[Kex]), - false + [Kex|Acc] end; false -> receive @@ -420,17 +422,18 @@ erlang_server_openssh_client_kexs(Config) when is_list(Config) -> Acc after ?TIMEOUT -> ct:log("Did not receive no matching kex message for ~p",[Kex]), - false + [Kex|Acc] end end - end, true, Kexs), + end, [], Kexs), ssh:stop_daemon(Pid), case Success of - true -> + [] -> ok; - false -> + BadKex -> + ct:log("Bad kex algos: ~p",[BadKex]), {fail, "Kex failed for one or more algos"} end. diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl index 38b2789742..66df890f5c 100644 --- a/lib/ssh/test/ssh_trpt_test_lib.erl +++ b/lib/ssh/test/ssh_trpt_test_lib.erl @@ -533,7 +533,7 @@ receive_binary_msg(S0=#s{ssh=C0=#ssh{decrypt_block_size = BlockSize, <> = EncRest, case {ssh_transport:is_valid_mac(Mac, SshPacket, C2), - catch ssh_message:decode(Payload)} + catch ssh_message:decode(set_prefix_if_trouble(Payload,S1))} of {false, _} -> fail(bad_mac,S1); {_, {'EXIT',_}} -> fail(decode_failed,S1); @@ -557,6 +557,24 @@ receive_binary_msg(S0=#s{ssh=C0=#ssh{decrypt_block_size = BlockSize, end. +set_prefix_if_trouble(Msg = <>, #s{alg=#alg{kex=Kex}}) + when Op == 30; + Op == 31 + -> + case catch atom_to_list(Kex) of + "ecdh-sha2-" ++ _ -> + <<"ecdh",Msg/binary>>; + "diffie-hellman-group-exchange-" ++ _ -> + <<"dh_gex",Msg/binary>>; + "diffie-hellman-group" ++ _ -> + <<"dh",Msg/binary>>; + _ -> + Msg + end; +set_prefix_if_trouble(Msg, _) -> + Msg. + + receive_poll(S=#s{socket=Sock}) -> inet:setopts(Sock, [{active,once}]), receive -- cgit v1.2.3 From badee37e8ad95a9da4d497f12e5e291a66561989 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 25 Aug 2015 12:57:39 +0200 Subject: ssh: Reorganize and extend the test suites Add ssh_trpt_test_lib:instantiate/2, ssh_test_lib:default_algoritms/2 and algo_intersection/2 ssh_to_openssh_SUITE uses only algos that sshd and ssh client supports raised timeout limit in ssh_basic_SUITE:ssh_connect_arg4_timeout Break out ssh_renegotiate_SUITE from ssh_basic_SUITE Move std_daemon/4 to ssh_test_lib.erl Add ssh_algorithms_SUITE Add ssh_options_SUITE Add assymetric testing of algorithms Add openssh tests to ssh_algorithms_SUITE Remove algo tests from ssh_sftp_SUITE (now in ssh_algorithms_SUITE) Removed kex algo tests from in ssh_basic_SUITE because they are now in ssh_algorithm_SUITE. fixed test case ssh_protocol_SUITE:no_common_alg_server_disconnects/1 --- lib/ssh/src/ssh_transport.erl | 9 +- lib/ssh/src/ssh_transport.hrl | 11 +- lib/ssh/test/Makefile | 15 +- lib/ssh/test/ssh_algorithms_SUITE.erl | 297 +++++ lib/ssh/test/ssh_algorithms_SUITE_data/id_dsa | 13 + lib/ssh/test/ssh_algorithms_SUITE_data/id_rsa | 15 + .../ssh_algorithms_SUITE_data/ssh_host_dsa_key | 13 + .../ssh_algorithms_SUITE_data/ssh_host_dsa_key.pub | 11 + .../ssh_algorithms_SUITE_data/ssh_host_rsa_key | 16 + .../ssh_algorithms_SUITE_data/ssh_host_rsa_key.pub | 5 + lib/ssh/test/ssh_basic_SUITE.erl | 1305 +------------------- lib/ssh/test/ssh_options_SUITE.erl | 1024 +++++++++++++++ lib/ssh/test/ssh_options_SUITE_data/id_dsa | 13 + lib/ssh/test/ssh_options_SUITE_data/id_rsa | 15 + .../test/ssh_options_SUITE_data/ssh_host_dsa_key | 13 + .../ssh_options_SUITE_data/ssh_host_dsa_key.pub | 11 + .../test/ssh_options_SUITE_data/ssh_host_rsa_key | 16 + .../ssh_options_SUITE_data/ssh_host_rsa_key.pub | 5 + lib/ssh/test/ssh_protocol_SUITE.erl | 11 +- lib/ssh/test/ssh_renegotiate_SUITE.erl | 223 ++++ lib/ssh/test/ssh_renegotiate_SUITE_data/id_dsa | 13 + lib/ssh/test/ssh_renegotiate_SUITE_data/id_rsa | 15 + .../ssh_renegotiate_SUITE_data/ssh_host_dsa_key | 13 + .../ssh_host_dsa_key.pub | 11 + .../ssh_renegotiate_SUITE_data/ssh_host_rsa_key | 16 + .../ssh_host_rsa_key.pub | 5 + lib/ssh/test/ssh_sftp_SUITE.erl | 99 +- lib/ssh/test/ssh_test_lib.erl | 181 +++ lib/ssh/test/ssh_to_openssh_SUITE.erl | 309 +++-- lib/ssh/test/ssh_trpt_test_lib.erl | 1 + 30 files changed, 2209 insertions(+), 1495 deletions(-) create mode 100644 lib/ssh/test/ssh_algorithms_SUITE.erl create mode 100644 lib/ssh/test/ssh_algorithms_SUITE_data/id_dsa create mode 100644 lib/ssh/test/ssh_algorithms_SUITE_data/id_rsa create mode 100644 lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_dsa_key create mode 100644 lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_dsa_key.pub create mode 100644 lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_rsa_key create mode 100644 lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_rsa_key.pub create mode 100644 lib/ssh/test/ssh_options_SUITE.erl create mode 100644 lib/ssh/test/ssh_options_SUITE_data/id_dsa create mode 100644 lib/ssh/test/ssh_options_SUITE_data/id_rsa create mode 100644 lib/ssh/test/ssh_options_SUITE_data/ssh_host_dsa_key create mode 100644 lib/ssh/test/ssh_options_SUITE_data/ssh_host_dsa_key.pub create mode 100644 lib/ssh/test/ssh_options_SUITE_data/ssh_host_rsa_key create mode 100644 lib/ssh/test/ssh_options_SUITE_data/ssh_host_rsa_key.pub create mode 100644 lib/ssh/test/ssh_renegotiate_SUITE.erl create mode 100644 lib/ssh/test/ssh_renegotiate_SUITE_data/id_dsa create mode 100644 lib/ssh/test/ssh_renegotiate_SUITE_data/id_rsa create mode 100644 lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_dsa_key create mode 100644 lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_dsa_key.pub create mode 100644 lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_rsa_key create mode 100644 lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_rsa_key.pub (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 235d8918f3..1914b223bc 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -801,14 +801,15 @@ alg_final(SSH0) -> {ok,SSH6} = decompress_final(SSH5), SSH6. -select_all(CL, SL) when length(CL) + length(SL) < 50 -> +select_all(CL, SL) when length(CL) + length(SL) < ?MAX_NUM_ALGORITHMS -> A = CL -- SL, %% algortihms only used by client %% algorithms used by client and server (client pref) lists:map(fun(ALG) -> list_to_atom(ALG) end, (CL -- A)); -select_all(_CL, _SL) -> +select_all(CL, SL) -> + Err = lists:concat(["Received too many algorithms (",length(CL),"+",length(SL)," >= ",?MAX_NUM_ALGORITHMS,")."]), throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Too many algorithms", - language = "en"}). + description = Err, + language = ""}). select([], []) -> diff --git a/lib/ssh/src/ssh_transport.hrl b/lib/ssh/src/ssh_transport.hrl index e6449e93c5..0bc6b7953b 100644 --- a/lib/ssh/src/ssh_transport.hrl +++ b/lib/ssh/src/ssh_transport.hrl @@ -30,6 +30,13 @@ -define(DEFAULT_CLIENT_VERSION, {2, 0}). -define(DEFAULT_SERVER_VERSION, {2, 0}). +-define(MAX_NUM_ALGORITHMS, 100). + +-define(DEFAULT_DH_GROUP_MIN, 512). +-define(DEFAULT_DH_GROUP_NBITS, 1024). +-define(DEFAULT_DH_GROUP_MAX, 4096). + + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% %% BASIC transport messages @@ -132,10 +139,6 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% diffie-hellman-group-exchange-sha1 | diffie-hellman-group-exchange-sha256 --define(DEFAULT_DH_GROUP_MIN, 512). --define(DEFAULT_DH_GROUP_NBITS, 1024). --define(DEFAULT_DH_GROUP_MAX, 4096). - -define(SSH_MSG_KEX_DH_GEX_REQUEST_OLD, 30). -define(SSH_MSG_KEX_DH_GEX_REQUEST, 34). -define(SSH_MSG_KEX_DH_GEX_GROUP, 31). diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile index 47c189c162..96c74c6c8a 100644 --- a/lib/ssh/test/Makefile +++ b/lib/ssh/test/Makefile @@ -32,17 +32,22 @@ VSN=$(GS_VSN) # ---------------------------------------------------- MODULES= \ - ssh_test_lib \ - ssh_trpt_test_lib \ - ssh_sup_SUITE \ + ssh_algorithms_SUITE \ + ssh_options_SUITE \ + ssh_renegotiate_SUITE \ + \ ssh_basic_SUITE \ + \ + ssh_connection_SUITE \ ssh_protocol_SUITE \ - ssh_to_openssh_SUITE \ ssh_sftp_SUITE \ ssh_sftpd_SUITE \ ssh_sftpd_erlclient_SUITE \ + ssh_sup_SUITE \ + ssh_to_openssh_SUITE \ ssh_upgrade_SUITE \ - ssh_connection_SUITE \ + ssh_test_lib \ + ssh_trpt_test_lib \ ssh_echo_server \ ssh_peername_sockname_server \ ssh_test_cli \ diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl new file mode 100644 index 0000000000..e67fa2469f --- /dev/null +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -0,0 +1,297 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2015. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%% +%% %CopyrightEnd% +%% + +%% + +-module(ssh_algorithms_SUITE). + +-include_lib("common_test/include/ct.hrl"). + +%% Note: This directive should only be used in test suites. +-compile(export_all). + +-define(TIMEOUT, 50000). + +%%-------------------------------------------------------------------- +%% Common Test interface functions ----------------------------------- +%%-------------------------------------------------------------------- + +suite() -> + [{ct_hooks,[ts_install_cth]}]. + +all() -> + %% [{group,kex},{group,cipher}... etc + [{group,C} || C <- tags()]. + + +groups() -> + ErlAlgos = extract_algos(ssh:default_algorithms()), + SshcAlgos = extract_algos(ssh_test_lib:default_algorithms(sshc)), + SshdAlgos = extract_algos(ssh_test_lib:default_algorithms(sshd)), + + DoubleAlgos = + [{Tag, double(Algs)} || {Tag,Algs} <- ErlAlgos, + length(Algs) > 1, + lists:member(Tag, two_way_tags())], + TagGroupSet = + [{Tag, [], group_members_for_tag(Tag,Algs,DoubleAlgos)} + || {Tag,Algs} <- ErlAlgos, + lists:member(Tag,tags()) + ], + + AlgoTcSet = + [{Alg, [], specific_test_cases(Tag,Alg,SshcAlgos,SshdAlgos)} + || {Tag,Algs} <- ErlAlgos ++ DoubleAlgos, + Alg <- Algs], + + TagGroupSet ++ AlgoTcSet. + +tags() -> [kex,cipher,mac,compression]. +two_way_tags() -> [cipher,mac,compression]. + +%%-------------------------------------------------------------------- +init_per_suite(Config) -> + ct:log("~n~n" + "OS ssh:~n=======~n~p~n~n~n" + "Erl ssh:~n========~n~p~n~n~n" + "Installed ssh client:~n=====================~n~p~n~n~n" + "Installed ssh server:~n=====================~n~p~n~n~n", + [os:cmd("ssh -V"), + ssh:default_algorithms(), + ssh_test_lib:default_algorithms(sshc), + ssh_test_lib:default_algorithms(sshd)]), + ct:log("all() ->~n ~p.~n~ngroups()->~n ~p.~n",[all(),groups()]), + catch crypto:stop(), + case catch crypto:start() of + ok -> + ssh:start(), + [{std_simple_sftp_size,25000} % Sftp transferred data size + | setup_pubkey(Config)]; + _Else -> + {skip, "Crypto could not be started!"} + end. +end_per_suite(_Config) -> + ssh:stop(), + crypto:stop(). + + +init_per_group(Group, Config) -> + case lists:member(Group, tags()) of + true -> + %% A tag group + Tag = Group, + ct:comment("==== ~p ====",[Tag]), + Config; + false -> + %% An algorithm group + [[{name,Tag}]|_] = ?config(tc_group_path, Config), + Alg = Group, + PA = + case split(Alg) of + [_] -> + [Alg]; + [A1,A2] -> + [{client2server,[A1]}, + {server2client,[A2]}] + end, + ct:log("Init tests for tag=~p alg=~p",[Tag,PA]), + PrefAlgs = {preferred_algorithms,[{Tag,PA}]}, + start_std_daemon([PrefAlgs], + [{pref_algs,PrefAlgs} | Config]) + end. + +end_per_group(_Alg, Config) -> + case ?config(srvr_pid,Config) of + Pid when is_pid(Pid) -> + ssh:stop_daemon(Pid), + ct:log("stopped ~p",[?config(srvr_addr,Config)]); + _ -> + ok + end. + + + +init_per_testcase(sshc_simple_exec, Config) -> + start_pubkey_daemon([?config(pref_algs,Config)], Config); + +init_per_testcase(_TC, Config) -> + Config. + + +end_per_testcase(sshc_simple_exec, Config) -> + case ?config(srvr_pid,Config) of + Pid when is_pid(Pid) -> + ssh:stop_daemon(Pid), + ct:log("stopped ~p",[?config(srvr_addr,Config)]); + _ -> + ok + end; +end_per_testcase(_TC, Config) -> + Config. + + +%%-------------------------------------------------------------------- +%% Test Cases -------------------------------------------------------- +%%-------------------------------------------------------------------- +%% A simple sftp transfer +simple_sftp(Config) -> + {Host,Port} = ?config(srvr_addr, Config), + ssh_test_lib:std_simple_sftp(Host, Port, Config). + +%%-------------------------------------------------------------------- +%% A simple exec call +simple_exec(Config) -> + {Host,Port} = ?config(srvr_addr, Config), + ssh_test_lib:std_simple_exec(Host, Port, Config). + +%%-------------------------------------------------------------------- +%% Use the ssh client of the OS to connect +sshc_simple_exec(Config) -> + PrivDir = ?config(priv_dir, Config), + KnownHosts = filename:join(PrivDir, "known_hosts"), + {Host,Port} = ?config(srvr_addr, Config), + Cmd = lists:concat(["ssh -p ",Port, + " -C -o UserKnownHostsFile=",KnownHosts, + " ",Host," 1+1."]), + ct:log("~p",[Cmd]), + SshPort = open_port({spawn, Cmd}, [binary]), + receive + {SshPort,{data, <<"2\n">>}} -> + ok + after ?TIMEOUT -> + ct:fail("Did not receive answer") + end. + +%%-------------------------------------------------------------------- +%% Connect to the ssh server of the OS +sshd_simple_exec(_Config) -> + ConnectionRef = ssh_test_lib:connect(22, [{silently_accept_hosts, true}, + {user_interaction, false}]), + {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), + success = ssh_connection:exec(ConnectionRef, ChannelId0, + "echo testing", infinity), + Data0 = {ssh_cm, ConnectionRef, {data, ChannelId0, 0, <<"testing\n">>}}, + case ssh_test_lib:receive_exec_result(Data0) of + expected -> + ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId0); + {unexpected_msg,{ssh_cm, ConnectionRef, {exit_status, ChannelId0, 0}} + = ExitStatus0} -> + ct:log("0: Collected data ~p", [ExitStatus0]), + ssh_test_lib:receive_exec_result(Data0, + ConnectionRef, ChannelId0); + Other0 -> + ct:fail(Other0) + end, + + {ok, ChannelId1} = ssh_connection:session_channel(ConnectionRef, infinity), + success = ssh_connection:exec(ConnectionRef, ChannelId1, + "echo testing1", infinity), + Data1 = {ssh_cm, ConnectionRef, {data, ChannelId1, 0, <<"testing1\n">>}}, + case ssh_test_lib:receive_exec_result(Data1) of + expected -> + ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId1); + {unexpected_msg,{ssh_cm, ConnectionRef, {exit_status, ChannelId1, 0}} + = ExitStatus1} -> + ct:log("0: Collected data ~p", [ExitStatus1]), + ssh_test_lib:receive_exec_result(Data1, + ConnectionRef, ChannelId1); + Other1 -> + ct:fail(Other1) + end. + +%%%================================================================ +%%% +%%% Lib functions +%%% + +%%%---------------------------------------------------------------- +%%% +%%% For construction of the result of all/0 and groups/0 +%%% +group_members_for_tag(Tag, Algos, DoubleAlgos) -> + [{group,Alg} || Alg <- Algos++proplists:get_value(Tag,DoubleAlgos,[])]. + +double(Algs) -> [concat(A1,A2) || A1 <- Algs, + A2 <- Algs, + A1 =/= A2]. + +concat(A1, A2) -> list_to_atom(lists:concat([A1," + ",A2])). + +split(Alg) -> ssh_test_lib:to_atoms(string:tokens(atom_to_list(Alg), " + ")). + +specific_test_cases(Tag, Alg, SshcAlgos, SshdAlgos) -> + [simple_exec, simple_sftp] ++ + case supports(Tag, Alg, SshcAlgos) of + true -> + case ssh_test_lib:ssh_type() of + openSSH -> + [sshc_simple_exec]; + _ -> + [] + end; + false -> + [] + end ++ + case supports(Tag, Alg, SshdAlgos) of + true -> + [sshd_simple_exec]; + _ -> + [] + end. + +supports(Tag, Alg, Algos) -> + lists:all(fun(A) -> + lists:member(A, proplists:get_value(Tag, Algos,[])) + end, + split(Alg)). + + +extract_algos(Spec) -> + [{Tag,get_atoms(List)} || {Tag,List} <- Spec]. + +get_atoms(L) -> + lists:usort( + [ A || X <- L, + A <- case X of + {_,L1} when is_list(L1) -> L1; + Y when is_atom(Y) -> [Y] + end]). + +%%%---------------------------------------------------------------- +%%% +%%% Test case related +%%% +start_std_daemon(Opts, Config) -> + {Pid, Host, Port} = ssh_test_lib:std_daemon(Config, Opts), + ct:log("started ~p:~p ~p",[Host,Port,Opts]), + [{srvr_pid,Pid},{srvr_addr,{Host,Port}} | Config]. + +start_pubkey_daemon(Opts, Config) -> + {Pid, Host, Port} = ssh_test_lib:std_daemon1(Config, Opts), + ct:log("started1 ~p:~p ~p",[Host,Port,Opts]), + [{srvr_pid,Pid},{srvr_addr,{Host,Port}} | Config]. + + +setup_pubkey(Config) -> + DataDir = ?config(data_dir, Config), + UserDir = ?config(priv_dir, Config), + ssh_test_lib:setup_dsa_known_host(DataDir, UserDir), + Config. + diff --git a/lib/ssh/test/ssh_algorithms_SUITE_data/id_dsa b/lib/ssh/test/ssh_algorithms_SUITE_data/id_dsa new file mode 100644 index 0000000000..d306f8b26e --- /dev/null +++ b/lib/ssh/test/ssh_algorithms_SUITE_data/id_dsa @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ +APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod +/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP +kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW +JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD +OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt ++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e +uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX +Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE +ZU8w8Q+H7z0j+a+70x2iAw== +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_algorithms_SUITE_data/id_rsa b/lib/ssh/test/ssh_algorithms_SUITE_data/id_rsa new file mode 100644 index 0000000000..9d7e0dd5fb --- /dev/null +++ b/lib/ssh/test/ssh_algorithms_SUITE_data/id_rsa @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQD1OET+3O/Bvj/dtjxDTXmj1oiJt4sIph5kGy0RfjoPrZfaS+CU +DhakCmS6t2ivxWFgtpKWaoGMZMJqWj6F6ZsumyFl3FPBtujwY/35cgifrI9Ns4Tl +zR1uuengNBmV+WRQ5cd9F2qS6Z8aDQihzt0r8JUqLcK+VQbrmNzboCCQQwIDAQAB +AoGAPQEyqPTt8JUT7mRXuaacjFXiweAXhp9NEDpyi9eLOjtFe9lElZCrsUOkq47V +TGUeRKEm9qSodfTbKPoqc8YaBJGJPhUaTAcha+7QcDdfHBvIsgxvU7ePVnlpXRp3 +CCUEMPhlnx6xBoTYP+fRU0e3+xJIPVyVCqX1jAdUMkzfRoECQQD6ux7B1QJAIWyK +SGkbDUbBilNmzCFNgIpOP6PA+bwfi5d16diTpra5AX09keQABAo/KaP1PdV8Vg0p +z4P3A7G3AkEA+l+AKG6m0kQTTBMJDqOdVPYwe+5GxunMaqmhokpEbuGsrZBl5Dvd +WpcBjR7jmenrhKZRIuA+Fz5HPo/UQJPl1QJBAKxstDkeED8j/S2XoFhPKAJ+6t39 +sUVICVTIZQeXdmzHJXCcUSkw8+WEhakqw/3SyW0oaK2FSWQJFWJUZ+8eJj8CQEh3 +xeduB5kKnS9CvzdeghZqX6QvVosSdtlUmfUYW/BgH5PpHKTP8wTaeld3XldZTpMJ +dKiMkUw2+XYROVUrubUCQD+Na1LhULlpn4ISEtIEfqpdlUhxDgO15Wg8USmsng+x +ICliVOSQtwaZjm8kwaFt0W7XnpnDxbRs37vIEbIMWak= +-----END RSA PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_dsa_key new file mode 100644 index 0000000000..51ab6fbd88 --- /dev/null +++ b/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_dsa_key @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK +wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q +diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA +l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X +skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF +Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP +ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah +/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U +ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W +Lv62jKcdskxNyz2NQoBx +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_dsa_key.pub new file mode 100644 index 0000000000..4dbb1305b0 --- /dev/null +++ b/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_dsa_key.pub @@ -0,0 +1,11 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j +YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2 +KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU +aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI +fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT +MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh +DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48 +wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2 +/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg== +---- END SSH2 PUBLIC KEY ---- diff --git a/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_rsa_key b/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_rsa_key new file mode 100644 index 0000000000..79968bdd7d --- /dev/null +++ b/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_rsa_key @@ -0,0 +1,16 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8semM4q843337 +zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RWRWzjaxSB +6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4QIDAQAB +AoGANmvJzJO5hkLuvyDZHKfAnGTtpifcR1wtSa9DjdKUyn8vhKF0mIimnbnYQEmW +NUUb3gXCZLi9PvkpRSVRrASDOZwcjoU/Kvww163vBUVb2cOZfFhyn6o2Sk88Tt++ +udH3hdjpf9i7jTtUkUe+QYPsia+wgvvrmn4QrahLAH86+kECQQDx5gFeXTME3cnW +WMpFz3PPumduzjqgqMMWEccX4FtQkMX/gyGa5UC7OHFyh0N/gSWvPbRHa8A6YgIt +n8DO+fh5AkEAzbqX4DOn8NY6xJIi42q7l/2jIA0RkB6P7YugW5NblhqBZ0XDnpA5 +sMt+rz+K07u9XZtxgh1xi7mNfwY6lEAMqQJBAJBEauCKmRj35Z6OyeQku59SPsnY ++SJEREVvSNw2lH9SOKQQ4wPsYlTGbvKtNVZgAcen91L5MmYfeckYE/fdIZECQQCt +64zxsTnM1I8iFxj/gP/OYlJBikrKt8udWmjaghzvLMEw+T2DExJyb9ZNeT53+UMB +m6O+B/4xzU/djvp+0hbhAkAemIt+rA5kTmYlFndhpvzkSSM8a2EXsO4XIPgGWCTT +tQKS/tTly0ADMjN/TVy11+9d6zcqadNVuHXHGtR4W0GR +-----END RSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_rsa_key.pub b/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_rsa_key.pub new file mode 100644 index 0000000000..75d2025c71 --- /dev/null +++ b/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_rsa_key.pub @@ -0,0 +1,5 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8 +semM4q843337zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RW +RWzjaxSB6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4Q== +---- END SSH2 PUBLIC KEY ---- diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 27b611780d..51431da48e 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -27,11 +27,44 @@ -include_lib("kernel/include/file.hrl"). %% Note: This directive should only be used in test suites. --compile(export_all). +%%-compile(export_all). + +%%% Test cases +-export([ + app_test/1, + appup_test/1, + cli/1, + close/1, + daemon_already_started/1, + double_close/1, + exec/1, + exec_compressed/1, + idle_time/1, + inet6_option/1, + inet_option/1, + internal_error/1, + known_hosts/1, + misc_ssh_options/1, + openssh_zlib_basic_test/1, + packet_size_zero/1, + pass_phrase/1, + peername_sockname/1, + send/1, + shell/1, + shell_no_unicode/1, + shell_unicode_string/1, + ssh_info_print/1 + ]). + +%%% Common test callbacks +-export([suite/0, all/0, groups/0, + init_per_suite/1, end_per_suite/1, + init_per_group/2, end_per_group/2, + init_per_testcase/2, end_per_testcase/2 + ]). -define(NEWLINE, <<"\r\n">>). --define(REKEY_DATA_TMO, 65000). %%-------------------------------------------------------------------- %% Common Test interface functions ----------------------------------- %%-------------------------------------------------------------------- @@ -42,38 +75,14 @@ suite() -> all() -> [app_test, appup_test, - {group, key_exchange}, {group, dsa_key}, {group, rsa_key}, {group, dsa_pass_key}, {group, rsa_pass_key}, {group, internal_error}, - connectfun_disconnectfun_server, - connectfun_disconnectfun_client, - {group, renegotiate}, daemon_already_started, - server_password_option, - server_userpassword_option, - {group, dir_options}, double_close, - ssh_connect_timeout, - ssh_connect_arg4_timeout, packet_size_zero, - ssh_daemon_minimal_remote_max_packet_size_option, - ssh_msg_debug_fun_option_client, - ssh_msg_debug_fun_option_server, - disconnectfun_option_server, - disconnectfun_option_client, - unexpectedfun_option_server, - unexpectedfun_option_client, - preferred_algorithms, - id_string_no_opt_client, - id_string_own_string_client, - id_string_random_client, - id_string_no_opt_server, - id_string_own_string_server, - id_string_random_server, - {group, hardening_tests}, ssh_info_print ]. @@ -82,27 +91,7 @@ groups() -> {rsa_key, [], basic_tests()}, {dsa_pass_key, [], [pass_phrase]}, {rsa_pass_key, [], [pass_phrase]}, - {internal_error, [], [internal_error]}, - {renegotiate, [], [rekey, rekey_limit, renegotiate1, renegotiate2]}, - {hardening_tests, [], [ssh_connect_nonegtimeout_connected_parallel, - ssh_connect_nonegtimeout_connected_sequential, - ssh_connect_negtimeout_parallel, - ssh_connect_negtimeout_sequential, - max_sessions_ssh_connect_parallel, - max_sessions_ssh_connect_sequential, - max_sessions_sftp_start_channel_parallel, - max_sessions_sftp_start_channel_sequential - ]}, - {key_exchange, [], ['diffie-hellman-group-exchange-sha1', - 'diffie-hellman-group-exchange-sha256', - 'diffie-hellman-group1-sha1', - 'diffie-hellman-group14-sha1', - 'ecdh-sha2-nistp256', - 'ecdh-sha2-nistp384', - 'ecdh-sha2-nistp521' - ]}, - {dir_options, [], [user_dir_option, - system_dir_option]} + {internal_error, [], [internal_error]} ]. @@ -111,7 +100,8 @@ basic_tests() -> exec, exec_compressed, shell, shell_no_unicode, shell_unicode_string, cli, known_hosts, - idle_time, openssh_zlib_basic_test, misc_ssh_options, inet_option]. + idle_time, openssh_zlib_basic_test, + misc_ssh_options, inet_option, inet6_option]. %%-------------------------------------------------------------------- @@ -155,11 +145,6 @@ init_per_group(internal_error, Config) -> ssh_test_lib:setup_dsa(DataDir, PrivDir), file:delete(filename:join(PrivDir, "system/ssh_host_dsa_key")), Config; -init_per_group(key_exchange, Config) -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), - ssh_test_lib:setup_rsa(DataDir, PrivDir), - Config; init_per_group(dir_options, Config) -> PrivDir = ?config(priv_dir, Config), %% Make unreadable dir: @@ -207,8 +192,6 @@ init_per_group(_, Config) -> end_per_group(hardening_tests, Config) -> end_per_group(dsa_key, Config); -end_per_group(key_exchange, Config) -> - end_per_group(rsa_key, Config); end_per_group(dsa_key, Config) -> PrivDir = ?config(priv_dir, Config), ssh_test_lib:clean_dsa(PrivDir), @@ -279,21 +262,18 @@ end_per_testcase(_Config) -> %%-------------------------------------------------------------------- %% Test Cases -------------------------------------------------------- %%-------------------------------------------------------------------- -app_test() -> - [{doc, "App lication consistency test."}]. +%%% Application consistency test. app_test(Config) when is_list(Config) -> ?t:app_test(ssh), ok. %%-------------------------------------------------------------------- -appup_test() -> - [{doc, "Appup file consistency test."}]. +%%% Appup file consistency test. appup_test(Config) when is_list(Config) -> ok = ?t:appup_test(ssh). %%-------------------------------------------------------------------- -misc_ssh_options() -> - [{doc, "Test that we can set some misc options not tested elsewhere, " - "some options not yet present are not decided if we should support or " - "if they need thier own test case."}]. +%%% Test that we can set some misc options not tested elsewhere +%%% some options not yet present are not decided if we should support or +%%% if they need thier own test case. misc_ssh_options(Config) when is_list(Config) -> SystemDir = filename:join(?config(priv_dir, Config), system), UserDir = ?config(priv_dir, Config), @@ -307,8 +287,7 @@ misc_ssh_options(Config) when is_list(Config) -> basic_test([{client_opts, CMiscOpt1}, {server_opts, SMiscOpt1}]). %%-------------------------------------------------------------------- -inet_option() -> - [{doc, "Test configuring IPv4"}]. +%%% Test configuring IPv4 inet_option(Config) when is_list(Config) -> SystemDir = filename:join(?config(priv_dir, Config), system), UserDir = ?config(priv_dir, Config), @@ -324,8 +303,7 @@ inet_option(Config) when is_list(Config) -> {server_opts, [{inet, inet} | ServerOpts]}]). %%-------------------------------------------------------------------- -inet6_option() -> - [{doc, "Test configuring IPv6"}]. +%%% Test configuring IPv6 inet6_option(Config) when is_list(Config) -> SystemDir = filename:join(?config(priv_dir, Config), system), UserDir = ?config(priv_dir, Config), @@ -341,8 +319,7 @@ inet6_option(Config) when is_list(Config) -> {server_opts, [{inet, inet6} | ServerOpts]}]). %%-------------------------------------------------------------------- -exec() -> - [{doc, "Test api function ssh_connection:exec"}]. +%%% Test api function ssh_connection:exec exec(Config) when is_list(Config) -> process_flag(trap_exit, true), SystemDir = filename:join(?config(priv_dir, Config), system), @@ -383,8 +360,7 @@ exec(Config) when is_list(Config) -> ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- -exec_compressed() -> - [{doc, "Test that compression option works"}]. +%%% Test that compression option works exec_compressed(Config) when is_list(Config) -> process_flag(trap_exit, true), SystemDir = filename:join(?config(priv_dir, Config), system), @@ -412,8 +388,7 @@ exec_compressed(Config) when is_list(Config) -> ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- -idle_time() -> - [{doc, "Idle timeout test"}]. +%%% Idle timeout test idle_time(Config) -> SystemDir = filename:join(?config(priv_dir, Config), system), UserDir = ?config(priv_dir, Config), @@ -433,183 +408,9 @@ idle_time(Config) -> {error, closed} = ssh_connection:session_channel(ConnectionRef, 1000) end, ssh:stop_daemon(Pid). -%%-------------------------------------------------------------------- -rekey() -> - [{doc, "Idle timeout test"}]. -rekey(Config) -> - SystemDir = ?config(data_dir, Config), - UserDir = ?config(priv_dir, Config), - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {user_dir, UserDir}, - {failfun, fun ssh_test_lib:failfun/2}, - {user_passwords, - [{"simon", "says"}]}, - {rekey_limit, 0}]), - - ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user_dir, UserDir}, - {user, "simon"}, - {password, "says"}, - {user_interaction, false}, - {rekey_limit, 0}]), - receive - after ?REKEY_DATA_TMO -> - %%By this time rekeying would have been done - ssh:close(ConnectionRef), - ssh:stop_daemon(Pid) - end. %%-------------------------------------------------------------------- -rekey_limit() -> - [{doc, "Test rekeying by data volume"}]. -rekey_limit(Config) -> - SystemDir = ?config(data_dir, Config), - UserDir = ?config(priv_dir, Config), - DataFile = filename:join(UserDir, "rekey.data"), - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {max_random_length_padding, 0}, - {user_dir, UserDir}, - {user_passwords, - [{"simon", "says"}]}]), - {ok, SftpPid, ConnectionRef} = - ssh_sftp:start_channel(Host, Port, [{system_dir, SystemDir}, - {user_dir, UserDir}, - {user, "simon"}, - {password, "says"}, - {rekey_limit, 2500}, - {max_random_length_padding, 0}, - {user_interaction, false}, - {silently_accept_hosts, true}]), - - Kex1 = get_kex_init(ConnectionRef), - - timer:sleep(?REKEY_DATA_TMO), - Kex1 = get_kex_init(ConnectionRef), - - Data = lists:duplicate(9000,1), - ok = ssh_sftp:write_file(SftpPid, DataFile, Data), - - timer:sleep(?REKEY_DATA_TMO), - Kex2 = get_kex_init(ConnectionRef), - - false = (Kex2 == Kex1), - - timer:sleep(?REKEY_DATA_TMO), - Kex2 = get_kex_init(ConnectionRef), - - ok = ssh_sftp:write_file(SftpPid, DataFile, "hi\n"), - - timer:sleep(?REKEY_DATA_TMO), - Kex2 = get_kex_init(ConnectionRef), - - false = (Kex2 == Kex1), - - timer:sleep(?REKEY_DATA_TMO), - Kex2 = get_kex_init(ConnectionRef), - - - ssh_sftp:stop_channel(SftpPid), - ssh:close(ConnectionRef), - ssh:stop_daemon(Pid). - -%%-------------------------------------------------------------------- -renegotiate1() -> - [{doc, "Test rekeying with simulataneous send request"}]. -renegotiate1(Config) -> - SystemDir = ?config(data_dir, Config), - UserDir = ?config(priv_dir, Config), - DataFile = filename:join(UserDir, "renegotiate1.data"), - - {Pid, Host, DPort} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {user_dir, UserDir}, - {user_passwords, - [{"simon", "says"}]}]), - RPort = ssh_test_lib:inet_port(), - - {ok,RelayPid} = ssh_relay:start_link({0,0,0,0}, RPort, Host, DPort), - - {ok, SftpPid, ConnectionRef} = - ssh_sftp:start_channel(Host, RPort, [{system_dir, SystemDir}, - {user_dir, UserDir}, - {user, "simon"}, - {password, "says"}, - {user_interaction, false}, - {silently_accept_hosts, true}]), - - Kex1 = get_kex_init(ConnectionRef), - - {ok, Handle} = ssh_sftp:open(SftpPid, DataFile, [write]), - - ok = ssh_sftp:write(SftpPid, Handle, "hi\n"), - - ssh_relay:hold(RelayPid, rx, 20, 1000), - ssh_connection_handler:renegotiate(ConnectionRef), - spawn(fun() -> ok=ssh_sftp:write(SftpPid, Handle, "another hi\n") end), - - timer:sleep(2000), - - Kex2 = get_kex_init(ConnectionRef), - - false = (Kex2 == Kex1), - - ssh_relay:stop(RelayPid), - ssh_sftp:stop_channel(SftpPid), - ssh:close(ConnectionRef), - ssh:stop_daemon(Pid). - -%%-------------------------------------------------------------------- -renegotiate2() -> - [{doc, "Test rekeying with inflight messages from peer"}]. -renegotiate2(Config) -> - SystemDir = ?config(data_dir, Config), - UserDir = ?config(priv_dir, Config), - DataFile = filename:join(UserDir, "renegotiate1.data"), - - {Pid, Host, DPort} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {user_dir, UserDir}, - {user_passwords, - [{"simon", "says"}]}]), - RPort = ssh_test_lib:inet_port(), - - {ok,RelayPid} = ssh_relay:start_link({0,0,0,0}, RPort, Host, DPort), - - {ok, SftpPid, ConnectionRef} = - ssh_sftp:start_channel(Host, RPort, [{system_dir, SystemDir}, - {user_dir, UserDir}, - {user, "simon"}, - {password, "says"}, - {user_interaction, false}, - {silently_accept_hosts, true}]), - - Kex1 = get_kex_init(ConnectionRef), - - {ok, Handle} = ssh_sftp:open(SftpPid, DataFile, [write]), - - ok = ssh_sftp:write(SftpPid, Handle, "hi\n"), - - ssh_relay:hold(RelayPid, rx, 20, infinity), - spawn(fun() -> ok=ssh_sftp:write(SftpPid, Handle, "another hi\n") end), - %% need a small pause here to ensure ssh_sftp:write is executed - ct:sleep(10), - ssh_connection_handler:renegotiate(ConnectionRef), - ssh_relay:release(RelayPid, rx), - - timer:sleep(2000), - - Kex2 = get_kex_init(ConnectionRef), - - false = (Kex2 == Kex1), - - ssh_relay:stop(RelayPid), - ssh_sftp:stop_channel(SftpPid), - ssh:close(ConnectionRef), - ssh:stop_daemon(Pid). - -%%-------------------------------------------------------------------- -shell() -> - [{doc, "Test that ssh:shell/2 works"}]. +%%% Test that ssh:shell/2 works shell(Config) when is_list(Config) -> process_flag(trap_exit, true), SystemDir = filename:join(?config(priv_dir, Config), system), @@ -630,8 +431,6 @@ shell(Config) when is_list(Config) -> end. %%-------------------------------------------------------------------- -cli() -> - [{doc, ""}]. cli(Config) when is_list(Config) -> process_flag(trap_exit, true), SystemDir = filename:join(?config(priv_dir, Config), system), @@ -665,9 +464,8 @@ cli(Config) when is_list(Config) -> end. %%-------------------------------------------------------------------- -daemon_already_started() -> - [{doc, "Test that get correct error message if you try to start a daemon", - "on an adress that already runs a daemon see also seq10667"}]. +%%% Test that get correct error message if you try to start a daemon +%%% on an adress that already runs a daemon see also seq10667 daemon_already_started(Config) when is_list(Config) -> SystemDir = ?config(data_dir, Config), UserDir = ?config(priv_dir, Config), @@ -682,489 +480,7 @@ daemon_already_started(Config) when is_list(Config) -> ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- -server_password_option() -> - [{doc, "validate to server that uses the 'password' option"}]. -server_password_option(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, UserDir}, - {password, "morot"}]), - - ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_interaction, false}, - {user_dir, UserDir}]), - - Reason = "Unable to connect using the available authentication methods", - - {error, Reason} = - ssh:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "vego"}, - {password, "foo"}, - {user_interaction, false}, - {user_dir, UserDir}]), - - ct:log("Test of wrong password: Error msg: ~p ~n", [Reason]), - - ssh:close(ConnectionRef), - ssh:stop_daemon(Pid). - -%%-------------------------------------------------------------------- - -server_userpassword_option() -> - [{doc, "validate to server that uses the 'password' option"}]. -server_userpassword_option(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, PrivDir}, - {user_passwords, [{"vego", "morot"}]}]), - - ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "vego"}, - {password, "morot"}, - {user_interaction, false}, - {user_dir, UserDir}]), - ssh:close(ConnectionRef), - - Reason = "Unable to connect using the available authentication methods", - - {error, Reason} = - ssh:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_interaction, false}, - {user_dir, UserDir}]), - {error, Reason} = - ssh:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "vego"}, - {password, "foo"}, - {user_interaction, false}, - {user_dir, UserDir}]), - ssh:stop_daemon(Pid). - -%%-------------------------------------------------------------------- -system_dir_option(Config) -> - DirUnread = proplists:get_value(unreadable_dir,Config), - FileRead = proplists:get_value(readable_file,Config), - - case ssh_test_lib:daemon([{system_dir, DirUnread}]) of - {error,{eoptions,{{system_dir,DirUnread},eacces}}} -> - ok; - {Pid1,_Host1,Port1} when is_pid(Pid1),is_integer(Port1) -> - ssh:stop_daemon(Pid1), - ct:fail("Didn't detect that dir is unreadable", []) - end, - - case ssh_test_lib:daemon([{system_dir, FileRead}]) of - {error,{eoptions,{{system_dir,FileRead},enotdir}}} -> - ok; - {Pid2,_Host2,Port2} when is_pid(Pid2),is_integer(Port2) -> - ssh:stop_daemon(Pid2), - ct:fail("Didn't detect that option is a plain file", []) - end. - - -user_dir_option(Config) -> - DirUnread = proplists:get_value(unreadable_dir,Config), - FileRead = proplists:get_value(readable_file,Config), - %% Any port will do (beware, implementation knowledge!): - Port = 65535, - - case ssh:connect("localhost", Port, [{user_dir, DirUnread}]) of - {error,{eoptions,{{user_dir,DirUnread},eacces}}} -> - ok; - {error,econnrefused} -> - ct:fail("Didn't detect that dir is unreadable", []) - end, - - case ssh:connect("localhost", Port, [{user_dir, FileRead}]) of - {error,{eoptions,{{user_dir,FileRead},enotdir}}} -> - ok; - {error,econnrefused} -> - ct:fail("Didn't detect that option is a plain file", []) - end. - -%%-------------------------------------------------------------------- -ssh_msg_debug_fun_option_client() -> - [{doc, "validate client that uses the 'ssh_msg_debug_fun' option"}]. -ssh_msg_debug_fun_option_client(Config) -> - PrivDir = ?config(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, UserDir}, - {password, "morot"}, - {failfun, fun ssh_test_lib:failfun/2}]), - Parent = self(), - DbgFun = fun(ConnRef,Displ,Msg,Lang) -> Parent ! {msg_dbg,{ConnRef,Displ,Msg,Lang}} end, - - ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_dir, UserDir}, - {user_interaction, false}, - {ssh_msg_debug_fun,DbgFun}]), - %% Beware, implementation knowledge: - gen_fsm:send_all_state_event(ConnectionRef,{ssh_msg_debug,false,<<"Hello">>,<<>>}), - receive - {msg_dbg,X={ConnectionRef,false,<<"Hello">>,<<>>}} -> - ct:log("Got expected dbg msg ~p",[X]), - ssh:stop_daemon(Pid); - {msg_dbg,X={_,false,<<"Hello">>,<<>>}} -> - ct:log("Got dbg msg but bad ConnectionRef (~p expected) ~p",[ConnectionRef,X]), - ssh:stop_daemon(Pid), - {fail, "Bad ConnectionRef received"}; - {msg_dbg,X} -> - ct:log("Got bad dbg msg ~p",[X]), - ssh:stop_daemon(Pid), - {fail,"Bad msg received"} - after 1000 -> - ssh:stop_daemon(Pid), - {fail,timeout} - end. - -%%-------------------------------------------------------------------- -'diffie-hellman-group-exchange-sha1'(Config) -> - kextest('diffie-hellman-group-exchange-sha1',Config). - -'diffie-hellman-group-exchange-sha256'(Config) -> - kextest('diffie-hellman-group-exchange-sha256',Config). - -'diffie-hellman-group1-sha1'(Config) -> - kextest('diffie-hellman-group1-sha1',Config). - -'diffie-hellman-group14-sha1'(Config) -> - kextest('diffie-hellman-group14-sha1',Config). - -'ecdh-sha2-nistp256'(Config) -> - kextest('ecdh-sha2-nistp256',Config). - -'ecdh-sha2-nistp384'(Config) -> - kextest('ecdh-sha2-nistp384',Config). - -'ecdh-sha2-nistp521'(Config) -> - kextest('ecdh-sha2-nistp521',Config). - - -kextest(Kex, Config) -> - case lists:member(Kex, ssh_transport:supported_algorithms(kex)) of - true -> - process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {user_dir, UserDir}, - {user_passwords, [{"foo", "bar"}]}, - {preferred_algorithms, - [{kex, [Kex]}]}, - {failfun, fun ssh_test_lib:failfun/2}]), - - ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "bar"}, - {user_dir, UserDir}, - {preferred_algorithms, - [{kex, [Kex]}]}, - {user_interaction, false}]), - - {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), - success = ssh_connection:exec(ConnectionRef, ChannelId, - "1+1.", infinity), - Data = {ssh_cm, ConnectionRef, {data, ChannelId, 0, <<"2\n">>}}, - case ssh_test_lib:receive_exec_result(Data) of - expected -> - ok; - Other -> - ct:fail(Other) - end, - ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId), - ssh:stop_daemon(Pid); - false -> - {skip, lists:concat([Kex, " is not supported"])} - end. - -%%-------------------------------------------------------------------- -connectfun_disconnectfun_server(Config) -> - PrivDir = ?config(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), - - Parent = self(), - Ref = make_ref(), - ConnFun = fun(_,_,_) -> Parent ! {connect,Ref} end, - DiscFun = fun(R) -> Parent ! {disconnect,Ref,R} end, - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, UserDir}, - {password, "morot"}, - {failfun, fun ssh_test_lib:failfun/2}, - {disconnectfun, DiscFun}, - {connectfun, ConnFun}]), - ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_dir, UserDir}, - {user_interaction, false}]), - receive - {connect,Ref} -> - ssh:close(ConnectionRef), - receive - {disconnect,Ref,R} -> - ct:log("Disconnect result: ~p",[R]), - ssh:stop_daemon(Pid) - after 2000 -> - {fail, "No disconnectfun action"} - end - after 2000 -> - {fail, "No connectfun action"} - end. - -%%-------------------------------------------------------------------- -connectfun_disconnectfun_client(Config) -> - PrivDir = ?config(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), - - Parent = self(), - Ref = make_ref(), - DiscFun = fun(R) -> Parent ! {disconnect,Ref,R} end, - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, UserDir}, - {password, "morot"}, - {failfun, fun ssh_test_lib:failfun/2}]), - _ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_dir, UserDir}, - {disconnectfun, DiscFun}, - {user_interaction, false}]), - ssh:stop_daemon(Pid), - receive - {disconnect,Ref,R} -> - ct:log("Disconnect result: ~p",[R]) - after 2000 -> - {fail, "No disconnectfun action"} - end. - -%%-------------------------------------------------------------------- -ssh_msg_debug_fun_option_server() -> - [{doc, "validate client that uses the 'ssh_msg_debug_fun' option"}]. -ssh_msg_debug_fun_option_server(Config) -> - PrivDir = ?config(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), - - Parent = self(), - DbgFun = fun(ConnRef,Displ,Msg,Lang) -> Parent ! {msg_dbg,{ConnRef,Displ,Msg,Lang}} end, - ConnFun = fun(_,_,_) -> Parent ! {connection_pid,self()} end, - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, UserDir}, - {password, "morot"}, - {failfun, fun ssh_test_lib:failfun/2}, - {connectfun, ConnFun}, - {ssh_msg_debug_fun, DbgFun}]), - _ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_dir, UserDir}, - {user_interaction, false}]), - receive - {connection_pid,Server} -> - %% Beware, implementation knowledge: - gen_fsm:send_all_state_event(Server,{ssh_msg_debug,false,<<"Hello">>,<<>>}), - receive - {msg_dbg,X={_,false,<<"Hello">>,<<>>}} -> - ct:log("Got expected dbg msg ~p",[X]), - ssh:stop_daemon(Pid); - {msg_dbg,X} -> - ct:log("Got bad dbg msg ~p",[X]), - ssh:stop_daemon(Pid), - {fail,"Bad msg received"} - after 3000 -> - ssh:stop_daemon(Pid), - {fail,timeout2} - end - after 3000 -> - ssh:stop_daemon(Pid), - {fail,timeout1} - end. - -%%-------------------------------------------------------------------- -disconnectfun_option_server(Config) -> - PrivDir = ?config(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), - - Parent = self(), - DisConnFun = fun(Reason) -> Parent ! {disconnect,Reason} end, - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, UserDir}, - {password, "morot"}, - {failfun, fun ssh_test_lib:failfun/2}, - {disconnectfun, DisConnFun}]), - ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_dir, UserDir}, - {user_interaction, false}]), - ssh:close(ConnectionRef), - receive - {disconnect,Reason} -> - ct:log("Server detected disconnect: ~p",[Reason]), - ssh:stop_daemon(Pid), - ok - after 3000 -> - receive - X -> ct:log("received ~p",[X]) - after 0 -> ok - end, - {fail,"Timeout waiting for disconnect"} - end. - -%%-------------------------------------------------------------------- -disconnectfun_option_client(Config) -> - PrivDir = ?config(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), - - Parent = self(), - DisConnFun = fun(Reason) -> Parent ! {disconnect,Reason} end, - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, UserDir}, - {password, "morot"}, - {failfun, fun ssh_test_lib:failfun/2}]), - _ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_dir, UserDir}, - {user_interaction, false}, - {disconnectfun, DisConnFun}]), - ssh:stop_daemon(Pid), - receive - {disconnect,Reason} -> - ct:log("Client detected disconnect: ~p",[Reason]), - ok - after 3000 -> - receive - X -> ct:log("received ~p",[X]) - after 0 -> ok - end, - {fail,"Timeout waiting for disconnect"} - end. - -%%-------------------------------------------------------------------- -unexpectedfun_option_server(Config) -> - PrivDir = ?config(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), - - Parent = self(), - ConnFun = fun(_,_,_) -> Parent ! {connection_pid,self()} end, - UnexpFun = fun(Msg,Peer) -> - Parent ! {unexpected,Msg,Peer,self()}, - skip - end, - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, UserDir}, - {password, "morot"}, - {failfun, fun ssh_test_lib:failfun/2}, - {connectfun, ConnFun}, - {unexpectedfun, UnexpFun}]), - _ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_dir, UserDir}, - {user_interaction, false}]), - receive - {connection_pid,Server} -> - %% Beware, implementation knowledge: - Server ! unexpected_message, - receive - {unexpected, unexpected_message, {{_,_,_,_},_}, _} -> ok; - {unexpected, unexpected_message, Peer, _} -> ct:fail("Bad peer ~p",[Peer]); - M = {unexpected, _, _, _} -> ct:fail("Bad msg ~p",[M]) - after 3000 -> - ssh:stop_daemon(Pid), - {fail,timeout2} - end - after 3000 -> - ssh:stop_daemon(Pid), - {fail,timeout1} - end. - -%%-------------------------------------------------------------------- -unexpectedfun_option_client(Config) -> - PrivDir = ?config(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), - - Parent = self(), - UnexpFun = fun(Msg,Peer) -> - Parent ! {unexpected,Msg,Peer,self()}, - skip - end, - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, - {user_dir, UserDir}, - {password, "morot"}, - {failfun, fun ssh_test_lib:failfun/2}]), - ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_dir, UserDir}, - {user_interaction, false}, - {unexpectedfun, UnexpFun}]), - %% Beware, implementation knowledge: - ConnectionRef ! unexpected_message, - - receive - {unexpected, unexpected_message, {{_,_,_,_},_}, ConnectionRef} -> - ok; - {unexpected, unexpected_message, Peer, ConnectionRef} -> - ct:fail("Bad peer ~p",[Peer]); - M = {unexpected, _, _, _} -> - ct:fail("Bad msg ~p",[M]) - after 3000 -> - ssh:stop_daemon(Pid), - {fail,timeout} - end. - -%%-------------------------------------------------------------------- -known_hosts() -> - [{doc, "check that known_hosts is updated correctly"}]. +%%% check that known_hosts is updated correctly known_hosts(Config) when is_list(Config) -> SystemDir = ?config(data_dir, Config), PrivDir = ?config(priv_dir, Config), @@ -1190,8 +506,7 @@ known_hosts(Config) when is_list(Config) -> ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- -pass_phrase() -> - [{doc, "Test that we can use keyes protected by pass phrases"}]. +%%% Test that we can use keyes protected by pass phrases pass_phrase(Config) when is_list(Config) -> process_flag(trap_exit, true), SystemDir = filename:join(?config(priv_dir, Config), system), @@ -1209,28 +524,26 @@ pass_phrase(Config) when is_list(Config) -> {ok, _ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), ssh:stop_daemon(Pid). -%%-------------------------------------------------------------------- -internal_error() -> - [{doc,"Test that client does not hang if disconnects due to internal error"}]. +%%-------------------------------------------------------------------- +%%% Test that client does not hang if disconnects due to internal error internal_error(Config) when is_list(Config) -> process_flag(trap_exit, true), SystemDir = filename:join(?config(priv_dir, Config), system), UserDir = ?config(priv_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {user_dir, UserDir}, - {failfun, fun ssh_test_lib:failfun/2}]), + {user_dir, UserDir}, + {failfun, fun ssh_test_lib:failfun/2}]), {error, Error} = - ssh:connect(Host, Port, [{silently_accept_hosts, true}, - {user_dir, UserDir}, - {user_interaction, false}]), + ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user_interaction, false}]), check_error(Error), ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- -send() -> - [{doc, "Test ssh_connection:send/3"}]. +%%% Test ssh_connection:send/3 send(Config) when is_list(Config) -> process_flag(trap_exit, true), SystemDir = filename:join(?config(priv_dir, Config), system), @@ -1250,8 +563,7 @@ send(Config) when is_list(Config) -> %%-------------------------------------------------------------------- -peername_sockname() -> - [{doc, "Test ssh:connection_info([peername, sockname])"}]. +%%% Test ssh:connection_info([peername, sockname]) peername_sockname(Config) when is_list(Config) -> process_flag(trap_exit, true), SystemDir = filename:join(?config(priv_dir, Config), system), @@ -1301,8 +613,7 @@ ips(Name) when is_list(Name) -> %%-------------------------------------------------------------------- -close() -> - [{doc, "Client receives close when server closes"}]. +%%% Client receives close when server closes close(Config) when is_list(Config) -> process_flag(trap_exit, true), SystemDir = filename:join(?config(priv_dir, Config), system), @@ -1326,8 +637,7 @@ close(Config) when is_list(Config) -> end. %%-------------------------------------------------------------------- -double_close() -> - [{doc, "Simulate that we try to close an already closed connection"}]. +%%% Simulate that we try to close an already closed connection double_close(Config) when is_list(Config) -> SystemDir = ?config(data_dir, Config), PrivDir = ?config(priv_dir, Config), @@ -1347,91 +657,6 @@ double_close(Config) when is_list(Config) -> exit(CM, {shutdown, normal}), ok = ssh:close(CM). -%%-------------------------------------------------------------------- -ssh_connect_timeout() -> - [{doc, "Test connect_timeout option in ssh:connect/4"}]. -ssh_connect_timeout(_Config) -> - ConnTimeout = 2000, - {error,{faked_transport,connect,TimeoutToTransport}} = - ssh:connect("localhost", 12345, - [{transport,{tcp,?MODULE,tcp_closed}}, - {connect_timeout,ConnTimeout}], - 1000), - case TimeoutToTransport of - ConnTimeout -> ok; - Other -> - ct:log("connect_timeout is ~p but transport received ~p",[ConnTimeout,Other]), - {fail,"ssh:connect/4 wrong connect_timeout received in transport"} - end. - -%% Help for the test above -connect(_Host, _Port, _Opts, Timeout) -> - {error, {faked_transport,connect,Timeout}}. - - -%%-------------------------------------------------------------------- -ssh_connect_arg4_timeout() -> - [{doc, "Test fourth argument in ssh:connect/4"}]. -ssh_connect_arg4_timeout(_Config) -> - Timeout = 1000, - Parent = self(), - %% start the server - Server = spawn(fun() -> - {ok,Sl} = gen_tcp:listen(0,[]), - {ok,{_,Port}} = inet:sockname(Sl), - Parent ! {port,self(),Port}, - Rsa = gen_tcp:accept(Sl), - ct:log("Server gen_tcp:accept got ~p",[Rsa]), - receive after 2*Timeout -> ok end %% let client timeout first - end), - - %% Get listening port - Port = receive - {port,Server,ServerPort} -> ServerPort - end, - - %% try to connect with a timeout, but "supervise" it - Client = spawn(fun() -> - T0 = erlang:monotonic_time(), - Rc = ssh:connect("localhost",Port,[],Timeout), - ct:log("Client ssh:connect got ~p",[Rc]), - Parent ! {done,self(),Rc,T0} - end), - - %% Wait for client reaction on the connection try: - receive - {done, Client, {error,timeout}, T0} -> - Msp = ms_passed(T0), - exit(Server,hasta_la_vista___baby), - Low = 0.9*Timeout, - High = 1.1*Timeout, - ct:log("Timeout limits: ~.4f - ~.4f ms, timeout " - "was ~.4f ms, expected ~p ms",[Low,High,Msp,Timeout]), - if - Low ok; - true -> {fail, "timeout not within limits"} - end; - - {done, Client, {error,Other}, _T0} -> - ct:log("Error message \"~p\" from the client is unexpected.",[{error,Other}]), - {fail, "Unexpected error message"}; - - {done, Client, {ok,_Ref}, _T0} -> - {fail,"ssh-connected ???"} - after - 5000 -> - exit(Server,hasta_la_vista___baby), - exit(Client,hasta_la_vista___baby), - {fail, "Didn't timeout"} - end. - -%% Help function, elapsed milliseconds since T0 -ms_passed(T0) -> - %% OTP 18 - erlang:convert_time_unit(erlang:monotonic_time() - T0, - native, - micro_seconds) / 1000. - %%-------------------------------------------------------------------- packet_size_zero(Config) -> SystemDir = ?config(data_dir, Config), @@ -1463,249 +688,6 @@ packet_size_zero(Config) -> ok end. -%%-------------------------------------------------------------------- -ssh_daemon_minimal_remote_max_packet_size_option(Config) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - - {Server, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {user_dir, UserDir}, - {user_passwords, [{"vego", "morot"}]}, - {failfun, fun ssh_test_lib:failfun/2}, - {minimal_remote_max_packet_size, 14}]), - Conn = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user_dir, UserDir}, - {user_interaction, false}, - {user, "vego"}, - {password, "morot"}]), - - %% Try the limits of the minimal_remote_max_packet_size: - {ok, _ChannelId} = ssh_connection:session_channel(Conn, 100, 14, infinity), - {open_error,_,"Maximum packet size below 14 not supported",_} = - ssh_connection:session_channel(Conn, 100, 13, infinity), - - ssh:close(Conn), - ssh:stop_daemon(Server). - -%%-------------------------------------------------------------------- -%% This test try every algorithm by connecting to an Erlang server -preferred_algorithms(Config) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - - {Server, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {user_dir, UserDir}, - {user_passwords, [{"vego", "morot"}]}, - {failfun, fun ssh_test_lib:failfun/2}]), - Available = ssh:default_algorithms(), - Tests = [[{Tag,[Alg]}] || {Tag, SubAlgs} <- Available, - is_atom(hd(SubAlgs)), - Alg <- SubAlgs] - ++ [[{Tag,[{T1,[A1]},{T2,[A2]}]}] || {Tag, [{T1,As1},{T2,As2}]} <- Available, - A1 <- As1, - A2 <- As2], - ct:log("TESTS: ~p",[Tests]), - [connect_exec_channel(Host,Port,PrefAlgs) || PrefAlgs <- Tests], - ssh:stop_daemon(Server). - - -connect_exec_channel(_Host, Port, Algs) -> - ct:log("Try ~p",[Algs]), - ConnectionRef = ssh_test_lib:connect(Port, [{silently_accept_hosts, true}, - {user_interaction, false}, - {user, "vego"}, - {password, "morot"}, - {preferred_algorithms,Algs} - ]), - chan_exec(ConnectionRef, "2*21.", <<"42\n">>), - ssh:close(ConnectionRef). - -chan_exec(ConnectionRef, Cmnd, Expected) -> - {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), - success = ssh_connection:exec(ConnectionRef, ChannelId0,Cmnd, infinity), - Data0 = {ssh_cm, ConnectionRef, {data, ChannelId0, 0, Expected}}, - case ssh_test_lib:receive_exec_result(Data0) of - expected -> - ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId0); - {unexpected_msg,{ssh_cm, ConnectionRef, {exit_status, ChannelId0, 0}} - = ExitStatus0} -> - ct:log("0: Collected data ~p", [ExitStatus0]), - ssh_test_lib:receive_exec_result(Data0, - ConnectionRef, ChannelId0); - Other0 -> - ct:fail(Other0) - end. - -%%-------------------------------------------------------------------- -id_string_no_opt_client(Config) -> - {Server, _Host, Port} = fake_daemon(Config), - {error,_} = ssh:connect("localhost", Port, [], 1000), - receive - {id,Server,"SSH-2.0-Erlang/"++Vsn} -> - true = expected_ssh_vsn(Vsn); - {id,Server,Other} -> - ct:fail("Unexpected id: ~s.",[Other]) - after 5000 -> - {fail,timeout} - end. - -%%-------------------------------------------------------------------- -id_string_own_string_client(Config) -> - {Server, _Host, Port} = fake_daemon(Config), - {error,_} = ssh:connect("localhost", Port, [{id_string,"Pelle"}], 1000), - receive - {id,Server,"SSH-2.0-Pelle\r\n"} -> - ok; - {id,Server,Other} -> - ct:fail("Unexpected id: ~s.",[Other]) - after 5000 -> - {fail,timeout} - end. - -%%-------------------------------------------------------------------- -id_string_random_client(Config) -> - {Server, _Host, Port} = fake_daemon(Config), - {error,_} = ssh:connect("localhost", Port, [{id_string,random}], 1000), - receive - {id,Server,Id="SSH-2.0-Erlang"++_} -> - ct:fail("Unexpected id: ~s.",[Id]); - {id,Server,Rnd="SSH-2.0-"++_} -> - ct:log("Got correct ~s",[Rnd]); - {id,Server,Id} -> - ct:fail("Unexpected id: ~s.",[Id]) - after 5000 -> - {fail,timeout} - end. - -%%-------------------------------------------------------------------- -id_string_no_opt_server(Config) -> - {_Server, Host, Port} = std_daemon(Config, []), - {ok,S1}=gen_tcp:connect(Host,Port,[{active,false},{packet,line}]), - {ok,"SSH-2.0-Erlang/"++Vsn} = gen_tcp:recv(S1, 0, 2000), - true = expected_ssh_vsn(Vsn). - -%%-------------------------------------------------------------------- -id_string_own_string_server(Config) -> - {_Server, Host, Port} = std_daemon(Config, [{id_string,"Olle"}]), - {ok,S1}=gen_tcp:connect(Host,Port,[{active,false},{packet,line}]), - {ok,"SSH-2.0-Olle\r\n"} = gen_tcp:recv(S1, 0, 2000). - -%%-------------------------------------------------------------------- -id_string_random_server(Config) -> - {_Server, Host, Port} = std_daemon(Config, [{id_string,random}]), - {ok,S1}=gen_tcp:connect(Host,Port,[{active,false},{packet,line}]), - {ok,"SSH-2.0-"++Rnd} = gen_tcp:recv(S1, 0, 2000), - case Rnd of - "Erlang"++_ -> ct:log("Id=~p",[Rnd]), - {fail,got_default_id}; - "Olle\r\n" -> {fail,got_previous_tests_value}; - _ -> ct:log("Got ~s.",[Rnd]) - end. - -%%-------------------------------------------------------------------- -ssh_connect_negtimeout_parallel(Config) -> ssh_connect_negtimeout(Config,true). -ssh_connect_negtimeout_sequential(Config) -> ssh_connect_negtimeout(Config,false). - -ssh_connect_negtimeout(Config, Parallel) -> - process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), - NegTimeOut = 2000, % ms - ct:log("Parallel: ~p",[Parallel]), - - {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, - {parallel_login, Parallel}, - {negotiation_timeout, NegTimeOut}, - {failfun, fun ssh_test_lib:failfun/2}]), - - {ok,Socket} = gen_tcp:connect(Host, Port, []), - - Factor = 2, - ct:log("And now sleeping ~p*NegTimeOut (~p ms)...", [Factor, round(Factor * NegTimeOut)]), - ct:sleep(round(Factor * NegTimeOut)), - - case inet:sockname(Socket) of - {ok,_} -> ct:fail("Socket not closed"); - {error,_} -> ok - end. - -%%-------------------------------------------------------------------- -ssh_connect_nonegtimeout_connected_parallel() -> - [{doc, "Test that ssh connection does not timeout if the connection is established (parallel)"}]. -ssh_connect_nonegtimeout_connected_parallel(Config) -> - ssh_connect_nonegtimeout_connected(Config, true). - -ssh_connect_nonegtimeout_connected_sequential() -> - [{doc, "Test that ssh connection does not timeout if the connection is established (non-parallel)"}]. -ssh_connect_nonegtimeout_connected_sequential(Config) -> - ssh_connect_nonegtimeout_connected(Config, false). - - -ssh_connect_nonegtimeout_connected(Config, Parallel) -> - process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), - NegTimeOut = 20000, % ms - ct:log("Parallel: ~p",[Parallel]), - - {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, - {parallel_login, Parallel}, - {negotiation_timeout, NegTimeOut}, - {failfun, fun ssh_test_lib:failfun/2}]), - ct:log("~p Listen ~p:~p",[_Pid,_Host,Port]), - ct:sleep(500), - - IO = ssh_test_lib:start_io_server(), - Shell = ssh_test_lib:start_shell(Port, IO, UserDir), - receive - Error = {'EXIT', _, _} -> - ct:log("~p",[Error]), - ct:fail(no_ssh_connection); - ErlShellStart -> - ct:log("---Erlang shell start: ~p~n", [ErlShellStart]), - one_shell_op(IO, NegTimeOut), - one_shell_op(IO, NegTimeOut), - - Factor = 2, - ct:log("And now sleeping ~p*NegTimeOut (~p ms)...", [Factor, round(Factor * NegTimeOut)]), - ct:sleep(round(Factor * NegTimeOut)), - - one_shell_op(IO, NegTimeOut) - end, - exit(Shell, kill). - - -one_shell_op(IO, TimeOut) -> - ct:log("One shell op: Waiting for prompter"), - receive - ErlPrompt0 -> ct:log("Erlang prompt: ~p~n", [ErlPrompt0]) - after TimeOut -> ct:fail("Timeout waiting for promter") - end, - - IO ! {input, self(), "2*3*7.\r\n"}, - receive - Echo0 -> ct:log("Echo: ~p ~n", [Echo0]) - after TimeOut -> ct:fail("Timeout waiting for echo") - end, - - receive - ?NEWLINE -> ct:log("NEWLINE received", []) - after TimeOut -> - receive Any1 -> ct:log("Bad NEWLINE: ~p",[Any1]) - after 0 -> ct:fail("Timeout waiting for NEWLINE") - end - end, - - receive - Result0 -> ct:log("Result: ~p~n", [Result0]) - after TimeOut -> ct:fail("Timeout waiting for result") - end. - %%-------------------------------------------------------------------- shell_no_unicode(Config) -> new_do_shell(?config(io,Config), @@ -1724,8 +706,7 @@ shell_unicode_string(Config) -> ]). %%-------------------------------------------------------------------- -openssh_zlib_basic_test() -> - [{doc, "Test basic connection with openssh_zlib"}]. +%%% Test basic connection with openssh_zlib openssh_zlib_basic_test(Config) -> SystemDir = filename:join(?config(priv_dir, Config), system), UserDir = ?config(priv_dir, Config), @@ -1744,102 +725,6 @@ openssh_zlib_basic_test(Config) -> ok = ssh:close(ConnectionRef), ssh:stop_daemon(Pid). -%%-------------------------------------------------------------------- - -max_sessions_ssh_connect_parallel(Config) -> - max_sessions(Config, true, connect_fun(ssh__connect,Config)). -max_sessions_ssh_connect_sequential(Config) -> - max_sessions(Config, false, connect_fun(ssh__connect,Config)). - -max_sessions_sftp_start_channel_parallel(Config) -> - max_sessions(Config, true, connect_fun(ssh_sftp__start_channel, Config)). -max_sessions_sftp_start_channel_sequential(Config) -> - max_sessions(Config, false, connect_fun(ssh_sftp__start_channel, Config)). - - -%%%---- helpers: -connect_fun(ssh__connect, Config) -> - fun(Host,Port) -> - ssh_test_lib:connect(Host, Port, - [{silently_accept_hosts, true}, - {user_dir, ?config(priv_dir,Config)}, - {user_interaction, false}, - {user, "carni"}, - {password, "meat"} - ]) - %% ssh_test_lib returns R when ssh:connect returns {ok,R} - end; -connect_fun(ssh_sftp__start_channel, _Config) -> - fun(Host,Port) -> - {ok,_Pid,ConnRef} = - ssh_sftp:start_channel(Host, Port, - [{silently_accept_hosts, true}, - {user, "carni"}, - {password, "meat"} - ]), - ConnRef - end. - - -max_sessions(Config, ParallelLogin, Connect0) when is_function(Connect0,2) -> - Connect = fun(Host,Port) -> - R = Connect0(Host,Port), - ct:log("Connect(~p,~p) -> ~p",[Host,Port,R]), - R - end, - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), - MaxSessions = 5, - {Pid, Host, Port} = ssh_test_lib:daemon([ - {system_dir, SystemDir}, - {user_dir, UserDir}, - {user_passwords, [{"carni", "meat"}]}, - {parallel_login, ParallelLogin}, - {max_sessions, MaxSessions} - ]), - ct:log("~p Listen ~p:~p for max ~p sessions",[Pid,Host,Port,MaxSessions]), - try [Connect(Host,Port) || _ <- lists:seq(1,MaxSessions)] - of - Connections -> - %% Step 1 ok: could set up max_sessions connections - ct:log("Connections up: ~p",[Connections]), - [_|_] = Connections, - - %% Now try one more than alowed: - ct:log("Info Report might come here...",[]), - try Connect(Host,Port) - of - _ConnectionRef1 -> - ssh:stop_daemon(Pid), - {fail,"Too many connections accepted"} - catch - error:{badmatch,{error,"Connection closed"}} -> - %% Step 2 ok: could not set up max_sessions+1 connections - %% This is expected - %% Now stop one connection and try to open one more - ok = ssh:close(hd(Connections)), - receive after 250 -> ok end, % sleep so the supervisor has time to count down. Not nice... - try Connect(Host,Port) - of - _ConnectionRef1 -> - %% Step 3 ok: could set up one more connection after killing one - %% Thats good. - ssh:stop_daemon(Pid), - ok - catch - error:{badmatch,{error,"Connection closed"}} -> - %% Bad indeed. Could not set up one more connection even after killing - %% one existing. Very bad. - ssh:stop_daemon(Pid), - {fail,"Does not decrease # active sessions"} - end - end - catch - error:{badmatch,{error,"Connection closed"}} -> - ssh:stop_daemon(Pid), - {fail,"Too few connections accepted"} - end. - %%-------------------------------------------------------------------- ssh_info_print(Config) -> %% Just check that ssh_print:info() crashes @@ -1911,7 +796,6 @@ ssh_info_print(Config) -> %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- - %% Due to timing the error message may or may not be delivered to %% the "tcp-application" before the socket closed message is recived check_error("Invalid state") -> @@ -2070,62 +954,3 @@ new_do_shell_prompt(IO, N, Op, Str, More) -> new_do_shell(IO, N, [{Op,Str}|More]). %%-------------------------------------------------------------------- - - -std_daemon(Config, ExtraOpts) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - {_Server, _Host, _Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {user_dir, UserDir}, - {failfun, fun ssh_test_lib:failfun/2} | ExtraOpts]). - -expected_ssh_vsn(Str) -> - try - {ok,L} = application:get_all_key(ssh), - proplists:get_value(vsn,L,"")++"\r\n" - of - Str -> true; - "\r\n" -> true; - _ -> false - catch - _:_ -> true %% ssh not started so we dont't know - end. - - -fake_daemon(_Config) -> - Parent = self(), - %% start the server - Server = spawn(fun() -> - {ok,Sl} = gen_tcp:listen(0,[{packet,line}]), - {ok,{Host,Port}} = inet:sockname(Sl), - ct:log("fake_daemon listening on ~p:~p~n",[Host,Port]), - Parent ! {sockname,self(),Host,Port}, - Rsa = gen_tcp:accept(Sl), - ct:log("Server gen_tcp:accept got ~p",[Rsa]), - {ok,S} = Rsa, - receive - {tcp, S, Id} -> Parent ! {id,self(),Id} - end - end), - %% Get listening host and port - receive - {sockname,Server,ServerHost,ServerPort} -> {Server, ServerHost, ServerPort} - end. - -%% get_kex_init - helper function to get key_exchange_init_msg -get_kex_init(Conn) -> - %% First, validate the key exchange is complete (StateName == connected) - {connected,S} = sys:get_state(Conn), - %% Next, walk through the elements of the #state record looking - %% for the #ssh_msg_kexinit record. This method is robust against - %% changes to either record. The KEXINIT message contains a cookie - %% unique to each invocation of the key exchange procedure (RFC4253) - SL = tuple_to_list(S), - case lists:keyfind(ssh_msg_kexinit, 1, SL) of - false -> - throw(not_found); - KexInit -> - KexInit - end. diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl new file mode 100644 index 0000000000..d64c78da35 --- /dev/null +++ b/lib/ssh/test/ssh_options_SUITE.erl @@ -0,0 +1,1024 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2015. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%% +%% %CopyrightEnd% +%% + +%% + +-module(ssh_options_SUITE). + +%%% This test suite tests different options for the ssh functions + + +-include_lib("common_test/include/ct.hrl"). +-include_lib("kernel/include/file.hrl"). + + +%%% Test cases +-export([connectfun_disconnectfun_client/1, + disconnectfun_option_client/1, + disconnectfun_option_server/1, + id_string_no_opt_client/1, + id_string_no_opt_server/1, + id_string_own_string_client/1, + id_string_own_string_server/1, + id_string_random_client/1, + id_string_random_server/1, + max_sessions_sftp_start_channel_parallel/1, + max_sessions_sftp_start_channel_sequential/1, + max_sessions_ssh_connect_parallel/1, + max_sessions_ssh_connect_sequential/1, + server_password_option/1, + server_userpassword_option/1, + ssh_connect_arg4_timeout/1, + ssh_connect_negtimeout_parallel/1, + ssh_connect_negtimeout_sequential/1, + ssh_connect_nonegtimeout_connected_parallel/1, + ssh_connect_nonegtimeout_connected_sequential/1, + ssh_connect_timeout/1, connect/4, + ssh_daemon_minimal_remote_max_packet_size_option/1, + ssh_msg_debug_fun_option_client/1, + ssh_msg_debug_fun_option_server/1, + system_dir_option/1, + unexpectedfun_option_client/1, + unexpectedfun_option_server/1, + user_dir_option/1, + connectfun_disconnectfun_server/1 + ]). + +%%% Common test callbacks +-export([suite/0, all/0, groups/0, + init_per_suite/1, end_per_suite/1, + init_per_group/2, end_per_group/2, + init_per_testcase/2, end_per_testcase/2 + ]). + + +-define(NEWLINE, <<"\r\n">>). + +%%-------------------------------------------------------------------- +%% Common Test interface functions ----------------------------------- +%%-------------------------------------------------------------------- + +suite() -> + [{ct_hooks,[ts_install_cth]}]. + +all() -> + [connectfun_disconnectfun_server, + connectfun_disconnectfun_client, + server_password_option, + server_userpassword_option, + {group, dir_options}, + ssh_connect_timeout, + ssh_connect_arg4_timeout, + ssh_daemon_minimal_remote_max_packet_size_option, + ssh_msg_debug_fun_option_client, + ssh_msg_debug_fun_option_server, + disconnectfun_option_server, + disconnectfun_option_client, + unexpectedfun_option_server, + unexpectedfun_option_client, + id_string_no_opt_client, + id_string_own_string_client, + id_string_random_client, + id_string_no_opt_server, + id_string_own_string_server, + id_string_random_server, + {group, hardening_tests} + ]. + +groups() -> + [{hardening_tests, [], [ssh_connect_nonegtimeout_connected_parallel, + ssh_connect_nonegtimeout_connected_sequential, + ssh_connect_negtimeout_parallel, + ssh_connect_negtimeout_sequential, + max_sessions_ssh_connect_parallel, + max_sessions_ssh_connect_sequential, + max_sessions_sftp_start_channel_parallel, + max_sessions_sftp_start_channel_sequential + ]}, + {dir_options, [], [user_dir_option, + system_dir_option]} + ]. + + +%%-------------------------------------------------------------------- +init_per_suite(Config) -> + catch crypto:stop(), + case catch crypto:start() of + ok -> + Config; + _Else -> + {skip, "Crypto could not be started!"} + end. +end_per_suite(_Config) -> + ssh:stop(), + crypto:stop(). +%%-------------------------------------------------------------------- +init_per_group(hardening_tests, Config) -> + DataDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + ssh_test_lib:setup_dsa(DataDir, PrivDir), + Config; +init_per_group(dir_options, Config) -> + PrivDir = ?config(priv_dir, Config), + %% Make unreadable dir: + Dir_unreadable = filename:join(PrivDir, "unread"), + ok = file:make_dir(Dir_unreadable), + {ok,F1} = file:read_file_info(Dir_unreadable), + ok = file:write_file_info(Dir_unreadable, + F1#file_info{mode = F1#file_info.mode band (bnot 8#00444)}), + %% Make readable file: + File_readable = filename:join(PrivDir, "file"), + ok = file:write_file(File_readable, <<>>), + + %% Check: + case {file:read_file_info(Dir_unreadable), + file:read_file_info(File_readable)} of + {{ok, Id=#file_info{type=directory, access=Md}}, + {ok, If=#file_info{type=regular, access=Mf}}} -> + AccessOK = + case {Md, Mf} of + {read, _} -> false; + {read_write, _} -> false; + {_, read} -> true; + {_, read_write} -> true; + _ -> false + end, + + case AccessOK of + true -> + %% Save: + [{unreadable_dir, Dir_unreadable}, + {readable_file, File_readable} + | Config]; + false -> + ct:log("File#file_info : ~p~n" + "Dir#file_info : ~p",[If,Id]), + {skip, "File or dir mode settings failed"} + end; + + NotDirFile -> + ct:log("{Dir,File} -> ~p",[NotDirFile]), + {skip, "File/Dir creation failed"} + end; +init_per_group(_, Config) -> + Config. + +end_per_group(_, Config) -> + Config. +%%-------------------------------------------------------------------- +init_per_testcase(_TestCase, Config) -> + ssh:start(), + Config. + +end_per_testcase(TestCase, Config) when TestCase == server_password_option; + TestCase == server_userpassword_option -> + UserDir = filename:join(?config(priv_dir, Config), nopubkey), + ssh_test_lib:del_dirs(UserDir), + end_per_testcase(Config); +end_per_testcase(_TestCase, Config) -> + end_per_testcase(Config). + +end_per_testcase(_Config) -> + ssh:stop(), + ok. + +%%-------------------------------------------------------------------- +%% Test Cases -------------------------------------------------------- +%%-------------------------------------------------------------------- +%%-------------------------------------------------------------------- + +%%% validate to server that uses the 'password' option +server_password_option(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}]), + + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, false}, + {user_dir, UserDir}]), + + Reason = "Unable to connect using the available authentication methods", + + {error, Reason} = + ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "vego"}, + {password, "foo"}, + {user_interaction, false}, + {user_dir, UserDir}]), + + ct:log("Test of wrong password: Error msg: ~p ~n", [Reason]), + + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). + +%%-------------------------------------------------------------------- + +%%% validate to server that uses the 'password' option +server_userpassword_option(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, PrivDir}, + {user_passwords, [{"vego", "morot"}]}]), + + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "vego"}, + {password, "morot"}, + {user_interaction, false}, + {user_dir, UserDir}]), + ssh:close(ConnectionRef), + + Reason = "Unable to connect using the available authentication methods", + + {error, Reason} = + ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, false}, + {user_dir, UserDir}]), + {error, Reason} = + ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "vego"}, + {password, "foo"}, + {user_interaction, false}, + {user_dir, UserDir}]), + ssh:stop_daemon(Pid). + +%%-------------------------------------------------------------------- +system_dir_option(Config) -> + DirUnread = proplists:get_value(unreadable_dir,Config), + FileRead = proplists:get_value(readable_file,Config), + + case ssh_test_lib:daemon([{system_dir, DirUnread}]) of + {error,{eoptions,{{system_dir,DirUnread},eacces}}} -> + ok; + {Pid1,_Host1,Port1} when is_pid(Pid1),is_integer(Port1) -> + ssh:stop_daemon(Pid1), + ct:fail("Didn't detect that dir is unreadable", []) + end, + + case ssh_test_lib:daemon([{system_dir, FileRead}]) of + {error,{eoptions,{{system_dir,FileRead},enotdir}}} -> + ok; + {Pid2,_Host2,Port2} when is_pid(Pid2),is_integer(Port2) -> + ssh:stop_daemon(Pid2), + ct:fail("Didn't detect that option is a plain file", []) + end. + + +user_dir_option(Config) -> + DirUnread = proplists:get_value(unreadable_dir,Config), + FileRead = proplists:get_value(readable_file,Config), + %% Any port will do (beware, implementation knowledge!): + Port = 65535, + + case ssh:connect("localhost", Port, [{user_dir, DirUnread}]) of + {error,{eoptions,{{user_dir,DirUnread},eacces}}} -> + ok; + {error,econnrefused} -> + ct:fail("Didn't detect that dir is unreadable", []) + end, + + case ssh:connect("localhost", Port, [{user_dir, FileRead}]) of + {error,{eoptions,{{user_dir,FileRead},enotdir}}} -> + ok; + {error,econnrefused} -> + ct:fail("Didn't detect that option is a plain file", []) + end. + +%%-------------------------------------------------------------------- +%%% validate client that uses the 'ssh_msg_debug_fun' option +ssh_msg_debug_fun_option_client(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}]), + Parent = self(), + DbgFun = fun(ConnRef,Displ,Msg,Lang) -> Parent ! {msg_dbg,{ConnRef,Displ,Msg,Lang}} end, + + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {user_interaction, false}, + {ssh_msg_debug_fun,DbgFun}]), + %% Beware, implementation knowledge: + gen_fsm:send_all_state_event(ConnectionRef,{ssh_msg_debug,false,<<"Hello">>,<<>>}), + receive + {msg_dbg,X={ConnectionRef,false,<<"Hello">>,<<>>}} -> + ct:log("Got expected dbg msg ~p",[X]), + ssh:stop_daemon(Pid); + {msg_dbg,X={_,false,<<"Hello">>,<<>>}} -> + ct:log("Got dbg msg but bad ConnectionRef (~p expected) ~p",[ConnectionRef,X]), + ssh:stop_daemon(Pid), + {fail, "Bad ConnectionRef received"}; + {msg_dbg,X} -> + ct:log("Got bad dbg msg ~p",[X]), + ssh:stop_daemon(Pid), + {fail,"Bad msg received"} + after 1000 -> + ssh:stop_daemon(Pid), + {fail,timeout} + end. + +%%-------------------------------------------------------------------- +connectfun_disconnectfun_server(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + Ref = make_ref(), + ConnFun = fun(_,_,_) -> Parent ! {connect,Ref} end, + DiscFun = fun(R) -> Parent ! {disconnect,Ref,R} end, + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}, + {disconnectfun, DiscFun}, + {connectfun, ConnFun}]), + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {user_interaction, false}]), + receive + {connect,Ref} -> + ssh:close(ConnectionRef), + receive + {disconnect,Ref,R} -> + ct:log("Disconnect result: ~p",[R]), + ssh:stop_daemon(Pid) + after 2000 -> + {fail, "No disconnectfun action"} + end + after 2000 -> + {fail, "No connectfun action"} + end. + +%%-------------------------------------------------------------------- +connectfun_disconnectfun_client(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + Ref = make_ref(), + DiscFun = fun(R) -> Parent ! {disconnect,Ref,R} end, + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}]), + _ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {disconnectfun, DiscFun}, + {user_interaction, false}]), + ssh:stop_daemon(Pid), + receive + {disconnect,Ref,R} -> + ct:log("Disconnect result: ~p",[R]) + after 2000 -> + {fail, "No disconnectfun action"} + end. + +%%-------------------------------------------------------------------- +%%% validate client that uses the 'ssh_msg_debug_fun' option +ssh_msg_debug_fun_option_server(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + DbgFun = fun(ConnRef,Displ,Msg,Lang) -> Parent ! {msg_dbg,{ConnRef,Displ,Msg,Lang}} end, + ConnFun = fun(_,_,_) -> Parent ! {connection_pid,self()} end, + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}, + {connectfun, ConnFun}, + {ssh_msg_debug_fun, DbgFun}]), + _ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {user_interaction, false}]), + receive + {connection_pid,Server} -> + %% Beware, implementation knowledge: + gen_fsm:send_all_state_event(Server,{ssh_msg_debug,false,<<"Hello">>,<<>>}), + receive + {msg_dbg,X={_,false,<<"Hello">>,<<>>}} -> + ct:log("Got expected dbg msg ~p",[X]), + ssh:stop_daemon(Pid); + {msg_dbg,X} -> + ct:log("Got bad dbg msg ~p",[X]), + ssh:stop_daemon(Pid), + {fail,"Bad msg received"} + after 3000 -> + ssh:stop_daemon(Pid), + {fail,timeout2} + end + after 3000 -> + ssh:stop_daemon(Pid), + {fail,timeout1} + end. + +%%-------------------------------------------------------------------- +disconnectfun_option_server(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + DisConnFun = fun(Reason) -> Parent ! {disconnect,Reason} end, + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}, + {disconnectfun, DisConnFun}]), + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {user_interaction, false}]), + ssh:close(ConnectionRef), + receive + {disconnect,Reason} -> + ct:log("Server detected disconnect: ~p",[Reason]), + ssh:stop_daemon(Pid), + ok + after 3000 -> + receive + X -> ct:log("received ~p",[X]) + after 0 -> ok + end, + {fail,"Timeout waiting for disconnect"} + end. + +%%-------------------------------------------------------------------- +disconnectfun_option_client(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + DisConnFun = fun(Reason) -> Parent ! {disconnect,Reason} end, + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}]), + _ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {user_interaction, false}, + {disconnectfun, DisConnFun}]), + ssh:stop_daemon(Pid), + receive + {disconnect,Reason} -> + ct:log("Client detected disconnect: ~p",[Reason]), + ok + after 3000 -> + receive + X -> ct:log("received ~p",[X]) + after 0 -> ok + end, + {fail,"Timeout waiting for disconnect"} + end. + +%%-------------------------------------------------------------------- +unexpectedfun_option_server(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + ConnFun = fun(_,_,_) -> Parent ! {connection_pid,self()} end, + UnexpFun = fun(Msg,Peer) -> + Parent ! {unexpected,Msg,Peer,self()}, + skip + end, + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}, + {connectfun, ConnFun}, + {unexpectedfun, UnexpFun}]), + _ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {user_interaction, false}]), + receive + {connection_pid,Server} -> + %% Beware, implementation knowledge: + Server ! unexpected_message, + receive + {unexpected, unexpected_message, {{_,_,_,_},_}, _} -> ok; + {unexpected, unexpected_message, Peer, _} -> ct:fail("Bad peer ~p",[Peer]); + M = {unexpected, _, _, _} -> ct:fail("Bad msg ~p",[M]) + after 3000 -> + ssh:stop_daemon(Pid), + {fail,timeout2} + end + after 3000 -> + ssh:stop_daemon(Pid), + {fail,timeout1} + end. + +%%-------------------------------------------------------------------- +unexpectedfun_option_client(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + + Parent = self(), + UnexpFun = fun(Msg,Peer) -> + Parent ! {unexpected,Msg,Peer,self()}, + skip + end, + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {failfun, fun ssh_test_lib:failfun/2}]), + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_dir, UserDir}, + {user_interaction, false}, + {unexpectedfun, UnexpFun}]), + %% Beware, implementation knowledge: + ConnectionRef ! unexpected_message, + + receive + {unexpected, unexpected_message, {{_,_,_,_},_}, ConnectionRef} -> + ok; + {unexpected, unexpected_message, Peer, ConnectionRef} -> + ct:fail("Bad peer ~p",[Peer]); + M = {unexpected, _, _, _} -> + ct:fail("Bad msg ~p",[M]) + after 3000 -> + ssh:stop_daemon(Pid), + {fail,timeout} + end. + +%%-------------------------------------------------------------------- +%%% Test connect_timeout option in ssh:connect/4 +ssh_connect_timeout(_Config) -> + ConnTimeout = 2000, + {error,{faked_transport,connect,TimeoutToTransport}} = + ssh:connect("localhost", 12345, + [{transport,{tcp,?MODULE,tcp_closed}}, + {connect_timeout,ConnTimeout}], + 1000), + case TimeoutToTransport of + ConnTimeout -> ok; + Other -> + ct:log("connect_timeout is ~p but transport received ~p",[ConnTimeout,Other]), + {fail,"ssh:connect/4 wrong connect_timeout received in transport"} + end. + +%% Plugin function for the test above +connect(_Host, _Port, _Opts, Timeout) -> + {error, {faked_transport,connect,Timeout}}. + +%%-------------------------------------------------------------------- +%%% Test fourth argument in ssh:connect/4 +ssh_connect_arg4_timeout(_Config) -> + Timeout = 1000, + Parent = self(), + %% start the server + Server = spawn(fun() -> + {ok,Sl} = gen_tcp:listen(0,[]), + {ok,{_,Port}} = inet:sockname(Sl), + Parent ! {port,self(),Port}, + Rsa = gen_tcp:accept(Sl), + ct:log("Server gen_tcp:accept got ~p",[Rsa]), + receive after 2*Timeout -> ok end %% let client timeout first + end), + + %% Get listening port + Port = receive + {port,Server,ServerPort} -> ServerPort + end, + + %% try to connect with a timeout, but "supervise" it + Client = spawn(fun() -> + T0 = erlang:monotonic_time(), + Rc = ssh:connect("localhost",Port,[],Timeout), + ct:log("Client ssh:connect got ~p",[Rc]), + Parent ! {done,self(),Rc,T0} + end), + + %% Wait for client reaction on the connection try: + receive + {done, Client, {error,timeout}, T0} -> + Msp = ms_passed(T0), + exit(Server,hasta_la_vista___baby), + Low = 0.9*Timeout, + High = 2.5*Timeout, + ct:log("Timeout limits: ~.4f - ~.4f ms, timeout " + "was ~.4f ms, expected ~p ms",[Low,High,Msp,Timeout]), + if + Low ok; + true -> {fail, "timeout not within limits"} + end; + + {done, Client, {error,Other}, _T0} -> + ct:log("Error message \"~p\" from the client is unexpected.",[{error,Other}]), + {fail, "Unexpected error message"}; + + {done, Client, {ok,_Ref}, _T0} -> + {fail,"ssh-connected ???"} + after + 5000 -> + exit(Server,hasta_la_vista___baby), + exit(Client,hasta_la_vista___baby), + {fail, "Didn't timeout"} + end. + +%% Help function, elapsed milliseconds since T0 +ms_passed(T0) -> + %% OTP 18 + erlang:convert_time_unit(erlang:monotonic_time() - T0, + native, + micro_seconds) / 1000. + +%%-------------------------------------------------------------------- +ssh_daemon_minimal_remote_max_packet_size_option(Config) -> + SystemDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + + {Server, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {user_passwords, [{"vego", "morot"}]}, + {failfun, fun ssh_test_lib:failfun/2}, + {minimal_remote_max_packet_size, 14}]), + Conn = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user_interaction, false}, + {user, "vego"}, + {password, "morot"}]), + + %% Try the limits of the minimal_remote_max_packet_size: + {ok, _ChannelId} = ssh_connection:session_channel(Conn, 100, 14, infinity), + {open_error,_,"Maximum packet size below 14 not supported",_} = + ssh_connection:session_channel(Conn, 100, 13, infinity), + + ssh:close(Conn), + ssh:stop_daemon(Server). + +%%-------------------------------------------------------------------- +%% This test try every algorithm by connecting to an Erlang server +id_string_no_opt_client(Config) -> + {Server, _Host, Port} = fake_daemon(Config), + {error,_} = ssh:connect("localhost", Port, [], 1000), + receive + {id,Server,"SSH-2.0-Erlang/"++Vsn} -> + true = expected_ssh_vsn(Vsn); + {id,Server,Other} -> + ct:fail("Unexpected id: ~s.",[Other]) + after 5000 -> + {fail,timeout} + end. + +%%-------------------------------------------------------------------- +id_string_own_string_client(Config) -> + {Server, _Host, Port} = fake_daemon(Config), + {error,_} = ssh:connect("localhost", Port, [{id_string,"Pelle"}], 1000), + receive + {id,Server,"SSH-2.0-Pelle\r\n"} -> + ok; + {id,Server,Other} -> + ct:fail("Unexpected id: ~s.",[Other]) + after 5000 -> + {fail,timeout} + end. + +%%-------------------------------------------------------------------- +id_string_random_client(Config) -> + {Server, _Host, Port} = fake_daemon(Config), + {error,_} = ssh:connect("localhost", Port, [{id_string,random}], 1000), + receive + {id,Server,Id="SSH-2.0-Erlang"++_} -> + ct:fail("Unexpected id: ~s.",[Id]); + {id,Server,Rnd="SSH-2.0-"++_} -> + ct:log("Got correct ~s",[Rnd]); + {id,Server,Id} -> + ct:fail("Unexpected id: ~s.",[Id]) + after 5000 -> + {fail,timeout} + end. + +%%-------------------------------------------------------------------- +id_string_no_opt_server(Config) -> + {_Server, Host, Port} = ssh_test_lib:std_daemon(Config, []), + {ok,S1}=gen_tcp:connect(Host,Port,[{active,false},{packet,line}]), + {ok,"SSH-2.0-Erlang/"++Vsn} = gen_tcp:recv(S1, 0, 2000), + true = expected_ssh_vsn(Vsn). + +%%-------------------------------------------------------------------- +id_string_own_string_server(Config) -> + {_Server, Host, Port} = ssh_test_lib:std_daemon(Config, [{id_string,"Olle"}]), + {ok,S1}=gen_tcp:connect(Host,Port,[{active,false},{packet,line}]), + {ok,"SSH-2.0-Olle\r\n"} = gen_tcp:recv(S1, 0, 2000). + +%%-------------------------------------------------------------------- +id_string_random_server(Config) -> + {_Server, Host, Port} = ssh_test_lib:std_daemon(Config, [{id_string,random}]), + {ok,S1}=gen_tcp:connect(Host,Port,[{active,false},{packet,line}]), + {ok,"SSH-2.0-"++Rnd} = gen_tcp:recv(S1, 0, 2000), + case Rnd of + "Erlang"++_ -> ct:log("Id=~p",[Rnd]), + {fail,got_default_id}; + "Olle\r\n" -> {fail,got_previous_tests_value}; + _ -> ct:log("Got ~s.",[Rnd]) + end. + +%%-------------------------------------------------------------------- +ssh_connect_negtimeout_parallel(Config) -> ssh_connect_negtimeout(Config,true). +ssh_connect_negtimeout_sequential(Config) -> ssh_connect_negtimeout(Config,false). + +ssh_connect_negtimeout(Config, Parallel) -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + NegTimeOut = 2000, % ms + ct:log("Parallel: ~p",[Parallel]), + + {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, + {parallel_login, Parallel}, + {negotiation_timeout, NegTimeOut}, + {failfun, fun ssh_test_lib:failfun/2}]), + + {ok,Socket} = gen_tcp:connect(Host, Port, []), + + Factor = 2, + ct:log("And now sleeping ~p*NegTimeOut (~p ms)...", [Factor, round(Factor * NegTimeOut)]), + ct:sleep(round(Factor * NegTimeOut)), + + case inet:sockname(Socket) of + {ok,_} -> ct:fail("Socket not closed"); + {error,_} -> ok + end. + +%%-------------------------------------------------------------------- +%%% Test that ssh connection does not timeout if the connection is established (parallel) +ssh_connect_nonegtimeout_connected_parallel(Config) -> + ssh_connect_nonegtimeout_connected(Config, true). + +%%% Test that ssh connection does not timeout if the connection is established (non-parallel) +ssh_connect_nonegtimeout_connected_sequential(Config) -> + ssh_connect_nonegtimeout_connected(Config, false). + + +ssh_connect_nonegtimeout_connected(Config, Parallel) -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + NegTimeOut = 20000, % ms + ct:log("Parallel: ~p",[Parallel]), + + {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, + {parallel_login, Parallel}, + {negotiation_timeout, NegTimeOut}, + {failfun, fun ssh_test_lib:failfun/2}]), + ct:log("~p Listen ~p:~p",[_Pid,_Host,Port]), + ct:sleep(500), + + IO = ssh_test_lib:start_io_server(), + Shell = ssh_test_lib:start_shell(Port, IO, UserDir), + receive + Error = {'EXIT', _, _} -> + ct:log("~p",[Error]), + ct:fail(no_ssh_connection); + ErlShellStart -> + ct:log("---Erlang shell start: ~p~n", [ErlShellStart]), + one_shell_op(IO, NegTimeOut), + one_shell_op(IO, NegTimeOut), + + Factor = 2, + ct:log("And now sleeping ~p*NegTimeOut (~p ms)...", [Factor, round(Factor * NegTimeOut)]), + ct:sleep(round(Factor * NegTimeOut)), + + one_shell_op(IO, NegTimeOut) + end, + exit(Shell, kill). + + +one_shell_op(IO, TimeOut) -> + ct:log("One shell op: Waiting for prompter"), + receive + ErlPrompt0 -> ct:log("Erlang prompt: ~p~n", [ErlPrompt0]) + after TimeOut -> ct:fail("Timeout waiting for promter") + end, + + IO ! {input, self(), "2*3*7.\r\n"}, + receive + Echo0 -> ct:log("Echo: ~p ~n", [Echo0]) + after TimeOut -> ct:fail("Timeout waiting for echo") + end, + + receive + ?NEWLINE -> ct:log("NEWLINE received", []) + after TimeOut -> + receive Any1 -> ct:log("Bad NEWLINE: ~p",[Any1]) + after 0 -> ct:fail("Timeout waiting for NEWLINE") + end + end, + + receive + Result0 -> ct:log("Result: ~p~n", [Result0]) + after TimeOut -> ct:fail("Timeout waiting for result") + end. + +%%-------------------------------------------------------------------- +max_sessions_ssh_connect_parallel(Config) -> + max_sessions(Config, true, connect_fun(ssh__connect,Config)). +max_sessions_ssh_connect_sequential(Config) -> + max_sessions(Config, false, connect_fun(ssh__connect,Config)). + +max_sessions_sftp_start_channel_parallel(Config) -> + max_sessions(Config, true, connect_fun(ssh_sftp__start_channel, Config)). +max_sessions_sftp_start_channel_sequential(Config) -> + max_sessions(Config, false, connect_fun(ssh_sftp__start_channel, Config)). + + +%%%---- helpers: +connect_fun(ssh__connect, Config) -> + fun(Host,Port) -> + ssh_test_lib:connect(Host, Port, + [{silently_accept_hosts, true}, + {user_dir, ?config(priv_dir,Config)}, + {user_interaction, false}, + {user, "carni"}, + {password, "meat"} + ]) + %% ssh_test_lib returns R when ssh:connect returns {ok,R} + end; +connect_fun(ssh_sftp__start_channel, _Config) -> + fun(Host,Port) -> + {ok,_Pid,ConnRef} = + ssh_sftp:start_channel(Host, Port, + [{silently_accept_hosts, true}, + {user, "carni"}, + {password, "meat"} + ]), + ConnRef + end. + + +max_sessions(Config, ParallelLogin, Connect0) when is_function(Connect0,2) -> + Connect = fun(Host,Port) -> + R = Connect0(Host,Port), + ct:log("Connect(~p,~p) -> ~p",[Host,Port,R]), + R + end, + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + MaxSessions = 5, + {Pid, Host, Port} = ssh_test_lib:daemon([ + {system_dir, SystemDir}, + {user_dir, UserDir}, + {user_passwords, [{"carni", "meat"}]}, + {parallel_login, ParallelLogin}, + {max_sessions, MaxSessions} + ]), + ct:log("~p Listen ~p:~p for max ~p sessions",[Pid,Host,Port,MaxSessions]), + try [Connect(Host,Port) || _ <- lists:seq(1,MaxSessions)] + of + Connections -> + %% Step 1 ok: could set up max_sessions connections + ct:log("Connections up: ~p",[Connections]), + [_|_] = Connections, + + %% Now try one more than alowed: + ct:log("Info Report might come here...",[]), + try Connect(Host,Port) + of + _ConnectionRef1 -> + ssh:stop_daemon(Pid), + {fail,"Too many connections accepted"} + catch + error:{badmatch,{error,"Connection closed"}} -> + %% Step 2 ok: could not set up max_sessions+1 connections + %% This is expected + %% Now stop one connection and try to open one more + ok = ssh:close(hd(Connections)), + receive after 250 -> ok end, % sleep so the supervisor has time to count down. Not nice... + try Connect(Host,Port) + of + _ConnectionRef1 -> + %% Step 3 ok: could set up one more connection after killing one + %% Thats good. + ssh:stop_daemon(Pid), + ok + catch + error:{badmatch,{error,"Connection closed"}} -> + %% Bad indeed. Could not set up one more connection even after killing + %% one existing. Very bad. + ssh:stop_daemon(Pid), + {fail,"Does not decrease # active sessions"} + end + end + catch + error:{badmatch,{error,"Connection closed"}} -> + ssh:stop_daemon(Pid), + {fail,"Too few connections accepted"} + end. + +%%-------------------------------------------------------------------- +%% Internal functions ------------------------------------------------ +%%-------------------------------------------------------------------- + +expected_ssh_vsn(Str) -> + try + {ok,L} = application:get_all_key(ssh), + proplists:get_value(vsn,L,"")++"\r\n" + of + Str -> true; + "\r\n" -> true; + _ -> false + catch + _:_ -> true %% ssh not started so we dont't know + end. + + +fake_daemon(_Config) -> + Parent = self(), + %% start the server + Server = spawn(fun() -> + {ok,Sl} = gen_tcp:listen(0,[{packet,line}]), + {ok,{Host,Port}} = inet:sockname(Sl), + ct:log("fake_daemon listening on ~p:~p~n",[Host,Port]), + Parent ! {sockname,self(),Host,Port}, + Rsa = gen_tcp:accept(Sl), + ct:log("Server gen_tcp:accept got ~p",[Rsa]), + {ok,S} = Rsa, + receive + {tcp, S, Id} -> Parent ! {id,self(),Id} + end + end), + %% Get listening host and port + receive + {sockname,Server,ServerHost,ServerPort} -> {Server, ServerHost, ServerPort} + end. diff --git a/lib/ssh/test/ssh_options_SUITE_data/id_dsa b/lib/ssh/test/ssh_options_SUITE_data/id_dsa new file mode 100644 index 0000000000..d306f8b26e --- /dev/null +++ b/lib/ssh/test/ssh_options_SUITE_data/id_dsa @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ +APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod +/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP +kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW +JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD +OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt ++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e +uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX +Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE +ZU8w8Q+H7z0j+a+70x2iAw== +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_options_SUITE_data/id_rsa b/lib/ssh/test/ssh_options_SUITE_data/id_rsa new file mode 100644 index 0000000000..9d7e0dd5fb --- /dev/null +++ b/lib/ssh/test/ssh_options_SUITE_data/id_rsa @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQD1OET+3O/Bvj/dtjxDTXmj1oiJt4sIph5kGy0RfjoPrZfaS+CU +DhakCmS6t2ivxWFgtpKWaoGMZMJqWj6F6ZsumyFl3FPBtujwY/35cgifrI9Ns4Tl +zR1uuengNBmV+WRQ5cd9F2qS6Z8aDQihzt0r8JUqLcK+VQbrmNzboCCQQwIDAQAB +AoGAPQEyqPTt8JUT7mRXuaacjFXiweAXhp9NEDpyi9eLOjtFe9lElZCrsUOkq47V +TGUeRKEm9qSodfTbKPoqc8YaBJGJPhUaTAcha+7QcDdfHBvIsgxvU7ePVnlpXRp3 +CCUEMPhlnx6xBoTYP+fRU0e3+xJIPVyVCqX1jAdUMkzfRoECQQD6ux7B1QJAIWyK +SGkbDUbBilNmzCFNgIpOP6PA+bwfi5d16diTpra5AX09keQABAo/KaP1PdV8Vg0p +z4P3A7G3AkEA+l+AKG6m0kQTTBMJDqOdVPYwe+5GxunMaqmhokpEbuGsrZBl5Dvd +WpcBjR7jmenrhKZRIuA+Fz5HPo/UQJPl1QJBAKxstDkeED8j/S2XoFhPKAJ+6t39 +sUVICVTIZQeXdmzHJXCcUSkw8+WEhakqw/3SyW0oaK2FSWQJFWJUZ+8eJj8CQEh3 +xeduB5kKnS9CvzdeghZqX6QvVosSdtlUmfUYW/BgH5PpHKTP8wTaeld3XldZTpMJ +dKiMkUw2+XYROVUrubUCQD+Na1LhULlpn4ISEtIEfqpdlUhxDgO15Wg8USmsng+x +ICliVOSQtwaZjm8kwaFt0W7XnpnDxbRs37vIEbIMWak= +-----END RSA PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_options_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_options_SUITE_data/ssh_host_dsa_key new file mode 100644 index 0000000000..51ab6fbd88 --- /dev/null +++ b/lib/ssh/test/ssh_options_SUITE_data/ssh_host_dsa_key @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK +wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q +diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA +l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X +skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF +Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP +ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah +/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U +ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W +Lv62jKcdskxNyz2NQoBx +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_options_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_options_SUITE_data/ssh_host_dsa_key.pub new file mode 100644 index 0000000000..4dbb1305b0 --- /dev/null +++ b/lib/ssh/test/ssh_options_SUITE_data/ssh_host_dsa_key.pub @@ -0,0 +1,11 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j +YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2 +KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU +aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI +fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT +MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh +DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48 +wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2 +/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg== +---- END SSH2 PUBLIC KEY ---- diff --git a/lib/ssh/test/ssh_options_SUITE_data/ssh_host_rsa_key b/lib/ssh/test/ssh_options_SUITE_data/ssh_host_rsa_key new file mode 100644 index 0000000000..79968bdd7d --- /dev/null +++ b/lib/ssh/test/ssh_options_SUITE_data/ssh_host_rsa_key @@ -0,0 +1,16 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8semM4q843337 +zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RWRWzjaxSB +6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4QIDAQAB +AoGANmvJzJO5hkLuvyDZHKfAnGTtpifcR1wtSa9DjdKUyn8vhKF0mIimnbnYQEmW +NUUb3gXCZLi9PvkpRSVRrASDOZwcjoU/Kvww163vBUVb2cOZfFhyn6o2Sk88Tt++ +udH3hdjpf9i7jTtUkUe+QYPsia+wgvvrmn4QrahLAH86+kECQQDx5gFeXTME3cnW +WMpFz3PPumduzjqgqMMWEccX4FtQkMX/gyGa5UC7OHFyh0N/gSWvPbRHa8A6YgIt +n8DO+fh5AkEAzbqX4DOn8NY6xJIi42q7l/2jIA0RkB6P7YugW5NblhqBZ0XDnpA5 +sMt+rz+K07u9XZtxgh1xi7mNfwY6lEAMqQJBAJBEauCKmRj35Z6OyeQku59SPsnY ++SJEREVvSNw2lH9SOKQQ4wPsYlTGbvKtNVZgAcen91L5MmYfeckYE/fdIZECQQCt +64zxsTnM1I8iFxj/gP/OYlJBikrKt8udWmjaghzvLMEw+T2DExJyb9ZNeT53+UMB +m6O+B/4xzU/djvp+0hbhAkAemIt+rA5kTmYlFndhpvzkSSM8a2EXsO4XIPgGWCTT +tQKS/tTly0ADMjN/TVy11+9d6zcqadNVuHXHGtR4W0GR +-----END RSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_options_SUITE_data/ssh_host_rsa_key.pub b/lib/ssh/test/ssh_options_SUITE_data/ssh_host_rsa_key.pub new file mode 100644 index 0000000000..75d2025c71 --- /dev/null +++ b/lib/ssh/test/ssh_options_SUITE_data/ssh_host_rsa_key.pub @@ -0,0 +1,5 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8 +semM4q843337zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RW +RWzjaxSB6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4Q== +---- END SSH2 PUBLIC KEY ---- diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 132be3beb2..cf2df5028a 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -73,6 +73,9 @@ end_per_suite(Config) -> +init_per_testcase(no_common_alg_server_disconnects, Config) -> + start_std_daemon(Config, [{preferred_algorithms,[{public_key,['ssh-rsa']}]}]); + init_per_testcase(TC, Config) when TC == gex_client_init_default_noexact ; TC == gex_client_init_default_exact ; TC == gex_client_init_option_groups ; @@ -93,6 +96,8 @@ init_per_testcase(TC, Config) when TC == gex_client_init_default_noexact ; init_per_testcase(_TestCase, Config) -> check_std_daemon_works(Config, ?LINE). +end_per_testcase(no_common_alg_server_disconnects, Config) -> + stop_std_daemon(Config); end_per_testcase(TC, Config) when TC == gex_client_init_default_noexact ; TC == gex_client_init_default_exact ; TC == gex_client_init_option_groups ; @@ -101,7 +106,6 @@ end_per_testcase(TC, Config) when TC == gex_client_init_default_noexact ; end_per_testcase(_TestCase, Config) -> check_std_daemon_works(Config, ?LINE). - %%%-------------------------------------------------------------------- %%% Test Cases -------------------------------------------------------- %%%-------------------------------------------------------------------- @@ -412,8 +416,9 @@ start_std_daemon(Config, ExtraOpts) -> UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), UserPasswords = [{"user1","pwd1"}], - Options = [{system_dir, system_dir(Config)}, - {user_dir, user_dir(Config)}, + Options = [%%{preferred_algorithms,[{public_key,['ssh-rsa']}]}, %% For some test cases + {system_dir, system_dir(Config)}, + {user_dir, UserDir}, {user_passwords, UserPasswords}, {failfun, fun ssh_test_lib:failfun/2} | ExtraOpts], diff --git a/lib/ssh/test/ssh_renegotiate_SUITE.erl b/lib/ssh/test/ssh_renegotiate_SUITE.erl new file mode 100644 index 0000000000..9daa6efc02 --- /dev/null +++ b/lib/ssh/test/ssh_renegotiate_SUITE.erl @@ -0,0 +1,223 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2008-2015. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%% +%% %CopyrightEnd% +%% + +-module(ssh_renegotiate_SUITE). + +-include_lib("common_test/include/ct.hrl"). + +%% Note: This directive should only be used in test suites. +-compile(export_all). + +-define(REKEY_DATA_TMO, 65000). +%%-------------------------------------------------------------------- +%% Common Test interface functions ----------------------------------- +%%-------------------------------------------------------------------- + +suite() -> [{ct_hooks,[ts_install_cth]}]. + +all() -> [rekey, rekey_limit, renegotiate1, renegotiate2]. + +groups() -> []. + +%%-------------------------------------------------------------------- +init_per_suite(Config) -> + catch crypto:stop(), + case catch crypto:start() of + ok -> + Config; + _Else -> + {skip, "Crypto could not be started!"} + end. +end_per_suite(_Config) -> + ssh:stop(), + crypto:stop(). + +%%-------------------------------------------------------------------- +init_per_testcase(_TestCase, Config) -> + ssh:start(), + Config. + +end_per_testcase(_TestCase, _Config) -> + ssh:stop(), + ok. + +%%-------------------------------------------------------------------- +%% Test Cases -------------------------------------------------------- +%%-------------------------------------------------------------------- + +%%% Idle timeout test + +rekey(Config) -> + {Pid, Host, Port} = + ssh_test_lib:std_daemon(Config, + [{rekey_limit, 0}]), + ConnectionRef = + ssh_test_lib:std_connect(Config, Host, Port, + [{rekey_limit, 0}]), + Kex1 = get_kex_init(ConnectionRef), + receive + after ?REKEY_DATA_TMO -> + %%By this time rekeying would have been done + Kex2 = get_kex_init(ConnectionRef), + false = (Kex2 == Kex1), + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid) + end. + +%%-------------------------------------------------------------------- + +%%% Test rekeying by data volume + +rekey_limit(Config) -> + UserDir = ?config(priv_dir, Config), + DataFile = filename:join(UserDir, "rekey.data"), + + {Pid, Host, Port} = ssh_test_lib:std_daemon(Config,[]), + + ConnectionRef = ssh_test_lib:std_connect(Config, Host, Port, [{rekey_limit, 4500}]), + {ok, SftpPid} = ssh_sftp:start_channel(ConnectionRef), + + Kex1 = get_kex_init(ConnectionRef), + + timer:sleep(?REKEY_DATA_TMO), + Kex1 = get_kex_init(ConnectionRef), + + Data = lists:duplicate(159000,1), + ok = ssh_sftp:write_file(SftpPid, DataFile, Data), + + timer:sleep(?REKEY_DATA_TMO), + Kex2 = get_kex_init(ConnectionRef), + + false = (Kex2 == Kex1), + + timer:sleep(?REKEY_DATA_TMO), + Kex2 = get_kex_init(ConnectionRef), + + ok = ssh_sftp:write_file(SftpPid, DataFile, "hi\n"), + + timer:sleep(?REKEY_DATA_TMO), + Kex2 = get_kex_init(ConnectionRef), + + false = (Kex2 == Kex1), + + timer:sleep(?REKEY_DATA_TMO), + Kex2 = get_kex_init(ConnectionRef), + + ssh_sftp:stop_channel(SftpPid), + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). + +%%-------------------------------------------------------------------- + +%%% Test rekeying with simulataneous send request + +renegotiate1(Config) -> + UserDir = ?config(priv_dir, Config), + DataFile = filename:join(UserDir, "renegotiate1.data"), + + {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[]), + + RPort = ssh_test_lib:inet_port(), + {ok,RelayPid} = ssh_relay:start_link({0,0,0,0}, RPort, Host, DPort), + + + ConnectionRef = ssh_test_lib:std_connect(Config, Host, RPort, []), + {ok, SftpPid} = ssh_sftp:start_channel(ConnectionRef), + + Kex1 = get_kex_init(ConnectionRef), + + {ok, Handle} = ssh_sftp:open(SftpPid, DataFile, [write]), + + ok = ssh_sftp:write(SftpPid, Handle, "hi\n"), + + ssh_relay:hold(RelayPid, rx, 20, 1000), + ssh_connection_handler:renegotiate(ConnectionRef), + spawn(fun() -> ok=ssh_sftp:write(SftpPid, Handle, "another hi\n") end), + + timer:sleep(2000), + + Kex2 = get_kex_init(ConnectionRef), + + false = (Kex2 == Kex1), + + ssh_relay:stop(RelayPid), + ssh_sftp:stop_channel(SftpPid), + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). + +%%-------------------------------------------------------------------- + +%%% Test rekeying with inflight messages from peer + +renegotiate2(Config) -> + UserDir = ?config(priv_dir, Config), + DataFile = filename:join(UserDir, "renegotiate2.data"), + + {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[]), + + RPort = ssh_test_lib:inet_port(), + {ok,RelayPid} = ssh_relay:start_link({0,0,0,0}, RPort, Host, DPort), + + ConnectionRef = ssh_test_lib:std_connect(Config, Host, RPort, []), + {ok, SftpPid} = ssh_sftp:start_channel(ConnectionRef), + + Kex1 = get_kex_init(ConnectionRef), + + {ok, Handle} = ssh_sftp:open(SftpPid, DataFile, [write]), + + ok = ssh_sftp:write(SftpPid, Handle, "hi\n"), + + ssh_relay:hold(RelayPid, rx, 20, infinity), + spawn(fun() -> ok=ssh_sftp:write(SftpPid, Handle, "another hi\n") end), + %% need a small pause here to ensure ssh_sftp:write is executed + ct:sleep(10), + ssh_connection_handler:renegotiate(ConnectionRef), + ssh_relay:release(RelayPid, rx), + + timer:sleep(2000), + + Kex2 = get_kex_init(ConnectionRef), + + false = (Kex2 == Kex1), + + ssh_relay:stop(RelayPid), + ssh_sftp:stop_channel(SftpPid), + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). + +%%-------------------------------------------------------------------- +%% Internal functions ------------------------------------------------ +%%-------------------------------------------------------------------- +%% get_kex_init - helper function to get key_exchange_init_msg +get_kex_init(Conn) -> + %% First, validate the key exchange is complete (StateName == connected) + {connected,S} = sys:get_state(Conn), + %% Next, walk through the elements of the #state record looking + %% for the #ssh_msg_kexinit record. This method is robust against + %% changes to either record. The KEXINIT message contains a cookie + %% unique to each invocation of the key exchange procedure (RFC4253) + SL = tuple_to_list(S), + case lists:keyfind(ssh_msg_kexinit, 1, SL) of + false -> + throw(not_found); + KexInit -> + KexInit + end. + diff --git a/lib/ssh/test/ssh_renegotiate_SUITE_data/id_dsa b/lib/ssh/test/ssh_renegotiate_SUITE_data/id_dsa new file mode 100644 index 0000000000..d306f8b26e --- /dev/null +++ b/lib/ssh/test/ssh_renegotiate_SUITE_data/id_dsa @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ +APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod +/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP +kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW +JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD +OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt ++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e +uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX +Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE +ZU8w8Q+H7z0j+a+70x2iAw== +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_renegotiate_SUITE_data/id_rsa b/lib/ssh/test/ssh_renegotiate_SUITE_data/id_rsa new file mode 100644 index 0000000000..9d7e0dd5fb --- /dev/null +++ b/lib/ssh/test/ssh_renegotiate_SUITE_data/id_rsa @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQD1OET+3O/Bvj/dtjxDTXmj1oiJt4sIph5kGy0RfjoPrZfaS+CU +DhakCmS6t2ivxWFgtpKWaoGMZMJqWj6F6ZsumyFl3FPBtujwY/35cgifrI9Ns4Tl +zR1uuengNBmV+WRQ5cd9F2qS6Z8aDQihzt0r8JUqLcK+VQbrmNzboCCQQwIDAQAB +AoGAPQEyqPTt8JUT7mRXuaacjFXiweAXhp9NEDpyi9eLOjtFe9lElZCrsUOkq47V +TGUeRKEm9qSodfTbKPoqc8YaBJGJPhUaTAcha+7QcDdfHBvIsgxvU7ePVnlpXRp3 +CCUEMPhlnx6xBoTYP+fRU0e3+xJIPVyVCqX1jAdUMkzfRoECQQD6ux7B1QJAIWyK +SGkbDUbBilNmzCFNgIpOP6PA+bwfi5d16diTpra5AX09keQABAo/KaP1PdV8Vg0p +z4P3A7G3AkEA+l+AKG6m0kQTTBMJDqOdVPYwe+5GxunMaqmhokpEbuGsrZBl5Dvd +WpcBjR7jmenrhKZRIuA+Fz5HPo/UQJPl1QJBAKxstDkeED8j/S2XoFhPKAJ+6t39 +sUVICVTIZQeXdmzHJXCcUSkw8+WEhakqw/3SyW0oaK2FSWQJFWJUZ+8eJj8CQEh3 +xeduB5kKnS9CvzdeghZqX6QvVosSdtlUmfUYW/BgH5PpHKTP8wTaeld3XldZTpMJ +dKiMkUw2+XYROVUrubUCQD+Na1LhULlpn4ISEtIEfqpdlUhxDgO15Wg8USmsng+x +ICliVOSQtwaZjm8kwaFt0W7XnpnDxbRs37vIEbIMWak= +-----END RSA PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_dsa_key new file mode 100644 index 0000000000..51ab6fbd88 --- /dev/null +++ b/lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_dsa_key @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK +wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q +diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA +l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X +skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF +Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP +ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah +/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U +ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W +Lv62jKcdskxNyz2NQoBx +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_dsa_key.pub new file mode 100644 index 0000000000..4dbb1305b0 --- /dev/null +++ b/lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_dsa_key.pub @@ -0,0 +1,11 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j +YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2 +KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU +aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI +fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT +MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh +DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48 +wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2 +/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg== +---- END SSH2 PUBLIC KEY ---- diff --git a/lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_rsa_key b/lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_rsa_key new file mode 100644 index 0000000000..79968bdd7d --- /dev/null +++ b/lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_rsa_key @@ -0,0 +1,16 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8semM4q843337 +zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RWRWzjaxSB +6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4QIDAQAB +AoGANmvJzJO5hkLuvyDZHKfAnGTtpifcR1wtSa9DjdKUyn8vhKF0mIimnbnYQEmW +NUUb3gXCZLi9PvkpRSVRrASDOZwcjoU/Kvww163vBUVb2cOZfFhyn6o2Sk88Tt++ +udH3hdjpf9i7jTtUkUe+QYPsia+wgvvrmn4QrahLAH86+kECQQDx5gFeXTME3cnW +WMpFz3PPumduzjqgqMMWEccX4FtQkMX/gyGa5UC7OHFyh0N/gSWvPbRHa8A6YgIt +n8DO+fh5AkEAzbqX4DOn8NY6xJIi42q7l/2jIA0RkB6P7YugW5NblhqBZ0XDnpA5 +sMt+rz+K07u9XZtxgh1xi7mNfwY6lEAMqQJBAJBEauCKmRj35Z6OyeQku59SPsnY ++SJEREVvSNw2lH9SOKQQ4wPsYlTGbvKtNVZgAcen91L5MmYfeckYE/fdIZECQQCt +64zxsTnM1I8iFxj/gP/OYlJBikrKt8udWmjaghzvLMEw+T2DExJyb9ZNeT53+UMB +m6O+B/4xzU/djvp+0hbhAkAemIt+rA5kTmYlFndhpvzkSSM8a2EXsO4XIPgGWCTT +tQKS/tTly0ADMjN/TVy11+9d6zcqadNVuHXHGtR4W0GR +-----END RSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_rsa_key.pub b/lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_rsa_key.pub new file mode 100644 index 0000000000..75d2025c71 --- /dev/null +++ b/lib/ssh/test/ssh_renegotiate_SUITE_data/ssh_host_rsa_key.pub @@ -0,0 +1,5 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8 +semM4q843337zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RW +RWzjaxSB6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4Q== +---- END SSH2 PUBLIC KEY ---- diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 8d0b887d83..32fdec9842 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -27,7 +27,7 @@ -include_lib("common_test/include/ct.hrl"). -include_lib("kernel/include/file.hrl"). -% Default timetrap timeout + % Default timetrap timeout -define(default_timeout, ?t:minutes(1)). %%-------------------------------------------------------------------- @@ -64,19 +64,11 @@ end_per_suite(Config) -> groups() -> [{not_unicode, [], [{group,erlang_server}, {group,openssh_server}, - {group,'diffie-hellman-group-exchange-sha1'}, - {group,'diffie-hellman-group-exchange-sha256'}, sftp_nonexistent_subsystem]}, {unicode, [], [{group,erlang_server}, {group,openssh_server}, sftp_nonexistent_subsystem]}, - - {'diffie-hellman-group-exchange-sha1', [], [{group,erlang_server}, - {group,openssh_server}]}, - - {'diffie-hellman-group-exchange-sha256', [], [{group,erlang_server}, - {group,openssh_server}]}, {erlang_server, [], [{group,write_read_tests}, version_option, @@ -159,7 +151,7 @@ init_per_group(unicode, Config) -> _ -> {skip, "Not unicode file encoding"} end; - + init_per_group(erlang_server, Config) -> ct:comment("Begin ~p",[grps(Config)]), PrivDir = ?config(priv_dir, Config), @@ -167,20 +159,18 @@ init_per_group(erlang_server, Config) -> User = ?config(user, Config), Passwd = ?config(passwd, Config), Sftpd = {_, HostX, PortX} = - ssh_test_lib:daemon(extra_opts(Config) ++ - [{system_dir, SysDir}, - {user_dir, PrivDir}, - {user_passwords, - [{User, Passwd}]}]), + ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, PrivDir}, + {user_passwords, + [{User, Passwd}]}]), [{peer, {fmt_host(HostX),PortX}}, {group, erlang_server}, {sftpd, Sftpd} | Config]; init_per_group(openssh_server, Config) -> ct:comment("Begin ~p",[grps(Config)]), Host = ssh_test_lib:hostname(), case (catch ssh_sftp:start_channel(Host, - extra_opts(Config) ++ - [{user_interaction, false}, - {silently_accept_hosts, true}])) of + [{user_interaction, false}, + {silently_accept_hosts, true}])) of {ok, _ChannelPid, Connection} -> [{peer, {_HostName,{IPx,Portx}}}] = ssh:connection_info(Connection,[peer]), ssh:close(Connection), @@ -201,11 +191,10 @@ init_per_group(remote_tar, Config) -> case ?config(group, Config) of erlang_server -> ssh:connect(Host, Port, - extra_opts(Config) ++ - [{user, User}, - {password, Passwd}, - {user_interaction, false}, - {silently_accept_hosts, true}]); + [{user, User}, + {password, Passwd}, + {user_interaction, false}, + {silently_accept_hosts, true}]); openssh_server -> ssh:connect(Host, Port, [{user_interaction, false}, @@ -214,28 +203,6 @@ init_per_group(remote_tar, Config) -> [{remote_tar, true}, {connection, Connection} | Config]; -init_per_group('diffie-hellman-group-exchange-sha1', Config) -> - case lists:member('diffie-hellman-group-exchange-sha1', - ssh_transport:supported_algorithms(kex)) of - true -> - [{extra_opts, [{preferred_algorithms, [{kex,['diffie-hellman-group-exchange-sha1']}]}]} - | Config]; - - false -> - {skip,"'diffie-hellman-group-exchange-sha1' not supported by this version of erlang ssh"} - end; - -init_per_group('diffie-hellman-group-exchange-sha256', Config) -> - case lists:member('diffie-hellman-group-exchange-sha256', - ssh_transport:supported_algorithms(kex)) of - true -> - [{extra_opts, [{preferred_algorithms, [{kex,['diffie-hellman-group-exchange-sha256']}]}]} - | Config]; - - false -> - {skip,"'diffie-hellman-group-exchange-sha256' not supported by this version of erlang ssh"} - end; - init_per_group(write_read_tests, Config) -> ct:comment("Begin ~p",[grps(Config)]), Config. @@ -278,12 +245,11 @@ init_per_testcase(version_option, Config) -> Passwd = ?config(passwd, Config), {ok, ChannelPid, Connection} = ssh_sftp:start_channel(Host, Port, - extra_opts(Config) ++ - [{sftp_vsn, 3}, - {user, User}, - {password, Passwd}, - {user_interaction, false}, - {silently_accept_hosts, true}]), + [{sftp_vsn, 3}, + {user, User}, + {password, Passwd}, + {user_interaction, false}, + {silently_accept_hosts, true}]), Sftp = {ChannelPid, Connection}, [{sftp,Sftp}, {watchdog, Dog} | TmpConfig]; @@ -301,11 +267,10 @@ init_per_testcase(Case, Config0) -> {_,Host, Port} = ?config(sftpd, Config2), {ok, ChannelPid, Connection} = ssh_sftp:start_channel(Host, Port, - extra_opts(Config2) ++ - [{user, User}, - {password, Passwd}, - {user_interaction, false}, - {silently_accept_hosts, true}] + [{user, User}, + {password, Passwd}, + {user_interaction, false}, + {silently_accept_hosts, true}] ), Sftp = {ChannelPid, Connection}, [{sftp, Sftp}, {watchdog, Dog} | Config2]; @@ -315,9 +280,8 @@ init_per_testcase(Case, Config0) -> Host = ssh_test_lib:hostname(), {ok, ChannelPid, Connection} = ssh_sftp:start_channel(Host, - extra_opts(Config2) ++ - [{user_interaction, false}, - {silently_accept_hosts, true}]), + [{user_interaction, false}, + {silently_accept_hosts, true}]), Sftp = {ChannelPid, Connection}, [{sftp, Sftp}, {watchdog, Dog} | Config2] end, @@ -494,7 +458,7 @@ mk_rm_dir() -> mk_rm_dir(Config) when is_list(Config) -> PrivDir = ?config(priv_dir, Config), {Sftp, _} = ?config(sftp, Config), - + DirName = filename:join(PrivDir, "test"), ok = ssh_sftp:make_dir(Sftp, DirName), ok = ssh_sftp:del_dir(Sftp, DirName), @@ -767,7 +731,7 @@ directory_to_tar(Config) -> ok = erl_tar:add(Handle, fn("d1",Config), "d1", [verbose]), ok = erl_tar:close(Handle), chk_tar(["d1"], Config). - + %%-------------------------------------------------------------------- binaries_to_tar(Config) -> ChPid2 = ?config(channel_pid2, Config), @@ -831,9 +795,9 @@ simple_crypto_tar_big(Config) -> chk_tar([{"b1",Bin}, F1, "big.txt"], Config, [{crypto,{Cinit,Cdec}}]). stuff(Bin) -> << <> || <> <= Bin >>. - + unstuff(Bin) -> << <> || <> <= Bin >>. - + %%-------------------------------------------------------------------- read_tar(Config) -> ChPid2 = ?config(channel_pid2, Config), @@ -1002,9 +966,6 @@ prep(Config) -> ok = file:write_file_info(TestFile, FileInfo#file_info{mode = Mode}). -extra_opts(Config) -> - proplists:get_value(extra_opts, Config, []). - chk_tar(Items, Config) -> chk_tar(Items, Config, []). @@ -1041,7 +1002,7 @@ analyze_report([E={NameE,BinE}|Es], [A={NameA,BinA}|As]) -> NameE < NameA -> [["Component ",NameE," is missing.\n\n"] | analyze_report(Es,[A|As])]; - + NameE > NameA -> [["Component ",NameA," is not expected.\n\n"] | analyze_report([E|Es],As)]; @@ -1054,7 +1015,7 @@ analyze_report([], [{NameA,_BinA}|As]) -> [["Component ",NameA," not expected.\n\n"] | analyze_report([],As)]; analyze_report([], []) -> "". - + tar_size(TarFileName, Config) -> {ChPid,_} = ?config(sftp,Config), {ok,Data} = ssh_sftp:read_file(ChPid, TarFileName), @@ -1088,4 +1049,4 @@ fn(Name, Config) -> fmt_host({A,B,C,D}) -> lists:concat([A,".",B,".",C,".",D]); fmt_host(S) -> S. - + diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 988ea47bd8..6d568125bb 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -27,6 +27,8 @@ -include_lib("public_key/include/public_key.hrl"). -include_lib("common_test/include/ct.hrl"). +-include_lib("ssh/src/ssh_transport.hrl"). + -define(TIMEOUT, 50000). @@ -65,6 +67,55 @@ daemon(Host, Port, Options) -> end. +std_daemon(Config, ExtraOpts) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + std_daemon1(Config, + ExtraOpts ++ + [{user_dir, UserDir}, + {user_passwords, [{"usr1","pwd1"}]}]). + +std_daemon1(Config, ExtraOpts) -> + SystemDir = ?config(data_dir, Config), + {_Server, _Host, _Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {failfun, fun ssh_test_lib:failfun/2} + | ExtraOpts]). + +std_connect(Config, Host, Port, ExtraOpts) -> + UserDir = ?config(priv_dir, Config), + _ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user, "usr1"}, + {password, "pwd1"}, + {user_interaction, false} + | ExtraOpts]). + +std_simple_sftp(Host, Port, Config) -> + UserDir = ?config(priv_dir, Config), + DataFile = filename:join(UserDir, "test.data"), + ConnectionRef = ssh_test_lib:std_connect(Config, Host, Port, []), + {ok, ChannelRef} = ssh_sftp:start_channel(ConnectionRef), + Data = crypto:rand_bytes(proplists:get_value(std_simple_sftp_size,Config,10)), + ok = ssh_sftp:write_file(ChannelRef, DataFile, Data), + {ok,ReadData} = file:read_file(DataFile), + ok = ssh:close(ConnectionRef), + Data == ReadData. + +std_simple_exec(Host, Port, Config) -> + ConnectionRef = ssh_test_lib:std_connect(Config, Host, Port, []), + {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + success = ssh_connection:exec(ConnectionRef, ChannelId, "23+21-2.", infinity), + Data = {ssh_cm, ConnectionRef, {data, ChannelId, 0, <<"42\n">>}}, + case ssh_test_lib:receive_exec_result(Data) of + expected -> + ok; + Other -> + ct:fail(Other) + end, + ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId). + start_shell(Port, IOServer, UserDir) -> start_shell(Port, IOServer, UserDir, []). @@ -372,3 +423,133 @@ openssh_sanity_check(Config) -> ssh:stop(), {skip, Str} end. + +%%-------------------------------------------------------------------- +%% Check if we have a "newer" ssh client that supports these test cases + +ssh_client_supports_Q() -> + ErlPort = open_port({spawn, "ssh -Q cipher"}, [exit_status, stderr_to_stdout]), + 0 == check_ssh_client_support2(ErlPort). + +check_ssh_client_support2(P) -> + receive + {P, {data, _A}} -> + check_ssh_client_support2(P); + {P, {exit_status, E}} -> + E + after 5000 -> + + ct:log("Openssh command timed out ~n"), + -1 + end. + +default_algorithms(Host, Port) -> + KexInitPattern = + #ssh_msg_kexinit{ + kex_algorithms = '$kex_algorithms', + server_host_key_algorithms = '$server_host_key_algorithms', + encryption_algorithms_client_to_server = '$encryption_algorithms_client_to_server', + encryption_algorithms_server_to_client = '$encryption_algorithms_server_to_client', + mac_algorithms_client_to_server = '$mac_algorithms_client_to_server', + mac_algorithms_server_to_client = '$mac_algorithms_server_to_client', + compression_algorithms_client_to_server = '$compression_algorithms_client_to_server', + compression_algorithms_server_to_client = '$compression_algorithms_server_to_client', + _ = '_' + }, + + try ssh_trpt_test_lib:exec( + [{connect,Host,Port, [{silently_accept_hosts, true}, + {user_interaction, false}]}, + {send,hello}, + receive_hello, + {send, ssh_msg_kexinit}, + {match, KexInitPattern, receive_msg}, + close_socket]) + of + {ok,E} -> + [Kex, PubKey, EncC2S, EncS2C, MacC2S, MacS2C, CompC2S, CompS2C] = + ssh_trpt_test_lib:instantiate(['$kex_algorithms', + '$server_host_key_algorithms', + '$encryption_algorithms_client_to_server', + '$encryption_algorithms_server_to_client', + '$mac_algorithms_client_to_server', + '$mac_algorithms_server_to_client', + '$compression_algorithms_client_to_server', + '$compression_algorithms_server_to_client' + ], E), + [{kex, to_atoms(Kex)}, + {public_key, to_atoms(PubKey)}, + {cipher, [{client2server, to_atoms(EncC2S)}, + {server2client, to_atoms(EncS2C)}]}, + {mac, [{client2server, to_atoms(MacC2S)}, + {server2client, to_atoms(MacS2C)}]}, + {compression, [{client2server, to_atoms(CompC2S)}, + {server2client, to_atoms(CompS2C)}]}]; + _ -> + [] + catch + _:_ -> + [] + end. + + +default_algorithms(sshd) -> + default_algorithms("localhost", 22); +default_algorithms(sshc) -> + case os:find_executable("ssh") of + false -> + []; + _ -> + Cipher = sshc(cipher), + Mac = sshc(mac), + [{kex, sshc(kex)}, + {public_key, sshc(key)}, + {cipher, [{client2server, Cipher}, + {server2client, Cipher}]}, + {mac, [{client2server, Mac}, + {server2client, Mac}]} + ] + end. + +sshc(Tag) -> + to_atoms( + string:tokens(os:cmd(lists:concat(["ssh -Q ",Tag])), "\n") + ). + +ssh_type() -> + case os:find_executable("ssh") of + false -> not_found; + _ -> + case os:cmd("ssh -V") of + "OpenSSH" ++ _ -> + openSSH; + Str -> + ct:log("ssh client ~p is unknown",[Str]), + unknown + end + end. + +algo_intersection([], _) -> []; +algo_intersection(_, []) -> []; +algo_intersection(L1=[A1|_], L2=[A2|_]) when is_atom(A1), is_atom(A2) -> + true = lists:all(fun erlang:is_atom/1, L1++L2), + lists:foldr(fun(A,Acc) -> + case lists:member(A,L2) of + true -> [A|Acc]; + false -> Acc + end + end, [], L1); +algo_intersection([{K,V1}|T1], L2) -> + case lists:keysearch(K,1,L2) of + {value, {K,V2}} -> + [{K,algo_intersection(V1,V2)} | algo_intersection(T1,L2)]; + false -> + algo_intersection(T1,L2) + end; +algo_intersection(_, _) -> + []. + + +to_atoms(L) -> lists:map(fun erlang:list_to_atom/1, L). + + diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 663168b169..104c1f9107 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -85,6 +85,11 @@ init_per_group(erlang_server, Config) -> UserDir = ?config(priv_dir, Config), ssh_test_lib:setup_dsa_known_host(DataDir, UserDir), Config; +init_per_group(erlang_client, Config) -> + CommonAlgs = ssh_test_lib:algo_intersection( + ssh:default_algorithms(), + ssh_test_lib:default_algorithms("localhost", 22)), + [{common_algs,CommonAlgs} | Config]; init_per_group(_, Config) -> Config. @@ -201,43 +206,49 @@ erlang_client_openssh_server_kexs() -> [{doc, "Test that we can connect with different KEXs."}]. erlang_client_openssh_server_kexs(Config) when is_list(Config) -> - Success = - lists:foldl( - fun(Kex, Acc) -> - ct:log("============= ~p ============= ~p",[Kex,Acc]), - ConnectionRef = - ssh_test_lib:connect(?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, - {user_interaction, false}, - {preferred_algorithms, - [{kex,[Kex]}]}]), - - {ok, ChannelId} = - ssh_connection:session_channel(ConnectionRef, infinity), - success = - ssh_connection:exec(ConnectionRef, ChannelId, - "echo testing", infinity), - - ExpectedData = {ssh_cm, ConnectionRef, {data, ChannelId, 0, <<"testing\n">>}}, - case ssh_test_lib:receive_exec_result(ExpectedData) of - expected -> - ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId), - Acc; - {unexpected_msg,{ssh_cm, ConnectionRef, - {exit_status, ChannelId, 0}} = ExitStatus} -> - ct:log("0: Collected data ~p", [ExitStatus]), - ssh_test_lib:receive_exec_result(ExpectedData, ConnectionRef, ChannelId), - Acc; - Other -> - ct:log("~p failed: ~p",[Kex,Other]), - [Kex|Acc] - end - end, [], ssh_transport:supported_algorithms(kex)), - case Success of - [] -> - ok; - BadKex -> - ct:log("Bad kex algos: ~p",[BadKex]), - {fail, "Kex failed for one or more algos"} + KexAlgos = try proplists:get_value(kex, ?config(common_algs,Config)) + catch _:_ -> [] + end, + comment(KexAlgos), + case KexAlgos of + [] -> {skip, "No common kex algorithms"}; + _ -> + Success = + lists:foldl( + fun(Kex, Acc) -> + ConnectionRef = + ssh_test_lib:connect(?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, + {user_interaction, false}, + {preferred_algorithms, + [{kex,[Kex]}]}]), + + {ok, ChannelId} = + ssh_connection:session_channel(ConnectionRef, infinity), + success = + ssh_connection:exec(ConnectionRef, ChannelId, + "echo testing", infinity), + + ExpectedData = {ssh_cm, ConnectionRef, {data, ChannelId, 0, <<"testing\n">>}}, + case ssh_test_lib:receive_exec_result(ExpectedData) of + expected -> + ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId), + Acc; + {unexpected_msg,{ssh_cm, ConnectionRef, + {exit_status, ChannelId, 0}} = ExitStatus} -> + ct:log("0: Collected data ~p", [ExitStatus]), + ssh_test_lib:receive_exec_result(ExpectedData, ConnectionRef, ChannelId), + Acc; + Other -> + ct:log("~p failed: ~p",[Kex,Other]), + false + end + end, true, KexAlgos), + case Success of + true -> + ok; + false -> + {fail, "Kex failed for one or more algos"} + end end. %%-------------------------------------------------------------------- @@ -283,45 +294,37 @@ erlang_server_openssh_client_cipher_suites(Config) when is_list(Config) -> {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {failfun, fun ssh_test_lib:failfun/2}]), - ct:sleep(500), - Supports = crypto:supports(), - Ciphers = proplists:get_value(ciphers, Supports), - Tests = [ - {"3des-cbc", lists:member(des3_cbc, Ciphers)}, - {"aes128-cbc", lists:member(aes_cbc128, Ciphers)}, - {"aes128-ctr", lists:member(aes_ctr, Ciphers)}, - {"aes256-cbc", false} - ], - lists:foreach(fun({Cipher, Expect}) -> - Cmd = "ssh -p " ++ integer_to_list(Port) ++ - " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++ - " -c " ++ Cipher ++ " 1+1.", - - ct:log("Cmd: ~p~n", [Cmd]), - - SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), - - case Expect of - true -> - receive - {SshPort,{data, <<"2\n">>}} -> - ok - after ?TIMEOUT -> - ct:fail("Did not receive answer") - end; - false -> - receive - {SshPort,{data, <<"no matching cipher found", _/binary>>}} -> - ok - after ?TIMEOUT -> - ct:fail("Did not receive no matching cipher message") - end - end - end, Tests), - - ssh:stop_daemon(Pid). + OpenSshCiphers = + ssh_test_lib:to_atoms( + string:tokens(os:cmd("ssh -Q cipher"), "\n")), + ErlCiphers = + proplists:get_value(client2server, + proplists:get_value(cipher, ssh:default_algorithms())), + CommonCiphers = + ssh_test_lib:algo_intersection(ErlCiphers, OpenSshCiphers), + + comment(CommonCiphers), + + lists:foreach( + fun(Cipher) -> + Cmd = lists:concat(["ssh -p ",Port, + " -o UserKnownHostsFile=",KnownHosts," ",Host," ", + " -c ",Cipher," 1+1."]), + ct:log("Cmd: ~p~n", [Cmd]), + + SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), + + receive + {SshPort,{data, <<"2\n">>}} -> + ok + after ?TIMEOUT -> + ct:fail("~p Did not receive answer",[Cipher]) + end + end, CommonCiphers), + + ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- erlang_server_openssh_client_macs() -> @@ -333,45 +336,40 @@ erlang_server_openssh_client_macs(Config) when is_list(Config) -> KnownHosts = filename:join(PrivDir, "known_hosts"), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {failfun, fun ssh_test_lib:failfun/2}]), + {failfun, fun ssh_test_lib:failfun/2}]), ct:sleep(500), - Supports = crypto:supports(), - Hashs = proplists:get_value(hashs, Supports), - MACs = [{"hmac-sha1", lists:member(sha, Hashs)}, - {"hmac-sha2-256", lists:member(sha256, Hashs)}, - {"hmac-md5-96", false}, - {"hmac-ripemd160", false}], - lists:foreach(fun({MAC, Expect}) -> - Cmd = "ssh -p " ++ integer_to_list(Port) ++ - " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++ - " -o MACs=" ++ MAC ++ " 1+1.", - - ct:log("Cmd: ~p~n", [Cmd]), - - SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), - - case Expect of - true -> - receive - {SshPort,{data, <<"2\n">>}} -> - ok - after ?TIMEOUT -> - ct:fail("Did not receive answer") - end; - false -> - receive - {SshPort,{data, <<"no matching mac found", _/binary>>}} -> - ok - after ?TIMEOUT -> - ct:fail("Did not receive no matching mac message") - end - end - end, MACs), + OpenSshMacs = + ssh_test_lib:to_atoms( + string:tokens(os:cmd("ssh -Q mac"), "\n")), + ErlMacs = + proplists:get_value(client2server, + proplists:get_value(mac, ssh:default_algorithms())), + CommonMacs = + ssh_test_lib:algo_intersection(ErlMacs, OpenSshMacs), + + comment(CommonMacs), + + lists:foreach( + fun(MAC) -> + Cmd = lists:concat(["ssh -p ",Port, + " -o UserKnownHostsFile=",KnownHosts," ",Host," ", + " -o MACs=",MAC," 1+1."]), + ct:log("Cmd: ~p~n", [Cmd]), + + SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), + + receive + {SshPort,{data, <<"2\n">>}} -> + ok + after ?TIMEOUT -> + ct:fail("~p Did not receive answer",[MAC]) + end + end, CommonMacs), - ssh:stop_daemon(Pid). + ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- erlang_server_openssh_client_kexs() -> @@ -389,54 +387,34 @@ erlang_server_openssh_client_kexs(Config) when is_list(Config) -> ]), ct:sleep(500), - ErlKexs = lists:map(fun erlang:atom_to_list/1, - ssh_transport:supported_algorithms(kex)), - OpenSshKexs = string:tokens(os:cmd("ssh -Q kex"), "\n"), - - Kexs = [{OpenSshKex,lists:member(OpenSshKex,ErlKexs)} - || OpenSshKex <- OpenSshKexs], - - Success = - lists:foldl( - fun({Kex, Expect}, Acc) -> - Cmd = "ssh -p " ++ integer_to_list(Port) ++ - " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " " ++ - " -o KexAlgorithms=" ++ Kex ++ " 1+1.", - - ct:log("Cmd: ~p~n", [Cmd]), - - SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), - - case Expect of - true -> - receive - {SshPort,{data, <<"2\n">>}} -> - Acc - after ?TIMEOUT -> - ct:log("Did not receive answer for ~p",[Kex]), - [Kex|Acc] - end; - false -> - receive - {SshPort,{data, <<"Unable to negotiate a key exchange method", _/binary>>}} -> - Acc - after ?TIMEOUT -> - ct:log("Did not receive no matching kex message for ~p",[Kex]), - [Kex|Acc] - end - end - end, [], Kexs), + OpenSshKexs = + ssh_test_lib:to_atoms( + string:tokens(os:cmd("ssh -Q kex"), "\n")), + ErlKexs = + proplists:get_value(kex, ssh:default_algorithms()), + CommonKexs = + ssh_test_lib:algo_intersection(ErlKexs, OpenSshKexs), + + comment(CommonKexs), + + lists:foreach( + fun(Kex) -> + Cmd = lists:concat(["ssh -p ",Port, + " -o UserKnownHostsFile=",KnownHosts," ",Host," ", + " -o KexAlgorithms=",Kex," 1+1."]), + ct:log("Cmd: ~p~n", [Cmd]), + + SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), + + receive + {SshPort,{data, <<"2\n">>}} -> + ok + after ?TIMEOUT -> + ct:log("~p Did not receive answer",[Kex]) + end + end, CommonKexs), - ssh:stop_daemon(Pid), - - case Success of - [] -> - ok; - BadKex -> - ct:log("Bad kex algos: ~p",[BadKex]), - {fail, "Kex failed for one or more algos"} - end. - + ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- erlang_server_openssh_client_exec_compressed() -> @@ -697,27 +675,18 @@ extra_logout() -> ok end. -%%-------------------------------------------------------------------- %%-------------------------------------------------------------------- %% Check if we have a "newer" ssh client that supports these test cases -%%-------------------------------------------------------------------- check_ssh_client_support(Config) -> - Port = open_port({spawn, "ssh -Q cipher"}, [exit_status, stderr_to_stdout]), - case check_ssh_client_support2(Port) of - 0 -> % exit status from command (0 == ok) + case ssh_test_lib:ssh_client_supports_Q() of + true -> ssh:start(), Config; _ -> {skip, "test case not supported by ssh client"} end. -check_ssh_client_support2(P) -> - receive - {P, {data, _A}} -> - check_ssh_client_support2(P); - {P, {exit_status, E}} -> - E - after 5000 -> - ct:log("Openssh command timed out ~n"), - -1 - end. +comment(AtomList) -> + ct:comment( + string:join(lists:map(fun erlang:atom_to_list/1, AtomList), + ", ")). diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl index 66df890f5c..caf9bac3b6 100644 --- a/lib/ssh/test/ssh_trpt_test_lib.erl +++ b/lib/ssh/test/ssh_trpt_test_lib.erl @@ -23,6 +23,7 @@ %%-compile(export_all). -export([exec/1, exec/2, + instantiate/2, format_msg/1, server_host_port/1 ] -- cgit v1.2.3 From 95de23a194ccb1603132d3a3baafa66385320559 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 17 Aug 2015 22:25:29 +0200 Subject: ssh: dh_gex defautl values increased. Groups added --- lib/ssh/src/ssh_transport.erl | 12 ++++-------- lib/ssh/src/ssh_transport.hrl | 38 +++++++++++++++++++++++++++---------- lib/ssh/test/ssh_protocol_SUITE.erl | 8 +++++--- 3 files changed, 37 insertions(+), 21 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 1914b223bc..2b6f0a3cdc 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -1340,14 +1340,10 @@ peer_name({Host, _}) -> %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -dh_group('diffie-hellman-group1-sha1') -> ?dh_group1; -dh_group('diffie-hellman-group14-sha1') -> ?dh_group14. - -dh_gex_default_groups() -> - [{1024, ?dh_group1 }, - {2048, ?dh_group14}, - {3072, ?dh_group15}, - {4096, ?dh_group16}]. +dh_group('diffie-hellman-group1-sha1') -> element(2, ?dh_group1); +dh_group('diffie-hellman-group14-sha1') -> element(2, ?dh_group14). + +dh_gex_default_groups() -> ?dh_default_groups. dh_gex_group(Min, N, Max, undefined) -> diff --git a/lib/ssh/src/ssh_transport.hrl b/lib/ssh/src/ssh_transport.hrl index 0bc6b7953b..d962b1111f 100644 --- a/lib/ssh/src/ssh_transport.hrl +++ b/lib/ssh/src/ssh_transport.hrl @@ -32,10 +32,9 @@ -define(MAX_NUM_ALGORITHMS, 100). --define(DEFAULT_DH_GROUP_MIN, 512). --define(DEFAULT_DH_GROUP_NBITS, 1024). --define(DEFAULT_DH_GROUP_MAX, 4096). - +-define(DEFAULT_DH_GROUP_MIN, 1024). +-define(DEFAULT_DH_GROUP_NBITS, 6144). +-define(DEFAULT_DH_GROUP_MAX, 8192). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% @@ -114,6 +113,7 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% diffie-hellman-group1-sha1 | diffie-hellman-group14-sha1 + -define(SSH_MSG_KEXDH_INIT, 30). -define(SSH_MSG_KEXDH_REPLY, 31). @@ -230,20 +230,38 @@ %%% rfc 2489, ch 6.2 -define(dh_group1, - {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF}). + {1024, + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF}}). %%% rfc 3526, ch3 -define(dh_group14, - {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF}). + {2048, + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF}}). %%% rfc 3526, ch4 -define(dh_group15, - {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF}). + {3072, + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF}}). %%% rfc 3526, ch5 -define(dh_group16, - {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF}). - - + {4096, + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF}}). + +%%% rfc 3526, ch6 +-define(dh_group17, + {6144, + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF}}). + +%%% rfc 3526, ch7 +-define(dh_group18, + {8192, + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF}}). + +-define(dh_default_groups, [?dh_group14, + ?dh_group15, + ?dh_group16, + ?dh_group17, + ?dh_group18] ). -endif. % -ifdef(ssh_transport). diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index cf2df5028a..d8e99799e2 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -343,13 +343,15 @@ gex_client_init_default_exact(Config) -> gex_client_init_option_groups(Config) -> - do_gex_client_init(Config, {2000, 2048, 4000}, {3,41}). + do_gex_client_init(Config, {2000, 2048, 4000}, + {'n/a',{3,41}}). gex_client_init_option_groups_file(Config) -> - do_gex_client_init(Config, {2000, 2048, 4000}, {5,61}). + do_gex_client_init(Config, {2000, 2048, 4000}, + {'n/a',{5,61}}). -do_gex_client_init(Config, {Min,N,Max}, {G,P}) -> +do_gex_client_init(Config, {Min,N,Max}, {_,{G,P}}) -> {ok,_} = ssh_trpt_test_lib:exec( [{set_options, [print_ops, print_seqnums, print_messages]}, -- cgit v1.2.3 From e889cb0381be081891c530bbf04c72797042455b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 11 Sep 2015 12:07:21 +0200 Subject: ssh: increased max number of algorithms --- lib/ssh/src/ssh_transport.hrl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.hrl b/lib/ssh/src/ssh_transport.hrl index d962b1111f..96ab1bb668 100644 --- a/lib/ssh/src/ssh_transport.hrl +++ b/lib/ssh/src/ssh_transport.hrl @@ -30,7 +30,7 @@ -define(DEFAULT_CLIENT_VERSION, {2, 0}). -define(DEFAULT_SERVER_VERSION, {2, 0}). --define(MAX_NUM_ALGORITHMS, 100). +-define(MAX_NUM_ALGORITHMS, 200). -define(DEFAULT_DH_GROUP_MIN, 1024). -define(DEFAULT_DH_GROUP_NBITS, 6144). -- cgit v1.2.3 From 6738d356a279835222b951fd213ed4cf9897eb7e Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 21 Sep 2015 17:09:23 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 102 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 9d498c0fdc..368bb0f552 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,108 @@ notes.xml +

Ssh 4.1 + +
Fixed Bugs and Malfunctions + + +

+ Send an understandable disconnect message when the key + exchange phase can't find a common algorithm. There are + also some test cases added.

+

+ Own Id: OTP-11531

+ + +

+ The third parameter in ssh_sftp:write_file is now + accepting iolists again. Unicode handling adjusted.

+

+ Own Id: OTP-12853 Aux Id: seq12891

+ + +
+ + +
Improvements and New Features + + +

+ First part of ssh test suite re-organization and + extension.

+

+ Own Id: OTP-12230

+ + +

+ The key exchange algorithms 'ecdh-sha2-nistp256', + 'ecdh-sha2-nistp384' and 'ecdh-sha2-nistp521' are + implemented. See RFC 5656.

+

+ This raises the security level considerably.

+

+ Own Id: OTP-12622 Aux Id: OTP-12671, OTP-12672

+ + +

+ The key exchange algorithm 'diffie-hellman-group14-sha1' + is implemented. See RFC 4253.

+

+ This raises the security level.

+

+ Own Id: OTP-12671 Aux Id: OTP-12672, OTP-12622

+ + +

+ The key exchange algorithms + 'diffie-hellman-group-exchange-sha1' and + 'diffie-hellman-group-exchange-sha256' are implemented. + See RFC 4419.

+

+ This raises the security level.

+

+ Own Id: OTP-12672 Aux Id: OTP-12671, OTP-12622

+ + +

+ Adding random length extra padding as recommended in RFC + 4253 section 6.

+

+ Own Id: OTP-12831

+ + +

+ New test library for low-level protocol testing. There is + also a test suite using it for some preliminary tests. + The intention is to build on that for more testing of + individual ssh messages. See + lib/ssh/test/ssh_trpt_test_lib.erl and + ssh_protocol_SUITE.erl in the same directory.

+

+ Own Id: OTP-12858

+ + +

+ Increased default values for + diffie-hellman-group-exchange-sha* to Min = 1024, N = + 6144, Max = 8192.

+

+ Added 6144 and 8192 bit default gex groups.

+

+ Own Id: OTP-12937

+ + +

+ The mac algorithm 'hmac-sha2-512' is implemented. See RFC + 6668.

+

+ Own Id: OTP-12938

+ + +
+ +
+
Ssh 4.0
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 345e84991d7892eeb48ff63df3258d7581049d11 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 14 Sep 2015 19:44:11 +0200 Subject: ssh: new state - service_request --- lib/ssh/src/ssh_connection_handler.erl | 35 ++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index fcd66b80c0..b7a80ae5d4 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -49,7 +49,7 @@ -export([hello/2, kexinit/2, key_exchange/2, key_exchange_dh_gex_init/2, key_exchange_dh_gex_reply/2, new_keys/2, - userauth/2, connected/2, + userauth/2, service_request/2, connected/2, error/2]). -export([init/1, handle_event/3, @@ -82,7 +82,8 @@ recbuf }). --type state_name() :: hello | kexinit | key_exchange | new_keys | userauth | connection. +-type state_name() :: hello | kexinit | key_exchange | key_exchange_dh_gex_init | + key_exchange_dh_gex_reply | new_keys | service_request | userauth | connection. -type gen_fsm_state_return() :: {next_state, state_name(), term()} | {next_state, state_name(), term(), timeout()} | {stop, term(), term()}. @@ -474,28 +475,30 @@ new_keys(#ssh_msg_newkeys{} = Msg, #state{ssh_params = Ssh0} = State0) -> after_new_keys(next_packet(State0#state{ssh_params = Ssh})). %%-------------------------------------------------------------------- --spec userauth(#ssh_msg_service_request{} | #ssh_msg_service_accept{} | - #ssh_msg_userauth_request{} | #ssh_msg_userauth_info_request{} | - #ssh_msg_userauth_info_response{} | #ssh_msg_userauth_success{} | - #ssh_msg_userauth_failure{} | #ssh_msg_userauth_banner{}, - #state{}) -> gen_fsm_state_return(). +-spec service_request(#ssh_msg_service_request{} | #ssh_msg_service_accept{}, + #state{}) -> gen_fsm_state_return(). %%-------------------------------------------------------------------- - -userauth(#ssh_msg_service_request{name = "ssh-userauth"} = Msg, +service_request(#ssh_msg_service_request{name = "ssh-userauth"} = Msg, #state{ssh_params = #ssh{role = server, session_id = SessionId} = Ssh0} = State) -> {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0), send_msg(Reply, State), {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; -userauth(#ssh_msg_service_accept{name = "ssh-userauth"}, - #state{ssh_params = #ssh{role = client, - service = "ssh-userauth"} = Ssh0} = - State) -> +service_request(#ssh_msg_service_accept{name = "ssh-userauth"}, + #state{ssh_params = #ssh{role = client, + service = "ssh-userauth"} = Ssh0} = + State) -> {Msg, Ssh} = ssh_auth:init_userauth_request_msg(Ssh0), send_msg(Msg, State), - {next_state, userauth, next_packet(State#state{auth_user = Ssh#ssh.user, ssh_params = Ssh})}; + {next_state, userauth, next_packet(State#state{auth_user = Ssh#ssh.user, ssh_params = Ssh})}. +%%-------------------------------------------------------------------- +-spec userauth(#ssh_msg_userauth_request{} | #ssh_msg_userauth_info_request{} | + #ssh_msg_userauth_info_response{} | #ssh_msg_userauth_success{} | + #ssh_msg_userauth_failure{} | #ssh_msg_userauth_banner{}, + #state{}) -> gen_fsm_state_return(). +%%-------------------------------------------------------------------- userauth(#ssh_msg_userauth_request{service = "ssh-connection", method = "none"} = Msg, #state{ssh_params = #ssh{session_id = SessionId, role = server, @@ -1563,10 +1566,10 @@ after_new_keys(#state{renegotiate = false, ssh_params = #ssh{role = client} = Ssh0} = State) -> {Msg, Ssh} = ssh_auth:service_request_msg(Ssh0), send_msg(Msg, State), - {next_state, userauth, State#state{ssh_params = Ssh}}; + {next_state, service_request, State#state{ssh_params = Ssh}}; after_new_keys(#state{renegotiate = false, ssh_params = #ssh{role = server}} = State) -> - {next_state, userauth, State}. + {next_state, service_request, State}. after_new_keys_events({sync, _Event, From}, {stop, _Reason, _StateData}=Terminator) -> gen_fsm:reply(From, {error, closed}), -- cgit v1.2.3 From a45b4cccb1cf2c669fd73236602b74a9c1c4c773 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 15 Sep 2015 15:20:49 +0200 Subject: ssh: new states for keyboard-interactive --- lib/ssh/src/ssh_auth.erl | 23 ++------- lib/ssh/src/ssh_connection_handler.erl | 85 ++++++++++++++++++++++------------ 2 files changed, 61 insertions(+), 47 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index a91b8c200e..ddf033c334 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -153,7 +153,7 @@ userauth_request_msg(#ssh{userauth_methods = Methods, not_ok -> userauth_request_msg(Ssh); Result -> - Result + {Pref,Result} end; false -> userauth_request_msg(Ssh) @@ -313,6 +313,8 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, #ssh_msg_userauth_failure{authentications = Methods, partial_success = false}, Ssh)}. + + handle_userauth_info_request( #ssh_msg_userauth_info_request{name = Name, instruction = Instr, @@ -330,36 +332,21 @@ handle_userauth_info_request( handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1, data = <>}, #ssh{opts = Opts, - kb_tries_left = KbTriesLeft0, + kb_tries_left = KbTriesLeft, kb_data = InfoMsg, user = User, userauth_supported_methods = Methods} = Ssh) -> - KbTriesLeft = KbTriesLeft0 - 1, case check_password(User, unicode:characters_to_list(Password), Opts) of true -> {authorized, User, ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh)}; - false when KbTriesLeft > 0 -> - UserAuthInfoMsg = - InfoMsg#ssh_msg_userauth_info_request{ - name = "", - instruction = - lists:concat( - ["Bad user or password, try again. ", - integer_to_list(KbTriesLeft), - " tries left."]) - }, - {not_authorized, {User, undefined}, - ssh_transport:ssh_packet(UserAuthInfoMsg, - Ssh#ssh{kb_tries_left = KbTriesLeft})}; - false -> {not_authorized, {User, {error,"Bad user or password"}}, ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ authentications = Methods, partial_success = false}, Ssh#ssh{kb_data = undefined, - kb_tries_left = 0} + kb_tries_left = max(KbTriesLeft-1, 0)} )} end; diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index b7a80ae5d4..646f787874 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -49,7 +49,10 @@ -export([hello/2, kexinit/2, key_exchange/2, key_exchange_dh_gex_init/2, key_exchange_dh_gex_reply/2, new_keys/2, - userauth/2, service_request/2, connected/2, + service_request/2, connected/2, + userauth/2, + userauth_keyboard_interactive/2, + userauth_keyboard_interactive_info_response/2, error/2]). -export([init/1, handle_event/3, @@ -83,7 +86,11 @@ }). -type state_name() :: hello | kexinit | key_exchange | key_exchange_dh_gex_init | - key_exchange_dh_gex_reply | new_keys | service_request | userauth | connection. + key_exchange_dh_gex_reply | new_keys | service_request | + userauth | userauth_keyboard_interactive | + userauth_keyboard_interactive_info_response | + connection. + -type gen_fsm_state_return() :: {next_state, state_name(), term()} | {next_state, state_name(), term(), timeout()} | {stop, term(), term()}. @@ -524,6 +531,10 @@ userauth(#ssh_msg_userauth_request{service = "ssh-connection", connected_fun(User, Address, Method, Opts), {next_state, connected, next_packet(State#state{auth_user = User, ssh_params = Ssh})}; + {not_authorized, {User, Reason}, {Reply, Ssh}} when Method == "keyboard-interactive" -> + retry_fun(User, Address, Reason, Opts), + send_msg(Reply, State), + {next_state, userauth_keyboard_interactive, next_packet(State#state{ssh_params = Ssh})}; {not_authorized, {User, Reason}, {Reply, Ssh}} -> retry_fun(User, Address, Reason, Opts), send_msg(Reply, State), @@ -533,30 +544,6 @@ userauth(#ssh_msg_userauth_request{service = "ssh-connection", userauth(Msg#ssh_msg_userauth_request{method="none"}, State) end; -userauth(#ssh_msg_userauth_info_request{} = Msg, - #state{ssh_params = #ssh{role = client, - io_cb = IoCb} = Ssh0} = State) -> - {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_info_request(Msg, IoCb, Ssh0), - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; - -userauth(#ssh_msg_userauth_info_response{} = Msg, - #state{ssh_params = #ssh{role = server, - peer = {_, Address}} = Ssh0, - opts = Opts, starter = Pid} = State) -> - case ssh_auth:handle_userauth_info_response(Msg, Ssh0) of - {authorized, User, {Reply, Ssh}} -> - send_msg(Reply, State), - Pid ! ssh_connected, - connected_fun(User, Address, "keyboard-interactive", Opts), - {next_state, connected, - next_packet(State#state{auth_user = User, ssh_params = Ssh})}; - {not_authorized, {User, Reason}, {Reply, Ssh}} -> - retry_fun(User, Address, Reason, Opts), - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} - end; - userauth(#ssh_msg_userauth_success{}, #state{ssh_params = #ssh{role = client} = Ssh, starter = Pid} = State) -> Pid ! ssh_connected, @@ -583,19 +570,25 @@ userauth(#ssh_msg_userauth_failure{authentications = Methodes}, {disconnect, DisconnectMsg, {Msg, Ssh}} -> send_msg(Msg, State), handle_disconnect(DisconnectMsg, State#state{ssh_params = Ssh}); - {Msg, Ssh} -> + {"keyboard-interactive", {Msg, Ssh}} -> + send_msg(Msg, State), + {next_state, userauth_keyboard_interactive, next_packet(State#state{ssh_params = Ssh})}; + {_Method, {Msg, Ssh}} -> send_msg(Msg, State), {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} end; %% The prefered authentication method failed try next method -userauth(#ssh_msg_userauth_failure{}, +userauth(#ssh_msg_userauth_failure{}, #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> case ssh_auth:userauth_request_msg(Ssh0) of {disconnect, DisconnectMsg,{Msg, Ssh}} -> send_msg(Msg, State), handle_disconnect(DisconnectMsg, State#state{ssh_params = Ssh}); - {Msg, Ssh} -> + {"keyboard-interactive", {Msg, Ssh}} -> + send_msg(Msg, State), + {next_state, userauth_keyboard_interactive, next_packet(State#state{ssh_params = Ssh})}; + {_Method, {Msg, Ssh}} -> send_msg(Msg, State), {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} end; @@ -610,6 +603,40 @@ userauth(#ssh_msg_userauth_banner{message = Msg}, io:format("~s", [Msg]), {next_state, userauth, next_packet(State)}. + + +userauth_keyboard_interactive(#ssh_msg_userauth_info_request{} = Msg, + #state{ssh_params = #ssh{role = client, + io_cb = IoCb} = Ssh0} = State) -> + {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_info_request(Msg, IoCb, Ssh0), + send_msg(Reply, State), + {next_state, userauth_keyboard_interactive_info_response, next_packet(State#state{ssh_params = Ssh})}; + +userauth_keyboard_interactive(#ssh_msg_userauth_info_response{} = Msg, + #state{ssh_params = #ssh{role = server, + peer = {_, Address}} = Ssh0, + opts = Opts, starter = Pid} = State) -> + case ssh_auth:handle_userauth_info_response(Msg, Ssh0) of + {authorized, User, {Reply, Ssh}} -> + send_msg(Reply, State), + Pid ! ssh_connected, + connected_fun(User, Address, "keyboard-interactive", Opts), + {next_state, connected, + next_packet(State#state{auth_user = User, ssh_params = Ssh})}; + {not_authorized, {User, Reason}, {Reply, Ssh}} -> + retry_fun(User, Address, Reason, Opts), + send_msg(Reply, State), + {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} + end. + + + +userauth_keyboard_interactive_info_response(Msg=#ssh_msg_userauth_failure{}, State) -> + userauth(Msg, State); + +userauth_keyboard_interactive_info_response(Msg=#ssh_msg_userauth_success{}, State) -> + userauth(Msg, State). + %%-------------------------------------------------------------------- -spec connected({#ssh_msg_kexinit{}, binary()}, %%| %% #ssh_msg_kexdh_init{}, #state{}) -> gen_fsm_state_return(). -- cgit v1.2.3 From 8b480500f5004cf179f4993a56ad97e8f8171d94 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 24 Sep 2015 16:52:30 +0200 Subject: ssh: remove unused filed #ssh.kb_data --- lib/ssh/src/ssh.hrl | 1 - lib/ssh/src/ssh_auth.erl | 7 ++----- 2 files changed, 2 insertions(+), 6 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index 462c98f503..da64e4abf9 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -133,7 +133,6 @@ userauth_supported_methods, % string() eg "keyboard-interactive,password" userauth_methods, % list( string() ) eg ["keyboard-interactive", "password"] kb_tries_left = 0, % integer(), num tries left for "keyboard-interactive" - kb_data, userauth_preference, available_host_keys, authenticated = false diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index ddf033c334..726f52132f 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -299,8 +299,7 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, >> }, {not_authorized, {User, undefined}, - ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, - kb_data = Msg + ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User })} end; @@ -333,7 +332,6 @@ handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1, data = <>}, #ssh{opts = Opts, kb_tries_left = KbTriesLeft, - kb_data = InfoMsg, user = User, userauth_supported_methods = Methods} = Ssh) -> case check_password(User, unicode:characters_to_list(Password), Opts) of @@ -345,8 +343,7 @@ handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1, ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ authentications = Methods, partial_success = false}, - Ssh#ssh{kb_data = undefined, - kb_tries_left = max(KbTriesLeft-1, 0)} + Ssh#ssh{kb_tries_left = max(KbTriesLeft-1, 0)} )} end; -- cgit v1.2.3 From 6b5aa5c7b807b0963fcfc31c2c4ee22249f75428 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 1 Oct 2015 12:16:45 +0200 Subject: ssh: document ecdh and hmac-sha2-512 --- lib/ssh/doc/src/ssh.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index cf5e8f1aff..6c95fa3399 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -41,10 +41,10 @@ For application dependencies see ssh(6) Supported SSH version is 2.0. Supported public key algorithms: ssh-rsa and ssh-dss. - Supported MAC algorithms: hmac-sha2-256 and hmac-sha1. + Supported MAC algorithms: hmac-sha2-512, hmac-sha2-256 and hmac-sha1. Supported encryption algorithms: aes128-ctr, aes128-cb and 3des-cbc. - Supported key exchange algorithms: diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256. - Supported compression algorithms: none, zlib, zlib@openssh.com, + Supported key exchange algorithms: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256. + Supported compression algorithms: none, zlib Supports unicode filenames if the emulator and the underlaying OS support it. See section DESCRIPTION in the file manual page in kernel -- cgit v1.2.3 From c31a42fe95c06d4f491424a42fc7c90f94fe5801 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 1 Oct 2015 16:58:29 +0200 Subject: ssh: document dh-gex default values --- lib/ssh/doc/src/ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index cf5e8f1aff..d57bcb96eb 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -243,7 +243,7 @@ kex is implicit but public_key is set explicitly.

Sets the three diffie-hellman-group-exchange parameters that guides the connected server in choosing a group. - See RFC 4419 for the function of thoose. The default value is {512, 1024, 4096}. + See RFC 4419 for the function of thoose. The default value is {1024, 6144, 8192}.

-- cgit v1.2.3 From bb63fc9bca7233d0f9e8b9abe96c66eac5bdc933 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 2 Oct 2015 08:49:04 +0200 Subject: ssh: 4.1->4.2 --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index b305eedcdc..d828bccd29 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,4 +1,4 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 4.1 +SSH_VSN = 4.2 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 000d6be54e5f0c20f797d73a355e50f76fc170c7 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 30 Sep 2015 20:31:32 +0200 Subject: ssh: aes192-ctr and aes256-ctr implemented --- lib/ssh/src/ssh_transport.erl | 167 ++++++++++++++++++++++++++---------------- 1 file changed, 102 insertions(+), 65 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 2b6f0a3cdc..e86c93263f 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -79,18 +79,20 @@ supported_algorithms(kex) -> [ {'ecdh-sha2-nistp256', [{public_keys,ecdh}, {ec_curve,secp256r1}, {hashs,sha256}]}, {'ecdh-sha2-nistp384', [{public_keys,ecdh}, {ec_curve,secp384r1}, {hashs,sha384}]}, + {'diffie-hellman-group14-sha1', [{public_keys,dh}, {hashs,sha}]}, + {'diffie-hellman-group-exchange-sha256', [{public_keys,dh}, {hashs,sha256}]}, + {'diffie-hellman-group-exchange-sha1', [{public_keys,dh}, {hashs,sha}]}, {'ecdh-sha2-nistp521', [{public_keys,ecdh}, {ec_curve,secp521r1}, {hashs,sha512}]}, - {'diffie-hellman-group14-sha1', [{public_keys,dh}, {hashs,sha}]}, - {'diffie-hellman-group-exchange-sha256', [{public_keys,dh}, {hashs,sha256}]}, - {'diffie-hellman-group-exchange-sha1', [{public_keys,dh}, {hashs,sha}]}, - {'diffie-hellman-group1-sha1', [{public_keys,dh}, {hashs,sha}]} + {'diffie-hellman-group1-sha1', [{public_keys,dh}, {hashs,sha}]} ]); supported_algorithms(public_key) -> ssh_auth:default_public_key_algorithms(); supported_algorithms(cipher) -> same( select_crypto_supported( - [{'aes128-ctr', [{ciphers,aes_ctr}]}, + [{'aes256-ctr', [{ciphers,{aes_ctr,256}}]}, + {'aes192-ctr', [{ciphers,{aes_ctr,192}}]}, + {'aes128-ctr', [{ciphers,{aes_ctr,128}}]}, {'aes128-cbc', [{ciphers,aes_cbc128}]}, {'3des-cbc', [{ciphers,des3_cbc}]} ] @@ -98,8 +100,8 @@ supported_algorithms(cipher) -> supported_algorithms(mac) -> same( select_crypto_supported( - [{'hmac-sha2-512', [{hashs,sha512}]}, - {'hmac-sha2-256', [{hashs,sha256}]}, + [{'hmac-sha2-256', [{hashs,sha256}]}, + {'hmac-sha2-512', [{hashs,sha512}]}, {'hmac-sha1', [{hashs,sha}]} ] )); @@ -124,10 +126,25 @@ crypto_supported_curves() -> end. crypto_supported(Conditions, Supported) -> - lists:all( fun({Tag,CryptoName}) -> - lists:member(CryptoName, proplists:get_value(Tag,Supported,[])) + lists:all( fun({Tag,CryptoName}) when is_atom(CryptoName) -> + crypto_name_supported(Tag,CryptoName,Supported); + ({Tag,{Name=aes_ctr,Len}}) when is_integer(Len) -> + crypto_name_supported(Tag,Name,Supported) andalso + ctr_len_supported(Name,Len) end, Conditions). +crypto_name_supported(Tag, CryptoName, Supported) -> + lists:member(CryptoName, proplists:get_value(Tag,Supported,[])). + +ctr_len_supported(Name, Len) -> + try + crypto:stream_encrypt(crypto:stream_init(Name, <<0:Len>>, <<0:128>>), <<"">>) + of + {_,X} -> is_binary(X) + catch + _:_ -> false + end. + same(Algs) -> [{client2server,Algs}, {server2client,Algs}]. @@ -899,52 +916,9 @@ verify(PlainText, Hash, Sig, {_, #'Dss-Parms'{}} = Key) -> verify(PlainText, Hash, Sig, Key) -> public_key:verify(PlainText, Hash, Sig, Key). -%% public key algorithms -%% -%% ssh-dss REQUIRED sign Raw DSS Key -%% ssh-rsa RECOMMENDED sign Raw RSA Key -%% x509v3-sign-rsa OPTIONAL sign X.509 certificates (RSA key) -%% x509v3-sign-dss OPTIONAL sign X.509 certificates (DSS key) -%% spki-sign-rsa OPTIONAL sign SPKI certificates (RSA key) -%% spki-sign-dss OPTIONAL sign SPKI certificates (DSS key) -%% pgp-sign-rsa OPTIONAL sign OpenPGP certificates (RSA key) -%% pgp-sign-dss OPTIONAL sign OpenPGP certificates (DSS key) -%% - -%% key exchange -%% -%% diffie-hellman-group1-sha1 REQUIRED -%% diffie-hellman-group14-sha1 REQUIRED -%% -%% - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% Encryption -%% -%% chiphers %% -%% 3des-cbc REQUIRED -%% three-key 3DES in CBC mode -%% blowfish-cbc OPTIONAL Blowfish in CBC mode -%% twofish256-cbc OPTIONAL Twofish in CBC mode, -%% with 256-bit key -%% twofish-cbc OPTIONAL alias for "twofish256-cbc" (this -%% is being retained for -%% historical reasons) -%% twofish192-cbc OPTIONAL Twofish with 192-bit key -%% twofish128-cbc OPTIONAL Twofish with 128-bit key -%% aes256-cbc OPTIONAL AES in CBC mode, -%% with 256-bit key -%% aes192-cbc OPTIONAL AES with 192-bit key -%% aes128-cbc RECOMMENDED AES with 128-bit key -%% serpent256-cbc OPTIONAL Serpent in CBC mode, with -%% 256-bit key -%% serpent192-cbc OPTIONAL Serpent with 192-bit key -%% serpent128-cbc OPTIONAL Serpent with 128-bit key -%% arcfour OPTIONAL the ARCFOUR stream cipher -%% idea-cbc OPTIONAL IDEA in CBC mode -%% cast128-cbc OPTIONAL CAST-128 in CBC mode -%% none OPTIONAL no encryption; NOT RECOMMENDED +%% Encryption %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -975,16 +949,44 @@ encrypt_init(#ssh{encrypt = 'aes128-cbc', role = server} = Ssh) -> encrypt_block_size = 16, encrypt_ctx = IV}}; encrypt_init(#ssh{encrypt = 'aes128-ctr', role = client} = Ssh) -> - IV = hash(Ssh, "A", 128), + IV = hash(Ssh, "A", 128), <> = hash(Ssh, "C", 128), State = crypto:stream_init(aes_ctr, K, IV), {ok, Ssh#ssh{encrypt_keys = K, encrypt_block_size = 16, encrypt_ctx = State}}; +encrypt_init(#ssh{encrypt = 'aes192-ctr', role = client} = Ssh) -> + IV = hash(Ssh, "A", 128), + <> = hash(Ssh, "C", 192), + State = crypto:stream_init(aes_ctr, K, IV), + {ok, Ssh#ssh{encrypt_keys = K, + encrypt_block_size = 16, + encrypt_ctx = State}}; +encrypt_init(#ssh{encrypt = 'aes256-ctr', role = client} = Ssh) -> + IV = hash(Ssh, "A", 128), + <> = hash(Ssh, "C", 256), + State = crypto:stream_init(aes_ctr, K, IV), + {ok, Ssh#ssh{encrypt_keys = K, + encrypt_block_size = 16, + encrypt_ctx = State}}; encrypt_init(#ssh{encrypt = 'aes128-ctr', role = server} = Ssh) -> - IV = hash(Ssh, "B", 128), + IV = hash(Ssh, "B", 128), <> = hash(Ssh, "D", 128), State = crypto:stream_init(aes_ctr, K, IV), + {ok, Ssh#ssh{encrypt_keys = K, + encrypt_block_size = 16, + encrypt_ctx = State}}; +encrypt_init(#ssh{encrypt = 'aes192-ctr', role = server} = Ssh) -> + IV = hash(Ssh, "B", 128), + <> = hash(Ssh, "D", 192), + State = crypto:stream_init(aes_ctr, K, IV), + {ok, Ssh#ssh{encrypt_keys = K, + encrypt_block_size = 16, + encrypt_ctx = State}}; +encrypt_init(#ssh{encrypt = 'aes256-ctr', role = server} = Ssh) -> + IV = hash(Ssh, "B", 128), + <> = hash(Ssh, "D", 256), + State = crypto:stream_init(aes_ctr, K, IV), {ok, Ssh#ssh{encrypt_keys = K, encrypt_block_size = 16, encrypt_ctx = State}}. @@ -1013,6 +1015,14 @@ encrypt(#ssh{encrypt = 'aes128-cbc', encrypt(#ssh{encrypt = 'aes128-ctr', encrypt_ctx = State0} = Ssh, Data) -> {State, Enc} = crypto:stream_encrypt(State0,Data), + {Ssh#ssh{encrypt_ctx = State}, Enc}; +encrypt(#ssh{encrypt = 'aes192-ctr', + encrypt_ctx = State0} = Ssh, Data) -> + {State, Enc} = crypto:stream_encrypt(State0,Data), + {Ssh#ssh{encrypt_ctx = State}, Enc}; +encrypt(#ssh{encrypt = 'aes256-ctr', + encrypt_ctx = State0} = Ssh, Data) -> + {State, Enc} = crypto:stream_encrypt(State0,Data), {Ssh#ssh{encrypt_ctx = State}, Enc}. @@ -1053,10 +1063,38 @@ decrypt_init(#ssh{decrypt = 'aes128-ctr', role = client} = Ssh) -> {ok, Ssh#ssh{decrypt_keys = K, decrypt_block_size = 16, decrypt_ctx = State}}; +decrypt_init(#ssh{decrypt = 'aes192-ctr', role = client} = Ssh) -> + IV = hash(Ssh, "B", 128), + <> = hash(Ssh, "D", 192), + State = crypto:stream_init(aes_ctr, K, IV), + {ok, Ssh#ssh{decrypt_keys = K, + decrypt_block_size = 16, + decrypt_ctx = State}}; +decrypt_init(#ssh{decrypt = 'aes256-ctr', role = client} = Ssh) -> + IV = hash(Ssh, "B", 128), + <> = hash(Ssh, "D", 256), + State = crypto:stream_init(aes_ctr, K, IV), + {ok, Ssh#ssh{decrypt_keys = K, + decrypt_block_size = 16, + decrypt_ctx = State}}; decrypt_init(#ssh{decrypt = 'aes128-ctr', role = server} = Ssh) -> IV = hash(Ssh, "A", 128), <> = hash(Ssh, "C", 128), State = crypto:stream_init(aes_ctr, K, IV), + {ok, Ssh#ssh{decrypt_keys = K, + decrypt_block_size = 16, + decrypt_ctx = State}}; +decrypt_init(#ssh{decrypt = 'aes192-ctr', role = server} = Ssh) -> + IV = hash(Ssh, "A", 128), + <> = hash(Ssh, "C", 192), + State = crypto:stream_init(aes_ctr, K, IV), + {ok, Ssh#ssh{decrypt_keys = K, + decrypt_block_size = 16, + decrypt_ctx = State}}; +decrypt_init(#ssh{decrypt = 'aes256-ctr', role = server} = Ssh) -> + IV = hash(Ssh, "A", 128), + <> = hash(Ssh, "C", 256), + State = crypto:stream_init(aes_ctr, K, IV), {ok, Ssh#ssh{decrypt_keys = K, decrypt_block_size = 16, decrypt_ctx = State}}. @@ -1084,6 +1122,14 @@ decrypt(#ssh{decrypt = 'aes128-cbc', decrypt_keys = Key, decrypt(#ssh{decrypt = 'aes128-ctr', decrypt_ctx = State0} = Ssh, Data) -> {State, Enc} = crypto:stream_decrypt(State0,Data), + {Ssh#ssh{decrypt_ctx = State}, Enc}; +decrypt(#ssh{decrypt = 'aes192-ctr', + decrypt_ctx = State0} = Ssh, Data) -> + {State, Enc} = crypto:stream_decrypt(State0,Data), + {Ssh#ssh{decrypt_ctx = State}, Enc}; +decrypt(#ssh{decrypt = 'aes256-ctr', + decrypt_ctx = State0} = Ssh, Data) -> + {State, Enc} = crypto:stream_decrypt(State0,Data), {Ssh#ssh{decrypt_ctx = State}, Enc}. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% @@ -1168,17 +1214,8 @@ decompress(#ssh{decompress = 'zlib@openssh.com', decompress_ctx = Context, authe {Ssh, list_to_binary(Decompressed)}. %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% MAC calculation %% -%% hmac-sha1 REQUIRED HMAC-SHA1 (digest length = key -%% length = 20) -%% hmac-sha1-96 RECOMMENDED first 96 bits of HMAC-SHA1 (digest -%% length = 12, key length = 20) -%% hmac-md5 OPTIONAL HMAC-MD5 (digest length = key -%% length = 16) -%% hmac-md5-96 OPTIONAL first 96 bits of HMAC-MD5 (digest -%% length = 12, key length = 16) -%% none OPTIONAL no MAC; NOT RECOMMENDED +%% MAC calculation %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -- cgit v1.2.3 From d848a4d75ed1baa645df69461b550299325205d9 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 1 Oct 2015 12:12:15 +0200 Subject: ssh: document ctr crypto mode --- lib/ssh/doc/src/ssh.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 293d618eed..dd85baf219 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -42,7 +42,8 @@ Supported SSH version is 2.0. Supported public key algorithms: ssh-rsa and ssh-dss. Supported MAC algorithms: hmac-sha2-512, hmac-sha2-256 and hmac-sha1. - Supported encryption algorithms: aes128-ctr, aes128-cb and 3des-cbc. + Supported MAC algorithms: hmac-sha2-256 and hmac-sha1. + Supported encryption algorithms: aes256-ctr, aes192-ctr, aes128-ctr, aes128-cb and 3des-cbc. Supported key exchange algorithms: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256. Supported compression algorithms: none, zlib Supports unicode filenames if the emulator and the underlaying OS support it. -- cgit v1.2.3 From f1e82db97780529ccf46b8e7b72d482649b6dcd2 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 1 Oct 2015 10:27:18 +0200 Subject: ssh: Bug in zlib@openssh.com compression fixed --- lib/ssh/src/ssh_connection_handler.erl | 4 ++-- lib/ssh/src/ssh_transport.erl | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 646f787874..ee1dd5c9ce 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -530,7 +530,7 @@ userauth(#ssh_msg_userauth_request{service = "ssh-connection", Pid ! ssh_connected, connected_fun(User, Address, Method, Opts), {next_state, connected, - next_packet(State#state{auth_user = User, ssh_params = Ssh})}; + next_packet(State#state{auth_user = User, ssh_params = Ssh#ssh{authenticated = true}})}; {not_authorized, {User, Reason}, {Reply, Ssh}} when Method == "keyboard-interactive" -> retry_fun(User, Address, Reason, Opts), send_msg(Reply, State), @@ -622,7 +622,7 @@ userauth_keyboard_interactive(#ssh_msg_userauth_info_response{} = Msg, Pid ! ssh_connected, connected_fun(User, Address, "keyboard-interactive", Opts), {next_state, connected, - next_packet(State#state{auth_user = User, ssh_params = Ssh})}; + next_packet(State#state{auth_user = User, ssh_params = Ssh#ssh{authenticated = true}})}; {not_authorized, {User, Reason}, {Reply, Ssh}} -> retry_fun(User, Address, Reason, Opts), send_msg(Reply, State), diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index e86c93263f..840564e246 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -65,9 +65,7 @@ default_algorithms() -> [{K,default_algorithms(K)} || K <- algo_classes()]. algo_classes() -> [kex, public_key, cipher, mac, compression]. -default_algorithms(compression) -> - %% Do not announce 'zlib@openssh.com' because there seem to be problems - supported_algorithms(compression, same(['zlib@openssh.com'])); +default_algorithms(kex) -> supported_algorithms(kex, []); %% Just to have a call... default_algorithms(Alg) -> supported_algorithms(Alg). @@ -106,8 +104,10 @@ supported_algorithms(mac) -> ] )); supported_algorithms(compression) -> - same(['none','zlib','zlib@openssh.com']). - + same(['none', + 'zlib@openssh.com', + 'zlib' + ]). supported_algorithms(Key, [{client2server,BL1},{server2client,BL2}]) -> [{client2server,As1},{server2client,As2}] = supported_algorithms(Key), -- cgit v1.2.3 From a07d8d5ecd8aa1f09ce5437f58d1c41118337424 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 1 Oct 2015 18:51:10 +0200 Subject: ssh: compression tests skipped if alg is not supported --- lib/ssh/test/ssh_basic_SUITE.erl | 88 ++++++++++++++++++++--------------- lib/ssh/test/ssh_test_lib.erl | 22 ++++++++- lib/ssh/test/ssh_to_openssh_SUITE.erl | 79 +++++++++++++++++-------------- 3 files changed, 116 insertions(+), 73 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 51431da48e..2ff7198bf8 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -362,30 +362,36 @@ exec(Config) when is_list(Config) -> %%-------------------------------------------------------------------- %%% Test that compression option works exec_compressed(Config) when is_list(Config) -> - process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, - {preferred_algorithms,[{compression, [zlib]}]}, - {failfun, fun ssh_test_lib:failfun/2}]), + case ssh_test_lib:ssh_supports(zlib, compression) of + false -> + {skip, "zlib compression is not supported"}; + + true -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, + {preferred_algorithms,[{compression, [zlib]}]}, + {failfun, fun ssh_test_lib:failfun/2}]), - ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user_dir, UserDir}, - {user_interaction, false}]), - {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), - success = ssh_connection:exec(ConnectionRef, ChannelId, - "1+1.", infinity), - Data = {ssh_cm, ConnectionRef, {data, ChannelId, 0, <<"2\n">>}}, - case ssh_test_lib:receive_exec_result(Data) of - expected -> - ok; - Other -> - ct:fail(Other) - end, - ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId), - ssh:stop_daemon(Pid). + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user_interaction, false}]), + {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + success = ssh_connection:exec(ConnectionRef, ChannelId, + "1+1.", infinity), + Data = {ssh_cm, ConnectionRef, {data, ChannelId, 0, <<"2\n">>}}, + case ssh_test_lib:receive_exec_result(Data) of + expected -> + ok; + Other -> + ct:fail(Other) + end, + ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId), + ssh:stop_daemon(Pid) + end. %%-------------------------------------------------------------------- %%% Idle timeout test @@ -708,22 +714,28 @@ shell_unicode_string(Config) -> %%-------------------------------------------------------------------- %%% Test basic connection with openssh_zlib openssh_zlib_basic_test(Config) -> - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + case ssh_test_lib:ssh_supports(['zlib@openssh.com',none], compression) of + {false,L} -> + {skip, io_lib:format("~p compression is not supported",[L])}; - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {user_dir, UserDir}, - {preferred_algorithms,[{compression, ['zlib@openssh.com']}]}, - {failfun, fun ssh_test_lib:failfun/2}]), - ConnectionRef = - ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user_dir, UserDir}, - {user_interaction, false}, - {preferred_algorithms,[{compression, ['zlib@openssh.com', - none]}]} - ]), - ok = ssh:close(ConnectionRef), - ssh:stop_daemon(Pid). + true -> + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {preferred_algorithms,[{compression, ['zlib@openssh.com']}]}, + {failfun, fun ssh_test_lib:failfun/2}]), + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user_interaction, false}, + {preferred_algorithms,[{compression, ['zlib@openssh.com', + none]}]} + ]), + ok = ssh:close(ConnectionRef), + ssh:stop_daemon(Pid) + end. %%-------------------------------------------------------------------- ssh_info_print(Config) -> diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 6d568125bb..e16df6f959 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -552,4 +552,24 @@ algo_intersection(_, _) -> to_atoms(L) -> lists:map(fun erlang:list_to_atom/1, L). - +%%%---------------------------------------------------------------- +ssh_supports(Alg, SshDefaultAlg_tag) -> + SupAlgs = + case proplists:get_value(SshDefaultAlg_tag, + ssh:default_algorithms()) of + [{_K1,L1}, {_K2,L2}] -> + lists:usort(L1++L2); + L -> + L + end, + if + is_atom(Alg) -> + lists:member(Alg, SupAlgs); + is_list(Alg) -> + case Alg--SupAlgs of + [] -> + true; + UnSup -> + {false,UnSup} + end + end. diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 104c1f9107..bc51ae0724 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -182,23 +182,29 @@ erlang_client_openssh_server_exec_compressed() -> erlang_client_openssh_server_exec_compressed(Config) when is_list(Config) -> CompressAlgs = [zlib, 'zlib@openssh.com',none], - ConnectionRef = ssh_test_lib:connect(?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, - {user_interaction, false}, - {preferred_algorithms, - [{compression,CompressAlgs}]}]), - {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), - success = ssh_connection:exec(ConnectionRef, ChannelId, - "echo testing", infinity), - Data = {ssh_cm, ConnectionRef, {data, ChannelId, 0, <<"testing\n">>}}, - case ssh_test_lib:receive_exec_result(Data) of - expected -> - ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId); - {unexpected_msg,{ssh_cm, ConnectionRef, - {exit_status, ChannelId, 0}} = ExitStatus} -> - ct:log("0: Collected data ~p", [ExitStatus]), - ssh_test_lib:receive_exec_result(Data, ConnectionRef, ChannelId); - Other -> - ct:fail(Other) + case ssh_test_lib:ssh_supports(CompressAlgs, compression) of + {false,L} -> + {skip, io_lib:format("~p compression is not supported",[L])}; + + true -> + ConnectionRef = ssh_test_lib:connect(?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, + {user_interaction, false}, + {preferred_algorithms, + [{compression,CompressAlgs}]}]), + {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + success = ssh_connection:exec(ConnectionRef, ChannelId, + "echo testing", infinity), + Data = {ssh_cm, ConnectionRef, {data, ChannelId, 0, <<"testing\n">>}}, + case ssh_test_lib:receive_exec_result(Data) of + expected -> + ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId); + {unexpected_msg,{ssh_cm, ConnectionRef, + {exit_status, ChannelId, 0}} = ExitStatus} -> + ct:log("0: Collected data ~p", [ExitStatus]), + ssh_test_lib:receive_exec_result(Data, ConnectionRef, ChannelId); + Other -> + ct:fail(Other) + end end. %%-------------------------------------------------------------------- @@ -425,27 +431,32 @@ erlang_server_openssh_client_exec_compressed(Config) when is_list(Config) -> PrivDir = ?config(priv_dir, Config), KnownHosts = filename:join(PrivDir, "known_hosts"), -%% CompressAlgs = [zlib, 'zlib@openssh.com'], % Does not work - CompressAlgs = [zlib], - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {preferred_algorithms, - [{compression, CompressAlgs}]}, - {failfun, fun ssh_test_lib:failfun/2}]), + CompressAlgs = [zlib, 'zlib@openssh.com'], % Does not work +%% CompressAlgs = [zlib], + case ssh_test_lib:ssh_supports(CompressAlgs, compression) of + {false,L} -> + {skip, io_lib:format("~p compression is not supported",[L])}; - ct:sleep(500), + true -> + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {preferred_algorithms, + [{compression, CompressAlgs}]}, + {failfun, fun ssh_test_lib:failfun/2}]), - Cmd = "ssh -p " ++ integer_to_list(Port) ++ - " -o UserKnownHostsFile=" ++ KnownHosts ++ " -C "++ Host ++ " 1+1.", - SshPort = open_port({spawn, Cmd}, [binary]), + ct:sleep(500), - receive - {SshPort,{data, <<"2\n">>}} -> - ok - after ?TIMEOUT -> - ct:fail("Did not receive answer") + Cmd = "ssh -p " ++ integer_to_list(Port) ++ + " -o UserKnownHostsFile=" ++ KnownHosts ++ " -C "++ Host ++ " 1+1.", + SshPort = open_port({spawn, Cmd}, [binary]), - end, - ssh:stop_daemon(Pid). + receive + {SshPort,{data, <<"2\n">>}} -> + ok + after ?TIMEOUT -> + ct:fail("Did not receive answer") + end, + ssh:stop_daemon(Pid) + end. %%-------------------------------------------------------------------- erlang_client_openssh_server_setenv() -> -- cgit v1.2.3 From f6996a8b1f9ecec034700c7ec5e914c7084fa5b5 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 1 Oct 2015 18:51:32 +0200 Subject: ssh: doc update --- lib/ssh/doc/src/ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index dd85baf219..93bea09e4e 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -45,7 +45,7 @@ Supported MAC algorithms: hmac-sha2-256 and hmac-sha1. Supported encryption algorithms: aes256-ctr, aes192-ctr, aes128-ctr, aes128-cb and 3des-cbc. Supported key exchange algorithms: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256. - Supported compression algorithms: none, zlib + Supported compression algorithms: none, zlib@openssh.com, zlib Supports unicode filenames if the emulator and the underlaying OS support it. See section DESCRIPTION in the file manual page in kernel -- cgit v1.2.3 From ca0aef835dba5ef2c4185289092ed0fc2f1bb2ba Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 7 Oct 2015 12:15:08 +0200 Subject: ssh: added dh_gex tests --- lib/ssh/src/ssh_transport.erl | 13 +++++++------ lib/ssh/test/ssh_algorithms_SUITE.erl | 25 +++++++++++++++++++++++++ lib/ssh/test/ssh_test_lib.erl | 10 ++++++++-- 3 files changed, 40 insertions(+), 8 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 840564e246..3ba5e4d297 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -336,11 +336,12 @@ key_exchange_first_msg(Kex, Ssh0) when Kex == 'diffie-hellman-group1-sha1' ; {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}}}; -key_exchange_first_msg(Kex, Ssh0) when Kex == 'diffie-hellman-group-exchange-sha1' ; - Kex == 'diffie-hellman-group-exchange-sha256' -> - Min = ?DEFAULT_DH_GROUP_MIN, - NBits = ?DEFAULT_DH_GROUP_NBITS, - Max = ?DEFAULT_DH_GROUP_MAX, +key_exchange_first_msg(Kex, Ssh0=#ssh{opts=Opts}) when Kex == 'diffie-hellman-group-exchange-sha1' ; + Kex == 'diffie-hellman-group-exchange-sha256' -> + {Min,NBits,Max} = + proplists:get_value(dh_gex_limits, Opts, {?DEFAULT_DH_GROUP_MIN, + ?DEFAULT_DH_GROUP_NBITS, + ?DEFAULT_DH_GROUP_MAX}), {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kex_dh_gex_request{min = Min, n = NBits, @@ -1387,7 +1388,7 @@ dh_gex_group(Min, N, Max, undefined) -> dh_gex_group(Min, N, Max, dh_gex_default_groups()); dh_gex_group(Min, N, Max, Groups) -> %% First try to find an exact match. If not an exact match, select the largest possible. - {_,Group} = + {_Size,Group} = lists:foldl( fun(_, {I,G}) when I==N -> %% If we have an exact match already: use that one diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index e67fa2469f..1188b324ba 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -161,6 +161,21 @@ simple_exec(Config) -> {Host,Port} = ?config(srvr_addr, Config), ssh_test_lib:std_simple_exec(Host, Port, Config). +%%-------------------------------------------------------------------- +%% Testing all default groups +simple_exec_group14(Config) -> simple_exec_group(2048, Config). +simple_exec_group15(Config) -> simple_exec_group(3072, Config). +simple_exec_group16(Config) -> simple_exec_group(4096, Config). +simple_exec_group17(Config) -> simple_exec_group(6144, Config). +simple_exec_group18(Config) -> simple_exec_group(8192, Config). + +simple_exec_group(I, Config) -> + Min = I-100, + Max = I+100, + {Host,Port} = ?config(srvr_addr, Config), + ssh_test_lib:std_simple_exec(Host, Port, Config, + [{dh_gex_limits,{Min,I,Max}}]). + %%-------------------------------------------------------------------- %% Use the ssh client of the OS to connect sshc_simple_exec(Config) -> @@ -254,6 +269,16 @@ specific_test_cases(Tag, Alg, SshcAlgos, SshdAlgos) -> [sshd_simple_exec]; _ -> [] + end ++ + case {Tag,Alg} of + {kex,'diffie-hellman-group-exchange-sha1'} -> + [simple_exec_group14, + simple_exec_group15, + simple_exec_group16, + simple_exec_group17, + simple_exec_group18]; + _ -> + [] end. supports(Tag, Alg, Algos) -> diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index e16df6f959..f1e1a51c00 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -93,9 +93,12 @@ std_connect(Config, Host, Port, ExtraOpts) -> | ExtraOpts]). std_simple_sftp(Host, Port, Config) -> + std_simple_sftp(Host, Port, Config, []). + +std_simple_sftp(Host, Port, Config, Opts) -> UserDir = ?config(priv_dir, Config), DataFile = filename:join(UserDir, "test.data"), - ConnectionRef = ssh_test_lib:std_connect(Config, Host, Port, []), + ConnectionRef = ssh_test_lib:std_connect(Config, Host, Port, Opts), {ok, ChannelRef} = ssh_sftp:start_channel(ConnectionRef), Data = crypto:rand_bytes(proplists:get_value(std_simple_sftp_size,Config,10)), ok = ssh_sftp:write_file(ChannelRef, DataFile, Data), @@ -104,7 +107,10 @@ std_simple_sftp(Host, Port, Config) -> Data == ReadData. std_simple_exec(Host, Port, Config) -> - ConnectionRef = ssh_test_lib:std_connect(Config, Host, Port, []), + std_simple_exec(Host, Port, Config, []). + +std_simple_exec(Host, Port, Config, Opts) -> + ConnectionRef = ssh_test_lib:std_connect(Config, Host, Port, Opts), {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), success = ssh_connection:exec(ConnectionRef, ChannelId, "23+21-2.", infinity), Data = {ssh_cm, ConnectionRef, {data, ChannelId, 0, <<"42\n">>}}, -- cgit v1.2.3 From 794a6d1f2c904be72d4b4327a7c6faa759a25690 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 3 Sep 2015 17:05:53 +0200 Subject: ssh: Tests updated for ecdsa --- lib/ssh/test/ssh_basic_SUITE.erl | 39 ++++++++++++++++++++++ lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa256 | 5 +++ lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa256.pub | 1 + lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa384 | 6 ++++ lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa384.pub | 1 + lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa521 | 7 ++++ lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa521.pub | 1 + .../ssh_basic_SUITE_data/ssh_host_ecdsa_key256 | 5 +++ .../ssh_basic_SUITE_data/ssh_host_ecdsa_key256.pub | 1 + .../ssh_basic_SUITE_data/ssh_host_ecdsa_key384 | 6 ++++ .../ssh_basic_SUITE_data/ssh_host_ecdsa_key384.pub | 1 + .../ssh_basic_SUITE_data/ssh_host_ecdsa_key521 | 7 ++++ .../ssh_basic_SUITE_data/ssh_host_ecdsa_key521.pub | 1 + lib/ssh/test/ssh_protocol_SUITE.erl | 2 +- lib/ssh/test/ssh_test_lib.erl | 32 +++++++++++++++++- lib/ssh/test/ssh_to_openssh_SUITE.erl | 2 +- 16 files changed, 114 insertions(+), 3 deletions(-) create mode 100644 lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa256 create mode 100644 lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa256.pub create mode 100644 lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa384 create mode 100644 lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa384.pub create mode 100644 lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa521 create mode 100644 lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa521.pub create mode 100644 lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key256 create mode 100644 lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key256.pub create mode 100644 lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key384 create mode 100644 lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key384.pub create mode 100644 lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key521 create mode 100644 lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key521.pub (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 2ff7198bf8..7f1a64f094 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -77,6 +77,9 @@ all() -> appup_test, {group, dsa_key}, {group, rsa_key}, + {group, ecdsa_sha2_nistp256_key}, + {group, ecdsa_sha2_nistp384_key}, + {group, ecdsa_sha2_nistp521_key}, {group, dsa_pass_key}, {group, rsa_pass_key}, {group, internal_error}, @@ -89,6 +92,9 @@ all() -> groups() -> [{dsa_key, [], basic_tests()}, {rsa_key, [], basic_tests()}, + {ecdsa_sha2_nistp256_key, [], basic_tests()}, + {ecdsa_sha2_nistp384_key, [], basic_tests()}, + {ecdsa_sha2_nistp521_key, [], basic_tests()}, {dsa_pass_key, [], [pass_phrase]}, {rsa_pass_key, [], [pass_phrase]}, {internal_error, [], [internal_error]} @@ -129,6 +135,39 @@ init_per_group(rsa_key, Config) -> PrivDir = ?config(priv_dir, Config), ssh_test_lib:setup_rsa(DataDir, PrivDir), Config; +init_per_group(ecdsa_sha2_nistp256_key, Config) -> + case lists:member('ecdsa-sha2-nistp256', + ssh_transport:default_algorithms(public_key)) of + true -> + DataDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + ssh_test_lib:setup_ecdsa("256", DataDir, PrivDir), + Config; + false -> + {skip, unsupported_pub_key} + end; +init_per_group(ecdsa_sha2_nistp384_key, Config) -> + case lists:member('ecdsa-sha2-nistp384', + ssh_transport:default_algorithms(public_key)) of + true -> + DataDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + ssh_test_lib:setup_ecdsa("384", DataDir, PrivDir), + Config; + false -> + {skip, unsupported_pub_key} + end; +init_per_group(ecdsa_sha2_nistp521_key, Config) -> + case lists:member('ecdsa-sha2-nistp521', + ssh_transport:default_algorithms(public_key)) of + true -> + DataDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + ssh_test_lib:setup_ecdsa("521", DataDir, PrivDir), + Config; + false -> + {skip, unsupported_pub_key} + end; init_per_group(rsa_pass_key, Config) -> DataDir = ?config(data_dir, Config), PrivDir = ?config(priv_dir, Config), diff --git a/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa256 b/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa256 new file mode 100644 index 0000000000..4b1eb12eaa --- /dev/null +++ b/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa256 @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIJfCaBKIIKhjbJl5F8BedqlXOQYDX5ba9Skypllmx/w+oAoGCCqGSM49 +AwEHoUQDQgAE49RbK2xQ/19ji3uDPM7uT4692LbwWF1TiaA9vUuebMGazoW/98br +N9xZu0L1AWwtEjs3kmJDTB7eJEGXnjUAcQ== +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa256.pub b/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa256.pub new file mode 100644 index 0000000000..a0147e60fa --- /dev/null +++ b/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa256.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOPUWytsUP9fY4t7gzzO7k+Ovdi28FhdU4mgPb1LnmzBms6Fv/fG6zfcWbtC9QFsLRI7N5JiQ0we3iRBl541AHE= uabhnil@elxadlj3q32 diff --git a/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa384 b/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa384 new file mode 100644 index 0000000000..4e8aa40959 --- /dev/null +++ b/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa384 @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDCYXb6OSAZyXRfLXOtMo43za197Hdc/T0YKjgQQjwDt6rlRwqTh7v7S +PV2kXwNGdWigBwYFK4EEACKhZANiAARN2khlJUOOIiwsWHEALwDieeZR96qL4pUd +ci7aeGaczdUK5jOA9D9zmBZtSYTfO8Cr7ekVghDlcWAIJ/BXcswgQwSEQ6wyfaTF +8FYfyr4l3u9IirsnyaFzeIgeoNis8Gw= +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa384.pub b/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa384.pub new file mode 100644 index 0000000000..41e722e545 --- /dev/null +++ b/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa384.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBE3aSGUlQ44iLCxYcQAvAOJ55lH3qovilR1yLtp4ZpzN1QrmM4D0P3OYFm1JhN87wKvt6RWCEOVxYAgn8FdyzCBDBIRDrDJ9pMXwVh/KviXe70iKuyfJoXN4iB6g2KzwbA== uabhnil@elxadlj3q32 diff --git a/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa521 b/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa521 new file mode 100644 index 0000000000..7196f46e97 --- /dev/null +++ b/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa521 @@ -0,0 +1,7 @@ +-----BEGIN EC PRIVATE KEY----- +MIHbAgEBBEFMadoz4ckEcClfqXa2tiUuYkJdDfwq+/iFQcpt8ESuEd26IY/vm47Q +9UzbPkO4ou8xkNsQ3WvCRQBBWtn5O2kUU6AHBgUrgQQAI6GBiQOBhgAEAde5BRu5 +01/jS0jRk212xsb2DxPrxNpgp6IMCV8TA4Eps+8bSqHB091nLiBcP422HXYfuCd7 +XDjSs8ihcmhp0hCRASLqZR9EzW9W/SOt876May1Huj5X+WSO6RLe7vPn9vmf7kHf +pip6m7M7qp2qGgQ3q2vRwS2K/O6156ohiOlmuuFs +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa521.pub b/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa521.pub new file mode 100644 index 0000000000..8f059120bc --- /dev/null +++ b/lib/ssh/test/ssh_basic_SUITE_data/id_ecdsa521.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHXuQUbudNf40tI0ZNtdsbG9g8T68TaYKeiDAlfEwOBKbPvG0qhwdPdZy4gXD+Nth12H7gne1w40rPIoXJoadIQkQEi6mUfRM1vVv0jrfO+jGstR7o+V/lkjukS3u7z5/b5n+5B36YqepuzO6qdqhoEN6tr0cEtivzuteeqIYjpZrrhbA== uabhnil@elxadlj3q32 diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key256 b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key256 new file mode 100644 index 0000000000..2979ea88ed --- /dev/null +++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key256 @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIMe4MDoit0t8RzSVPwkCBemQ9fhXL+xnTSAWISw8HNCioAoGCCqGSM49 +AwEHoUQDQgAEo2q7U3P6r0W5WGOLtM78UQtofM9UalEhiZeDdiyylsR/RR17Op0s +VPGSADLmzzgcucLEKy17j2S+oz42VUJy5A== +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key256.pub b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key256.pub new file mode 100644 index 0000000000..85dc419345 --- /dev/null +++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key256.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKNqu1Nz+q9FuVhji7TO/FELaHzPVGpRIYmXg3YsspbEf0UdezqdLFTxkgAy5s84HLnCxCste49kvqM+NlVCcuQ= uabhnil@elxadlj3q32 diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key384 b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key384 new file mode 100644 index 0000000000..fb1a862ded --- /dev/null +++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key384 @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDArxbDfh3p1okrD9wQw6jJ4d4DdlBPD5GqXE8bIeRJiK41Sh40LgvPw +mkqEDSXK++CgBwYFK4EEACKhZANiAAScl43Ih2lWTDKrSox5ve5uiTXil4smsup3 +CfS1XPjKxgBAmlfBim8izbdrT0BFdQzz2joduNMtpt61wO4rGs6jm0UP7Kim9PC7 +Hneb/99fIYopdMH5NMnk60zGO1uZ2vc= +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key384.pub b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key384.pub new file mode 100644 index 0000000000..428d5fb7d7 --- /dev/null +++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key384.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJyXjciHaVZMMqtKjHm97m6JNeKXiyay6ncJ9LVc+MrGAECaV8GKbyLNt2tPQEV1DPPaOh240y2m3rXA7isazqObRQ/sqKb08Lsed5v/318hiil0wfk0yeTrTMY7W5na9w== uabhnil@elxadlj3q32 diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key521 b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key521 new file mode 100644 index 0000000000..3e51ec2ecd --- /dev/null +++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key521 @@ -0,0 +1,7 @@ +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIB8O1BFkl2HQjQLRLonEZ97da/h39DMa9/0/hvPZWAI8gUPEQcHxRx +U7b09p3Zh+EBbMFq8+1ae9ds+ZTxE4WFSvKgBwYFK4EEACOhgYkDgYYABAAlWVjq +Bzg7Wt4gE6UNb1lRE2cnlmH2L/A5uo6qZRx5lPnSKOxEhxSb/Oay1+9d6KRdrh6/ +vlhd9SHDBhLcAPDvWgBnJIEj92Q3pXX4JtoitL0yl+SvvU+vUh966mzHShHzj8p5 +ccOgPkPNoA70yrpGzkIhPezpZOQdCaOXj/jFqNCTDg== +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key521.pub b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key521.pub new file mode 100644 index 0000000000..017a29f4da --- /dev/null +++ b/lib/ssh/test/ssh_basic_SUITE_data/ssh_host_ecdsa_key521.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAAlWVjqBzg7Wt4gE6UNb1lRE2cnlmH2L/A5uo6qZRx5lPnSKOxEhxSb/Oay1+9d6KRdrh6/vlhd9SHDBhLcAPDvWgBnJIEj92Q3pXX4JtoitL0yl+SvvU+vUh966mzHShHzj8p5ccOgPkPNoA70yrpGzkIhPezpZOQdCaOXj/jFqNCTDg== uabhnil@elxadlj3q32 diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index d8e99799e2..406f8e5960 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -91,7 +91,7 @@ init_per_testcase(TC, Config) when TC == gex_client_init_default_noexact ; [] end, start_std_daemon(Config, - [{preferred_algorithms, ssh_transport:supported_algorithms()} + [{preferred_algorithms, ssh:default_algorithms()} | Opts]); init_per_testcase(_TestCase, Config) -> check_std_daemon_works(Config, ?LINE). diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index e16df6f959..6fa579d78d 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -286,6 +286,7 @@ setup_dsa(DataDir, UserDir) -> file:make_dir(System), file:copy(filename:join(DataDir, "ssh_host_dsa_key"), filename:join(System, "ssh_host_dsa_key")), file:copy(filename:join(DataDir, "ssh_host_dsa_key.pub"), filename:join(System, "ssh_host_dsa_key.pub")), +ct:pal("DataDir ~p:~n ~p~n~nSystDir ~p:~n ~p~n~nUserDir ~p:~n ~p",[DataDir, file:list_dir(DataDir), System, file:list_dir(System), UserDir, file:list_dir(UserDir)]), setup_dsa_known_host(DataDir, UserDir), setup_dsa_auth_keys(DataDir, UserDir). @@ -294,10 +295,21 @@ setup_rsa(DataDir, UserDir) -> System = filename:join(UserDir, "system"), file:make_dir(System), file:copy(filename:join(DataDir, "ssh_host_rsa_key"), filename:join(System, "ssh_host_rsa_key")), - file:copy(filename:join(DataDir, "ssh_host_rsa_key"), filename:join(System, "ssh_host_rsa_key.pub")), + file:copy(filename:join(DataDir, "ssh_host_rsa_key.pub"), filename:join(System, "ssh_host_rsa_key.pub")), +ct:pal("DataDir ~p:~n ~p~n~nSystDir ~p:~n ~p~n~nUserDir ~p:~n ~p",[DataDir, file:list_dir(DataDir), System, file:list_dir(System), UserDir, file:list_dir(UserDir)]), setup_rsa_known_host(DataDir, UserDir), setup_rsa_auth_keys(DataDir, UserDir). +setup_ecdsa(Size, DataDir, UserDir) -> + file:copy(filename:join(DataDir, "id_ecdsa"++Size), filename:join(UserDir, "id_ecdsa")), + System = filename:join(UserDir, "system"), + file:make_dir(System), + file:copy(filename:join(DataDir, "ssh_host_ecdsa_key"++Size), filename:join(System, "ssh_host_ecdsa_key")), + file:copy(filename:join(DataDir, "ssh_host_ecdsa_key"++Size++".pub"), filename:join(System, "ssh_host_ecdsa_key.pub")), +ct:pal("DataDir ~p:~n ~p~n~nSystDir ~p:~n ~p~n~nUserDir ~p:~n ~p",[DataDir, file:list_dir(DataDir), System, file:list_dir(System), UserDir, file:list_dir(UserDir)]), + setup_ecdsa_known_host(Size, System, UserDir), + setup_ecdsa_auth_keys(Size, UserDir, UserDir). + clean_dsa(UserDir) -> del_dirs(filename:join(UserDir, "system")), file:delete(filename:join(UserDir,"id_dsa")), @@ -349,6 +361,11 @@ setup_rsa_known_host(SystemDir, UserDir) -> [{Key, _}] = public_key:ssh_decode(SshBin, public_key), setup_known_hosts(Key, UserDir). +setup_ecdsa_known_host(_Size, SystemDir, UserDir) -> + {ok, SshBin} = file:read_file(filename:join(SystemDir, "ssh_host_ecdsa_key.pub")), + [{Key, _}] = public_key:ssh_decode(SshBin, public_key), + setup_known_hosts(Key, UserDir). + setup_known_hosts(Key, UserDir) -> {ok, Hostname} = inet:gethostname(), {ok, {A, B, C, D}} = inet:getaddr(Hostname, inet), @@ -376,6 +393,19 @@ setup_rsa_auth_keys(Dir, UserDir) -> PKey = #'RSAPublicKey'{publicExponent = E, modulus = N}, setup_auth_keys([{ PKey, [{comment, "Test"}]}], UserDir). +setup_ecdsa_auth_keys(Size, Dir, UserDir) -> + {ok, Pem} = file:read_file(filename:join(Dir, "id_ecdsa")), + ECDSA = public_key:pem_entry_decode(hd(public_key:pem_decode(Pem))), + #'ECPrivateKey'{publicKey = Q, + parameters = {namedCurve,Id0}} = ECDSA, + PKey = #'ECPoint'{point = Q}, + Id = case pubkey_cert_records:namedCurves(Id0) of + secp256r1 when Size=="256" -> <<"nistp256">>; + secp384r1 when Size=="384" -> <<"nistp384">>; + secp521r1 when Size=="521" -> <<"nistp521">> + end, + setup_auth_keys([{ {PKey,Id}, [{comment, "Test"}]}], UserDir). + setup_auth_keys(Keys, Dir) -> AuthKeys = public_key:ssh_encode(Keys, auth_keys), AuthKeysFile = filename:join(Dir, "authorized_keys"), diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index bc51ae0724..c0dee6a1d3 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -389,7 +389,7 @@ erlang_server_openssh_client_kexs(Config) when is_list(Config) -> {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {failfun, fun ssh_test_lib:failfun/2}, {preferred_algorithms, - [{kex,ssh_transport:supported_algorithms(kex)}]} + [{kex,ssh_transport:default_algorithms(kex)}]} ]), ct:sleep(500), -- cgit v1.2.3 From 23bdf367342d15cb3e9064df82faa285d021202d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 28 Sep 2015 13:09:01 +0200 Subject: ssh: ECDSA public key implemented --- lib/ssh/src/ssh_auth.erl | 84 ++++++++++++++++++++++------------ lib/ssh/src/ssh_auth.hrl | 2 - lib/ssh/src/ssh_connection_handler.erl | 12 ++--- lib/ssh/src/ssh_file.erl | 63 +++++++++++++++---------- lib/ssh/src/ssh_message.erl | 32 +++++++++++-- lib/ssh/src/ssh_transport.erl | 64 +++++++++++++++++++------- 6 files changed, 174 insertions(+), 83 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 726f52132f..0c16e19701 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -31,8 +31,7 @@ -export([publickey_msg/1, password_msg/1, keyboard_interactive_msg/1, service_request_msg/1, init_userauth_request_msg/1, userauth_request_msg/1, handle_userauth_request/3, - handle_userauth_info_request/3, handle_userauth_info_response/2, - default_public_key_algorithms/0 + handle_userauth_info_request/3, handle_userauth_info_response/2 ]). %%-------------------------------------------------------------------- @@ -42,27 +41,29 @@ publickey_msg([Alg, #ssh{user = User, session_id = SessionId, service = Service, opts = Opts} = Ssh]) -> - Hash = sha, %% Maybe option?! KeyCb = proplists:get_value(key_cb, Opts, ssh_file), - case KeyCb:user_key(Alg, Opts) of {ok, Key} -> StrAlgo = algorithm_string(Alg), - PubKeyBlob = encode_public_key(Key), - SigData = build_sig_data(SessionId, - User, Service, PubKeyBlob, StrAlgo), - Sig = ssh_transport:sign(SigData, Hash, Key), - SigBlob = list_to_binary([?string(StrAlgo), ?binary(Sig)]), - ssh_transport:ssh_packet( - #ssh_msg_userauth_request{user = User, - service = Service, - method = "publickey", - data = [?TRUE, - ?string(StrAlgo), - ?binary(PubKeyBlob), - ?binary(SigBlob)]}, - Ssh); + case encode_public_key(StrAlgo, Key) of + not_ok -> + not_ok; + PubKeyBlob -> + SigData = build_sig_data(SessionId, + User, Service, PubKeyBlob, StrAlgo), + Sig = ssh_transport:sign(SigData, Hash, Key), + SigBlob = list_to_binary([?string(StrAlgo), ?binary(Sig)]), + ssh_transport:ssh_packet( + #ssh_msg_userauth_request{user = User, + service = Service, + method = "publickey", + data = [?TRUE, + ?string(StrAlgo), + ?binary(PubKeyBlob), + ?binary(SigBlob)]}, + Ssh) + end; _Error -> not_ok end. @@ -121,7 +122,7 @@ init_userauth_request_msg(#ssh{opts = Opts} = Ssh) -> Algs = proplists:get_value(public_key, proplists:get_value(preferred_algorithms, Opts, []), - default_public_key_algorithms()), + ssh_transport:default_algorithms(public_key)), Prefs = method_preference(Algs), ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, userauth_preference = Prefs, @@ -355,8 +356,6 @@ handle_userauth_info_response(#ssh_msg_userauth_info_response{}, language = "en"}). -default_public_key_algorithms() -> ?PREFERRED_PK_ALGS. - %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- @@ -431,10 +430,13 @@ build_sig_data(SessionId, User, Service, KeyBlob, Alg) -> ?binary(KeyBlob)], list_to_binary(Sig). -algorithm_string('ssh-rsa') -> - "ssh-rsa"; -algorithm_string('ssh-dss') -> - "ssh-dss". +algorithm_string('ssh-rsa') -> "ssh-rsa"; +algorithm_string('ssh-dss') -> "ssh-dss"; +algorithm_string('ecdsa-sha2-nistp256') -> "ecdsa-sha2-nistp256"; +algorithm_string('ecdsa-sha2-nistp384') -> "ecdsa-sha2-nistp384"; +algorithm_string('ecdsa-sha2-nistp521') -> "ecdsa-sha2-nistp521". + + decode_keyboard_interactive_prompts(_NumPrompts, Data) -> ssh_message:decode_keyboard_interactive_prompts(Data, []). @@ -497,11 +499,35 @@ decode_public_key_v2(<> , "ssh-dss") -> {ok, {Y, #'Dss-Parms'{p = P, q = Q, g = G}}}; - +decode_public_key_v2(<> for example + ?UINT32(Len2), Blob:Len2/binary>>, + Curve) -> + Id = + case Curve of + "ecdsa-sha2-nistp256" -> <<"nistp256">>; + "ecdsa-sha2-nistp384" -> <<"nistp384">>; + "ecdsa-sha2-nistp521" -> <<"nistp521">> + end, + {ok, {#'ECPoint'{point=Blob}, Id}}; decode_public_key_v2(_, _) -> {error, bad_format}. -encode_public_key(#'RSAPrivateKey'{publicExponent = E, modulus = N}) -> +encode_public_key("ssh-rsa", #'RSAPrivateKey'{publicExponent = E, modulus = N}) -> ssh_bits:encode(["ssh-rsa",E,N], [string,mpint,mpint]); -encode_public_key(#'DSAPrivateKey'{p = P, q = Q, g = G, y = Y}) -> - ssh_bits:encode(["ssh-dss",P,Q,G,Y], [string,mpint,mpint,mpint,mpint]). +encode_public_key("ssh-dss", #'DSAPrivateKey'{p = P, q = Q, g = G, y = Y}) -> + ssh_bits:encode(["ssh-dss",P,Q,G,Y], [string,mpint,mpint,mpint,mpint]); +encode_public_key("ecdsa-sha2-"++Curve, #'ECPrivateKey'{parameters = Params, + publicKey = Pub}) -> + Id = ecdsa_id(Params), + if + Id =/= Curve -> + not_ok; + true -> + ssh_bits:encode(["ecdsa-sha2-"++Id, Id, Pub], + [string, string, binary]) + end. + +ecdsa_id({namedCurve,?'secp256r1'}) -> "nistp256"; +ecdsa_id({namedCurve,?'secp384r1'}) -> "nistp384"; +ecdsa_id({namedCurve,?'secp521r1'}) -> "nistp521". diff --git a/lib/ssh/src/ssh_auth.hrl b/lib/ssh/src/ssh_auth.hrl index 71f222f6d7..5197a42fa4 100644 --- a/lib/ssh/src/ssh_auth.hrl +++ b/lib/ssh/src/ssh_auth.hrl @@ -24,8 +24,6 @@ -define(SUPPORTED_AUTH_METHODS, "publickey,keyboard-interactive,password"). --define(PREFERRED_PK_ALGS, ['ssh-rsa','ssh-dss']). - -define(SSH_MSG_USERAUTH_REQUEST, 50). -define(SSH_MSG_USERAUTH_FAILURE, 51). -define(SSH_MSG_USERAUTH_SUCCESS, 52). diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index ee1dd5c9ce..7fb86c1108 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1266,9 +1266,9 @@ supported_host_keys(client, _, Options) -> proplists:get_value(preferred_algorithms,Options,[]) ) of undefined -> - ssh_auth:default_public_key_algorithms(); + ssh_transport:default_algorithms(public_key); L -> - L -- (L--ssh_auth:default_public_key_algorithms()) + L -- (L--ssh_transport:default_algorithms(public_key)) end of [] -> @@ -1280,21 +1280,17 @@ supported_host_keys(client, _, Options) -> {stop, {shutdown, Reason}} end; supported_host_keys(server, KeyCb, Options) -> - Algs= [atom_to_list(A) || A <- proplists:get_value(public_key, proplists:get_value(preferred_algorithms,Options,[]), - ssh_auth:default_public_key_algorithms() + ssh_transport:default_algorithms(public_key) ), available_host_key(KeyCb, A, Options) - ], - Algs. - + ]. %% Alg :: atom() available_host_key(KeyCb, Alg, Opts) -> element(1, catch KeyCb:host_key(Alg, Opts)) == ok. - send_msg(Msg, #state{socket = Socket, transport_cb = Transport}) -> Transport:send(Socket, Msg). diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl index b98a8a8410..4e6d58cbff 100644 --- a/lib/ssh/src/ssh_file.erl +++ b/lib/ssh/src/ssh_file.erl @@ -52,8 +52,20 @@ host_key(Algorithm, Opts) -> %% so probably we could hardcod Password = ignore, but %% we keep it as an undocumented option for now. Password = proplists:get_value(identity_pass_phrase(Algorithm), Opts, ignore), - decode(File, Password). - + case decode(File, Password) of + {ok,Key} -> + case {Key,Algorithm} of + {#'RSAPrivateKey'{}, 'ssh-rsa'} -> {ok,Key}; + {#'DSAPrivateKey'{}, 'ssh-dss'} -> {ok,Key}; + {#'ECPrivateKey'{parameters = {namedCurve, ?'secp256r1'}}, 'ecdsa-sha2-nistp256'} -> {ok,Key}; + {#'ECPrivateKey'{parameters = {namedCurve, ?'secp384r1'}}, 'ecdsa-sha2-nistp384'} -> {ok,Key}; + {#'ECPrivateKey'{parameters = {namedCurve, ?'secp521r1'}}, 'ecdsa-sha2-nistp521'} -> {ok,Key}; + _ -> + {error,bad_keytype_in_file} + end; + Other -> + Other + end. is_auth_key(Key, User,Opts) -> case lookup_user_key(Key, User, Opts) of @@ -81,16 +93,15 @@ user_key(Algorithm, Opts) -> %% Internal functions %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -file_base_name('ssh-rsa') -> - "ssh_host_rsa_key"; -file_base_name('ssh-dss') -> - "ssh_host_dsa_key"; -file_base_name(_) -> - "ssh_host_key". +file_base_name('ssh-rsa' ) -> "ssh_host_rsa_key"; +file_base_name('ssh-dss' ) -> "ssh_host_dsa_key"; +file_base_name('ecdsa-sha2-nistp256') -> "ssh_host_ecdsa_key"; +file_base_name('ecdsa-sha2-nistp384') -> "ssh_host_ecdsa_key"; +file_base_name('ecdsa-sha2-nistp521') -> "ssh_host_ecdsa_key"; +file_base_name(_ ) -> "ssh_host_key". decode(File, Password) -> - try - {ok, decode_ssh_file(read_ssh_file(File), Password)} + try {ok, decode_ssh_file(read_ssh_file(File), Password)} catch throw:Reason -> {error, Reason}; @@ -215,20 +226,18 @@ do_lookup_host_key(KeyToMatch, Host, Alg, Opts) -> Error -> Error end. -identity_key_filename('ssh-dss') -> - "id_dsa"; -identity_key_filename('ssh-rsa') -> - "id_rsa". - -identity_pass_phrase("ssh-dss") -> - dsa_pass_phrase; -identity_pass_phrase('ssh-dss') -> - dsa_pass_phrase; -identity_pass_phrase('ssh-rsa') -> - rsa_pass_phrase; -identity_pass_phrase("ssh-rsa") -> - rsa_pass_phrase. - +identity_key_filename('ssh-dss' ) -> "id_dsa"; +identity_key_filename('ssh-rsa' ) -> "id_rsa"; +identity_key_filename('ecdsa-sha2-nistp256') -> "id_ecdsa"; +identity_key_filename('ecdsa-sha2-nistp384') -> "id_ecdsa"; +identity_key_filename('ecdsa-sha2-nistp521') -> "id_ecdsa". + +identity_pass_phrase("ssh-dss" ) -> dsa_pass_phrase; +identity_pass_phrase("ssh-rsa" ) -> rsa_pass_phrase; +identity_pass_phrase("ecdsa-sha2-"++_) -> ecdsa_pass_phrase; +identity_pass_phrase(P) when is_atom(P) -> + identity_pass_phrase(atom_to_list(P)). + lookup_host_key_fd(Fd, KeyToMatch, Host, KeyType) -> case io:get_line(Fd, '') of eof -> @@ -267,6 +276,12 @@ key_match(#'RSAPublicKey'{}, 'ssh-rsa') -> true; key_match({_, #'Dss-Parms'{}}, 'ssh-dss') -> true; +key_match({#'ECPoint'{},<<"nistp256">>}, 'ecdsa-sha2-nistp256') -> + true; +key_match({#'ECPoint'{},<<"nistp384">>}, 'ecdsa-sha2-nistp384') -> + true; +key_match({#'ECPoint'{},<<"nistp521">>}, 'ecdsa-sha2-nistp521') -> + true; key_match(_, _) -> false. diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index cb1dcb67c5..cfa11903fb 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -564,9 +564,11 @@ decode_kex_init(<>, Acc, N) -> decode_sign(<>) -> Signature. + decode_host_key(<>) -> decode_host_key(Alg, Rest). + decode_host_key(<<"ssh-rsa">>, <>) -> #'RSAPublicKey'{publicExponent = E, @@ -579,19 +581,43 @@ decode_host_key(<<"ssh-dss">>, ?UINT32(Len3), Y:Len3/big-signed-integer-unit:8>>) -> {Y, #'Dss-Parms'{p = P, q = Q, - g = G}}. + g = G}}; + +decode_host_key(<<"ecdsa-sha2-",Id/binary>>, + <> for example + ?UINT32(Len1), Blob:Len1/binary>>) -> + {#'ECPoint'{point=Blob}, Id}. + encode_host_key(#'RSAPublicKey'{modulus = N, publicExponent = E}) -> ssh_bits:encode(["ssh-rsa", E, N], [string, mpint, mpint]); encode_host_key({Y, #'Dss-Parms'{p = P, q = Q, g = G}}) -> ssh_bits:encode(["ssh-dss", P, Q, G, Y], [string, mpint, mpint, mpint, mpint]); +encode_host_key({#'ECPoint'{point = Q}, Id}) -> + ssh_bits:encode([<<"ecdsa-sha2-",Id/binary>>,Id,Q], [binary,binary,binary]); + encode_host_key(#'RSAPrivateKey'{modulus = N, publicExponent = E}) -> ssh_bits:encode(["ssh-rsa", E, N], [string, mpint, mpint]); encode_host_key(#'DSAPrivateKey'{y = Y, p = P, q = Q, g = G}) -> ssh_bits:encode(["ssh-dss", P, Q, G, Y], - [string, mpint, mpint, mpint, mpint]). + [string, mpint, mpint, mpint, mpint]); +encode_host_key(#'ECPrivateKey'{parameters = Params, %{namedCurve,{1,2,840,10045,3,1,7}}, + publicKey = Pub}) -> + Id = ecdsa_id(Params), + ssh_bits:encode(["ecdsa-sha2-"++Id, Id, Pub], + [string, string, binary]). + + encode_sign(#'RSAPrivateKey'{}, Signature) -> ssh_bits:encode(["ssh-rsa", Signature],[string, binary]); encode_sign(#'DSAPrivateKey'{}, Signature) -> - ssh_bits:encode(["ssh-dss", Signature],[string, binary]). + ssh_bits:encode(["ssh-dss", Signature],[string, binary]); +encode_sign(#'ECPrivateKey'{parameters = Params}, Signature) -> + Id = "ecdsa-sha2-" ++ ecdsa_id(Params), + ssh_bits:encode([Id, Signature],[string, binary]). + + +ecdsa_id({namedCurve,?'secp256r1'}) -> "nistp256"; +ecdsa_id({namedCurve,?'secp384r1'}) -> "nistp384"; +ecdsa_id({namedCurve,?'secp521r1'}) -> "nistp521". diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 840564e246..8030c1dc25 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -65,7 +65,8 @@ default_algorithms() -> [{K,default_algorithms(K)} || K <- algo_classes()]. algo_classes() -> [kex, public_key, cipher, mac, compression]. -default_algorithms(kex) -> supported_algorithms(kex, []); %% Just to have a call... +default_algorithms(kex) -> + supported_algorithms(kex, []); %% Just to have a call to supported_algorithms/2 default_algorithms(Alg) -> supported_algorithms(Alg). @@ -84,7 +85,14 @@ supported_algorithms(kex) -> {'diffie-hellman-group1-sha1', [{public_keys,dh}, {hashs,sha}]} ]); supported_algorithms(public_key) -> - ssh_auth:default_public_key_algorithms(); + select_crypto_supported( + [{'ecdsa-sha2-nistp256', [{public_keys,ecdsa}, {hashs,sha256}, {ec_curve,secp256r1}]}, + {'ecdsa-sha2-nistp384', [{public_keys,ecdsa}, {hashs,sha384}, {ec_curve,secp384r1}]}, + {'ecdsa-sha2-nistp521', [{public_keys,ecdsa}, {hashs,sha512}, {ec_curve,secp521r1}]}, + {'ssh-rsa', [{public_keys,rsa}, {hashs,sha} ]}, + {'ssh-dss', [{public_keys,dss}, {hashs,sha} ]} + ]); + supported_algorithms(cipher) -> same( select_crypto_supported( @@ -640,33 +648,40 @@ get_host_key(SSH) -> #ssh{key_cb = Mod, opts = Opts, algorithms = ALG} = SSH, case Mod:host_key(ALG#alg.hkey, Opts) of - {ok, #'RSAPrivateKey'{} = Key} -> - Key; - {ok, #'DSAPrivateKey'{} = Key} -> - Key; + {ok, #'RSAPrivateKey'{} = Key} -> Key; + {ok, #'DSAPrivateKey'{} = Key} -> Key; + {ok, #'ECPrivateKey'{} = Key} -> Key; Result -> exit({error, {Result, unsupported_key_type}}) end. -sign_host_key(_Ssh, #'RSAPrivateKey'{} = Private, H) -> - Hash = sha, - _Signature = sign(H, Hash, Private); -sign_host_key(_Ssh, #'DSAPrivateKey'{} = Private, H) -> - Hash = sha, - _RawSignature = sign(H, Hash, Private). +sign_host_key(_Ssh, PrivateKey, H) -> + sign(H, sign_host_key_sha(PrivateKey), PrivateKey). + +sign_host_key_sha(#'ECPrivateKey'{parameters = {namedCurve, ?'secp256r1'}}) -> sha256; +sign_host_key_sha(#'ECPrivateKey'{parameters = {namedCurve, ?'secp384r1'}}) -> sha384; +sign_host_key_sha(#'ECPrivateKey'{parameters = {namedCurve, ?'secp521r1'}}) -> sha512; +sign_host_key_sha(#'RSAPrivateKey'{}) -> sha; +sign_host_key_sha(#'DSAPrivateKey'{}) -> sha. + verify_host_key(SSH, PublicKey, Digest, Signature) -> - case verify(Digest, sha, Signature, PublicKey) of + case verify(Digest, host_key_sha(PublicKey), Signature, PublicKey) of false -> {error, bad_signature}; true -> known_host_key(SSH, PublicKey, public_algo(PublicKey)) end. -public_algo(#'RSAPublicKey'{}) -> - 'ssh-rsa'; -public_algo({_, #'Dss-Parms'{}}) -> - 'ssh-dss'. +host_key_sha(#'RSAPublicKey'{}) -> sha; +host_key_sha({_, #'Dss-Parms'{}}) -> sha; +host_key_sha({#'ECPoint'{},Id}) -> sha(list_to_atom(binary_to_list(Id))). + + +public_algo(#'RSAPublicKey'{}) -> 'ssh-rsa'; +public_algo({_, #'Dss-Parms'{}}) -> 'ssh-dss'; +public_algo({#'ECPoint'{},Id}) -> list_to_atom("ecdsa-sha2-" ++ binary_to_list(Id)). + accepted_host(Ssh, PeerName, Opts) -> case proplists:get_value(silently_accept_hosts, Opts, false) of @@ -906,6 +921,10 @@ sign(SigData, Hash, #'DSAPrivateKey'{} = Key) -> DerSignature = public_key:sign(SigData, Hash, Key), #'Dss-Sig-Value'{r = R, s = S} = public_key:der_decode('Dss-Sig-Value', DerSignature), <>; +sign(SigData, Hash, Key = #'ECPrivateKey'{}) -> + DerEncodedSign = public_key:sign(SigData, Hash, Key), + #'ECDSA-Sig-Value'{r=R, s=S} = public_key:der_decode('ECDSA-Sig-Value', DerEncodedSign), + ssh_bits:encode([R,S], [mpint,mpint]); sign(SigData, Hash, Key) -> public_key:sign(SigData, Hash, Key). @@ -913,6 +932,17 @@ verify(PlainText, Hash, Sig, {_, #'Dss-Parms'{}} = Key) -> <> = Sig, Signature = public_key:der_encode('Dss-Sig-Value', #'Dss-Sig-Value'{r = R, s = S}), public_key:verify(PlainText, Hash, Signature, Key); +verify(PlainText, Hash, Sig, {ECPoint=#'ECPoint'{}, Param}) -> + C = case Param of + <<"nistp256">> -> {namedCurve, ?'secp256r1'}; + <<"nistp384">> -> {namedCurve, ?'secp384r1'}; + <<"nistp521">> -> {namedCurve, ?'secp521r1'} + end, + <> = Sig, + Sval = #'ECDSA-Sig-Value'{r=R, s=S}, + DerEncodedSig = public_key:der_encode('ECDSA-Sig-Value',Sval), + public_key:verify(PlainText, Hash, DerEncodedSig, {ECPoint,C}); verify(PlainText, Hash, Sig, Key) -> public_key:verify(PlainText, Hash, Sig, Key). -- cgit v1.2.3 From 4a356cf070e197cec375b562891af8fe9634c306 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 1 Oct 2015 12:10:03 +0200 Subject: ssh: document new pub key algorithms --- lib/ssh/doc/src/ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 93bea09e4e..c7a09d65a8 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -40,7 +40,7 @@ For application dependencies see ssh(6) Supported SSH version is 2.0. - Supported public key algorithms: ssh-rsa and ssh-dss. + Supported public key algorithms:ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa and ssh-dss. Supported MAC algorithms: hmac-sha2-512, hmac-sha2-256 and hmac-sha1. Supported MAC algorithms: hmac-sha2-256 and hmac-sha1. Supported encryption algorithms: aes256-ctr, aes192-ctr, aes128-ctr, aes128-cb and 3des-cbc. -- cgit v1.2.3 From 84df3d4d0278e21a36a453bfee94799f0df67c2a Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 6 Oct 2015 21:18:23 +0200 Subject: ssh: Option max_channels added. It actually counts the number of subsystem alive. Allocating a channel does not consume any resources (except some cpu cycles), but the subsystem start spawns processes. --- lib/ssh/doc/src/ssh.xml | 9 +++++ lib/ssh/src/ssh.erl | 4 ++ lib/ssh/src/ssh_connection.erl | 27 ++++++++++--- lib/ssh/test/ssh_connection_SUITE.erl | 75 ++++++++++++++++++++++++++++++++++- 4 files changed, 108 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index cf5e8f1aff..37ed016099 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -501,6 +501,15 @@ kex is implicit but public_key is set explicitly.

 + + +

The maximum number of channels with active remote subsystem that are accepted for + each connection to this daemon

+

By default, this option is not set. This means that the number is not limited. +

+ + +

If set to false (the default value), only one login is handled at a time. diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 132de71aed..ee44324c12 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -385,6 +385,8 @@ handle_option([{rekey_limit, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{max_sessions, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{max_channels, _} = Opt|Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{negotiation_timeout, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{parallel_login, _} = Opt|Rest], SocketOptions, SshOptions) -> @@ -443,6 +445,8 @@ handle_ssh_option({connect_timeout, Value} = Opt) when is_integer(Value); Value Opt; handle_ssh_option({max_sessions, Value} = Opt) when is_integer(Value), Value>0 -> Opt; +handle_ssh_option({max_channels, Value} = Opt) when is_integer(Value), Value>0 -> + Opt; handle_ssh_option({negotiation_timeout, Value} = Opt) when is_integer(Value); Value == infinity -> Opt; handle_ssh_option({parallel_login, Value} = Opt) when Value==true ; Value==false -> diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index 64d2113125..266c64fd4f 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -935,14 +935,27 @@ encode_ip(Addr) when is_list(Addr) -> end end. -start_channel(Cb, Id, Args, SubSysSup) -> - start_channel(Cb, Id, Args, SubSysSup, undefined). +start_channel(Cb, Id, Args, SubSysSup, Opts) -> + start_channel(Cb, Id, Args, SubSysSup, undefined, Opts). -start_channel(Cb, Id, Args, SubSysSup, Exec) -> +start_channel(Cb, Id, Args, SubSysSup, Exec, Opts) -> ChildSpec = child_spec(Cb, Id, Args, Exec), ChannelSup = ssh_subsystem_sup:channel_supervisor(SubSysSup), + assert_limit_num_channels_not_exceeded(ChannelSup, Opts), ssh_channel_sup:start_child(ChannelSup, ChildSpec). +assert_limit_num_channels_not_exceeded(ChannelSup, Opts) -> + MaxNumChannels = proplists:get_value(max_channels, Opts, infinity), + NumChannels = length([x || {_,_,worker,[ssh_channel]} <- + supervisor:which_children(ChannelSup)]), + if + %% Note that NumChannels is BEFORE starting a new one + NumChannels < MaxNumChannels -> + ok; + true -> + throw(max_num_channels_exceeded) + end. + %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- @@ -998,9 +1011,11 @@ child_spec(Callback, Id, Args, Exec) -> start_cli(#connection{cli_spec = no_cli}, _) -> {error, cli_disabled}; -start_cli(#connection{cli_spec = {CbModule, Args}, exec = Exec, +start_cli(#connection{options = Options, + cli_spec = {CbModule, Args}, + exec = Exec, sub_system_supervisor = SubSysSup}, ChannelId) -> - start_channel(CbModule, ChannelId, Args, SubSysSup, Exec). + start_channel(CbModule, ChannelId, Args, SubSysSup, Exec, Options). start_subsytem(BinName, #connection{options = Options, sub_system_supervisor = SubSysSup}, @@ -1008,7 +1023,7 @@ start_subsytem(BinName, #connection{options = Options, Name = binary_to_list(BinName), case check_subsystem(Name, Options) of {Callback, Opts} when is_atom(Callback), Callback =/= none -> - start_channel(Callback, ChannelId, Opts, SubSysSup); + start_channel(Callback, ChannelId, Opts, SubSysSup, Options); {Other, _} when Other =/= none -> {error, legacy_option_not_supported} end. diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index fbcf06290a..37bba07440 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -48,7 +48,8 @@ all() -> gracefull_invalid_long_start, gracefull_invalid_long_start_no_nl, stop_listener, - start_subsystem_on_closed_channel + start_subsystem_on_closed_channel, + max_channels_option ]. groups() -> [{openssh, [], payload() ++ ptty()}]. @@ -605,6 +606,78 @@ start_subsystem_on_closed_channel(Config) -> ssh:close(ConnectionRef), ssh:stop_daemon(Pid). +%%-------------------------------------------------------------------- +max_channels_option() -> + [{doc, "Test max_channels option"}]. + +max_channels_option(Config) when is_list(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {max_channels, 3}, + {subsystems, [{"echo_n", {ssh_echo_server, [4000000]}}]} + ]), + + ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, true}, + {user_dir, UserDir}]), + + {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), + {ok, ChannelId1} = ssh_connection:session_channel(ConnectionRef, infinity), + {ok, ChannelId2} = ssh_connection:session_channel(ConnectionRef, infinity), + {ok, ChannelId3} = ssh_connection:session_channel(ConnectionRef, infinity), + {ok, ChannelId4} = ssh_connection:session_channel(ConnectionRef, infinity), + {ok, ChannelId5} = ssh_connection:session_channel(ConnectionRef, infinity), + {ok, _ChannelId6} = ssh_connection:session_channel(ConnectionRef, infinity), + + %%%---- shell + ok = ssh_connection:shell(ConnectionRef,ChannelId0), + receive + {ssh_cm,ConnectionRef, {data, ChannelId0, 0, <<"Eshell",_/binary>>}} -> + ok + after 5000 -> + ct:fail("CLI Timeout") + end, + + %%%---- subsystem "echo_n" + success = ssh_connection:subsystem(ConnectionRef, ChannelId1, "echo_n", infinity), + + %%%---- exec #1 + success = ssh_connection:exec(ConnectionRef, ChannelId2, "testing1.\n", infinity), + receive + {ssh_cm, ConnectionRef, {data, ChannelId2, 0, <<"testing1",_/binary>>}} -> + ok + after 5000 -> + ct:fail("Exec #1 Timeout") + end, + + %%%---- ptty + success = ssh_connection:ptty_alloc(ConnectionRef, ChannelId3, []), + + %%%---- exec #2 + failure = ssh_connection:exec(ConnectionRef, ChannelId4, "testing2.\n", infinity), + + %%%---- close the shell + ok = ssh_connection:send(ConnectionRef, ChannelId0, "exit().\n", 5000), + + %%%---- exec #3 + success = ssh_connection:exec(ConnectionRef, ChannelId5, "testing3.\n", infinity), + receive + {ssh_cm, ConnectionRef, {data, ChannelId5, 0, <<"testing3",_/binary>>}} -> + ok + after 5000 -> + ct:fail("Exec #3 Timeout") + end, + + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). + %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- -- cgit v1.2.3 From e5d5c462c09b631af417347154a04378f6186778 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 8 Oct 2015 19:05:43 +0200 Subject: ssh: update vsn.mk --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index b305eedcdc..997c544c45 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,4 +1,4 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 4.1 +SSH_VSN = 4.1.1 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 38be5f936a3ed12a01f4f4441dbaa6b4d084d01f Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 9 Oct 2015 12:42:32 +0200 Subject: ssh: added 'after' to receive stmts in test/ --- lib/ssh/test/ssh_basic_SUITE.erl | 20 +++++++++++++++++-- lib/ssh/test/ssh_connection_SUITE.erl | 36 ++++++++++++++++++++++++++++++++++- lib/ssh/test/ssh_options_SUITE.erl | 14 +++++++++++--- lib/ssh/test/ssh_protocol_SUITE.erl | 2 ++ lib/ssh/test/ssh_sftp_SUITE.erl | 6 ++++++ lib/ssh/test/ssh_sftpd_SUITE.erl | 2 ++ lib/ssh/test/ssh_test_lib.erl | 6 +++++- lib/ssh/test/ssh_to_openssh_SUITE.erl | 10 +++++++++- 8 files changed, 88 insertions(+), 8 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 7f1a64f094..24d8a4e53c 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -473,6 +473,8 @@ shell(Config) when is_list(Config) -> ErlShellStart -> ct:log("Erlang shell start: ~p~n", [ErlShellStart]), do_shell(IO, Shell) + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. %%-------------------------------------------------------------------- @@ -501,11 +503,15 @@ cli(Config) when is_list(Config) -> {ssh_cm, ConnectionRef, {data,0,0, <<"\r\nYou are accessing a dummy, type \"q\" to exit\r\n\n">>}} -> ok = ssh_connection:send(ConnectionRef, ChannelId, <<"q">>) + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, receive {ssh_cm, ConnectionRef,{closed, ChannelId}} -> ok + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. %%-------------------------------------------------------------------- @@ -644,7 +650,7 @@ peername_sockname(Config) when is_list(Config) -> host_equal(HostSockSrv, Host), PortSockSrv = Port after 10000 -> - throw(timeout) + ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. host_equal(H1, H2) -> @@ -678,7 +684,7 @@ close(Config) when is_list(Config) -> {ssh_cm, Client,{closed, ChannelId}} -> ok after 5000 -> - ct:fail(timeout) + ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. %%-------------------------------------------------------------------- @@ -876,22 +882,32 @@ do_shell(IO, Shell) -> receive Echo0 -> ct:log("Echo: ~p ~n", [Echo0]) + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, receive ?NEWLINE -> ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, receive Result0 = <<"2">> -> ct:log("Result: ~p~n", [Result0]) + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, receive ?NEWLINE -> ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, receive ErlPrompt1 -> ct:log("Erlang prompt: ~p~n", [ErlPrompt1]) + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, exit(Shell, kill). %%Does not seem to work in the testserver! diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index fbcf06290a..dc7476f761 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -119,20 +119,28 @@ simple_exec(Config) when is_list(Config) -> receive {ssh_cm, ConnectionRef, {data, ChannelId0, 0, <<"testing\n">>}} -> ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, %% receive close messages receive {ssh_cm, ConnectionRef, {eof, ChannelId0}} -> ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, receive {ssh_cm, ConnectionRef, {exit_status, ChannelId0, 0}} -> ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, receive {ssh_cm, ConnectionRef,{closed, ChannelId0}} -> ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. %%-------------------------------------------------------------------- @@ -154,20 +162,28 @@ small_cat(Config) when is_list(Config) -> receive {ssh_cm, ConnectionRef, {data, ChannelId0, 0, Data}} -> ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, %% receive close messages receive {ssh_cm, ConnectionRef, {eof, ChannelId0}} -> ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, receive {ssh_cm, ConnectionRef, {exit_status, ChannelId0, 0}} -> ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, receive {ssh_cm, ConnectionRef,{closed, ChannelId0}} -> ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. %%-------------------------------------------------------------------- big_cat() -> @@ -211,11 +227,15 @@ big_cat(Config) when is_list(Config) -> %% receive close messages (eof already consumed) receive {ssh_cm, ConnectionRef, {exit_status, ChannelId0, 0}} -> - ok + ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, receive {ssh_cm, ConnectionRef,{closed, ChannelId0}} -> ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. %%-------------------------------------------------------------------- @@ -234,14 +254,20 @@ send_after_exit(Config) when is_list(Config) -> receive {ssh_cm, ConnectionRef, {eof, ChannelId0}} -> ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, receive {ssh_cm, ConnectionRef, {exit_status, ChannelId0, _ExitStatus}} -> ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, receive {ssh_cm, ConnectionRef,{closed, ChannelId0}} -> ok + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, case ssh_connection:send(ConnectionRef, ChannelId0, Data, 2000) of {error, closed} -> ok; @@ -455,6 +481,8 @@ gracefull_invalid_version(Config) when is_list(Config) -> {tcp_closed, S} -> ok end + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. gracefull_invalid_start(Config) when is_list(Config) -> @@ -475,6 +503,8 @@ gracefull_invalid_start(Config) when is_list(Config) -> {tcp_closed, S} -> ok end + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. gracefull_invalid_long_start(Config) when is_list(Config) -> @@ -495,6 +525,8 @@ gracefull_invalid_long_start(Config) when is_list(Config) -> {tcp_closed, S} -> ok end + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. @@ -516,6 +548,8 @@ gracefull_invalid_long_start_no_nl(Config) when is_list(Config) -> {tcp_closed, S} -> ok end + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. stop_listener() -> diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl index d64c78da35..cf15ca4253 100644 --- a/lib/ssh/test/ssh_options_SUITE.erl +++ b/lib/ssh/test/ssh_options_SUITE.erl @@ -656,6 +656,8 @@ ssh_connect_arg4_timeout(_Config) -> %% Get listening port Port = receive {port,Server,ServerPort} -> ServerPort + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, %% try to connect with a timeout, but "supervise" it @@ -861,6 +863,8 @@ ssh_connect_nonegtimeout_connected(Config, Parallel) -> ct:sleep(round(Factor * NegTimeOut)), one_shell_op(IO, NegTimeOut) + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, exit(Shell, kill). @@ -869,13 +873,13 @@ one_shell_op(IO, TimeOut) -> ct:log("One shell op: Waiting for prompter"), receive ErlPrompt0 -> ct:log("Erlang prompt: ~p~n", [ErlPrompt0]) - after TimeOut -> ct:fail("Timeout waiting for promter") + after TimeOut -> ct:fail("Timeout waiting for promter") end, IO ! {input, self(), "2*3*7.\r\n"}, receive Echo0 -> ct:log("Echo: ~p ~n", [Echo0]) - after TimeOut -> ct:fail("Timeout waiting for echo") + after TimeOut -> ct:fail("Timeout waiting for echo") end, receive @@ -888,7 +892,7 @@ one_shell_op(IO, TimeOut) -> receive Result0 -> ct:log("Result: ~p~n", [Result0]) - after TimeOut -> ct:fail("Timeout waiting for result") + after TimeOut -> ct:fail("Timeout waiting for result") end. %%-------------------------------------------------------------------- @@ -1016,9 +1020,13 @@ fake_daemon(_Config) -> {ok,S} = Rsa, receive {tcp, S, Id} -> Parent ! {id,self(),Id} + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end end), %% Get listening host and port receive {sockname,Server,ServerHost,ServerPort} -> {Server, ServerHost, ServerPort} + after + 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 406f8e5960..743282ce9c 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -327,6 +327,8 @@ no_common_alg_client_disconnects(Config) -> X -> ct:log("¤¤¤¤¤"), ct:fail(X) + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. %%%-------------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 32fdec9842..698af259c8 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -526,6 +526,8 @@ async_read(Config) when is_list(Config) -> ok; Msg -> ct:fail(Msg) + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. %%-------------------------------------------------------------------- async_write() -> @@ -593,6 +595,8 @@ pos_read(Config) when is_list(Config) -> ok; Msg -> ct:fail(Msg) + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, NewData1 = "hopp", @@ -618,6 +622,8 @@ pos_write(Config) when is_list(Config) -> ok; Msg -> ct:fail(Msg) + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end, ok = ssh_sftp:pwrite(Sftp, Handle, eof, list_to_binary("!")), diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl index 94a54ec9db..6b03a2b763 100644 --- a/lib/ssh/test/ssh_sftpd_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_SUITE.erl @@ -683,6 +683,8 @@ reply(Cm, Channel, RBuf) -> closed; {ssh_cm, Cm, Msg} -> ct:fail(Msg) + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index cc3ebf8151..87eaeec1bc 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -163,7 +163,9 @@ loop_io_server(TestCase, Buff0) -> {'EXIT',_, _} -> erlang:display('ssh_test_lib:loop_io_server/2 EXIT'), ok - end. + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) + end. io_request({put_chars, Chars}, TestCase, _, _, Buff) -> reply(TestCase, Chars), @@ -212,6 +214,8 @@ receive_exec_result(Msg) -> Other -> ct:log("Other ~p", [Other]), {unexpected_msg, Other} + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index c0dee6a1d3..026fe545c1 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -653,6 +653,8 @@ receive_hej() -> ct:log("Extra info: ~p~n", [Info]), receive_hej() end + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. receive_logout() -> @@ -662,11 +664,15 @@ receive_logout() -> receive <<"Connection closed">> -> ok + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end; Info -> ct:log("Extra info when logging out: ~p~n", [Info]), receive_logout() - end. + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) + end. receive_normal_exit(Shell) -> receive @@ -676,6 +682,8 @@ receive_normal_exit(Shell) -> receive_normal_exit(Shell); Other -> ct:fail({unexpected_msg, Other}) + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. extra_logout() -> -- cgit v1.2.3 From 93a49adc5a174a034bba0431f1e8119a1f30dec6 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 12 Oct 2015 12:59:04 +0200 Subject: ssh: updatated spec for ssh:daemon --- lib/ssh/src/ssh.erl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 132de71aed..15591fb4a7 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -117,9 +117,9 @@ channel_info(ConnectionRef, ChannelId, Options) -> ssh_connection_handler:channel_info(ConnectionRef, ChannelId, Options). %%-------------------------------------------------------------------- --spec daemon(integer()) -> {ok, pid()}. --spec daemon(integer(), proplists:proplist()) -> {ok, pid()}. --spec daemon(any | inet:ip_address(), integer(), proplists:proplist()) -> {ok, pid()}. +-spec daemon(integer()) -> {ok, pid()} | {error, term()}. +-spec daemon(integer(), proplists:proplist()) -> {ok, pid()} | {error, term()}. +-spec daemon(any | inet:ip_address(), integer(), proplists:proplist()) -> {ok, pid()} | {error, term()}. %% Description: Starts a server listening for SSH connections %% on the given port. -- cgit v1.2.3 From 929709c2a0aa26b31b59b4c04e2534dd906b4afc Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 12 Oct 2015 14:38:21 +0200 Subject: ssh: add info on GEX algos in ssh_alghoritms:init_suite --- lib/ssh/test/ssh_algorithms_SUITE.erl | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 1188b324ba..9f388de2a7 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -23,6 +23,7 @@ -module(ssh_algorithms_SUITE). -include_lib("common_test/include/ct.hrl"). +-include_lib("ssh/src/ssh_transport.hrl"). %% Note: This directive should only be used in test suites. -compile(export_all). @@ -72,11 +73,19 @@ init_per_suite(Config) -> "OS ssh:~n=======~n~p~n~n~n" "Erl ssh:~n========~n~p~n~n~n" "Installed ssh client:~n=====================~n~p~n~n~n" - "Installed ssh server:~n=====================~n~p~n~n~n", - [os:cmd("ssh -V"), + "Installed ssh server:~n=====================~n~p~n~n~n" + "Misc values:~n============~n" + " -- Default dh group exchange parameters ({min,def,max}): ~p~n" + " -- dh_default_groups: ~p~n" + " -- Max num algorithms: ~p~n" + ,[os:cmd("ssh -V"), ssh:default_algorithms(), ssh_test_lib:default_algorithms(sshc), - ssh_test_lib:default_algorithms(sshd)]), + ssh_test_lib:default_algorithms(sshd), + {?DEFAULT_DH_GROUP_MIN,?DEFAULT_DH_GROUP_NBITS,?DEFAULT_DH_GROUP_MAX}, + [KeyLen || {KeyLen,_} <- ?dh_default_groups], + ?MAX_NUM_ALGORITHMS + ]), ct:log("all() ->~n ~p.~n~ngroups()->~n ~p.~n",[all(),groups()]), catch crypto:stop(), case catch crypto:start() of @@ -271,7 +280,8 @@ specific_test_cases(Tag, Alg, SshcAlgos, SshdAlgos) -> [] end ++ case {Tag,Alg} of - {kex,'diffie-hellman-group-exchange-sha1'} -> + {kex,_} when Alg == 'diffie-hellman-group-exchange-sha1' ; + Alg == 'diffie-hellman-group-exchange-sha256' -> [simple_exec_group14, simple_exec_group15, simple_exec_group16, -- cgit v1.2.3 From ba6603d2f3b4853bfbaeecdec6413ecee19f84d4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 8 Oct 2015 16:45:28 +0200 Subject: ssh: set dh_gex default to group14 --- lib/ssh/src/ssh_transport.hrl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.hrl b/lib/ssh/src/ssh_transport.hrl index 96ab1bb668..17a0daebe3 100644 --- a/lib/ssh/src/ssh_transport.hrl +++ b/lib/ssh/src/ssh_transport.hrl @@ -33,7 +33,7 @@ -define(MAX_NUM_ALGORITHMS, 200). -define(DEFAULT_DH_GROUP_MIN, 1024). --define(DEFAULT_DH_GROUP_NBITS, 6144). +-define(DEFAULT_DH_GROUP_NBITS, 2048). -define(DEFAULT_DH_GROUP_MAX, 8192). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -- cgit v1.2.3 From dae6f3c7bf111db1b1b62b0f0c7af4bbd856d67f Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 9 Oct 2015 10:44:21 +0200 Subject: ssh: polished ssh.xml Some changes in the SSH section at top (supported algorithms). Added links to default_algorithms and preferred_algorithms in the SSH section. --- lib/ssh/doc/src/ssh.xml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index c7a09d65a8..b938da091c 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -40,19 +40,24 @@ For application dependencies see ssh(6) Supported SSH version is 2.0. - Supported public key algorithms:ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa and ssh-dss. - Supported MAC algorithms: hmac-sha2-512, hmac-sha2-256 and hmac-sha1. - Supported MAC algorithms: hmac-sha2-256 and hmac-sha1. + Supported public key algorithms: ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa and ssh-dss. + Supported MAC algorithms: hmac-sha2-256, hmac-sha2-512 and hmac-sha1. Supported encryption algorithms: aes256-ctr, aes192-ctr, aes128-ctr, aes128-cb and 3des-cbc. - Supported key exchange algorithms: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1 and diffie-hellman-group-exchange-sha256. - Supported compression algorithms: none, zlib@openssh.com, zlib + Supported key exchange algorithms: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256 and diffie-hellman-group1-sha1 + Supported compression algorithms: none, zlib@openssh.com and zlib Supports unicode filenames if the emulator and the underlaying OS support it. See section DESCRIPTION in the file manual page in kernel for information about this subject. Supports unicode in shell and CLI. - +

The actual set of algorithms can vary depending on which OpenSSL crypto library that is installed on the machine. + For the list on a particular installation, use the command default_algorithms/0. + The user may override the default algorithm configuration both on the server side and the client side. + See the option preferred_algorithms in the daemon and + connect functions. +

+
-- cgit v1.2.3 From e3f1601f4cb16ebe68f145e366f78cff9d15beae Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 13 Oct 2015 14:47:34 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 368bb0f552..0c0c947f65 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,23 @@ notes.xml +
Ssh 4.1.1 + +
Improvements and New Features + + +

+ A new option max_channels limits the number of + channels with active server-side subsystems that are + accepted.

+

+ Own Id: OTP-13036

+ + +
+ +
+
Ssh 4.1
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 28609dd161b7975f86c179a9ab54506c1d04a1fe Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 15 Oct 2015 15:58:25 +0200 Subject: ssh: Add a 1024 group to the list of key gex groups --- lib/ssh/src/ssh_transport.hrl | 3 ++- lib/ssh/vsn.mk | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.hrl b/lib/ssh/src/ssh_transport.hrl index 96ab1bb668..04e587ff34 100644 --- a/lib/ssh/src/ssh_transport.hrl +++ b/lib/ssh/src/ssh_transport.hrl @@ -258,7 +258,8 @@ {8192, {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF}}). --define(dh_default_groups, [?dh_group14, +-define(dh_default_groups, [?dh_group1, + ?dh_group14, ?dh_group15, ?dh_group16, ?dh_group17, diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 997c544c45..5bb18a656a 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,4 +1,4 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 4.1.1 +SSH_VSN = 4.1.2 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 1609b74689178627d1345f64e87d58b8249b6fde Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 8 Oct 2015 16:45:28 +0200 Subject: ssh: set dh_gex default to group14 --- lib/ssh/src/ssh_transport.hrl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.hrl b/lib/ssh/src/ssh_transport.hrl index 04e587ff34..337f455279 100644 --- a/lib/ssh/src/ssh_transport.hrl +++ b/lib/ssh/src/ssh_transport.hrl @@ -33,7 +33,7 @@ -define(MAX_NUM_ALGORITHMS, 200). -define(DEFAULT_DH_GROUP_MIN, 1024). --define(DEFAULT_DH_GROUP_NBITS, 6144). +-define(DEFAULT_DH_GROUP_NBITS, 2048). -define(DEFAULT_DH_GROUP_MAX, 8192). %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -- cgit v1.2.3 From a2235c63238e1bfa9aefa4778260c671cdd4b61b Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Thu, 15 Oct 2015 16:31:18 +0200 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 0c0c947f65..bb111c8e0e 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,21 @@ notes.xml +
Ssh 4.1.2 + +
Fixed Bugs and Malfunctions + + +

+ Add a 1024 group to the list of key group-exchange groups

+

+ Own Id: OTP-13046

+ + +
+ +
+
Ssh 4.1.1
Improvements and New Features -- cgit v1.2.3 From 01d1e4dc9a6e7ea958683ab419dea38bf576a39f Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 13 Oct 2015 09:21:02 +0200 Subject: ssh, public_key: Change EC Public Key representation to what was intended --- lib/ssh/src/ssh.hrl | 13 ++- lib/ssh/src/ssh_auth.erl | 17 ++-- lib/ssh/src/ssh_connection_handler.erl | 1 + lib/ssh/src/ssh_file.erl | 13 +-- lib/ssh/src/ssh_message.erl | 162 ++++++++++++++------------------- lib/ssh/src/ssh_transport.erl | 100 +++++++++++--------- lib/ssh/test/ssh_test_lib.erl | 11 +-- lib/ssh/test/ssh_trpt_test_lib.erl | 2 +- 8 files changed, 151 insertions(+), 168 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index da64e4abf9..fc9d60c500 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -37,13 +37,16 @@ -define(FALSE, 0). -define(TRUE, 1). %% basic binary constructors --define(BOOLEAN(X), X:8/unsigned-big-integer). --define(BYTE(X), X:8/unsigned-big-integer). --define(UINT16(X), X:16/unsigned-big-integer). --define(UINT32(X), X:32/unsigned-big-integer). --define(UINT64(X), X:64/unsigned-big-integer). +-define(BOOLEAN(X), (X):8/unsigned-big-integer). +-define(BYTE(X), (X):8/unsigned-big-integer). +-define(UINT16(X), (X):16/unsigned-big-integer). +-define(UINT32(X), (X):32/unsigned-big-integer). +-define(UINT64(X), (X):64/unsigned-big-integer). -define(STRING(X), ?UINT32((size(X))), (X)/binary). +-define(DEC_BIN(X,Len), ?UINT32(Len), X:Len/binary ). +-define(DEC_MPINT(I,Len), ?UINT32(Len), I:Len/big-signed-integer-unit:8 ). + %% building macros -define(boolean(X), case X of diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 0c16e19701..8c6ffceb4b 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -500,16 +500,15 @@ decode_public_key_v2(< {ok, {Y, #'Dss-Parms'{p = P, q = Q, g = G}}}; decode_public_key_v2(<> for example + ?UINT32(Len1), IdB:Len1/binary, %% Id = <<"nistp256">> for example ?UINT32(Len2), Blob:Len2/binary>>, - Curve) -> - Id = - case Curve of - "ecdsa-sha2-nistp256" -> <<"nistp256">>; - "ecdsa-sha2-nistp384" -> <<"nistp384">>; - "ecdsa-sha2-nistp521" -> <<"nistp521">> - end, - {ok, {#'ECPoint'{point=Blob}, Id}}; + "ecdsa-sha2-" ++ IdS) -> + case binary_to_list(IdB) of + IdS -> + {ok, {#'ECPoint'{point=Blob}, {namedCurve,public_key:ssh_curvename2oid(IdB)}} }; + _ -> + {error, bad_format} + end; decode_public_key_v2(_, _) -> {error, bad_format}. diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 7fb86c1108..09ef03f3f8 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1348,6 +1348,7 @@ event(Event, StateName, State) -> throw:{ErrorToDisplay, #ssh_msg_disconnect{} = DisconnectMsg} -> handle_disconnect(DisconnectMsg, State, ErrorToDisplay); _C:_Error -> +ct:pal("*** FAIL ~p:~p(~p,...~n -> ~p:~p ",[?MODULE,StateName,Event,_C,_Error]), handle_disconnect(#ssh_msg_disconnect{code = error_code(StateName), description = "Invalid state", language = "en"}, State) diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl index 4e6d58cbff..c087ce14d7 100644 --- a/lib/ssh/src/ssh_file.erl +++ b/lib/ssh/src/ssh_file.erl @@ -276,12 +276,13 @@ key_match(#'RSAPublicKey'{}, 'ssh-rsa') -> true; key_match({_, #'Dss-Parms'{}}, 'ssh-dss') -> true; -key_match({#'ECPoint'{},<<"nistp256">>}, 'ecdsa-sha2-nistp256') -> - true; -key_match({#'ECPoint'{},<<"nistp384">>}, 'ecdsa-sha2-nistp384') -> - true; -key_match({#'ECPoint'{},<<"nistp521">>}, 'ecdsa-sha2-nistp521') -> - true; +key_match({#'ECPoint'{},{namedCurve,Curve}}, Alg) -> + case atom_to_list(Alg) of + "ecdsa-sha2-"++IdS -> + Curve == public_key:ssh_curvename2oid(list_to_binary(IdS)); + _ -> + false + end; key_match(_, _) -> false. diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index cfa11903fb..42e9b27b93 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -228,7 +228,7 @@ encode(#ssh_msg_kexdh_reply{ h_sig = Signature }) -> EncKey = encode_host_key(Key), - EncSign = encode_sign(Key, Signature), + EncSign = encode_signature(Key, Signature), ssh_bits:encode([?SSH_MSG_KEXDH_REPLY, EncKey, F, EncSign], [byte, binary, mpint, binary]); encode(#ssh_msg_kex_dh_gex_request{ @@ -256,7 +256,7 @@ encode(#ssh_msg_kex_dh_gex_reply{ h_sig = Signature }) -> EncKey = encode_host_key(Key), - EncSign = encode_sign(Key, Signature), + EncSign = encode_signature(Key, Signature), ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_REPLY, EncKey, F, EncSign], [byte, binary, mpint, binary]); encode(#ssh_msg_kex_ecdh_init{q_c = Q_c}) -> @@ -264,7 +264,7 @@ encode(#ssh_msg_kex_ecdh_init{q_c = Q_c}) -> encode(#ssh_msg_kex_ecdh_reply{public_host_key = Key, q_s = Q_s, h_sig = Sign}) -> EncKey = encode_host_key(Key), - EncSign = encode_sign(Key, Sign), + EncSign = encode_signature(Key, Sign), ssh_bits:encode([?SSH_MSG_KEX_ECDH_REPLY, EncKey, Q_s, EncSign], [byte, binary, mpint, binary]); encode(#ssh_msg_ignore{data = Data}) -> @@ -280,8 +280,7 @@ encode(#ssh_msg_debug{always_display = Bool, %% Connection Messages -decode(<>) -> +decode(<>) -> #ssh_msg_global_request{ name = Name, want_reply = erl_boolean(Bool), @@ -292,8 +291,7 @@ decode(<>) -> decode(<>) -> #ssh_msg_request_failure{}; decode(<>) -> #ssh_msg_channel_open{ channel_type = binary_to_list(Type), @@ -313,7 +311,7 @@ decode(<>) -> + ?DEC_BIN(Desc,__0), ?DEC_BIN(Lang,__1) >> ) -> #ssh_msg_channel_open_failure{ recipient_channel = Recipient, reason = Reason, @@ -326,13 +324,13 @@ decode(<>) -> +decode(<>) -> #ssh_msg_channel_data{ recipient_channel = Recipient, data = Data }; decode(<>) -> + ?UINT32(DataType), ?DEC_BIN(Data,__0)>>) -> #ssh_msg_channel_extended_data{ recipient_channel = Recipient, data_type_code = DataType, @@ -347,8 +345,7 @@ decode(<>) -> recipient_channel = Recipient }; decode(<>) -> + ?DEC_BIN(RequestType,__0), ?BYTE(Bool), Data/binary>>) -> #ssh_msg_channel_request{ recipient_channel = Recipient, request_type = unicode:characters_to_list(RequestType), @@ -366,9 +363,7 @@ decode(<>) -> %%% Auth Messages decode(<>) -> #ssh_msg_userauth_request{ user = unicode:characters_to_list(User), @@ -378,7 +373,7 @@ decode(<>) -> #ssh_msg_userauth_failure { authentications = unicode:characters_to_list(Auths), @@ -388,16 +383,14 @@ decode(<>) -> #ssh_msg_userauth_success{}; -decode(<>) -> +decode(<>) -> #ssh_msg_userauth_banner{ message = Banner, language = Lang }; -decode(<>) -> #ssh_msg_userauth_info_request{ name = Name, @@ -407,15 +400,14 @@ decode(<>) -> +decode(<>) -> #ssh_msg_userauth_passwd_changereq{ prompt = Prompt, languge = Lang }; %%% Unhandled message, also masked by same 1:st byte value as ?SSH_MSG_USERAUTH_INFO_REQUEST: -decode(<>) -> +decode(<>) -> #ssh_msg_userauth_pk_ok{ algorithm_name = Alg, key_blob = KeyBlob @@ -430,18 +422,15 @@ decode(<>) -> decode(<>) -> decode_kex_init(Data, [Cookie, ssh_msg_kexinit], 10); -decode(<<"dh",?BYTE(?SSH_MSG_KEXDH_INIT), ?UINT32(Len), E:Len/big-signed-integer-unit:8>>) -> +decode(<<"dh",?BYTE(?SSH_MSG_KEXDH_INIT), ?DEC_MPINT(E,__0)>>) -> #ssh_msg_kexdh_init{e = E }; -decode(<<"dh", ?BYTE(?SSH_MSG_KEXDH_REPLY), - ?UINT32(Len0), Key:Len0/binary, - ?UINT32(Len1), F:Len1/big-signed-integer-unit:8, - ?UINT32(Len2), Hashsign:Len2/binary>>) -> +decode(<<"dh", ?BYTE(?SSH_MSG_KEXDH_REPLY), ?DEC_BIN(Key,__0), ?DEC_MPINT(F,__1), ?DEC_BIN(Hashsign,__2)>>) -> #ssh_msg_kexdh_reply{ public_host_key = decode_host_key(Key), f = F, - h_sig = decode_sign(Hashsign) + h_sig = decode_signature(Hashsign) }; decode(<>) -> @@ -456,57 +445,48 @@ decode(<<"dh_gex",?BYTE(?SSH_MSG_KEX_DH_GEX_REQUEST_OLD), ?UINT32(N)>>) -> n = N }; -decode(<<"dh_gex",?BYTE(?SSH_MSG_KEX_DH_GEX_GROUP), - ?UINT32(Len0), Prime:Len0/big-signed-integer-unit:8, - ?UINT32(Len1), Generator:Len1/big-signed-integer-unit:8>>) -> +decode(<<"dh_gex",?BYTE(?SSH_MSG_KEX_DH_GEX_GROUP), ?DEC_MPINT(Prime,__0), ?DEC_MPINT(Generator,__1) >>) -> #ssh_msg_kex_dh_gex_group{ p = Prime, g = Generator }; -decode(<>) -> +decode(<>) -> #ssh_msg_kex_dh_gex_init{ e = E }; -decode(<>) -> +decode(<>) -> #ssh_msg_kex_dh_gex_reply{ public_host_key = decode_host_key(Key), f = F, - h_sig = decode_sign(Hashsign) + h_sig = decode_signature(Hashsign) }; -decode(<<"ecdh",?BYTE(?SSH_MSG_KEX_ECDH_INIT), - ?UINT32(Len0), Q_c:Len0/big-signed-integer-unit:8>>) -> +decode(<<"ecdh",?BYTE(?SSH_MSG_KEX_ECDH_INIT), ?DEC_MPINT(Q_c,__0)>>) -> #ssh_msg_kex_ecdh_init{ q_c = Q_c }; decode(<<"ecdh",?BYTE(?SSH_MSG_KEX_ECDH_REPLY), - ?UINT32(Len1), Key:Len1/binary, - ?UINT32(Len2), Q_s:Len2/big-signed-integer-unit:8, - ?UINT32(Len3), Sig:Len3/binary>>) -> + ?DEC_BIN(Key,__1), ?DEC_MPINT(Q_s,__2), ?DEC_BIN(Sig,__3)>>) -> #ssh_msg_kex_ecdh_reply{ public_host_key = decode_host_key(Key), q_s = Q_s, - h_sig = decode_sign(Sig) + h_sig = decode_signature(Sig) }; -decode(<>) -> +decode(<>) -> #ssh_msg_service_request{ name = unicode:characters_to_list(Service) }; -decode(<>) -> +decode(<>) -> #ssh_msg_service_accept{ name = unicode:characters_to_list(Service) }; -decode(<>) -> +decode(<>) -> #ssh_msg_disconnect{ code = Code, description = unicode:characters_to_list(Desc), @@ -514,8 +494,7 @@ decode(<>) -> +decode(<>) -> #ssh_msg_disconnect{ code = Code, description = unicode:characters_to_list(Desc), @@ -525,21 +504,25 @@ decode(<>) -> #ssh_msg_newkeys{}; -decode(<>) -> +decode(<>) -> #ssh_msg_ignore{data = Data}; decode(<>) -> #ssh_msg_unimplemented{sequence = Seq}; -decode(<>) -> +decode(<>) -> #ssh_msg_debug{always_display = erl_boolean(Bool), message = Msg, language = Lang}. +%%%================================================================ +%%% +%%% Helper functions +%%% + decode_keyboard_interactive_prompts(<<>>, Acc) -> lists:reverse(Acc); -decode_keyboard_interactive_prompts(<>, +decode_keyboard_interactive_prompts(<>, Acc) -> decode_keyboard_interactive_prompts(Bin, [{Prompt, erl_boolean(Bool)} | Acc]). @@ -555,38 +538,34 @@ decode_kex_init(<>, Acc, 0) -> %% See rfc 4253 7.1 X = 0, list_to_tuple(lists:reverse([X, erl_boolean(Bool) | Acc])); -decode_kex_init(<>, Acc, N) -> +decode_kex_init(<>, Acc, N) -> Names = string:tokens(unicode:characters_to_list(Data), ","), decode_kex_init(Rest, [Names | Acc], N -1). +%%%================================================================ +%%% +%%% Host key decode/encode +%%% -decode_sign(<>) -> - Signature. - - -decode_host_key(<>) -> - decode_host_key(Alg, Rest). +decode_host_key(<>) -> decode_host_key(Alg, Rest). -decode_host_key(<<"ssh-rsa">>, <>) -> +decode_host_key(<<"ssh-rsa">>, <>) -> #'RSAPublicKey'{publicExponent = E, modulus = N}; - decode_host_key(<<"ssh-dss">>, - <>) -> + <>) -> {Y, #'Dss-Parms'{p = P, q = Q, g = G}}; - decode_host_key(<<"ecdsa-sha2-",Id/binary>>, - <> for example - ?UINT32(Len1), Blob:Len1/binary>>) -> - {#'ECPoint'{point=Blob}, Id}. + <> for example + ?DEC_BIN(Blob,__1)>>) -> + {#'ECPoint'{point=Blob}, {namedCurve,public_key:ssh_curvename2oid(Id)}}. encode_host_key(#'RSAPublicKey'{modulus = N, publicExponent = E}) -> @@ -594,30 +573,25 @@ encode_host_key(#'RSAPublicKey'{modulus = N, publicExponent = E}) -> encode_host_key({Y, #'Dss-Parms'{p = P, q = Q, g = G}}) -> ssh_bits:encode(["ssh-dss", P, Q, G, Y], [string, mpint, mpint, mpint, mpint]); -encode_host_key({#'ECPoint'{point = Q}, Id}) -> - ssh_bits:encode([<<"ecdsa-sha2-",Id/binary>>,Id,Q], [binary,binary,binary]); +encode_host_key({#'ECPoint'{point = Q}, {namedCurve,OID}}) -> + CurveName = public_key:oid2ssh_curvename(OID), + ssh_bits:encode([<<"ecdsa-sha2-",CurveName/binary>>,CurveName,Q], [binary,binary,binary]). -encode_host_key(#'RSAPrivateKey'{modulus = N, publicExponent = E}) -> - ssh_bits:encode(["ssh-rsa", E, N], [string, mpint, mpint]); -encode_host_key(#'DSAPrivateKey'{y = Y, p = P, q = Q, g = G}) -> - ssh_bits:encode(["ssh-dss", P, Q, G, Y], - [string, mpint, mpint, mpint, mpint]); -encode_host_key(#'ECPrivateKey'{parameters = Params, %{namedCurve,{1,2,840,10045,3,1,7}}, - publicKey = Pub}) -> - Id = ecdsa_id(Params), - ssh_bits:encode(["ecdsa-sha2-"++Id, Id, Pub], - [string, string, binary]). + +%%%================================================================ +%%% +%%% Signature decode/encode +%%% + +decode_signature(<>) -> + Signature. -encode_sign(#'RSAPrivateKey'{}, Signature) -> +encode_signature(#'RSAPublicKey'{}, Signature) -> ssh_bits:encode(["ssh-rsa", Signature],[string, binary]); -encode_sign(#'DSAPrivateKey'{}, Signature) -> +encode_signature({_, #'Dss-Parms'{}}, Signature) -> ssh_bits:encode(["ssh-dss", Signature],[string, binary]); -encode_sign(#'ECPrivateKey'{parameters = Params}, Signature) -> - Id = "ecdsa-sha2-" ++ ecdsa_id(Params), - ssh_bits:encode([Id, Signature],[string, binary]). - +encode_signature({#'ECPoint'{}, {namedCurve,OID}}, Signature) -> + CurveName = public_key:oid2ssh_curvename(OID), + ssh_bits:encode([<<"ecdsa-sha2-",CurveName/binary>>, Signature], [binary,binary]). -ecdsa_id({namedCurve,?'secp256r1'}) -> "nistp256"; -ecdsa_id({namedCurve,?'secp384r1'}) -> "nistp384"; -ecdsa_id({namedCurve,?'secp521r1'}) -> "nistp521". diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index a6438e69d4..080d6f74f7 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -380,13 +380,15 @@ handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, 1= {Public, Private} = generate_key(dh, [P,G]), K = compute_key(dh, E, Private, [P,G]), - Key = get_host_key(Ssh0), - H = kex_h(Ssh0, Key, E, Public, K), - H_SIG = sign_host_key(Ssh0, Key, H), - {SshPacket, Ssh1} = ssh_packet(#ssh_msg_kexdh_reply{public_host_key = Key, - f = Public, - h_sig = H_SIG - }, Ssh0), + MyPrivHostKey = get_host_key(Ssh0), + MyPubHostKey = extract_public_key(MyPrivHostKey), + H = kex_h(Ssh0, MyPubHostKey, E, Public, K), + H_SIG = sign_host_key(Ssh0, MyPrivHostKey, H), + {SshPacket, Ssh1} = + ssh_packet(#ssh_msg_kexdh_reply{public_host_key = MyPubHostKey, + f = Public, + h_sig = H_SIG + }, Ssh0), {ok, SshPacket, Ssh1#ssh{keyex_key = {{Private, Public}, {G, P}}, shared_secret = K, exchanged_hash = H, @@ -401,7 +403,7 @@ handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, }) end. -handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, +handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = PeerPubHostKey, f = F, h_sig = H_SIG}, #ssh{keyex_key = {{Private, Public}, {G, P}}} = Ssh0) -> @@ -409,9 +411,9 @@ handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = HostKey, if 1= K = compute_key(dh, F, Private, [P,G]), - H = kex_h(Ssh0, HostKey, Public, F, K), + H = kex_h(Ssh0, PeerPubHostKey, Public, F, K), - case verify_host_key(Ssh0, HostKey, H, H_SIG) of + case verify_host_key(Ssh0, PeerPubHostKey, H, H_SIG) of ok -> {SshPacket, Ssh} = ssh_packet(#ssh_msg_newkeys{}, Ssh0), {ok, SshPacket, Ssh#ssh{shared_secret = K, @@ -480,11 +482,12 @@ handle_kex_dh_gex_init(#ssh_msg_kex_dh_gex_init{e = E}, K = compute_key(dh, E, Private, [P,G]), if 1 - HostKey = get_host_key(Ssh0), - H = kex_h(Ssh0, HostKey, Min, NBits, Max, P, G, E, Public, K), - H_SIG = sign_host_key(Ssh0, HostKey, H), + MyPrivHostKey = get_host_key(Ssh0), + MyPubHostKey = extract_public_key(MyPrivHostKey), + H = kex_h(Ssh0, MyPubHostKey, Min, NBits, Max, P, G, E, Public, K), + H_SIG = sign_host_key(Ssh0, MyPrivHostKey, H), {SshPacket, Ssh} = - ssh_packet(#ssh_msg_kex_dh_gex_reply{public_host_key = HostKey, + ssh_packet(#ssh_msg_kex_dh_gex_reply{public_host_key = MyPubHostKey, f = Public, h_sig = H_SIG}, Ssh0), {ok, SshPacket, Ssh#ssh{shared_secret = K, @@ -508,7 +511,7 @@ handle_kex_dh_gex_init(#ssh_msg_kex_dh_gex_init{e = E}, }) end. -handle_kex_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{public_host_key = HostKey, +handle_kex_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{public_host_key = PeerPubHostKey, f = F, h_sig = H_SIG}, #ssh{keyex_key = {{Private, Public}, {G, P}}, @@ -520,9 +523,9 @@ handle_kex_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{public_host_key = HostKey, K = compute_key(dh, F, Private, [P,G]), if 1 - H = kex_h(Ssh0, HostKey, Min, NBits, Max, P, G, Public, F, K), + H = kex_h(Ssh0, PeerPubHostKey, Min, NBits, Max, P, G, Public, F, K), - case verify_host_key(Ssh0, HostKey, H, H_SIG) of + case verify_host_key(Ssh0, PeerPubHostKey, H, H_SIG) of ok -> {SshPacket, Ssh} = ssh_packet(#ssh_msg_newkeys{}, Ssh0), {ok, SshPacket, Ssh#ssh{shared_secret = K, @@ -565,11 +568,12 @@ handle_kex_ecdh_init(#ssh_msg_kex_ecdh_init{q_c = PeerPublic}, true -> {MyPublic, MyPrivate} = generate_key(ecdh, Curve), K = compute_key(ecdh, PeerPublic, MyPrivate, Curve), - HostKey = get_host_key(Ssh0), - H = kex_h(Ssh0, Curve, HostKey, PeerPublic, MyPublic, K), - H_SIG = sign_host_key(Ssh0, HostKey, H), + MyPrivHostKey = get_host_key(Ssh0), + MyPubHostKey = extract_public_key(MyPrivHostKey), + H = kex_h(Ssh0, Curve, MyPubHostKey, PeerPublic, MyPublic, K), + H_SIG = sign_host_key(Ssh0, MyPrivHostKey, H), {SshPacket, Ssh1} = - ssh_packet(#ssh_msg_kex_ecdh_reply{public_host_key = HostKey, + ssh_packet(#ssh_msg_kex_ecdh_reply{public_host_key = MyPubHostKey, q_s = MyPublic, h_sig = H_SIG}, Ssh0), @@ -587,7 +591,7 @@ handle_kex_ecdh_init(#ssh_msg_kex_ecdh_init{q_c = PeerPublic}, }) end. -handle_kex_ecdh_reply(#ssh_msg_kex_ecdh_reply{public_host_key = HostKey, +handle_kex_ecdh_reply(#ssh_msg_kex_ecdh_reply{public_host_key = PeerPubHostKey, q_s = PeerPublic, h_sig = H_SIG}, #ssh{keyex_key = {{MyPublic,MyPrivate}, Curve}} = Ssh0 @@ -596,8 +600,8 @@ handle_kex_ecdh_reply(#ssh_msg_kex_ecdh_reply{public_host_key = HostKey, case ecdh_validate_public_key(PeerPublic, Curve) of true -> K = compute_key(ecdh, PeerPublic, MyPrivate, Curve), - H = kex_h(Ssh0, Curve, HostKey, MyPublic, PeerPublic, K), - case verify_host_key(Ssh0, HostKey, H, H_SIG) of + H = kex_h(Ssh0, Curve, PeerPubHostKey, MyPublic, PeerPublic, K), + case verify_host_key(Ssh0, PeerPubHostKey, H, H_SIG) of ok -> {SshPacket, Ssh} = ssh_packet(#ssh_msg_newkeys{}, Ssh0), {ok, SshPacket, Ssh#ssh{shared_secret = K, @@ -659,13 +663,20 @@ get_host_key(SSH) -> sign_host_key(_Ssh, PrivateKey, H) -> sign(H, sign_host_key_sha(PrivateKey), PrivateKey). -sign_host_key_sha(#'ECPrivateKey'{parameters = {namedCurve, ?'secp256r1'}}) -> sha256; -sign_host_key_sha(#'ECPrivateKey'{parameters = {namedCurve, ?'secp384r1'}}) -> sha384; -sign_host_key_sha(#'ECPrivateKey'{parameters = {namedCurve, ?'secp521r1'}}) -> sha512; +sign_host_key_sha(#'ECPrivateKey'{parameters = {namedCurve,OID}}) -> sha(OID); sign_host_key_sha(#'RSAPrivateKey'{}) -> sha; sign_host_key_sha(#'DSAPrivateKey'{}) -> sha. +extract_public_key(#'RSAPrivateKey'{modulus = N, publicExponent = E}) -> + #'RSAPublicKey'{modulus = N, publicExponent = E}; +extract_public_key(#'DSAPrivateKey'{y = Y, p = P, q = Q, g = G}) -> + {Y, #'Dss-Parms'{p=P, q=Q, g=G}}; +extract_public_key(#'ECPrivateKey'{parameters = {namedCurve,OID}, + publicKey = Q}) -> + {#'ECPoint'{point=Q}, {namedCurve,OID}}. + + verify_host_key(SSH, PublicKey, Digest, Signature) -> case verify(Digest, host_key_sha(PublicKey), Signature, PublicKey) of false -> @@ -674,14 +685,16 @@ verify_host_key(SSH, PublicKey, Digest, Signature) -> known_host_key(SSH, PublicKey, public_algo(PublicKey)) end. -host_key_sha(#'RSAPublicKey'{}) -> sha; -host_key_sha({_, #'Dss-Parms'{}}) -> sha; -host_key_sha({#'ECPoint'{},Id}) -> sha(list_to_atom(binary_to_list(Id))). +host_key_sha(#'RSAPublicKey'{}) -> sha; +host_key_sha({_, #'Dss-Parms'{}}) -> sha; +host_key_sha({#'ECPoint'{},{namedCurve,OID}}) -> sha(OID). public_algo(#'RSAPublicKey'{}) -> 'ssh-rsa'; public_algo({_, #'Dss-Parms'{}}) -> 'ssh-dss'; -public_algo({#'ECPoint'{},Id}) -> list_to_atom("ecdsa-sha2-" ++ binary_to_list(Id)). +public_algo({#'ECPoint'{},{namedCurve,OID}}) -> + Curve = public_key:oid2ssh_curvename(OID), + list_to_atom("ecdsa-sha2-" ++ binary_to_list(Curve)). accepted_host(Ssh, PeerName, Opts) -> @@ -933,17 +946,12 @@ verify(PlainText, Hash, Sig, {_, #'Dss-Parms'{}} = Key) -> <> = Sig, Signature = public_key:der_encode('Dss-Sig-Value', #'Dss-Sig-Value'{r = R, s = S}), public_key:verify(PlainText, Hash, Signature, Key); -verify(PlainText, Hash, Sig, {ECPoint=#'ECPoint'{}, Param}) -> - C = case Param of - <<"nistp256">> -> {namedCurve, ?'secp256r1'}; - <<"nistp384">> -> {namedCurve, ?'secp384r1'}; - <<"nistp521">> -> {namedCurve, ?'secp521r1'} - end, +verify(PlainText, Hash, Sig, {#'ECPoint'{},_} = Key) -> <> = Sig, Sval = #'ECDSA-Sig-Value'{r=R, s=S}, DerEncodedSig = public_key:der_encode('ECDSA-Sig-Value',Sval), - public_key:verify(PlainText, Hash, DerEncodedSig, {ECPoint,C}); + public_key:verify(PlainText, Hash, DerEncodedSig, Key); verify(PlainText, Hash, Sig, Key) -> public_key:verify(PlainText, Hash, Sig, Key). @@ -1372,16 +1380,18 @@ kex_h(SSH, Key, Min, NBits, Max, Prime, Gen, E, F, K) -> end, crypto:hash(sha((SSH#ssh.algorithms)#alg.kex), L). -sha('nistp256') -> sha256; -sha('secp256r1')-> sha256; -sha('nistp384') -> sha384; -sha('secp384r1')-> sha384; -sha('nistp521') -> sha512; -sha('secp521r1')-> sha512; + +sha(secp256r1) -> sha256; +sha(secp384r1) -> sha384; +sha(secp521r1) -> sha512; sha('diffie-hellman-group1-sha1') -> sha; sha('diffie-hellman-group14-sha1') -> sha; sha('diffie-hellman-group-exchange-sha1') -> sha; -sha('diffie-hellman-group-exchange-sha256') -> sha256. +sha('diffie-hellman-group-exchange-sha256') -> sha256; +sha(?'secp256r1') -> sha(secp256r1); +sha(?'secp384r1') -> sha(secp384r1); +sha(?'secp521r1') -> sha(secp521r1). + mac_key_size('hmac-sha1') -> 20*8; mac_key_size('hmac-sha1-96') -> 20*8; diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 87eaeec1bc..a269192785 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -403,18 +403,13 @@ setup_rsa_auth_keys(Dir, UserDir) -> PKey = #'RSAPublicKey'{publicExponent = E, modulus = N}, setup_auth_keys([{ PKey, [{comment, "Test"}]}], UserDir). -setup_ecdsa_auth_keys(Size, Dir, UserDir) -> +setup_ecdsa_auth_keys(_Size, Dir, UserDir) -> {ok, Pem} = file:read_file(filename:join(Dir, "id_ecdsa")), ECDSA = public_key:pem_entry_decode(hd(public_key:pem_decode(Pem))), #'ECPrivateKey'{publicKey = Q, - parameters = {namedCurve,Id0}} = ECDSA, + parameters = Param = {namedCurve,_Id0}} = ECDSA, PKey = #'ECPoint'{point = Q}, - Id = case pubkey_cert_records:namedCurves(Id0) of - secp256r1 when Size=="256" -> <<"nistp256">>; - secp384r1 when Size=="384" -> <<"nistp384">>; - secp521r1 when Size=="521" -> <<"nistp521">> - end, - setup_auth_keys([{ {PKey,Id}, [{comment, "Test"}]}], UserDir). + setup_auth_keys([{ {PKey,Param}, [{comment, "Test"}]}], UserDir). setup_auth_keys(Keys, Dir) -> AuthKeys = public_key:ssh_encode(Keys, auth_keys), diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl index caf9bac3b6..772e50df87 100644 --- a/lib/ssh/test/ssh_trpt_test_lib.erl +++ b/lib/ssh/test/ssh_trpt_test_lib.erl @@ -743,7 +743,7 @@ print_traces(S) -> [case Len-length(Acc)-1 of 0 -> io_lib:format(Fmt,Args); - N -> + _N -> io_lib:format(lists:concat(['~p --------~n',Fmt]), [Len-length(Acc)-1|Args]) end | Acc] -- cgit v1.2.3 From 19eec0552c6b4e5024e307d2376c061665007e4f Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 14 Oct 2015 17:47:13 +0200 Subject: ssh, public_key: use pubkey encode/decode in app public_key --- lib/ssh/src/ssh_auth.erl | 68 +++++++++------------------------- lib/ssh/src/ssh_connection_handler.erl | 1 - lib/ssh/src/ssh_message.erl | 49 ++++-------------------- lib/ssh/src/ssh_transport.erl | 13 +++++-- 4 files changed, 33 insertions(+), 98 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 8c6ffceb4b..04749fcf8e 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -44,15 +44,15 @@ publickey_msg([Alg, #ssh{user = User, Hash = sha, %% Maybe option?! KeyCb = proplists:get_value(key_cb, Opts, ssh_file), case KeyCb:user_key(Alg, Opts) of - {ok, Key} -> - StrAlgo = algorithm_string(Alg), - case encode_public_key(StrAlgo, Key) of + {ok, PrivKey} -> + StrAlgo = atom_to_list(Alg), + case encode_public_key(StrAlgo, ssh_transport:extract_public_key(PrivKey)) of not_ok -> not_ok; PubKeyBlob -> SigData = build_sig_data(SessionId, User, Service, PubKeyBlob, StrAlgo), - Sig = ssh_transport:sign(SigData, Hash, Key), + Sig = ssh_transport:sign(SigData, Hash, PrivKey), SigBlob = list_to_binary([?string(StrAlgo), ?binary(Sig)]), ssh_transport:ssh_packet( #ssh_msg_userauth_request{user = User, @@ -430,12 +430,6 @@ build_sig_data(SessionId, User, Service, KeyBlob, Alg) -> ?binary(KeyBlob)], list_to_binary(Sig). -algorithm_string('ssh-rsa') -> "ssh-rsa"; -algorithm_string('ssh-dss') -> "ssh-dss"; -algorithm_string('ecdsa-sha2-nistp256') -> "ecdsa-sha2-nistp256"; -algorithm_string('ecdsa-sha2-nistp384') -> "ecdsa-sha2-nistp384"; -algorithm_string('ecdsa-sha2-nistp521') -> "ecdsa-sha2-nistp521". - decode_keyboard_interactive_prompts(_NumPrompts, Data) -> @@ -487,46 +481,18 @@ keyboard_interact_fun(KbdInteractFun, Name, Instr, PromptInfos, NumPrompts) -> language = "en"}}) end. -decode_public_key_v2(<> - ,"ssh-rsa") -> - {ok, #'RSAPublicKey'{publicExponent = E, modulus = N}}; -decode_public_key_v2(<> - , "ssh-dss") -> - {ok, {Y, #'Dss-Parms'{p = P, q = Q, g = G}}}; -decode_public_key_v2(<> for example - ?UINT32(Len2), Blob:Len2/binary>>, - "ecdsa-sha2-" ++ IdS) -> - case binary_to_list(IdB) of - IdS -> - {ok, {#'ECPoint'{point=Blob}, {namedCurve,public_key:ssh_curvename2oid(IdB)}} }; - _ -> - {error, bad_format} - end; -decode_public_key_v2(_, _) -> - {error, bad_format}. - -encode_public_key("ssh-rsa", #'RSAPrivateKey'{publicExponent = E, modulus = N}) -> - ssh_bits:encode(["ssh-rsa",E,N], [string,mpint,mpint]); -encode_public_key("ssh-dss", #'DSAPrivateKey'{p = P, q = Q, g = G, y = Y}) -> - ssh_bits:encode(["ssh-dss",P,Q,G,Y], [string,mpint,mpint,mpint,mpint]); -encode_public_key("ecdsa-sha2-"++Curve, #'ECPrivateKey'{parameters = Params, - publicKey = Pub}) -> - Id = ecdsa_id(Params), - if - Id =/= Curve -> - not_ok; - true -> - ssh_bits:encode(["ecdsa-sha2-"++Id, Id, Pub], - [string, string, binary]) +decode_public_key_v2(Bin, _Type) -> + try + public_key:ssh_decode(Bin, ssh2_pubkey) + of + Key -> {ok, Key} + catch + _:_ -> {error, bad_format} end. -ecdsa_id({namedCurve,?'secp256r1'}) -> "nistp256"; -ecdsa_id({namedCurve,?'secp384r1'}) -> "nistp384"; -ecdsa_id({namedCurve,?'secp521r1'}) -> "nistp521". +encode_public_key(_Alg, Key) -> + try + public_key:ssh_encode(Key, ssh2_pubkey) + catch + _:_ -> not_ok + end. diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 09ef03f3f8..7fb86c1108 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1348,7 +1348,6 @@ event(Event, StateName, State) -> throw:{ErrorToDisplay, #ssh_msg_disconnect{} = DisconnectMsg} -> handle_disconnect(DisconnectMsg, State, ErrorToDisplay); _C:_Error -> -ct:pal("*** FAIL ~p:~p(~p,...~n -> ~p:~p ",[?MODULE,StateName,Event,_C,_Error]), handle_disconnect(#ssh_msg_disconnect{code = error_code(StateName), description = "Invalid state", language = "en"}, State) diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 42e9b27b93..b6c4496be2 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -30,7 +30,7 @@ -include("ssh_auth.hrl"). -include("ssh_transport.hrl"). --export([encode/1, decode/1, encode_host_key/1, decode_keyboard_interactive_prompts/2]). +-export([encode/1, decode/1, decode_keyboard_interactive_prompts/2]). encode(#ssh_msg_global_request{ name = Name, @@ -227,7 +227,7 @@ encode(#ssh_msg_kexdh_reply{ f = F, h_sig = Signature }) -> - EncKey = encode_host_key(Key), + EncKey = public_key:ssh_encode(Key, ssh2_pubkey), EncSign = encode_signature(Key, Signature), ssh_bits:encode([?SSH_MSG_KEXDH_REPLY, EncKey, F, EncSign], [byte, binary, mpint, binary]); @@ -255,7 +255,7 @@ encode(#ssh_msg_kex_dh_gex_reply{ f = F, h_sig = Signature }) -> - EncKey = encode_host_key(Key), + EncKey = public_key:ssh_encode(Key, ssh2_pubkey), EncSign = encode_signature(Key, Signature), ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_REPLY, EncKey, F, EncSign], [byte, binary, mpint, binary]); @@ -263,7 +263,7 @@ encode(#ssh_msg_kex_ecdh_init{q_c = Q_c}) -> ssh_bits:encode([?SSH_MSG_KEX_ECDH_INIT, Q_c], [byte, mpint]); encode(#ssh_msg_kex_ecdh_reply{public_host_key = Key, q_s = Q_s, h_sig = Sign}) -> - EncKey = encode_host_key(Key), + EncKey = public_key:ssh_encode(Key, ssh2_pubkey), EncSign = encode_signature(Key, Sign), ssh_bits:encode([?SSH_MSG_KEX_ECDH_REPLY, EncKey, Q_s, EncSign], [byte, binary, mpint, binary]); @@ -428,7 +428,7 @@ decode(<<"dh",?BYTE(?SSH_MSG_KEXDH_INIT), ?DEC_MPINT(E,__0)>>) -> decode(<<"dh", ?BYTE(?SSH_MSG_KEXDH_REPLY), ?DEC_BIN(Key,__0), ?DEC_MPINT(F,__1), ?DEC_BIN(Hashsign,__2)>>) -> #ssh_msg_kexdh_reply{ - public_host_key = decode_host_key(Key), + public_host_key = public_key:ssh_decode(Key, ssh2_pubkey), f = F, h_sig = decode_signature(Hashsign) }; @@ -458,7 +458,7 @@ decode(<>) -> decode(<>) -> #ssh_msg_kex_dh_gex_reply{ - public_host_key = decode_host_key(Key), + public_host_key = public_key:ssh_decode(Key, ssh2_pubkey), f = F, h_sig = decode_signature(Hashsign) }; @@ -471,7 +471,7 @@ decode(<<"ecdh",?BYTE(?SSH_MSG_KEX_ECDH_INIT), ?DEC_MPINT(Q_c,__0)>>) -> decode(<<"ecdh",?BYTE(?SSH_MSG_KEX_ECDH_REPLY), ?DEC_BIN(Key,__1), ?DEC_MPINT(Q_s,__2), ?DEC_BIN(Sig,__3)>>) -> #ssh_msg_kex_ecdh_reply{ - public_host_key = decode_host_key(Key), + public_host_key = public_key:ssh_decode(Key, ssh2_pubkey), q_s = Q_s, h_sig = decode_signature(Sig) }; @@ -543,41 +543,6 @@ decode_kex_init(<>, Acc, N) -> decode_kex_init(Rest, [Names | Acc], N -1). -%%%================================================================ -%%% -%%% Host key decode/encode -%%% - -decode_host_key(<>) -> decode_host_key(Alg, Rest). - - -decode_host_key(<<"ssh-rsa">>, <>) -> - #'RSAPublicKey'{publicExponent = E, - modulus = N}; -decode_host_key(<<"ssh-dss">>, - <>) -> - {Y, #'Dss-Parms'{p = P, - q = Q, - g = G}}; -decode_host_key(<<"ecdsa-sha2-",Id/binary>>, - <> for example - ?DEC_BIN(Blob,__1)>>) -> - {#'ECPoint'{point=Blob}, {namedCurve,public_key:ssh_curvename2oid(Id)}}. - - -encode_host_key(#'RSAPublicKey'{modulus = N, publicExponent = E}) -> - ssh_bits:encode(["ssh-rsa", E, N], [string, mpint, mpint]); -encode_host_key({Y, #'Dss-Parms'{p = P, q = Q, g = G}}) -> - ssh_bits:encode(["ssh-dss", P, Q, G, Y], - [string, mpint, mpint, mpint, mpint]); -encode_host_key({#'ECPoint'{point = Q}, {namedCurve,OID}}) -> - CurveName = public_key:oid2ssh_curvename(OID), - ssh_bits:encode([<<"ecdsa-sha2-",CurveName/binary>>,CurveName,Q], [binary,binary,binary]). - - %%%================================================================ %%% %%% Signature decode/encode diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 080d6f74f7..500db91df5 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -44,6 +44,7 @@ handle_kexdh_reply/2, handle_kex_ecdh_init/2, handle_kex_ecdh_reply/2, + extract_public_key/1, unpack/3, decompress/2, ssh_packet/2, pack/2, msg_data/1, sign/3, verify/4]). @@ -1344,38 +1345,42 @@ hash(K, H, Ki, N, HASH) -> hash(K, H, <>, N-128, HASH). kex_h(SSH, Key, E, F, K) -> + KeyBin = public_key:ssh_encode(Key, ssh2_pubkey), L = ssh_bits:encode([SSH#ssh.c_version, SSH#ssh.s_version, SSH#ssh.c_keyinit, SSH#ssh.s_keyinit, - ssh_message:encode_host_key(Key), E,F,K], + KeyBin, E,F,K], [string,string,binary,binary,binary, mpint,mpint,mpint]), crypto:hash(sha((SSH#ssh.algorithms)#alg.kex), L). %% crypto:hash(sha,L). kex_h(SSH, Curve, Key, Q_c, Q_s, K) -> + KeyBin = public_key:ssh_encode(Key, ssh2_pubkey), L = ssh_bits:encode([SSH#ssh.c_version, SSH#ssh.s_version, SSH#ssh.c_keyinit, SSH#ssh.s_keyinit, - ssh_message:encode_host_key(Key), Q_c, Q_s, K], + KeyBin, Q_c, Q_s, K], [string,string,binary,binary,binary, mpint,mpint,mpint]), crypto:hash(sha(Curve), L). kex_h(SSH, Key, Min, NBits, Max, Prime, Gen, E, F, K) -> L = if Min==-1; Max==-1 -> + KeyBin = public_key:ssh_encode(Key, ssh2_pubkey), Ts = [string,string,binary,binary,binary, uint32, mpint,mpint,mpint,mpint,mpint], ssh_bits:encode([SSH#ssh.c_version,SSH#ssh.s_version, SSH#ssh.c_keyinit,SSH#ssh.s_keyinit, - ssh_message:encode_host_key(Key), NBits, Prime, Gen, E,F,K], + KeyBin, NBits, Prime, Gen, E,F,K], Ts); true -> + KeyBin = public_key:ssh_encode(Key, ssh2_pubkey), Ts = [string,string,binary,binary,binary, uint32,uint32,uint32, mpint,mpint,mpint,mpint,mpint], ssh_bits:encode([SSH#ssh.c_version,SSH#ssh.s_version, SSH#ssh.c_keyinit,SSH#ssh.s_keyinit, - ssh_message:encode_host_key(Key), Min, NBits, Max, + KeyBin, Min, NBits, Max, Prime, Gen, E,F,K], Ts) end, crypto:hash(sha((SSH#ssh.algorithms)#alg.kex), L). -- cgit v1.2.3 From 255f36937752404038f32ca67f438f13ef8ce4fb Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 15 Oct 2015 10:25:19 +0200 Subject: public_key: add/update -spec for ssh functions --- lib/ssh/src/ssh_transport.erl | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 500db91df5..d8574877f2 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -66,8 +66,8 @@ default_algorithms() -> [{K,default_algorithms(K)} || K <- algo_classes()]. algo_classes() -> [kex, public_key, cipher, mac, compression]. -default_algorithms(kex) -> - supported_algorithms(kex, []); %% Just to have a call to supported_algorithms/2 +%% default_algorithms(kex) -> % Example of how to disable an algorithm +%% supported_algorithms(kex, ['ecdh-sha2-nistp521']); default_algorithms(Alg) -> supported_algorithms(Alg). @@ -118,11 +118,11 @@ supported_algorithms(compression) -> 'zlib' ]). -supported_algorithms(Key, [{client2server,BL1},{server2client,BL2}]) -> - [{client2server,As1},{server2client,As2}] = supported_algorithms(Key), - [{client2server,As1--BL1},{server2client,As2--BL2}]; -supported_algorithms(Key, BlackList) -> - supported_algorithms(Key) -- BlackList. +%% Dialyzer complains when not called...supported_algorithms(Key, [{client2server,BL1},{server2client,BL2}]) -> +%% Dialyzer complains when not called... [{client2server,As1},{server2client,As2}] = supported_algorithms(Key), +%% Dialyzer complains when not called... [{client2server,As1--BL1},{server2client,As2--BL2}]; +%% Dialyzer complains when not called...supported_algorithms(Key, BlackList) -> +%% Dialyzer complains when not called... supported_algorithms(Key) -- BlackList. select_crypto_supported(L) -> Sup = [{ec_curve,crypto_supported_curves()} | crypto:supports()], @@ -329,9 +329,7 @@ verify_algorithm(#alg{encrypt = undefined}) -> false; verify_algorithm(#alg{decrypt = undefined}) -> false; verify_algorithm(#alg{compress = undefined}) -> false; verify_algorithm(#alg{decompress = undefined}) -> false; - -verify_algorithm(#alg{kex = Kex}) -> lists:member(Kex, supported_algorithms(kex)); -verify_algorithm(_) -> false. +verify_algorithm(#alg{kex = Kex}) -> lists:member(Kex, supported_algorithms(kex)). %%%---------------------------------------------------------------- %%% -- cgit v1.2.3 From c2471ecc85c74b0489a1801bf5ea24b2cee19ca1 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 16 Oct 2015 14:13:03 +0200 Subject: ssh: dialyzer fix --- lib/ssh/src/ssh.erl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index b6ee29efbb..049018b21c 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -391,8 +391,9 @@ handle_option([{negotiation_timeout, _} = Opt|Rest], SocketOptions, SshOptions) handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{parallel_login, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); -handle_option([parallel_login|Rest], SocketOptions, SshOptions) -> - handle_option(Rest, SocketOptions, [handle_ssh_option({parallel_login,true}) | SshOptions]); +%% (Is handled by proplists:unfold above:) +%% handle_option([parallel_login|Rest], SocketOptions, SshOptions) -> +%% handle_option(Rest, SocketOptions, [handle_ssh_option({parallel_login,true}) | SshOptions]); handle_option([{minimal_remote_max_packet_size, _} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{id_string, _ID} = Opt|Rest], SocketOptions, SshOptions) -> -- cgit v1.2.3 From 6af1014df69b4b2c019aead2435e537c20a39f15 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 15 Oct 2015 18:44:11 +0200 Subject: ssh: Implemented ssh_transport:ecdh_validate_public_key (partly) Defined in http://www.secg.org/sec1-v2.pdf '3.2.2 Validation of Elliptic Curve Public Keys' according to RFC 5656 ch 4. More to be done: check singularities, implement reading compressed points.... --- lib/ssh/src/ssh_transport.erl | 56 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index d8574877f2..8b65806dc6 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -625,7 +625,61 @@ handle_kex_ecdh_reply(#ssh_msg_kex_ecdh_reply{public_host_key = PeerPubHostKey, end. -ecdh_validate_public_key(_, _) -> true. % FIXME: Far too many false positives :) +%%%---------------------------------------------------------------- +%%% +%%% Standards for Efficient Cryptography Group, "Elliptic Curve Cryptography", SEC 1 +%%% Section 3.2.2.1 +%%% + +ecdh_validate_public_key(Key, Curve) -> + case key_size(Curve) of + undefined -> + false; + + Sz -> + case dec_key(Key, Sz) of + {ok,Q} -> + case crypto:ec_curve(Curve) of + {{prime_field,P}, {A, B, _Seed}, + _P0Bin, _OrderBin, _CoFactorBin} -> + on_curve(Q, bin2int(A), bin2int(B), bin2int(P)) + end; + + {error,compressed_not_implemented} -> % Be a bit generous... + true; + + _Error -> + false + end + end. + + +on_curve({X,Y}, A, B, P) when 0 =< X,X =< (P-1), + 0 =< Y,Y =< (P-1) -> + %% Section 3.2.2.1, point 2 + (Y*Y) rem P == (X*X*X + A*X + B) rem P; +on_curve(_, _, _, _) -> + false. + + +bin2int(B) -> + Sz = erlang:bit_size(B), + <> = B, + I. + +key_size(secp256r1) -> 256; +key_size(secp384r1) -> 384; +key_size(secp521r1) -> 528; % Round 521 up to closest 8-bits. +key_size(_) -> undefined. + + +dec_key(Key, NBits) -> + Size = 8 + 2*NBits, + case <> of + <<4:8, X:NBits, Y:NBits>> -> {ok,{X,Y}}; + <<4:8, _/binary>> -> {error,bad_format}; + _ -> {error,compressed_not_implemented} + end. %%%---------------------------------------------------------------- handle_new_keys(#ssh_msg_newkeys{}, Ssh0) -> -- cgit v1.2.3 From 16d2e402ca0a4f37f12175f866e1c6c2842303bb Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 16 Oct 2015 10:34:56 +0200 Subject: ssh: wait for subsystem exit in ssh_connection_SUITE:max_channels_option --- lib/ssh/test/ssh_connection_SUITE.erl | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index f0fdf5c0cc..1b93cc9c32 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -700,6 +700,16 @@ max_channels_option(Config) when is_list(Config) -> %%%---- close the shell ok = ssh_connection:send(ConnectionRef, ChannelId0, "exit().\n", 5000), + %%%---- wait for the subsystem to terminate + receive + {ssh_cm,ConnectionRef,{closed,ChannelId0}} -> ok + after 5000 -> + ct:log("Timeout waiting for '{ssh_cm,~p,{closed,~p}}'~n" + "Message queue:~n~p", + [ConnectionRef,ChannelId0,erlang:process_info(self(),messages)]), + ct:fail("exit Timeout",[]) + end, + %%%---- exec #3 success = ssh_connection:exec(ConnectionRef, ChannelId5, "testing3.\n", infinity), receive -- cgit v1.2.3 From c7cb718a480ae03fedb842bc999d516aee7870b3 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 16 Oct 2015 15:44:33 +0200 Subject: ssh: running ssh_algorithms_SUITE tests in parallel --- lib/ssh/test/ssh_algorithms_SUITE.erl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 9f388de2a7..2ab83d84e1 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -58,7 +58,7 @@ groups() -> ], AlgoTcSet = - [{Alg, [], specific_test_cases(Tag,Alg,SshcAlgos,SshdAlgos)} + [{Alg, [parallel], specific_test_cases(Tag,Alg,SshcAlgos,SshdAlgos)} || {Tag,Algs} <- ErlAlgos ++ DoubleAlgos, Alg <- Algs], @@ -110,7 +110,8 @@ init_per_group(Group, Config) -> Config; false -> %% An algorithm group - [[{name,Tag}]|_] = ?config(tc_group_path, Config), + Tag = proplists:get_value(name, + hd(?config(tc_group_path, Config))), Alg = Group, PA = case split(Alg) of -- cgit v1.2.3 From eea90ecdce24c15d39e77849d51729fcc06b74f8 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 19 Oct 2015 16:02:50 +0200 Subject: ssh: test suites probes ssh client Previously we called the ssh client with the -Q option to query about supported algorithms. Since old clients do not support this and at least one lies, we now set up a fake server at let the ssh client start negotiation instead. Much more robust hopefully. --- lib/ssh/test/ssh_test_lib.erl | 140 +++++++++++++++++++++------------- lib/ssh/test/ssh_to_openssh_SUITE.erl | 2 +- lib/ssh/test/ssh_trpt_test_lib.erl | 5 +- 3 files changed, 90 insertions(+), 57 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index a269192785..2e63ec086b 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -478,7 +478,63 @@ check_ssh_client_support2(P) -> -1 end. -default_algorithms(Host, Port) -> +%%%-------------------------------------------------------------------- +%%% Probe a server or a client about algorithm support + +default_algorithms(sshd) -> + default_algorithms(sshd, "localhost", 22); + +default_algorithms(sshc) -> + default_algorithms(sshc, []). + +default_algorithms(sshd, Host, Port) -> + try run_fake_ssh( + ssh_trpt_test_lib:exec( + [{connect,Host,Port, [{silently_accept_hosts, true}, + {user_interaction, false}]}])) + catch + _C:_E -> + ct:pal("***~p:~p: ~p:~p",[?MODULE,?LINE,_C,_E]), + [] + end. + +default_algorithms(sshc, DaemonOptions) -> + Parent = self(), + %% Start a process handling one connection on the server side: + Srvr = + spawn_link( + fun() -> + Parent ! + {result, self(), + try + {ok,InitialState} = ssh_trpt_test_lib:exec(listen), + Parent ! {hostport,self(),ssh_trpt_test_lib:server_host_port(InitialState)}, + run_fake_ssh( + ssh_trpt_test_lib:exec([{accept, DaemonOptions}], + InitialState)) + catch + _C:_E -> + ct:pal("***~p:~p: ~p:~p",[?MODULE,?LINE,_C,_E]), + [] + end} + end), + + receive + {hostport,Srvr,{_Host,Port}} -> + spawn(fun()-> os:cmd(lists:concat(["ssh -o \"StrictHostKeyChecking no\" -p ",Port," localhost"])) end) + after ?TIMEOUT -> + ct:fail("No server respons 1") + end, + + receive + {result,Srvr,L} -> + L + after ?TIMEOUT -> + ct:fail("No server respons 2") + end. + + +run_fake_ssh({ok,InitialState}) -> KexInitPattern = #ssh_msg_kexinit{ kex_algorithms = '$kex_algorithms', @@ -491,61 +547,35 @@ default_algorithms(Host, Port) -> compression_algorithms_server_to_client = '$compression_algorithms_server_to_client', _ = '_' }, + {ok,E} = ssh_trpt_test_lib:exec([{set_options,[silent]}, + {send, hello}, + receive_hello, + {send, ssh_msg_kexinit}, + {match, KexInitPattern, receive_msg}, + close_socket + ], + InitialState), + [Kex, PubKey, EncC2S, EncS2C, MacC2S, MacS2C, CompC2S, CompS2C] = + ssh_trpt_test_lib:instantiate(['$kex_algorithms', + '$server_host_key_algorithms', + '$encryption_algorithms_client_to_server', + '$encryption_algorithms_server_to_client', + '$mac_algorithms_client_to_server', + '$mac_algorithms_server_to_client', + '$compression_algorithms_client_to_server', + '$compression_algorithms_server_to_client' + ], E), + [{kex, to_atoms(Kex)}, + {public_key, to_atoms(PubKey)}, + {cipher, [{client2server, to_atoms(EncC2S)}, + {server2client, to_atoms(EncS2C)}]}, + {mac, [{client2server, to_atoms(MacC2S)}, + {server2client, to_atoms(MacS2C)}]}, + {compression, [{client2server, to_atoms(CompC2S)}, + {server2client, to_atoms(CompS2C)}]}]. + - try ssh_trpt_test_lib:exec( - [{connect,Host,Port, [{silently_accept_hosts, true}, - {user_interaction, false}]}, - {send,hello}, - receive_hello, - {send, ssh_msg_kexinit}, - {match, KexInitPattern, receive_msg}, - close_socket]) - of - {ok,E} -> - [Kex, PubKey, EncC2S, EncS2C, MacC2S, MacS2C, CompC2S, CompS2C] = - ssh_trpt_test_lib:instantiate(['$kex_algorithms', - '$server_host_key_algorithms', - '$encryption_algorithms_client_to_server', - '$encryption_algorithms_server_to_client', - '$mac_algorithms_client_to_server', - '$mac_algorithms_server_to_client', - '$compression_algorithms_client_to_server', - '$compression_algorithms_server_to_client' - ], E), - [{kex, to_atoms(Kex)}, - {public_key, to_atoms(PubKey)}, - {cipher, [{client2server, to_atoms(EncC2S)}, - {server2client, to_atoms(EncS2C)}]}, - {mac, [{client2server, to_atoms(MacC2S)}, - {server2client, to_atoms(MacS2C)}]}, - {compression, [{client2server, to_atoms(CompC2S)}, - {server2client, to_atoms(CompS2C)}]}]; - _ -> - [] - catch - _:_ -> - [] - end. - - -default_algorithms(sshd) -> - default_algorithms("localhost", 22); -default_algorithms(sshc) -> - case os:find_executable("ssh") of - false -> - []; - _ -> - Cipher = sshc(cipher), - Mac = sshc(mac), - [{kex, sshc(kex)}, - {public_key, sshc(key)}, - {cipher, [{client2server, Cipher}, - {server2client, Cipher}]}, - {mac, [{client2server, Mac}, - {server2client, Mac}]} - ] - end. - +%%-------------------------------------------------------------------- sshc(Tag) -> to_atoms( string:tokens(os:cmd(lists:concat(["ssh -Q ",Tag])), "\n") diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 026fe545c1..ddc097a7eb 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -88,7 +88,7 @@ init_per_group(erlang_server, Config) -> init_per_group(erlang_client, Config) -> CommonAlgs = ssh_test_lib:algo_intersection( ssh:default_algorithms(), - ssh_test_lib:default_algorithms("localhost", 22)), + ssh_test_lib:default_algorithms(sshd)), [{common_algs,CommonAlgs} | Config]; init_per_group(_, Config) -> Config. diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl index 772e50df87..5080b33249 100644 --- a/lib/ssh/test/ssh_trpt_test_lib.erl +++ b/lib/ssh/test/ssh_trpt_test_lib.erl @@ -73,7 +73,10 @@ exec(Op, S0=#s{}) -> op(Op, S1)) of S = #s{} -> - print_traces(S), + case proplists:get_value(silent,S#s.opts) of + true -> ok; + _ -> print_traces(S) + end, {ok,S} catch {fail,Reason,Se} -> -- cgit v1.2.3 From e595ac154fdc8a6c6958744f5f6019105b637eaf Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 19 Oct 2015 16:52:53 +0200 Subject: ssh: Removed testcases from ssh_to_openssh_SUITE They are covered in ssh_algorithms_SUITE --- lib/ssh/test/ssh_to_openssh_SUITE.erl | 221 +--------------------------------- 1 file changed, 1 insertion(+), 220 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index ddc097a7eb..b5b997cb53 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -45,7 +45,6 @@ all() -> groups() -> [{erlang_client, [], [erlang_shell_client_openssh_server, - erlang_client_openssh_server_exec, erlang_client_openssh_server_exec_compressed, erlang_client_openssh_server_setenv, erlang_client_openssh_server_publickey_rsa, @@ -54,12 +53,7 @@ groups() -> erlang_client_openssh_server_kexs, erlang_client_openssh_server_nonexistent_subsystem ]}, - {erlang_server, [], [erlang_server_openssh_client_exec, - erlang_server_openssh_client_exec_compressed, - erlang_server_openssh_client_pulic_key_dsa, - erlang_server_openssh_client_cipher_suites, - erlang_server_openssh_client_macs, - erlang_server_openssh_client_kexs]} + {erlang_server, [], [erlang_server_openssh_client_pulic_key_dsa]} ]. init_per_suite(Config) -> @@ -100,18 +94,6 @@ end_per_group(erlang_server, Config) -> end_per_group(_, Config) -> Config. -init_per_testcase(erlang_server_openssh_client_cipher_suites, Config) -> - check_ssh_client_support(Config); - -init_per_testcase(erlang_server_openssh_client_macs, Config) -> - check_ssh_client_support(Config); - -init_per_testcase(erlang_server_openssh_client_kexs, Config) -> - check_ssh_client_support(Config); - -init_per_testcase(erlang_client_openssh_server_kexs, Config) -> - check_ssh_client_support(Config); - init_per_testcase(_TestCase, Config) -> ssh:start(), Config. @@ -257,207 +239,6 @@ erlang_client_openssh_server_kexs(Config) when is_list(Config) -> end end. -%%-------------------------------------------------------------------- -erlang_server_openssh_client_exec() -> - [{doc, "Test that exec command works."}]. - -erlang_server_openssh_client_exec(Config) when is_list(Config) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), - KnownHosts = filename:join(PrivDir, "known_hosts"), - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {failfun, fun ssh_test_lib:failfun/2}]), - - - ct:sleep(500), - - Cmd = "ssh -p " ++ integer_to_list(Port) ++ - " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " 1+1.", - - ct:log("Cmd: ~p~n", [Cmd]), - - SshPort = open_port({spawn, Cmd}, [binary]), - - receive - {SshPort,{data, <<"2\n">>}} -> - ok - after ?TIMEOUT -> - ct:fail("Did not receive answer") - - end, - ssh:stop_daemon(Pid). - -%%-------------------------------------------------------------------- -erlang_server_openssh_client_cipher_suites() -> - [{doc, "Test that we can connect with different cipher suites."}]. - -erlang_server_openssh_client_cipher_suites(Config) when is_list(Config) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), - KnownHosts = filename:join(PrivDir, "known_hosts"), - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {failfun, fun ssh_test_lib:failfun/2}]), - - ct:sleep(500), - - OpenSshCiphers = - ssh_test_lib:to_atoms( - string:tokens(os:cmd("ssh -Q cipher"), "\n")), - ErlCiphers = - proplists:get_value(client2server, - proplists:get_value(cipher, ssh:default_algorithms())), - CommonCiphers = - ssh_test_lib:algo_intersection(ErlCiphers, OpenSshCiphers), - - comment(CommonCiphers), - - lists:foreach( - fun(Cipher) -> - Cmd = lists:concat(["ssh -p ",Port, - " -o UserKnownHostsFile=",KnownHosts," ",Host," ", - " -c ",Cipher," 1+1."]), - ct:log("Cmd: ~p~n", [Cmd]), - - SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), - - receive - {SshPort,{data, <<"2\n">>}} -> - ok - after ?TIMEOUT -> - ct:fail("~p Did not receive answer",[Cipher]) - end - end, CommonCiphers), - - ssh:stop_daemon(Pid). - -%%-------------------------------------------------------------------- -erlang_server_openssh_client_macs() -> - [{doc, "Test that we can connect with different MACs."}]. - -erlang_server_openssh_client_macs(Config) when is_list(Config) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), - KnownHosts = filename:join(PrivDir, "known_hosts"), - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {failfun, fun ssh_test_lib:failfun/2}]), - - - ct:sleep(500), - - OpenSshMacs = - ssh_test_lib:to_atoms( - string:tokens(os:cmd("ssh -Q mac"), "\n")), - ErlMacs = - proplists:get_value(client2server, - proplists:get_value(mac, ssh:default_algorithms())), - CommonMacs = - ssh_test_lib:algo_intersection(ErlMacs, OpenSshMacs), - - comment(CommonMacs), - - lists:foreach( - fun(MAC) -> - Cmd = lists:concat(["ssh -p ",Port, - " -o UserKnownHostsFile=",KnownHosts," ",Host," ", - " -o MACs=",MAC," 1+1."]), - ct:log("Cmd: ~p~n", [Cmd]), - - SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), - - receive - {SshPort,{data, <<"2\n">>}} -> - ok - after ?TIMEOUT -> - ct:fail("~p Did not receive answer",[MAC]) - end - end, CommonMacs), - - ssh:stop_daemon(Pid). - -%%-------------------------------------------------------------------- -erlang_server_openssh_client_kexs() -> - [{doc, "Test that we can connect with different KEXs."}]. - -erlang_server_openssh_client_kexs(Config) when is_list(Config) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), - KnownHosts = filename:join(PrivDir, "known_hosts"), - - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {failfun, fun ssh_test_lib:failfun/2}, - {preferred_algorithms, - [{kex,ssh_transport:default_algorithms(kex)}]} - ]), - ct:sleep(500), - - OpenSshKexs = - ssh_test_lib:to_atoms( - string:tokens(os:cmd("ssh -Q kex"), "\n")), - ErlKexs = - proplists:get_value(kex, ssh:default_algorithms()), - CommonKexs = - ssh_test_lib:algo_intersection(ErlKexs, OpenSshKexs), - - comment(CommonKexs), - - lists:foreach( - fun(Kex) -> - Cmd = lists:concat(["ssh -p ",Port, - " -o UserKnownHostsFile=",KnownHosts," ",Host," ", - " -o KexAlgorithms=",Kex," 1+1."]), - ct:log("Cmd: ~p~n", [Cmd]), - - SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), - - receive - {SshPort,{data, <<"2\n">>}} -> - ok - after ?TIMEOUT -> - ct:log("~p Did not receive answer",[Kex]) - end - end, CommonKexs), - - ssh:stop_daemon(Pid). - -%%-------------------------------------------------------------------- -erlang_server_openssh_client_exec_compressed() -> - [{doc, "Test that exec command works."}]. - -erlang_server_openssh_client_exec_compressed(Config) when is_list(Config) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), - KnownHosts = filename:join(PrivDir, "known_hosts"), - - CompressAlgs = [zlib, 'zlib@openssh.com'], % Does not work -%% CompressAlgs = [zlib], - case ssh_test_lib:ssh_supports(CompressAlgs, compression) of - {false,L} -> - {skip, io_lib:format("~p compression is not supported",[L])}; - - true -> - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {preferred_algorithms, - [{compression, CompressAlgs}]}, - {failfun, fun ssh_test_lib:failfun/2}]), - - ct:sleep(500), - - Cmd = "ssh -p " ++ integer_to_list(Port) ++ - " -o UserKnownHostsFile=" ++ KnownHosts ++ " -C "++ Host ++ " 1+1.", - SshPort = open_port({spawn, Cmd}, [binary]), - - receive - {SshPort,{data, <<"2\n">>}} -> - ok - after ?TIMEOUT -> - ct:fail("Did not receive answer") - end, - ssh:stop_daemon(Pid) - end. - %%-------------------------------------------------------------------- erlang_client_openssh_server_setenv() -> [{doc, "Test api function ssh_connection:setenv"}]. -- cgit v1.2.3 From 9b733abf49dd75a42d75d8964b20c37fee4ad7f1 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 20 Oct 2015 15:12:51 +0200 Subject: ssh: delete now obsolete test case group 'hardening_tests' Thoose tests are already moved to other test suites. However, the init_per_group and end_per_group clauses were accidently left --- lib/ssh/test/ssh_basic_SUITE.erl | 4 ---- 1 file changed, 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 24d8a4e53c..400edb4d2c 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -123,8 +123,6 @@ end_per_suite(_Config) -> ssh:stop(), crypto:stop(). %%-------------------------------------------------------------------- -init_per_group(hardening_tests, Config) -> - init_per_group(dsa_key, Config); init_per_group(dsa_key, Config) -> DataDir = ?config(data_dir, Config), PrivDir = ?config(priv_dir, Config), @@ -229,8 +227,6 @@ init_per_group(dir_options, Config) -> init_per_group(_, Config) -> Config. -end_per_group(hardening_tests, Config) -> - end_per_group(dsa_key, Config); end_per_group(dsa_key, Config) -> PrivDir = ?config(priv_dir, Config), ssh_test_lib:clean_dsa(PrivDir), -- cgit v1.2.3 From eb24b259f026629372f9f8957da72f4302adb904 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 20 Oct 2015 15:49:55 +0200 Subject: ssh: dynamic check of supported algos in ssh_to_openssh_SUITE --- lib/ssh/test/ssh_test_lib.erl | 8 ++++++++ lib/ssh/test/ssh_to_openssh_SUITE.erl | 15 +++++++++++++++ 2 files changed, 23 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 2e63ec086b..5816b708f2 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -459,6 +459,14 @@ openssh_sanity_check(Config) -> {skip, Str} end. +openssh_supports(ClientOrServer, Tag, Alg) when ClientOrServer == sshc ; + ClientOrServer == sshd -> + SSH_algos = ssh_test_lib:default_algorithms(ClientOrServer), + L = proplists:get_value(Tag, SSH_algos, []), + lists:member(Alg, L) orelse + lists:member(Alg, proplists:get_value(client2server, L, [])) orelse + lists:member(Alg, proplists:get_value(server2client, L, [])). + %%-------------------------------------------------------------------- %% Check if we have a "newer" ssh client that supports these test cases diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index b5b997cb53..168b8a695a 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -94,6 +94,21 @@ end_per_group(erlang_server, Config) -> end_per_group(_, Config) -> Config. + +init_per_testcase(erlang_server_openssh_client_pulic_key_dsa, Config) -> + case ssh_test_lib:openssh_supports(sshc, public_key, 'ssh-dss') of + true -> + init_per_testcase('__default__',Config); + false -> + {skip,"openssh client does not support DSA"} + end; +init_per_testcase(erlang_client_openssh_server_publickey_dsa, Config) -> + case ssh_test_lib:openssh_supports(sshd, public_key, 'ssh-dss') of + true -> + init_per_testcase('__default__',Config); + false -> + {skip,"openssh client does not support DSA"} + end; init_per_testcase(_TestCase, Config) -> ssh:start(), Config. -- cgit v1.2.3 From 8bc6d03ecffa6c3613e477c4ef07a6ed6794f8db Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 22 Oct 2015 17:35:12 +0200 Subject: ssh: testcases for bad service names --- lib/ssh/test/ssh_protocol_SUITE.erl | 99 ++++++++++++++++++++++++++++--------- 1 file changed, 77 insertions(+), 22 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 743282ce9c..03c2ce53cb 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -46,7 +46,8 @@ suite() -> all() -> [{group,tool_tests}, - {group,kex} + {group,kex}, + {group,service_requests} ]. groups() -> @@ -61,7 +62,13 @@ groups() -> gex_client_init_default_exact, gex_client_init_option_groups, gex_client_init_option_groups_file - ]} + ]}, + {service_requests, [], [bad_service_name, + bad_long_service_name, + bad_very_long_service_name, + empty_service_name, + bad_service_name_then_correct + ]} ]. @@ -114,25 +121,10 @@ end_per_testcase(_TestCase, Config) -> %%% Connect to an erlang server and check that the testlib acts as a client. lib_works_as_client(Config) -> %% Connect and negotiate keys - {ok,InitialState} = - ssh_trpt_test_lib:exec( - [{set_options, [print_ops, print_seqnums, print_messages]}, - {connect, - server_host(Config),server_port(Config), - [{preferred_algorithms,[{kex,['diffie-hellman-group1-sha1']}]}, - {silently_accept_hosts, true}, - {user_dir, user_dir(Config)}, - {user_interaction, false}]}, - receive_hello, - {send, hello}, - {send, ssh_msg_kexinit}, - {match, #ssh_msg_kexinit{_='_'}, receive_msg}, - {send, ssh_msg_kexdh_init}, - {match,# ssh_msg_kexdh_reply{_='_'}, receive_msg}, - {send, #ssh_msg_newkeys{}}, - {match, #ssh_msg_newkeys{_='_'}, receive_msg} - ] - ), + {ok,InitialState} = ssh_trpt_test_lib:exec( + [{set_options, [print_ops, print_seqnums, print_messages]}] + ), + {ok,AfterKexState} = connect_and_kex(Config, InitialState), %% Do the authentcation {User,Pwd} = server_user_password(Config), @@ -147,7 +139,7 @@ lib_works_as_client(Config) -> ?STRING(unicode:characters_to_binary(Pwd))>> }}, {match, #ssh_msg_userauth_success{_='_'}, receive_msg} - ], InitialState), + ], AfterKexState), %% Disconnect {ok,_} = @@ -375,6 +367,48 @@ do_gex_client_init(Config, {Min,N,Max}, {_,{G,P}}) -> ] ). + +%%%-------------------------------------------------------------------- +bad_service_name(Config) -> + bad_service_name(Config, "kfglkjf"). + +bad_long_service_name(Config) -> + bad_service_name(Config, + lists:duplicate(?SSH_MAX_PACKET_SIZE div 2, $a)). + +bad_very_long_service_name(Config) -> + bad_service_name(Config, + lists:duplicate(4*?SSH_MAX_PACKET_SIZE, $a)). + +empty_service_name(Config) -> + bad_service_name(Config, ""). + +bad_service_name_then_correct(Config) -> + {ok,InitialState} = connect_and_kex(Config), + {ok,_} = + ssh_trpt_test_lib:exec( + [{set_options, [print_ops, print_seqnums, print_messages]}, + {send, #ssh_msg_service_request{name = "kdjglkfdjgkldfjglkdfjglkfdjglkj"}}, + {send, #ssh_msg_service_request{name = "ssh-connection"}}, + {match, {'or',[#ssh_msg_disconnect{_='_'}, + tcp_closed + ]}, + receive_msg} + ], InitialState). + + +bad_service_name(Config, Name) -> + {ok,InitialState} = connect_and_kex(Config), + {ok,_} = + ssh_trpt_test_lib:exec( + [{set_options, [print_ops, print_seqnums, print_messages]}, + {send, #ssh_msg_service_request{name = Name}}, + {match, {'or',[#ssh_msg_disconnect{_='_'}, + tcp_closed + ]}, + receive_msg} + ], InitialState). + %%%================================================================ %%%==== Internal functions ======================================== %%%================================================================ @@ -482,3 +516,24 @@ std_connect(Host, Port, Config, Opts) -> 30000). %%%---------------------------------------------------------------- +connect_and_kex(Config) -> + connect_and_kex(Config, ssh_trpt_test_lib:exec([]) ). + +connect_and_kex(Config, InitialState) -> + ssh_trpt_test_lib:exec( + [{connect, + server_host(Config),server_port(Config), + [{preferred_algorithms,[{kex,['diffie-hellman-group1-sha1']}]}, + {silently_accept_hosts, true}, + {user_dir, user_dir(Config)}, + {user_interaction, false}]}, + receive_hello, + {send, hello}, + {send, ssh_msg_kexinit}, + {match, #ssh_msg_kexinit{_='_'}, receive_msg}, + {send, ssh_msg_kexdh_init}, + {match,# ssh_msg_kexdh_reply{_='_'}, receive_msg}, + {send, #ssh_msg_newkeys{}}, + {match, #ssh_msg_newkeys{_='_'}, receive_msg} + ], + InitialState). -- cgit v1.2.3 From 6563ae580d5023b42f12d55a8b323f0253ae1faa Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 26 Oct 2015 17:08:30 +0100 Subject: ssh: fix spelling error pulic -> public --- lib/ssh/test/ssh_to_openssh_SUITE.erl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 168b8a695a..d1dfa2efdf 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -53,7 +53,7 @@ groups() -> erlang_client_openssh_server_kexs, erlang_client_openssh_server_nonexistent_subsystem ]}, - {erlang_server, [], [erlang_server_openssh_client_pulic_key_dsa]} + {erlang_server, [], [erlang_server_openssh_client_public_key_dsa]} ]. init_per_suite(Config) -> @@ -95,7 +95,7 @@ end_per_group(_, Config) -> Config. -init_per_testcase(erlang_server_openssh_client_pulic_key_dsa, Config) -> +init_per_testcase(erlang_server_openssh_client_public_key_dsa, Config) -> case ssh_test_lib:openssh_supports(sshc, public_key, 'ssh-dss') of true -> init_per_testcase('__default__',Config); @@ -350,9 +350,9 @@ erlang_client_openssh_server_publickey_dsa(Config) when is_list(Config) -> {skip, "no ~/.ssh/id_dsa"} end. %%-------------------------------------------------------------------- -erlang_server_openssh_client_pulic_key_dsa() -> +erlang_server_openssh_client_public_key_dsa() -> [{doc, "Validate using dsa publickey."}]. -erlang_server_openssh_client_pulic_key_dsa(Config) when is_list(Config) -> +erlang_server_openssh_client_public_key_dsa(Config) when is_list(Config) -> SystemDir = ?config(data_dir, Config), PrivDir = ?config(priv_dir, Config), KnownHosts = filename:join(PrivDir, "known_hosts"), -- cgit v1.2.3 From 3c7c228a2889e0c83291d99ad45acea7756ded0f Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 26 Oct 2015 12:45:14 +0100 Subject: ssh: Adjust the test ssh_renegotiate_SUITE:rekey_limit - Remove random length padding to make the data volume deterministic - Increase data volume limit for re-keying because the kexinit message has grown --- lib/ssh/test/ssh_renegotiate_SUITE.erl | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_renegotiate_SUITE.erl b/lib/ssh/test/ssh_renegotiate_SUITE.erl index 9daa6efc02..ef631d54bd 100644 --- a/lib/ssh/test/ssh_renegotiate_SUITE.erl +++ b/lib/ssh/test/ssh_renegotiate_SUITE.erl @@ -89,9 +89,10 @@ rekey_limit(Config) -> UserDir = ?config(priv_dir, Config), DataFile = filename:join(UserDir, "rekey.data"), - {Pid, Host, Port} = ssh_test_lib:std_daemon(Config,[]), + {Pid, Host, Port} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}]), - ConnectionRef = ssh_test_lib:std_connect(Config, Host, Port, [{rekey_limit, 4500}]), + ConnectionRef = ssh_test_lib:std_connect(Config, Host, Port, [{rekey_limit, 6000}, + {max_random_length_padding,0}]), {ok, SftpPid} = ssh_sftp:start_channel(ConnectionRef), Kex1 = get_kex_init(ConnectionRef), @@ -132,13 +133,13 @@ renegotiate1(Config) -> UserDir = ?config(priv_dir, Config), DataFile = filename:join(UserDir, "renegotiate1.data"), - {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[]), + {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}]), RPort = ssh_test_lib:inet_port(), {ok,RelayPid} = ssh_relay:start_link({0,0,0,0}, RPort, Host, DPort), - ConnectionRef = ssh_test_lib:std_connect(Config, Host, RPort, []), + ConnectionRef = ssh_test_lib:std_connect(Config, Host, RPort, [{max_random_length_padding,0}]), {ok, SftpPid} = ssh_sftp:start_channel(ConnectionRef), Kex1 = get_kex_init(ConnectionRef), @@ -170,12 +171,12 @@ renegotiate2(Config) -> UserDir = ?config(priv_dir, Config), DataFile = filename:join(UserDir, "renegotiate2.data"), - {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[]), + {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}]), RPort = ssh_test_lib:inet_port(), {ok,RelayPid} = ssh_relay:start_link({0,0,0,0}, RPort, Host, DPort), - ConnectionRef = ssh_test_lib:std_connect(Config, Host, RPort, []), + ConnectionRef = ssh_test_lib:std_connect(Config, Host, RPort, [{max_random_length_padding,0}]), {ok, SftpPid} = ssh_sftp:start_channel(ConnectionRef), Kex1 = get_kex_init(ConnectionRef), -- cgit v1.2.3 From a541756c4ab173a63969f1789f82b56d22b00fa2 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 2 Nov 2015 17:14:00 +0100 Subject: ssh: Make tests for bad packet_len and field lengths inside packets Includes a ssh_transport:pack/3 function for generating invalid packets --- lib/ssh/src/ssh_transport.erl | 13 +++++-- lib/ssh/test/ssh_protocol_SUITE.erl | 68 ++++++++++++++++++++++++++++++++++++- lib/ssh/test/ssh_trpt_test_lib.erl | 9 ++++- 3 files changed, 85 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 8b65806dc6..d622ec27fc 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -45,7 +45,7 @@ handle_kex_ecdh_init/2, handle_kex_ecdh_reply/2, extract_public_key/1, - unpack/3, decompress/2, ssh_packet/2, pack/2, msg_data/1, + unpack/3, decompress/2, ssh_packet/2, pack/2, pack/3, msg_data/1, sign/3, verify/4]). %%%---------------------------------------------------------------------------- @@ -929,11 +929,18 @@ ssh_packet(Msg, Ssh) -> BinMsg = ssh_message:encode(Msg), pack(BinMsg, Ssh). +pack(Data, Ssh=#ssh{}) -> + pack(Data, Ssh, 0). + +%%% Note: pack/3 is only to be called from tests that wants +%%% to deliberetly send packets with wrong PacketLength! +%%% Use pack/2 for all other purposes! pack(Data0, #ssh{encrypt_block_size = BlockSize, send_sequence = SeqNum, send_mac = MacAlg, send_mac_key = MacKey, random_length_padding = RandomLengthPadding} - = Ssh0) when is_binary(Data0) -> + = Ssh0, + PacketLenDeviationForTests) when is_binary(Data0) -> {Ssh1, Data} = compress(Ssh0, Data0), PL = (BlockSize - ((4 + 1 + size(Data)) rem BlockSize)) rem BlockSize, MinPaddingLen = if PL < 4 -> PL + BlockSize; @@ -946,7 +953,7 @@ pack(Data0, #ssh{encrypt_block_size = BlockSize, end, PaddingLen = MinPaddingLen + ExtraPaddingLen, Padding = ssh_bits:random(PaddingLen), - PacketLen = 1 + PaddingLen + size(Data), + PacketLen = 1 + PaddingLen + size(Data) + PacketLenDeviationForTests, PacketData = <>, {Ssh2, EncPacket} = encrypt(Ssh1, PacketData), diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 03c2ce53cb..b84ccac885 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -47,7 +47,9 @@ suite() -> all() -> [{group,tool_tests}, {group,kex}, - {group,service_requests} + {group,service_requests}, + {group,packet_size_error}, + {group,field_size_error} ]. groups() -> @@ -56,6 +58,12 @@ groups() -> lib_match, lib_no_match ]}, + {packet_size_error, [], [packet_length_too_large, + packet_length_too_short]}, + + {field_size_error, [], [service_name_length_too_large, + service_name_length_too_short]}, + {kex, [], [no_common_alg_server_disconnects, no_common_alg_client_disconnects, gex_client_init_default_noexact, @@ -409,6 +417,64 @@ bad_service_name(Config, Name) -> receive_msg} ], InitialState). +%%%-------------------------------------------------------------------- +packet_length_too_large(Config) -> bad_packet_length(Config, +4). + +packet_length_too_short(Config) -> bad_packet_length(Config, -4). + +bad_packet_length(Config, LengthExcess) -> + PacketFun = + fun(Msg, Ssh) -> + BinMsg = ssh_message:encode(Msg), + ssh_transport:pack(BinMsg, Ssh, LengthExcess) + end, + {ok,InitialState} = connect_and_kex(Config), + {ok,_} = + ssh_trpt_test_lib:exec( + [{set_options, [print_ops, print_seqnums, print_messages]}, + {send, {special, + #ssh_msg_service_request{name="ssh-userauth"}, + PacketFun}}, + %% Prohibit remote decoder starvation: + {send, #ssh_msg_service_request{name="ssh-userauth"}}, + {match, {'or',[#ssh_msg_disconnect{_='_'}, + tcp_closed + ]}, + receive_msg} + ], InitialState). + +%%%-------------------------------------------------------------------- +service_name_length_too_large(Config) -> bad_service_name_length(Config, +4). + +service_name_length_too_short(Config) -> bad_service_name_length(Config, -4). + + +bad_service_name_length(Config, LengthExcess) -> + PacketFun = + fun(#ssh_msg_service_request{name=Service}, Ssh) -> + BinName = list_to_binary(Service), + BinMsg = + <>, + ssh_transport:pack(BinMsg, Ssh) + end, + {ok,InitialState} = connect_and_kex(Config), + {ok,_} = + ssh_trpt_test_lib:exec( + [{set_options, [print_ops, print_seqnums, print_messages]}, + {send, {special, + #ssh_msg_service_request{name="ssh-userauth"}, + PacketFun} }, + %% Prohibit remote decoder starvation: + {send, #ssh_msg_service_request{name="ssh-userauth"}}, + {match, {'or',[#ssh_msg_disconnect{_='_'}, + tcp_closed + ]}, + receive_msg} + ], InitialState). + %%%================================================================ %%%==== Internal functions ======================================== %%%================================================================ diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl index 5080b33249..4269529ae8 100644 --- a/lib/ssh/test/ssh_trpt_test_lib.erl +++ b/lib/ssh/test/ssh_trpt_test_lib.erl @@ -386,7 +386,14 @@ send(S0, Line) when is_binary(Line) -> fun(X) when X==true;X==detail -> {"Send line~n~p~n",[Line]} end), send_bytes(Line, S#s{return_value = Line}); -%%% Msg = #ssh_msg_*{} +send(S0, {special,Msg,PacketFun}) when is_tuple(Msg), + is_function(PacketFun,2) -> + S = opt(print_messages, S0, + fun(X) when X==true;X==detail -> {"Send~n~s~n",[format_msg(Msg)]} end), + {Packet, C} = PacketFun(Msg, S#s.ssh), + send_bytes(Packet, S#s{ssh = C, %%inc_send_seq_num(C), + return_value = Msg}); + send(S0, Msg) when is_tuple(Msg) -> S = opt(print_messages, S0, fun(X) when X==true;X==detail -> {"Send~n~s~n",[format_msg(Msg)]} end), -- cgit v1.2.3 From c505918a86fb9ac8c19e47cd751a9db4e2d9efb2 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 29 Oct 2015 19:51:04 +0100 Subject: ssh: pwdfun/4 and simple tests Also solves OTP-13053 --- lib/ssh/src/ssh.erl | 4 +- lib/ssh/src/ssh.hrl | 1 + lib/ssh/src/ssh_auth.erl | 49 +++++++---- lib/ssh/test/ssh_options_SUITE.erl | 161 ++++++++++++++++++++++++++++++++++++- 4 files changed, 199 insertions(+), 16 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 049018b21c..6f79b48091 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -462,7 +462,9 @@ handle_ssh_option({password, Value} = Opt) when is_list(Value) -> Opt; handle_ssh_option({user_passwords, Value} = Opt) when is_list(Value)-> Opt; -handle_ssh_option({pwdfun, Value} = Opt) when is_function(Value) -> +handle_ssh_option({pwdfun, Value} = Opt) when is_function(Value,2) -> + Opt; +handle_ssh_option({pwdfun, Value} = Opt) when is_function(Value,4) -> Opt; handle_ssh_option({key_cb, Value} = Opt) when is_atom(Value) -> Opt; diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index fc9d60c500..4ad936f742 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -138,6 +138,7 @@ kb_tries_left = 0, % integer(), num tries left for "keyboard-interactive" userauth_preference, available_host_keys, + pwdfun_user_state, authenticated = false }). diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 04749fcf8e..4272eb3c52 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -174,15 +174,15 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, #ssh{opts = Opts, userauth_supported_methods = Methods} = Ssh) -> Password = unicode:characters_to_list(BinPwd), - case check_password(User, Password, Opts) of - true -> + case check_password(User, Password, Opts, Ssh) of + {true,Ssh1} -> {authorized, User, - ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh)}; - false -> + ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh1)}; + {false,Ssh1} -> {not_authorized, {User, {error,"Bad user or password"}}, ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ authentications = Methods, - partial_success = false}, Ssh)} + partial_success = false}, Ssh1)} end; handle_userauth_request(#ssh_msg_userauth_request{user = User, @@ -335,16 +335,16 @@ handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1, kb_tries_left = KbTriesLeft, user = User, userauth_supported_methods = Methods} = Ssh) -> - case check_password(User, unicode:characters_to_list(Password), Opts) of - true -> + case check_password(User, unicode:characters_to_list(Password), Opts, Ssh) of + {true,Ssh1} -> {authorized, User, - ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh)}; - false -> + ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh1)}; + {false,Ssh1} -> {not_authorized, {User, {error,"Bad user or password"}}, ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ authentications = Methods, partial_success = false}, - Ssh#ssh{kb_tries_left = max(KbTriesLeft-1, 0)} + Ssh1#ssh{kb_tries_left = max(KbTriesLeft-1, 0)} )} end; @@ -387,13 +387,34 @@ user_name(Opts) -> {ok, User} end. -check_password(User, Password, Opts) -> +check_password(User, Password, Opts, Ssh) -> case proplists:get_value(pwdfun, Opts) of undefined -> Static = get_password_option(Opts, User), - Password == Static; - Cheker -> - Cheker(User, Password) + {Password == Static, Ssh}; + + Checker when is_function(Checker,2) -> + {Checker(User, Password), Ssh}; + + Checker when is_function(Checker,4) -> + #ssh{pwdfun_user_state = PrivateState, + peer = {_,PeerAddr={_,_}} + } = Ssh, + case Checker(User, Password, PeerAddr, PrivateState) of + true -> + {true,Ssh}; + false -> + {false,Ssh}; + {true,NewState} -> + {true, Ssh#ssh{pwdfun_user_state=NewState}}; + {false,NewState} -> + {false, Ssh#ssh{pwdfun_user_state=NewState}}; + disconnect -> + throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = + "Unable to connect using the available authentication methods", + language = ""}) + end end. get_password_option(Opts, User) -> diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl index cf15ca4253..6a201d401f 100644 --- a/lib/ssh/test/ssh_options_SUITE.erl +++ b/lib/ssh/test/ssh_options_SUITE.erl @@ -45,6 +45,9 @@ max_sessions_ssh_connect_sequential/1, server_password_option/1, server_userpassword_option/1, + server_pwdfun_option/1, + server_pwdfun_4_option/1, + server_pwdfun_4_option_repeat/1, ssh_connect_arg4_timeout/1, ssh_connect_negtimeout_parallel/1, ssh_connect_negtimeout_sequential/1, @@ -83,6 +86,9 @@ all() -> connectfun_disconnectfun_client, server_password_option, server_userpassword_option, + server_pwdfun_option, + server_pwdfun_4_option, + server_pwdfun_4_option_repeat, {group, dir_options}, ssh_connect_timeout, ssh_connect_arg4_timeout, @@ -188,7 +194,9 @@ init_per_testcase(_TestCase, Config) -> Config. end_per_testcase(TestCase, Config) when TestCase == server_password_option; - TestCase == server_userpassword_option -> + TestCase == server_userpassword_option; + TestCase == server_pwdfun_option; + TestCase == server_pwdfun_4_option -> UserDir = filename:join(?config(priv_dir, Config), nopubkey), ssh_test_lib:del_dirs(UserDir), end_per_testcase(Config); @@ -271,6 +279,157 @@ server_userpassword_option(Config) when is_list(Config) -> {user_dir, UserDir}]), ssh:stop_daemon(Pid). +%%-------------------------------------------------------------------- +%%% validate to server that uses the 'pwdfun' option +server_pwdfun_option(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + CHKPWD = fun("foo",Pwd) -> Pwd=="bar"; + (_,_) -> false + end, + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, PrivDir}, + {pwdfun,CHKPWD}]), + ConnectionRef = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "bar"}, + {user_interaction, false}, + {user_dir, UserDir}]), + ssh:close(ConnectionRef), + + Reason = "Unable to connect using the available authentication methods", + + {error, Reason} = + ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, false}, + {user_dir, UserDir}]), + {error, Reason} = + ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "vego"}, + {password, "foo"}, + {user_interaction, false}, + {user_dir, UserDir}]), + ssh:stop_daemon(Pid). + + +%%-------------------------------------------------------------------- +%%% validate to server that uses the 'pwdfun/4' option +server_pwdfun_4_option(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + PWDFUN = fun("foo",Pwd,{_,_},undefined) -> Pwd=="bar"; + ("fie",Pwd,{_,_},undefined) -> {Pwd=="bar",new_state}; + ("bandit",_,_,_) -> disconnect; + (_,_,_,_) -> false + end, + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, PrivDir}, + {pwdfun,PWDFUN}]), + ConnectionRef1 = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "bar"}, + {user_interaction, false}, + {user_dir, UserDir}]), + ssh:close(ConnectionRef1), + + ConnectionRef2 = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "fie"}, + {password, "bar"}, + {user_interaction, false}, + {user_dir, UserDir}]), + ssh:close(ConnectionRef2), + + Reason = "Unable to connect using the available authentication methods", + + {error, Reason} = + ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, false}, + {user_dir, UserDir}]), + {error, Reason} = + ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "fie"}, + {password, "morot"}, + {user_interaction, false}, + {user_dir, UserDir}]), + {error, Reason} = + ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "vego"}, + {password, "foo"}, + {user_interaction, false}, + {user_dir, UserDir}]), + + {error, Reason} = + ssh:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "bandit"}, + {password, "pwd breaking"}, + {user_interaction, false}, + {user_dir, UserDir}]), + ssh:stop_daemon(Pid). + + +%%-------------------------------------------------------------------- +server_pwdfun_4_option_repeat(Config) -> + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = ?config(data_dir, Config), + %% Test that the state works + Parent = self(), + PWDFUN = fun("foo",P="bar",_,S) -> Parent!{P,S},true; + (_,P,_,S=undefined) -> Parent!{P,S},{false,1}; + (_,P,_,S) -> Parent!{P,S}, {false,S+1} + end, + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, PrivDir}, + {auth_methods,"keyboard-interactive"}, + {pwdfun,PWDFUN}]), + + %% Try with passwords "incorrect", "Bad again" and finally "bar" + KIFFUN = fun(_,_,_) -> + K={k,self()}, + case get(K) of + undefined -> + put(K,1), + ["incorrect"]; + 2 -> + put(K,3), + ["bar"]; + S-> + put(K,S+1), + ["Bad again"] + end + end, + + ConnectionRef2 = + ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, + {user, "foo"}, + {keyboard_interact_fun, KIFFUN}, + {user_dir, UserDir}]), + ssh:close(ConnectionRef2), + ssh:stop_daemon(Pid), + + lists:foreach(fun(Expect) -> + receive + Expect -> ok; + Other -> ct:fail("Expect: ~p~nReceived ~p",[Expect,Other]) + after + 2000 -> ct:fail("Timeout expecting ~p",[Expect]) + end + end, [{"incorrect",undefined}, + {"Bad again",1}, + {"bar",2}]). + %%-------------------------------------------------------------------- system_dir_option(Config) -> DirUnread = proplists:get_value(unreadable_dir,Config), -- cgit v1.2.3 From 193ccf4009eb346ca5dd43679b219e395016b03d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 30 Oct 2015 11:33:40 +0100 Subject: ssh: enable users to give option keyboard_interact_fun It is on purpose not documented. It needs more thinking before being finalized. --- lib/ssh/src/ssh.erl | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 6f79b48091..693b55a09e 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -337,6 +337,8 @@ handle_option([{pwdfun, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{key_cb, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{keyboard_interact_fun, _} = Opt | Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); %%Backwards compatibility handle_option([{allow_user_interaction, Value} | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option({user_interaction, Value}) | SshOptions]); @@ -468,6 +470,8 @@ handle_ssh_option({pwdfun, Value} = Opt) when is_function(Value,4) -> Opt; handle_ssh_option({key_cb, Value} = Opt) when is_atom(Value) -> Opt; +handle_ssh_option({keyboard_interact_fun, Value} = Opt) when is_function(Value,3) -> + Opt; handle_ssh_option({compression, Value} = Opt) when is_atom(Value) -> Opt; handle_ssh_option({exec, {Module, Function, _}} = Opt) when is_atom(Module), -- cgit v1.2.3 From 17517fb5ef4e9e7e6913a6eb4527f862ede29271 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 30 Oct 2015 12:25:16 +0100 Subject: ssh: make corrections of keyboard-interactive client * Newlines should be added after Name and Instructions field according to rfc4256. * There was an error in the argument list of the last clause of ssh_auth:keyboard_interact_get_responses/9 * Correct client kb-interactive behaviour at auth failure --- lib/ssh/src/ssh_auth.erl | 11 ++++++++--- lib/ssh/src/ssh_connection_handler.erl | 18 ++++++++++++++---- 2 files changed, 22 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 4272eb3c52..4967a2e4cd 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -364,6 +364,11 @@ method_preference(Algs) -> [{"publickey", ?MODULE, publickey_msg, [A]} | Acc] end, [{"password", ?MODULE, password_msg, []}, + {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []}, + {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []}, + {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []}, + {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []}, + {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []}, {"keyboard-interactive", ?MODULE, keyboard_interactive_msg, []} ], Algs). @@ -472,14 +477,14 @@ keyboard_interact_get_responses(false, undefined, undefined, _, _, _, [Prompt|_] ssh_no_io:read_line(Prompt, Opts); %% Throws error as keyboard interaction is not allowed keyboard_interact_get_responses(true, undefined, _,IoCb, Name, Instr, PromptInfos, Opts, _) -> keyboard_interact(IoCb, Name, Instr, PromptInfos, Opts); -keyboard_interact_get_responses(true, Fun, _, Name, Instr, PromptInfos, _, _, NumPrompts) -> +keyboard_interact_get_responses(true, Fun, _Pwd, _IoCb, Name, Instr, PromptInfos, _Opts, NumPrompts) -> keyboard_interact_fun(Fun, Name, Instr, PromptInfos, NumPrompts). keyboard_interact(IoCb, Name, Instr, Prompts, Opts) -> - if Name /= "" -> IoCb:format("~s", [Name]); + if Name /= "" -> IoCb:format("~s~n", [Name]); true -> ok end, - if Instr /= "" -> IoCb:format("~s", [Instr]); + if Instr /= "" -> IoCb:format("~s~n", [Instr]); true -> ok end, lists:map(fun({Prompt, true}) -> IoCb:read_line(Prompt, Opts); diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 7fb86c1108..a2d1b5b810 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -627,14 +627,24 @@ userauth_keyboard_interactive(#ssh_msg_userauth_info_response{} = Msg, retry_fun(User, Address, Reason, Opts), send_msg(Reply, State), {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} - end. - + end; +userauth_keyboard_interactive(Msg = #ssh_msg_userauth_failure{}, + #state{ssh_params = Ssh0 = + #ssh{role = client, + userauth_preference = Prefs0}} + = State) -> + Prefs = [{Method,M,F,A} || {Method,M,F,A} <- Prefs0, + Method =/= "keyboard-interactive"], + userauth(Msg, State#state{ssh_params = Ssh0#ssh{userauth_preference=Prefs}}). + -userauth_keyboard_interactive_info_response(Msg=#ssh_msg_userauth_failure{}, State) -> +userauth_keyboard_interactive_info_response(Msg=#ssh_msg_userauth_failure{}, + #state{ssh_params = #ssh{role = client}} = State) -> userauth(Msg, State); -userauth_keyboard_interactive_info_response(Msg=#ssh_msg_userauth_success{}, State) -> +userauth_keyboard_interactive_info_response(Msg=#ssh_msg_userauth_success{}, + #state{ssh_params = #ssh{role = client}} = State) -> userauth(Msg, State). %%-------------------------------------------------------------------- -- cgit v1.2.3 From 53bfbb61333af35cde29bb786817856925dcedf0 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 2 Nov 2015 13:08:13 +0100 Subject: ssh: Document pwdfun --- lib/ssh/doc/src/ssh.xml | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 2b190c98b6..31a5e71401 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -471,12 +471,43 @@ kex is implicit but public_key is set explicitly.

- boolean()}]]> + boolean()}]]> + +

Provides a function for password validation. This could used for calling an external system or if + passwords should be stored as a hash. The fun returns: + + true if the user and password is valid and + false otherwise. + +

+

This fun can also be used to make delays in authentication tries for example by calling + timer:sleep/1. To facilitate counting of failed tries + the State variable could be used. This state is per connection only. The first time the pwdfun + is called for a connection, the State variable has the value undefined. + The pwdfun can return - in addition to the values above - a new state + as: + + {true, NewState:any()} if the user and password is valid or + {false, NewState:any()} if the user or password is invalid + +

+

A third usage is to block login attempts from a missbehaving peer. The State described above + can be used for this. In addition to the responses above, the following return value is introduced: + + disconnect if the connection should be closed immediately after sending a SSH_MSG_DISCONNECT + message. + +

+ + + boolean()}]]>

Provides a function for password validation. This function is called with user and password as strings, and returns if the password is valid and otherwise.

+

This option ({pwdfun,fun/2}) is the same as a subset of the previous + ({pwdfun,fun/4}). It is kept for compatibility.

 -- cgit v1.2.3 From 19f3eafbb237af7b6a9d81ebbddae19c41418f8b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 3 Nov 2015 14:53:30 +0100 Subject: ssh: changes after doc review --- lib/ssh/doc/src/ssh.xml | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 31a5e71401..f530a68dd9 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -60,6 +60,29 @@
+
+ OPTIONS +

The exact behaviour of some functions can be adjusted with the use of options which are documented together + with the functions. Generally could each option be used at most one time in each function call. If given two or more + times, the effect is not predictable unless explicitly documented.

+

The options are of different kinds:

+ + Limits +

which alters limits in the system, for example number of simultaneous login attempts.

 + + Timeouts +

which give some defined behaviour if too long time elapses before a given event or action, + for example time to wait for an answer.

 + + Callbacks +

which gives the caller of the function the possibility to execute own code on some events, + for example calling an own logging function or to perform an own login function

 + + Behaviour +

which changes the systems behaviour.

 + +
+
DATA TYPES

Type definitions that are used more than once in @@ -471,7 +494,7 @@ kex is implicit but public_key is set explicitly.

- boolean()}]]> + boolean() | disconnect | {boolean(),any()} }]]>

Provides a function for password validation. This could used for calling an external system or if passwords should be stored as a hash. The fun returns: -- cgit v1.2.3 From c50a9a6562a14f3a9fbd2071e3b19eed8c9c9b4b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 21 Oct 2015 17:25:42 +0200 Subject: ssh, public_key: random selection of diffie-hellman moduli Also tool (public_key:gen_moduli_hrl) to convert an openssh moduli file to erlang format. --- lib/ssh/doc/src/ssh.xml | 2 + lib/ssh/src/ssh.erl | 9 ++++- lib/ssh/src/ssh_transport.erl | 65 ++++++++++-------------------- lib/ssh/src/ssh_transport.hrl | 35 ++--------------- lib/ssh/test/ssh_algorithms_SUITE.erl | 74 ++++++++++++++++++++++++++--------- lib/ssh/test/ssh_protocol_SUITE.erl | 28 +++---------- 6 files changed, 94 insertions(+), 119 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 2b190c98b6..66f872490c 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -467,6 +467,8 @@ kex is implicit but public_key is set explicitly.

Sets the groups that the server may choose among when diffie-hellman-group-exchange is negotiated. See RFC 4419 for details.

+

The default list is fetched from the public_key application. +

If the parameter is {file,filename()}, the file must exist and have one or more three-tuples terminated by a dot. The interpretation is as if the tuples had been given directly in the option. The file is read when the daemon starts.

diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 049018b21c..8d36c847de 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -33,7 +33,8 @@ default_algorithms/0, stop_listener/1, stop_listener/2, stop_listener/3, stop_daemon/1, stop_daemon/2, stop_daemon/3, - shell/1, shell/2, shell/3]). + shell/1, shell/2, shell/3 + ]). %%-------------------------------------------------------------------- -spec start() -> ok | {error, term()}. @@ -423,7 +424,11 @@ handle_ssh_option({preferred_algorithms,[_|_]} = Opt) -> handle_ssh_option({dh_gex_groups,L=[{I1,I2,I3}|_]}) when is_integer(I1), I1>0, is_integer(I2), I2>0, is_integer(I3), I3>0 -> - {dh_gex_groups, lists:map(fun({N,G,P}) -> {N,{G,P}} end, L)}; + {dh_gex_groups, public_key:moduli_collect_per_size( + lists:map(fun({N,G,P}) when is_integer(N),N>0, + is_integer(G),G>0, + is_integer(P),P>0 -> {N,{G,P}} end, L) + )}; handle_ssh_option({dh_gex_groups,{file,File=[C|_]}}=Opt) when is_integer(C), C>0 -> %% A string, (file name) case file:consult(File) of diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index d622ec27fc..35bfadb1df 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -446,14 +446,23 @@ handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request{min = Min, max = Max}, Ssh0=#ssh{opts=Opts}) when Min= %% server - {G, P} = dh_gex_group(Min, NBits, Max, proplists:get_value(dh_gex_groups,Opts)), - {Public, Private} = generate_key(dh, [P,G]), - {SshPacket, Ssh} = - ssh_packet(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0), - {ok, SshPacket, - Ssh#ssh{keyex_key = {{Private, Public}, {G, P}}, - keyex_info = {Min, Max, NBits} - }}; + case public_key:dh_gex_group(Min, NBits, Max, + proplists:get_value(dh_gex_groups,Opts)) of + {ok, {_Sz, {G,P}}} -> + {Public, Private} = generate_key(dh, [P,G]), + {SshPacket, Ssh} = + ssh_packet(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0), + {ok, SshPacket, + Ssh#ssh{keyex_key = {{Private, Public}, {G, P}}, + keyex_info = {Min, Max, NBits} + }}; + {error,_} -> + throw(#ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "No possible diffie-hellman-group-exchange group found", + language = ""}) + end; + handle_kex_dh_gex_request(_, _) -> throw({{error,bad_ssh_msg_kex_dh_gex_request}, #ssh_msg_disconnect{ @@ -1482,44 +1491,10 @@ peer_name({Host, _}) -> %% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -dh_group('diffie-hellman-group1-sha1') -> element(2, ?dh_group1); -dh_group('diffie-hellman-group14-sha1') -> element(2, ?dh_group14). - -dh_gex_default_groups() -> ?dh_default_groups. - - -dh_gex_group(Min, N, Max, undefined) -> - dh_gex_group(Min, N, Max, dh_gex_default_groups()); -dh_gex_group(Min, N, Max, Groups) -> - %% First try to find an exact match. If not an exact match, select the largest possible. - {_Size,Group} = - lists:foldl( - fun(_, {I,G}) when I==N -> - %% If we have an exact match already: use that one - {I,G}; - ({I,G}, _) when I==N -> - %% If we now found an exact match: use that very one - {I,G}; - ({I,G}, {Imax,_Gmax}) when Min=Imax -> % b) {I,G} is larger than current max - %% A group within the limits and better than the one we have - {I,G}; - (_, IGmax) -> - %% Keep the one we have - IGmax - end, {-1,undefined}, Groups), - - case Group of - undefined -> - throw(#ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "No possible diffie-hellman-group-exchange group found", - language = ""}); - _ -> - Group - end. - +dh_group('diffie-hellman-group1-sha1') -> ?dh_group1; +dh_group('diffie-hellman-group14-sha1') -> ?dh_group14. +%%%---------------------------------------------------------------- generate_key(Algorithm, Args) -> {Public,Private} = crypto:generate_key(Algorithm, Args), {crypto:bytes_to_integer(Public), crypto:bytes_to_integer(Private)}. diff --git a/lib/ssh/src/ssh_transport.hrl b/lib/ssh/src/ssh_transport.hrl index 337f455279..fd43326f0d 100644 --- a/lib/ssh/src/ssh_transport.hrl +++ b/lib/ssh/src/ssh_transport.hrl @@ -229,40 +229,13 @@ %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%% rfc 2489, ch 6.2 +%%% Size 1024 -define(dh_group1, - {1024, - {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF}}). + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF}). %%% rfc 3526, ch3 +%%% Size 2048 -define(dh_group14, - {2048, - {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF}}). - -%%% rfc 3526, ch4 --define(dh_group15, - {3072, - {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF}}). - -%%% rfc 3526, ch5 --define(dh_group16, - {4096, - {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF}}). - -%%% rfc 3526, ch6 --define(dh_group17, - {6144, - {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF}}). - -%%% rfc 3526, ch7 --define(dh_group18, - {8192, - {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF}}). - --define(dh_default_groups, [?dh_group1, - ?dh_group14, - ?dh_group15, - ?dh_group16, - ?dh_group17, - ?dh_group18] ). + {2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF}). -endif. % -ifdef(ssh_transport). diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 2ab83d84e1..85415a17de 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -83,7 +83,7 @@ init_per_suite(Config) -> ssh_test_lib:default_algorithms(sshc), ssh_test_lib:default_algorithms(sshd), {?DEFAULT_DH_GROUP_MIN,?DEFAULT_DH_GROUP_NBITS,?DEFAULT_DH_GROUP_MAX}, - [KeyLen || {KeyLen,_} <- ?dh_default_groups], + public_key:dh_gex_group_sizes(), ?MAX_NUM_ALGORITHMS ]), ct:log("all() ->~n ~p.~n~ngroups()->~n ~p.~n",[all(),groups()]), @@ -171,20 +171,51 @@ simple_exec(Config) -> {Host,Port} = ?config(srvr_addr, Config), ssh_test_lib:std_simple_exec(Host, Port, Config). +%%-------------------------------------------------------------------- +%% Testing if no group matches +simple_exec_groups_no_match_too_small(Config) -> + try simple_exec_group({400,500,600}, Config) + of + _ -> ct:fail("Exec though no group available") + catch + error:{badmatch,{error,"No possible diffie-hellman-group-exchange group found"}} -> + ok + end. + +simple_exec_groups_no_match_too_large(Config) -> + try simple_exec_group({9200,9500,9700}, Config) + of + _ -> ct:fail("Exec though no group available") + catch + error:{badmatch,{error,"No possible diffie-hellman-group-exchange group found"}} -> + ok + end. + %%-------------------------------------------------------------------- %% Testing all default groups -simple_exec_group14(Config) -> simple_exec_group(2048, Config). -simple_exec_group15(Config) -> simple_exec_group(3072, Config). -simple_exec_group16(Config) -> simple_exec_group(4096, Config). -simple_exec_group17(Config) -> simple_exec_group(6144, Config). -simple_exec_group18(Config) -> simple_exec_group(8192, Config). - -simple_exec_group(I, Config) -> - Min = I-100, - Max = I+100, - {Host,Port} = ?config(srvr_addr, Config), - ssh_test_lib:std_simple_exec(Host, Port, Config, - [{dh_gex_limits,{Min,I,Max}}]). +simple_exec_groups(Config) -> + Sizes = interpolate( public_key:dh_gex_group_sizes() ), + lists:foreach( + fun(Sz) -> + ct:log("Try size ~p",[Sz]), + ct:comment(Sz), + case simple_exec_group(Sz, Config) of + expected -> ct:log("Size ~p ok",[Sz]); + _ -> ct:log("Size ~p not ok",[Sz]) + end + end, Sizes), + ct:comment("~p",[lists:map(fun({_,I,_}) -> I; + (I) -> I + end,Sizes)]). + + +interpolate([I1,I2|Is]) -> + OneThird = (I2-I1) div 3, + [I1, + {I1, I1 + OneThird, I2}, + {I1, I1 + 2*OneThird, I2} | interpolate([I2|Is])]; +interpolate(Is) -> + Is. %%-------------------------------------------------------------------- %% Use the ssh client of the OS to connect @@ -283,11 +314,10 @@ specific_test_cases(Tag, Alg, SshcAlgos, SshdAlgos) -> case {Tag,Alg} of {kex,_} when Alg == 'diffie-hellman-group-exchange-sha1' ; Alg == 'diffie-hellman-group-exchange-sha256' -> - [simple_exec_group14, - simple_exec_group15, - simple_exec_group16, - simple_exec_group17, - simple_exec_group18]; + [simple_exec_groups, + simple_exec_groups_no_match_too_large, + simple_exec_groups_no_match_too_small + ]; _ -> [] end. @@ -331,3 +361,11 @@ setup_pubkey(Config) -> ssh_test_lib:setup_dsa_known_host(DataDir, UserDir), Config. + +simple_exec_group(I, Config) when is_integer(I) -> + simple_exec_group({I,I,I}, Config); +simple_exec_group({Min,I,Max}, Config) -> + {Host,Port} = ?config(srvr_addr, Config), + ssh_test_lib:std_simple_exec(Host, Port, Config, + [{dh_gex_limits,{Min,I,Max}}]). + diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index b84ccac885..9d54f14ff6 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -66,8 +66,6 @@ groups() -> {kex, [], [no_common_alg_server_disconnects, no_common_alg_client_disconnects, - gex_client_init_default_noexact, - gex_client_init_default_exact, gex_client_init_option_groups, gex_client_init_option_groups_file ]}, @@ -91,9 +89,7 @@ end_per_suite(Config) -> init_per_testcase(no_common_alg_server_disconnects, Config) -> start_std_daemon(Config, [{preferred_algorithms,[{public_key,['ssh-rsa']}]}]); -init_per_testcase(TC, Config) when TC == gex_client_init_default_noexact ; - TC == gex_client_init_default_exact ; - TC == gex_client_init_option_groups ; +init_per_testcase(TC, Config) when TC == gex_client_init_option_groups ; TC == gex_client_init_option_groups_file -> Opts = case TC of gex_client_init_option_groups -> @@ -113,9 +109,7 @@ init_per_testcase(_TestCase, Config) -> end_per_testcase(no_common_alg_server_disconnects, Config) -> stop_std_daemon(Config); -end_per_testcase(TC, Config) when TC == gex_client_init_default_noexact ; - TC == gex_client_init_default_exact ; - TC == gex_client_init_option_groups ; +end_per_testcase(TC, Config) when TC == gex_client_init_option_groups ; TC == gex_client_init_option_groups_file -> stop_std_daemon(Config); end_per_testcase(_TestCase, Config) -> @@ -332,28 +326,16 @@ no_common_alg_client_disconnects(Config) -> end. %%%-------------------------------------------------------------------- -gex_client_init_default_noexact(Config) -> - do_gex_client_init(Config, {2000, 3000, 4000}, - %% Warning, app knowledege: - ?dh_group15). - - -gex_client_init_default_exact(Config) -> - do_gex_client_init(Config, {2000, 2048, 4000}, - %% Warning, app knowledege: - ?dh_group14). - - gex_client_init_option_groups(Config) -> do_gex_client_init(Config, {2000, 2048, 4000}, - {'n/a',{3,41}}). + {3,41}). gex_client_init_option_groups_file(Config) -> do_gex_client_init(Config, {2000, 2048, 4000}, - {'n/a',{5,61}}). + {5,61}). -do_gex_client_init(Config, {Min,N,Max}, {_,{G,P}}) -> +do_gex_client_init(Config, {Min,N,Max}, {G,P}) -> {ok,_} = ssh_trpt_test_lib:exec( [{set_options, [print_ops, print_seqnums, print_messages]}, -- cgit v1.2.3 From 961bb51d1b73c6ff2ad5f08e0a4c13fbfc2fbb98 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 23 Oct 2015 18:33:05 +0200 Subject: ssh: option dh_gex_groups with tag ssh_moduli_file Makes this existing option also accept a file in openssh format OTP-13052 --- lib/ssh/doc/src/ssh.xml | 4 +- lib/ssh/src/ssh.erl | 105 ++++++++++++++++----- lib/ssh/test/ssh_protocol_SUITE.erl | 11 +++ .../ssh_protocol_SUITE_data/dh_group_test.moduli | 3 + 4 files changed, 100 insertions(+), 23 deletions(-) create mode 100644 lib/ssh/test/ssh_protocol_SUITE_data/dh_group_test.moduli (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 66f872490c..1e4dd91eb6 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -462,7 +462,7 @@ kex is implicit but public_key is set explicitly.

- +

Sets the groups that the server may choose among when diffie-hellman-group-exchange is negotiated. See RFC 4419 for details. @@ -471,6 +471,8 @@ kex is implicit but public_key is set explicitly.

If the parameter is {file,filename()}, the file must exist and have one or more three-tuples terminated by a dot. The interpretation is as if the tuples had been given directly in the option. The file is read when the daemon starts.

+

If the parameter is {ssh_moduli_file,filename()}, the file must exist and be in ssh-keygen moduli file format. The file is read when the daemon starts. +

boolean()}]]> diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 8d36c847de..9befceb51b 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -421,28 +421,59 @@ handle_ssh_option({user_interaction, Value} = Opt) when is_boolean(Value) -> Opt; handle_ssh_option({preferred_algorithms,[_|_]} = Opt) -> handle_pref_algs(Opt); -handle_ssh_option({dh_gex_groups,L=[{I1,I2,I3}|_]}) when is_integer(I1), I1>0, - is_integer(I2), I2>0, - is_integer(I3), I3>0 -> - {dh_gex_groups, public_key:moduli_collect_per_size( - lists:map(fun({N,G,P}) when is_integer(N),N>0, - is_integer(G),G>0, - is_integer(P),P>0 -> {N,{G,P}} end, L) - )}; -handle_ssh_option({dh_gex_groups,{file,File=[C|_]}}=Opt) when is_integer(C), C>0 -> - %% A string, (file name) - case file:consult(File) of - {ok, List} -> - try handle_ssh_option({dh_gex_groups,List}) of - {dh_gex_groups,_} = NewOpt -> - NewOpt - catch - _:_ -> - throw({error, {{eoptions, Opt}, "Bad format in file"}}) - end; - Error -> - throw({error, {{eoptions, Opt},{"Error reading file",Error}}}) - end; + +handle_ssh_option({dh_gex_groups,L0}) when is_list(L0) -> + {dh_gex_groups, + collect_per_size( + lists:foldl( + fun({N,G,P}, Acc) when is_integer(N),N>0, + is_integer(G),G>0, + is_integer(P),P>0 -> + [{N,{G,P}} | Acc]; + ({N,{G,P}}, Acc) when is_integer(N),N>0, + is_integer(G),G>0, + is_integer(P),P>0 -> + [{N,{G,P}} | Acc]; + ({N,GPs}, Acc) when is_list(GPs) -> + lists:foldr(fun({Gi,Pi}, Acci) when is_integer(Gi),Gi>0, + is_integer(Pi),Pi>0 -> + [{N,{Gi,Pi}} | Acci] + end, Acc, GPs) + end, [], L0))}; + +handle_ssh_option({dh_gex_groups,{Tag,File=[C|_]}}=Opt) when is_integer(C), C>0, + Tag == file ; + Tag == ssh_moduli_file -> + {ok,GroupDefs} = + case Tag of + file -> + file:consult(File); + ssh_moduli_file -> + case file:open(File,[read]) of + {ok,D} -> + try + {ok,Moduli} = read_moduli_file(D, 1, []), + file:close(D), + {ok, Moduli} + catch + _:_ -> + throw({error, {{eoptions, Opt}, "Bad format in file "++File}}) + end; + {error,enoent} -> + throw({error, {{eoptions, Opt}, "File not found:"++File}}); + {error,Error} -> + throw({error, {{eoptions, Opt}, io_lib:format("Error reading file ~s: ~p",[File,Error])}}) + end + end, + + try + handle_ssh_option({dh_gex_groups,GroupDefs}) + catch + _:_ -> + throw({error, {{eoptions, Opt}, "Bad format in file: "++File}}) + end; + + handle_ssh_option({dh_gex_limits,{Min,I,Max}} = Opt) when is_integer(Min), Min>0, is_integer(I), I>=Min, is_integer(Max), Max>=I -> @@ -665,3 +696,33 @@ directory_exist_readable(Dir) -> +collect_per_size(L) -> + lists:foldr( + fun({Sz,GP}, [{Sz,GPs}|Acc]) -> [{Sz,[GP|GPs]}|Acc]; + ({Sz,GP}, Acc) -> [{Sz,[GP]}|Acc] + end, [], lists:sort(L)). + +read_moduli_file(D, I, Acc) -> + case io:get_line(D,"") of + {error,Error} -> + {error,Error}; + eof -> + {ok, Acc}; + "#" ++ _ -> read_moduli_file(D, I+1, Acc); + <<"#",_/binary>> -> read_moduli_file(D, I+1, Acc); + Data -> + Line = if is_binary(Data) -> binary_to_list(Data); + is_list(Data) -> Data + end, + try + [_Time,_Type,_Tests,_Tries,Size,G,P] = string:tokens(Line," \r\n"), + M = {list_to_integer(Size), + {list_to_integer(G), list_to_integer(P,16)} + }, + read_moduli_file(D, I+1, [M|Acc]) + catch + _:_ -> + read_moduli_file(D, I+1, Acc) + end + end. + diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 9d54f14ff6..0292c8d149 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -67,6 +67,7 @@ groups() -> {kex, [], [no_common_alg_server_disconnects, no_common_alg_client_disconnects, gex_client_init_option_groups, + gex_client_init_option_groups_moduli_file, gex_client_init_option_groups_file ]}, {service_requests, [], [bad_service_name, @@ -90,6 +91,7 @@ init_per_testcase(no_common_alg_server_disconnects, Config) -> start_std_daemon(Config, [{preferred_algorithms,[{public_key,['ssh-rsa']}]}]); init_per_testcase(TC, Config) when TC == gex_client_init_option_groups ; + TC == gex_client_init_option_groups_moduli_file ; TC == gex_client_init_option_groups_file -> Opts = case TC of gex_client_init_option_groups -> @@ -98,6 +100,10 @@ init_per_testcase(TC, Config) when TC == gex_client_init_option_groups ; DataDir = ?config(data_dir, Config), F = filename:join(DataDir, "dh_group_test"), [{dh_gex_groups, {file,F}}]; + gex_client_init_option_groups_moduli_file -> + DataDir = ?config(data_dir, Config), + F = filename:join(DataDir, "dh_group_test.moduli"), + [{dh_gex_groups, {ssh_moduli_file,F}}]; _ -> [] end, @@ -110,6 +116,7 @@ init_per_testcase(_TestCase, Config) -> end_per_testcase(no_common_alg_server_disconnects, Config) -> stop_std_daemon(Config); end_per_testcase(TC, Config) when TC == gex_client_init_option_groups ; + TC == gex_client_init_option_groups_moduli_file ; TC == gex_client_init_option_groups_file -> stop_std_daemon(Config); end_per_testcase(_TestCase, Config) -> @@ -335,6 +342,10 @@ gex_client_init_option_groups_file(Config) -> do_gex_client_init(Config, {2000, 2048, 4000}, {5,61}). +gex_client_init_option_groups_moduli_file(Config) -> + do_gex_client_init(Config, {2000, 2048, 4000}, + {5,16#B7}). + do_gex_client_init(Config, {Min,N,Max}, {G,P}) -> {ok,_} = ssh_trpt_test_lib:exec( diff --git a/lib/ssh/test/ssh_protocol_SUITE_data/dh_group_test.moduli b/lib/ssh/test/ssh_protocol_SUITE_data/dh_group_test.moduli new file mode 100644 index 0000000000..f6995ba4c9 --- /dev/null +++ b/lib/ssh/test/ssh_protocol_SUITE_data/dh_group_test.moduli @@ -0,0 +1,3 @@ +20151021104105 2 6 100 2222 5 B7 +20151021104106 2 6 100 1111 5 4F + -- cgit v1.2.3 From 18b9fc4c61f487007c8bff3bbb52f9466f3454ce Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 26 Oct 2015 15:56:13 +0100 Subject: ssh: extend 'dh_gex_limits' to server side OTP-13066 --- lib/ssh/doc/src/ssh.xml | 11 +++++++++++ lib/ssh/src/ssh.erl | 5 +++++ lib/ssh/src/ssh_transport.erl | 29 +++++++++++++++++++++++++---- lib/ssh/test/ssh_protocol_SUITE.erl | 19 ++++++++++++++++--- 4 files changed, 57 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 1e4dd91eb6..7c1b9ea0dc 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -475,6 +475,17 @@ kex is implicit but public_key is set explicitly.

+ + +

Limits what a client can ask for in diffie-hellman-group-exchange. The effective value will be + MaxUsed = min(MaxClient,Max), MinUsed = max(MinClient,Min). +

+

If MaxUsed < MinUses in a key exchange, it will fail with a disconnect. +

+

See RFC 4419 for the function of the max an min values. +

+ + boolean()}]]>

Provides a function for password validation. This function is called diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 9befceb51b..39cf441090 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -474,9 +474,14 @@ handle_ssh_option({dh_gex_groups,{Tag,File=[C|_]}}=Opt) when is_integer(C), C>0, end; +handle_ssh_option({dh_gex_limits,{Min,Max}} = Opt) when is_integer(Min), Min>0, + is_integer(Max), Max>=Min -> + %% Server + Opt; handle_ssh_option({dh_gex_limits,{Min,I,Max}} = Opt) when is_integer(Min), Min>0, is_integer(I), I>=Min, is_integer(Max), Max>=I -> + %% Client Opt; handle_ssh_option({connect_timeout, Value} = Opt) when is_integer(Value); Value == infinity -> Opt; diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 35bfadb1df..d61fc76c0a 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -441,13 +441,14 @@ handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = PeerPubHostKey, %%% %%% diffie-hellman-group-exchange-sha1 %%% -handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request{min = Min, +handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request{min = Min0, n = NBits, - max = Max}, - Ssh0=#ssh{opts=Opts}) when Min= + max = Max0}, + Ssh0=#ssh{opts=Opts}) when Min0= %% server + {Min, Max} = adjust_gex_min_max(Min0, Max0, Opts), case public_key:dh_gex_group(Min, NBits, Max, - proplists:get_value(dh_gex_groups,Opts)) of + proplists:get_value(dh_gex_groups,Opts)) of {ok, {_Sz, {G,P}}} -> {Public, Private} = generate_key(dh, [P,G]), {SshPacket, Ssh} = @@ -471,6 +472,26 @@ handle_kex_dh_gex_request(_, _) -> language = ""} }). + +adjust_gex_min_max(Min0, Max0, Opts) -> + case proplists:get_value(dh_gex_limits, Opts) of + undefined -> + {Min0, Max0}; + {Min1, Max1} -> + Min2 = max(Min0, Min1), + Max2 = min(Max0, Max1), + if + Min2 =< Max2 -> + {Min2, Max2}; + Max2 < Min2 -> + throw(#ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "No possible diffie-hellman-group-exchange group possible", + language = ""}) + end + end. + + handle_kex_dh_gex_group(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0) -> %% client {Public, Private} = generate_key(dh, [P,G]), diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 0292c8d149..3a7f47c2dd 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -67,6 +67,7 @@ groups() -> {kex, [], [no_common_alg_server_disconnects, no_common_alg_client_disconnects, gex_client_init_option_groups, + gex_server_gex_limit, gex_client_init_option_groups_moduli_file, gex_client_init_option_groups_file ]}, @@ -92,7 +93,8 @@ init_per_testcase(no_common_alg_server_disconnects, Config) -> init_per_testcase(TC, Config) when TC == gex_client_init_option_groups ; TC == gex_client_init_option_groups_moduli_file ; - TC == gex_client_init_option_groups_file -> + TC == gex_client_init_option_groups_file ; + TC == gex_server_gex_limit -> Opts = case TC of gex_client_init_option_groups -> [{dh_gex_groups, [{2345, 3, 41}]}]; @@ -104,6 +106,12 @@ init_per_testcase(TC, Config) when TC == gex_client_init_option_groups ; DataDir = ?config(data_dir, Config), F = filename:join(DataDir, "dh_group_test.moduli"), [{dh_gex_groups, {ssh_moduli_file,F}}]; + gex_server_gex_limit -> + [{dh_gex_groups, [{ 500, 3, 18}, + {1000, 7, 91}, + {3000, 5, 61}]}, + {dh_gex_limits,{500,1500}} + ]; _ -> [] end, @@ -117,7 +125,8 @@ end_per_testcase(no_common_alg_server_disconnects, Config) -> stop_std_daemon(Config); end_per_testcase(TC, Config) when TC == gex_client_init_option_groups ; TC == gex_client_init_option_groups_moduli_file ; - TC == gex_client_init_option_groups_file -> + TC == gex_client_init_option_groups_file ; + TC == gex_server_gex_limit -> stop_std_daemon(Config); end_per_testcase(_TestCase, Config) -> check_std_daemon_works(Config, ?LINE). @@ -337,7 +346,6 @@ gex_client_init_option_groups(Config) -> do_gex_client_init(Config, {2000, 2048, 4000}, {3,41}). - gex_client_init_option_groups_file(Config) -> do_gex_client_init(Config, {2000, 2048, 4000}, {5,61}). @@ -346,6 +354,11 @@ gex_client_init_option_groups_moduli_file(Config) -> do_gex_client_init(Config, {2000, 2048, 4000}, {5,16#B7}). +gex_server_gex_limit(Config) -> + do_gex_client_init(Config, {1000, 3000, 4000}, + {7,91}). + + do_gex_client_init(Config, {Min,N,Max}, {G,P}) -> {ok,_} = ssh_trpt_test_lib:exec( -- cgit v1.2.3 From 447a9b574f26cc81ed09be4ec1afafea8de924c5 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 3 Nov 2015 15:07:30 +0100 Subject: ssh: changes after doc review --- lib/ssh/doc/src/ssh.xml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 7c1b9ea0dc..06bc39f8fe 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -477,13 +477,14 @@ kex is implicit but public_key is set explicitly.

-

Limits what a client can ask for in diffie-hellman-group-exchange. The effective value will be +

Limits the key Sizes what a client can ask for in diffie-hellman-group-exchange. + The effective value will be MaxUsed = min(MaxClient,Max), MinUsed = max(MinClient,Min). + The default value is {0,infinity}.

-

If MaxUsed < MinUses in a key exchange, it will fail with a disconnect. -

-

See RFC 4419 for the function of the max an min values. +

If MaxUsed < MinUsed in a key exchange, it will fail with a disconnect.

+

See RFC 4419 for the function of the Max an Min values.

 boolean()}]]> -- cgit v1.2.3 From bd5666f98d15aa363820465621977ffb60271954 Mon Sep 17 00:00:00 2001 From: Ben Tyler Date: Sun, 1 Nov 2015 02:27:52 +0100 Subject: Fix spelling of ssh 'subsystem' This commit does not change any behaviour, since the spelling was internally consistent. --- lib/ssh/src/ssh_connection.erl | 4 ++-- lib/ssh/src/ssh_connection_handler.erl | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index 266c64fd4f..a34478732c 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -662,7 +662,7 @@ handle_msg(#ssh_msg_channel_request{recipient_channel = ChannelId, ReplyMsg = {subsystem, ChannelId, WantReply, binary_to_list(SsName)}, try - {ok, Pid} = start_subsytem(SsName, Connection, Channel0, ReplyMsg), + {ok, Pid} = start_subsystem(SsName, Connection, Channel0, ReplyMsg), erlang:monitor(process, Pid), Channel = Channel0#channel{user = Pid}, ssh_channel:cache_update(Cache, Channel), @@ -1017,7 +1017,7 @@ start_cli(#connection{options = Options, sub_system_supervisor = SubSysSup}, ChannelId) -> start_channel(CbModule, ChannelId, Args, SubSysSup, Exec, Options). -start_subsytem(BinName, #connection{options = Options, +start_subsystem(BinName, #connection{options = Options, sub_system_supervisor = SubSysSup}, #channel{local_id = ChannelId}, _ReplyMsg) -> Name = binary_to_list(BinName), diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 7fb86c1108..099268d521 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1088,7 +1088,7 @@ handle_info(UnexpectedMessage, StateName, #state{opts = Opts, terminate(normal, _, #state{transport_cb = Transport, connection_state = Connection, socket = Socket}) -> - terminate_subsytem(Connection), + terminate_subsystem(Connection), (catch Transport:close(Socket)), ok; @@ -1117,7 +1117,7 @@ terminate({shutdown, _}, StateName, State) -> terminate(Reason, StateName, #state{ssh_params = Ssh0, starter = _Pid, connection_state = Connection} = State) -> - terminate_subsytem(Connection), + terminate_subsystem(Connection), log_error(Reason), DisconnectMsg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, @@ -1128,10 +1128,10 @@ terminate(Reason, StateName, #state{ssh_params = Ssh0, starter = _Pid, terminate(normal, StateName, State#state{ssh_params = Ssh}). -terminate_subsytem(#connection{system_supervisor = SysSup, +terminate_subsystem(#connection{system_supervisor = SysSup, sub_system_supervisor = SubSysSup}) when is_pid(SubSysSup) -> ssh_system_sup:stop_subsystem(SysSup, SubSysSup); -terminate_subsytem(_) -> +terminate_subsystem(_) -> ok. format_status(normal, [_, State]) -> -- cgit v1.2.3 From df622b62f72b6509505b32380fbb88203616868d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 5 Nov 2015 17:39:46 +0100 Subject: ssh, public_key: updates after doc review --- lib/ssh/doc/src/ssh.xml | 38 ++++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 12 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 06bc39f8fe..43db63e7e6 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -464,27 +464,41 @@ kex is implicit but public_key is set explicitly.

-

Sets the groups that the server may choose among when diffie-hellman-group-exchange is negotiated. - See RFC 4419 for details. +

Defines the groups the server may choose among when diffie-hellman-group-exchange is negotiated. + See RFC 4419 for details. The three variants of this option are:

-

The default list is fetched from the public_key application. -

-

If the parameter is {file,filename()}, the file must exist and have one or more three-tuples terminated by a dot. The interpretation is as if the tuples had been given directly in the option. The file is read when the daemon starts. -

-

If the parameter is {ssh_moduli_file,filename()}, the file must exist and be in ssh-keygen moduli file format. The file is read when the daemon starts. + + {Size=integer(),G=integer(),P=integer()} + The groups are given explicitly in this list. There may be several elements with the same Size. + In such a case, the server will choose one randomly in the negotiated Size. + + {file,filename()} + The file must have one or more three-tuples {Size=integer(),G=integer(),P=integer()} + terminated by a dot. The file is read when the daemon starts. + + {ssh_moduli_file,filename()} + The file must be in + ssh-keygen moduli file format. + The file is read when the daemon starts. + + +

The default list is fetched from the + public_key application.

-

Limits the key Sizes what a client can ask for in diffie-hellman-group-exchange. - The effective value will be - MaxUsed = min(MaxClient,Max), MinUsed = max(MinClient,Min). - The default value is {0,infinity}. +

Limits what a client can ask for in diffie-hellman-group-exchange. + The limits will be + {MaxUsed = min(MaxClient,Max), MinUsed = max(MinClient,Min)} where MaxClient and + MinClient are the values proposed by a connecting client. +

+

The default value is {0,infinity}.

If MaxUsed < MinUsed in a key exchange, it will fail with a disconnect.

-

See RFC 4419 for the function of the Max an Min values.

+

See RFC 4419 for the function of the Max and Min values.

 boolean()}]]> -- cgit v1.2.3 From 7adbd6ee24fa7f1bb3c26d5106e7e38446405f16 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 5 Nov 2015 18:27:05 +0100 Subject: ssh: correct a bad doc xref --- lib/ssh/doc/src/ssh.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 43db63e7e6..5c18c48f65 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -478,12 +478,12 @@ kex is implicit but public_key is set explicitly.

 {ssh_moduli_file,filename()} The file must be in - ssh-keygen moduli file format. + ssh-keygen moduli file format. The file is read when the daemon starts.

The default list is fetched from the - public_key application. + public_key application.

-- cgit v1.2.3 From cdbe44920678d68a9936e1ab504bc1c8aad65847 Mon Sep 17 00:00:00 2001 From: David Whitlock Date: Thu, 5 Nov 2015 12:47:08 +0700 Subject: Recommend against using crypto:rand_bytes --- lib/ssh/doc/src/using_ssh.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index 91185a0f6e..3ed862458c 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -252,7 +252,7 @@ %% First three parameters depending on which crypto type we select: Key = <<"This is a 256 bit key. abcdefghi">>, -Ivec0 = crypto:rand_bytes(16), +Ivec0 = crypto:strong_rand_bytes(16), DataSize = 1024, % DataSize rem 16 = 0 for aes_cbc %% Initialization of the CryptoState, in this case it is the Ivector. -- cgit v1.2.3 From a9f1cb21b0d418df61ffade6c0a4ed1767b9f068 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 9 Nov 2015 15:24:15 +0100 Subject: ssh: use crypto for ecdh point validation --- lib/ssh/src/ssh_transport.erl | 84 ++++++++----------------------------------- 1 file changed, 15 insertions(+), 69 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index d61fc76c0a..0c999b96cc 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -593,10 +593,11 @@ handle_kex_ecdh_init(#ssh_msg_kex_ecdh_init{q_c = PeerPublic}, Ssh0 = #ssh{algorithms = #alg{kex=Kex}}) -> %% at server Curve = ecdh_curve(Kex), - case ecdh_validate_public_key(PeerPublic, Curve) of - true -> - {MyPublic, MyPrivate} = generate_key(ecdh, Curve), - K = compute_key(ecdh, PeerPublic, MyPrivate, Curve), + {MyPublic, MyPrivate} = generate_key(ecdh, Curve), + try + compute_key(ecdh, PeerPublic, MyPrivate, Curve) + of + K -> MyPrivHostKey = get_host_key(Ssh0), MyPubHostKey = extract_public_key(MyPrivHostKey), H = kex_h(Ssh0, Curve, MyPubHostKey, PeerPublic, MyPublic, K), @@ -609,9 +610,9 @@ handle_kex_ecdh_init(#ssh_msg_kex_ecdh_init{q_c = PeerPublic}, {ok, SshPacket, Ssh1#ssh{keyex_key = {{MyPublic,MyPrivate},Curve}, shared_secret = K, exchanged_hash = H, - session_id = sid(Ssh1, H)}}; - - false -> + session_id = sid(Ssh1, H)}} + catch + _:_ -> throw({{error,invalid_peer_public_key}, #ssh_msg_disconnect{ code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, @@ -626,9 +627,10 @@ handle_kex_ecdh_reply(#ssh_msg_kex_ecdh_reply{public_host_key = PeerPubHostKey, #ssh{keyex_key = {{MyPublic,MyPrivate}, Curve}} = Ssh0 ) -> %% at client - case ecdh_validate_public_key(PeerPublic, Curve) of - true -> - K = compute_key(ecdh, PeerPublic, MyPrivate, Curve), + try + compute_key(ecdh, PeerPublic, MyPrivate, Curve) + of + K -> H = kex_h(Ssh0, Curve, PeerPubHostKey, MyPublic, PeerPublic, K), case verify_host_key(Ssh0, PeerPubHostKey, H, H_SIG) of ok -> @@ -643,9 +645,9 @@ handle_kex_ecdh_reply(#ssh_msg_kex_ecdh_reply{public_host_key = PeerPubHostKey, description = "Key exchange failed", language = ""} }) - end; - - false -> + end + catch + _:_ -> throw({{error,invalid_peer_public_key}, #ssh_msg_disconnect{ code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, @@ -655,62 +657,6 @@ handle_kex_ecdh_reply(#ssh_msg_kex_ecdh_reply{public_host_key = PeerPubHostKey, end. -%%%---------------------------------------------------------------- -%%% -%%% Standards for Efficient Cryptography Group, "Elliptic Curve Cryptography", SEC 1 -%%% Section 3.2.2.1 -%%% - -ecdh_validate_public_key(Key, Curve) -> - case key_size(Curve) of - undefined -> - false; - - Sz -> - case dec_key(Key, Sz) of - {ok,Q} -> - case crypto:ec_curve(Curve) of - {{prime_field,P}, {A, B, _Seed}, - _P0Bin, _OrderBin, _CoFactorBin} -> - on_curve(Q, bin2int(A), bin2int(B), bin2int(P)) - end; - - {error,compressed_not_implemented} -> % Be a bit generous... - true; - - _Error -> - false - end - end. - - -on_curve({X,Y}, A, B, P) when 0 =< X,X =< (P-1), - 0 =< Y,Y =< (P-1) -> - %% Section 3.2.2.1, point 2 - (Y*Y) rem P == (X*X*X + A*X + B) rem P; -on_curve(_, _, _, _) -> - false. - - -bin2int(B) -> - Sz = erlang:bit_size(B), - <> = B, - I. - -key_size(secp256r1) -> 256; -key_size(secp384r1) -> 384; -key_size(secp521r1) -> 528; % Round 521 up to closest 8-bits. -key_size(_) -> undefined. - - -dec_key(Key, NBits) -> - Size = 8 + 2*NBits, - case <> of - <<4:8, X:NBits, Y:NBits>> -> {ok,{X,Y}}; - <<4:8, _/binary>> -> {error,bad_format}; - _ -> {error,compressed_not_implemented} - end. - %%%---------------------------------------------------------------- handle_new_keys(#ssh_msg_newkeys{}, Ssh0) -> try install_alg(Ssh0) of -- cgit v1.2.3 From 37e598c1784595f8e10924ac2460d71c0c251c2c Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 10 Nov 2015 16:04:29 +0100 Subject: ssh: add better error handling in ssh_file ssh_file:lookup_user_key_fd and ssh_file:lookup_host_key --- lib/ssh/src/ssh_file.erl | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl index c087ce14d7..2f16a31cba 100644 --- a/lib/ssh/src/ssh_file.erl +++ b/lib/ssh/src/ssh_file.erl @@ -221,9 +221,11 @@ do_lookup_host_key(KeyToMatch, Host, Alg, Opts) -> {ok, Fd} -> Res = lookup_host_key_fd(Fd, KeyToMatch, Host, Alg), file:close(Fd), - {ok, Res}; - {error, enoent} -> {error, not_found}; - Error -> Error + Res; + {error, enoent} -> + {error, not_found}; + Error -> + Error end. identity_key_filename('ssh-dss' ) -> "id_dsa"; @@ -242,6 +244,9 @@ lookup_host_key_fd(Fd, KeyToMatch, Host, KeyType) -> case io:get_line(Fd, '') of eof -> {error, not_found}; + {error,Error} -> + %% Rare... For example NFS errors + {error,Error}; Line -> case ssh_decode_line(Line, known_hosts) of [{Key, Attributes}] -> @@ -262,7 +267,7 @@ handle_host(Fd, KeyToMatch, Host, HostList, Key, KeyType) -> Host1 = host_name(Host), case lists:member(Host1, HostList) andalso key_match(Key, KeyType) of true when KeyToMatch == Key -> - Key; + {ok,Key}; _ -> lookup_host_key_fd(Fd, KeyToMatch, Host, KeyType) end. @@ -309,6 +314,9 @@ lookup_user_key_fd(Fd, Key) -> case io:get_line(Fd, '') of eof -> {error, not_found}; + {error,Error} -> + %% Rare... For example NFS errors + {error,Error}; Line -> case ssh_decode_line(Line, auth_keys) of [{AuthKey, _}] -> -- cgit v1.2.3 From 3d719a5bc849e2c3279d71c84285c2da3af9e28d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 10 Nov 2015 12:26:50 +0100 Subject: ssh: document function dependencies in ssh_connection.erl --- lib/ssh/doc/src/ssh_connection.xml | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_connection.xml b/lib/ssh/doc/src/ssh_connection.xml index 9a7bb09b12..7e7cfad90d 100644 --- a/lib/ssh/doc/src/ssh_connection.xml +++ b/lib/ssh/doc/src/ssh_connection.xml @@ -373,6 +373,9 @@

Is to be called by client- and server-channel processes to send data to each other.

+

The function subsystem/4 and subsequent + calls of send/3,4,5 must be executed in the same process. +

@@ -454,6 +457,9 @@

Is to be called by a client-channel process for requesting to execute a predefined subsystem on the server.

+

The function subsystem/4 and subsequent calls of + send/3,4,5 must be executed in the same process. +

-- cgit v1.2.3 From 13b4186f902ca250b86ffffb11f79a2778b4d167 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 10 Nov 2015 12:29:44 +0100 Subject: ssh: removed pre-historic ssh specs from the doc-dir --- .../standard/draft-ietf-secsh-architecture-15.2.ps | 3315 ------------------ .../standard/draft-ietf-secsh-architecture-15.txt | 1624 --------- .../doc/standard/draft-ietf-secsh-connect-18.2.ps | 2557 -------------- .../doc/standard/draft-ietf-secsh-connect-18.txt | 1232 ------- .../doc/standard/draft-ietf-secsh-filexfer-02.2.ps | 2853 ---------------- .../doc/standard/draft-ietf-secsh-filexfer-02.txt | 1627 --------- .../doc/standard/draft-ietf-secsh-filexfer-03.2.ps | 3511 -------------------- .../doc/standard/draft-ietf-secsh-filexfer-03.txt | 1962 ----------- .../doc/standard/draft-ietf-secsh-filexfer-04.txt | 2130 ------------ .../standard/draft-ietf-secsh-transport-17.2.ps | 3205 ------------------ .../doc/standard/draft-ietf-secsh-transport-17.txt | 1624 --------- .../doc/standard/draft-ietf-secsh-userauth-18.2.ps | 1881 ----------- .../doc/standard/draft-ietf-secsh-userauth-18.txt | 896 ----- 13 files changed, 28417 deletions(-) delete mode 100644 lib/ssh/doc/standard/draft-ietf-secsh-architecture-15.2.ps delete mode 100644 lib/ssh/doc/standard/draft-ietf-secsh-architecture-15.txt delete mode 100644 lib/ssh/doc/standard/draft-ietf-secsh-connect-18.2.ps delete mode 100644 lib/ssh/doc/standard/draft-ietf-secsh-connect-18.txt delete mode 100644 lib/ssh/doc/standard/draft-ietf-secsh-filexfer-02.2.ps delete mode 100644 lib/ssh/doc/standard/draft-ietf-secsh-filexfer-02.txt delete mode 100644 lib/ssh/doc/standard/draft-ietf-secsh-filexfer-03.2.ps delete mode 100644 lib/ssh/doc/standard/draft-ietf-secsh-filexfer-03.txt delete mode 100644 lib/ssh/doc/standard/draft-ietf-secsh-filexfer-04.txt delete mode 100644 lib/ssh/doc/standard/draft-ietf-secsh-transport-17.2.ps delete mode 100644 lib/ssh/doc/standard/draft-ietf-secsh-transport-17.txt delete mode 100644 lib/ssh/doc/standard/draft-ietf-secsh-userauth-18.2.ps delete mode 100644 lib/ssh/doc/standard/draft-ietf-secsh-userauth-18.txt (limited to 'lib/ssh') diff --git a/lib/ssh/doc/standard/draft-ietf-secsh-architecture-15.2.ps b/lib/ssh/doc/standard/draft-ietf-secsh-architecture-15.2.ps deleted file mode 100644 index d766a933b4..0000000000 --- a/lib/ssh/doc/standard/draft-ietf-secsh-architecture-15.2.ps +++ /dev/null @@ -1,3315 +0,0 @@ -%!PS-Adobe-3.0 -%%BoundingBox: 75 0 595 747 -%%Title: Enscript Output -%%For: Magnus Thoang -%%Creator: GNU enscript 1.6.1 -%%CreationDate: Fri Oct 31 13:31:26 2003 -%%Orientation: Portrait -%%Pages: 15 0 -%%DocumentMedia: A4 595 842 0 () () -%%DocumentNeededResources: (atend) -%%EndComments -%%BeginProlog -%%BeginProcSet: PStoPS 1 15 -userdict begin -[/showpage/erasepage/copypage]{dup where{pop dup load - type/operatortype eq{1 array cvx dup 0 3 index cvx put - bind def}{pop}ifelse}{pop}ifelse}forall -[/letter/legal/executivepage/a4/a4small/b5/com10envelope - /monarchenvelope/c5envelope/dlenvelope/lettersmall/note - /folio/quarto/a5]{dup where{dup wcheck{exch{}put} - {pop{}def}ifelse}{pop}ifelse}forall -/setpagedevice {pop}bind 1 index where{dup wcheck{3 1 roll put} - {pop def}ifelse}{def}ifelse -/PStoPSmatrix matrix currentmatrix def -/PStoPSxform matrix def/PStoPSclip{clippath}def -/defaultmatrix{PStoPSmatrix exch PStoPSxform exch concatmatrix}bind def -/initmatrix{matrix defaultmatrix setmatrix}bind def -/initclip[{matrix currentmatrix PStoPSmatrix setmatrix - [{currentpoint}stopped{$error/newerror false put{newpath}} - {/newpath cvx 3 1 roll/moveto cvx 4 array astore cvx}ifelse] - {[/newpath cvx{/moveto cvx}{/lineto cvx} - {/curveto cvx}{/closepath cvx}pathforall]cvx exch pop} - stopped{$error/errorname get/invalidaccess eq{cleartomark - $error/newerror false put cvx exec}{stop}ifelse}if}bind aload pop - /initclip dup load dup type dup/operatortype eq{pop exch pop} - {dup/arraytype eq exch/packedarraytype eq or - {dup xcheck{exch pop aload pop}{pop cvx}ifelse} - {pop cvx}ifelse}ifelse - {newpath PStoPSclip clip newpath exec setmatrix} bind aload pop]cvx def -/initgraphics{initmatrix newpath initclip 1 setlinewidth - 0 setlinecap 0 setlinejoin []0 setdash 0 setgray - 10 setmiterlimit}bind def -end -%%EndProcSet -%%BeginResource: procset Enscript-Prolog 1.6 1 -% -% Procedures. -% - -/_S { % save current state - /_s save def -} def -/_R { % restore from saved state - _s restore -} def - -/S { % showpage protecting gstate - gsave - showpage - grestore -} bind def - -/MF { % fontname newfontname -> - make a new encoded font - /newfontname exch def - /fontname exch def - - /fontdict fontname findfont def - /newfont fontdict maxlength dict def - - fontdict { - exch - dup /FID eq { - % skip FID pair - pop pop - } { - % copy to the new font dictionary - exch newfont 3 1 roll put - } ifelse - } forall - - newfont /FontName newfontname put - - % insert only valid encoding vectors - encoding_vector length 256 eq { - newfont /Encoding encoding_vector put - } if - - newfontname newfont definefont pop -} def - -/SF { % fontname width height -> - set a new font - /height exch def - /width exch def - - findfont - [width 0 0 height 0 0] makefont setfont -} def - -/SUF { % fontname width height -> - set a new user font - /height exch def - /width exch def - - /F-gs-user-font MF - /F-gs-user-font width height SF -} def - -/M {moveto} bind def -/s {show} bind def - -/Box { % x y w h -> - define box path - /d_h exch def /d_w exch def /d_y exch def /d_x exch def - d_x d_y moveto - d_w 0 rlineto - 0 d_h rlineto - d_w neg 0 rlineto - closepath -} def - -/bgs { % x y height blskip gray str -> - show string with bg color - /str exch def - /gray exch def - /blskip exch def - /height exch def - /y exch def - /x exch def - - gsave - x y blskip sub str stringwidth pop height Box - gray setgray - fill - grestore - x y M str s -} def - -% Highlight bars. -/highlight_bars { % nlines lineheight output_y_margin gray -> - - gsave - setgray - /ymarg exch def - /lineheight exch def - /nlines exch def - - % This 2 is just a magic number to sync highlight lines to text. - 0 d_header_y ymarg sub 2 sub translate - - /cw d_output_w cols div def - /nrows d_output_h ymarg 2 mul sub lineheight div cvi def - - % for each column - 0 1 cols 1 sub { - cw mul /xp exch def - - % for each rows - 0 1 nrows 1 sub { - /rn exch def - rn lineheight mul neg /yp exch def - rn nlines idiv 2 mod 0 eq { - % Draw highlight bar. 4 is just a magic indentation. - xp 4 add yp cw 8 sub lineheight neg Box fill - } if - } for - } for - - grestore -} def - -% Line highlight bar. -/line_highlight { % x y width height gray -> - - gsave - /gray exch def - Box gray setgray fill - grestore -} def - -% Column separator lines. -/column_lines { - gsave - .1 setlinewidth - 0 d_footer_h translate - /cw d_output_w cols div def - 1 1 cols 1 sub { - cw mul 0 moveto - 0 d_output_h rlineto stroke - } for - grestore -} def - -% Column borders. -/column_borders { - gsave - .1 setlinewidth - 0 d_footer_h moveto - 0 d_output_h rlineto - d_output_w 0 rlineto - 0 d_output_h neg rlineto - closepath stroke - grestore -} def - -% Do the actual underlay drawing -/draw_underlay { - ul_style 0 eq { - ul_str true charpath stroke - } { - ul_str show - } ifelse -} def - -% Underlay -/underlay { % - -> - - gsave - 0 d_page_h translate - d_page_h neg d_page_w atan rotate - - ul_gray setgray - ul_font setfont - /dw d_page_h dup mul d_page_w dup mul add sqrt def - ul_str stringwidth pop dw exch sub 2 div ul_h_ptsize -2 div moveto - draw_underlay - grestore -} def - -/user_underlay { % - -> - - gsave - ul_x ul_y translate - ul_angle rotate - ul_gray setgray - ul_font setfont - 0 0 ul_h_ptsize 2 div sub moveto - draw_underlay - grestore -} def - -% Page prefeed -/page_prefeed { % bool -> - - statusdict /prefeed known { - statusdict exch /prefeed exch put - } { - pop - } ifelse -} def - -% Wrapped line markers -/wrapped_line_mark { % x y charwith charheight type -> - - /type exch def - /h exch def - /w exch def - /y exch def - /x exch def - - type 2 eq { - % Black boxes (like TeX does) - gsave - 0 setlinewidth - x w 4 div add y M - 0 h rlineto w 2 div 0 rlineto 0 h neg rlineto - closepath fill - grestore - } { - type 3 eq { - % Small arrows - gsave - .2 setlinewidth - x w 2 div add y h 2 div add M - w 4 div 0 rlineto - x w 4 div add y lineto stroke - - x w 4 div add w 8 div add y h 4 div add M - x w 4 div add y lineto - w 4 div h 8 div rlineto stroke - grestore - } { - % do nothing - } ifelse - } ifelse -} def - -% EPSF import. - -/BeginEPSF { - /b4_Inc_state save def % Save state for cleanup - /dict_count countdictstack def % Count objects on dict stack - /op_count count 1 sub def % Count objects on operand stack - userdict begin - /showpage { } def - 0 setgray 0 setlinecap - 1 setlinewidth 0 setlinejoin - 10 setmiterlimit [ ] 0 setdash newpath - /languagelevel where { - pop languagelevel - 1 ne { - false setstrokeadjust false setoverprint - } if - } if -} bind def - -/EndEPSF { - count op_count sub { pos } repeat % Clean up stacks - countdictstack dict_count sub { end } repeat - b4_Inc_state restore -} bind def - -% Check PostScript language level. -/languagelevel where { - pop /gs_languagelevel languagelevel def -} { - /gs_languagelevel 1 def -} ifelse -%%EndResource -%%BeginResource: procset Enscript-Encoding-88591 1.6 1 -/encoding_vector [ -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/space /exclam /quotedbl /numbersign -/dollar /percent /ampersand /quoteright -/parenleft /parenright /asterisk /plus -/comma /hyphen /period /slash -/zero /one /two /three -/four /five /six /seven -/eight /nine /colon /semicolon -/less /equal /greater /question -/at /A /B /C -/D /E /F /G -/H /I /J /K -/L /M /N /O -/P /Q /R /S -/T /U /V /W -/X /Y /Z /bracketleft -/backslash /bracketright /asciicircum /underscore -/quoteleft /a /b /c -/d /e /f /g -/h /i /j /k -/l /m /n /o -/p /q /r /s -/t /u /v /w -/x /y /z /braceleft -/bar /braceright /tilde /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/space /exclamdown /cent /sterling -/currency /yen /brokenbar /section -/dieresis /copyright /ordfeminine /guillemotleft -/logicalnot /hyphen /registered /macron -/degree /plusminus /twosuperior /threesuperior -/acute /mu /paragraph /bullet -/cedilla /onesuperior /ordmasculine /guillemotright -/onequarter /onehalf /threequarters /questiondown -/Agrave /Aacute /Acircumflex /Atilde -/Adieresis /Aring /AE /Ccedilla -/Egrave /Eacute /Ecircumflex /Edieresis -/Igrave /Iacute /Icircumflex /Idieresis -/Eth /Ntilde /Ograve /Oacute -/Ocircumflex /Otilde /Odieresis /multiply -/Oslash /Ugrave /Uacute /Ucircumflex -/Udieresis /Yacute /Thorn /germandbls -/agrave /aacute /acircumflex /atilde -/adieresis /aring /ae /ccedilla -/egrave /eacute /ecircumflex /edieresis -/igrave /iacute /icircumflex /idieresis -/eth /ntilde /ograve /oacute -/ocircumflex /otilde /odieresis /divide -/oslash /ugrave /uacute /ucircumflex -/udieresis /yacute /thorn /ydieresis -] def -%%EndResource -%%EndProlog -%%BeginSetup -%%IncludeResource: font Courier-Bold -%%IncludeResource: font Courier -/HFpt_w 10 def -/HFpt_h 10 def -/Courier-Bold /HF-gs-font MF -/HF /HF-gs-font findfont [HFpt_w 0 0 HFpt_h 0 0] makefont def -/Courier /F-gs-font MF -/F-gs-font 10 10 SF -/#copies 1 def -/d_page_w 520 def -/d_page_h 747 def -/d_header_x 0 def -/d_header_y 747 def -/d_header_w 520 def -/d_header_h 0 def -/d_footer_x 0 def -/d_footer_y 0 def -/d_footer_w 520 def -/d_footer_h 0 def -/d_output_w 520 def -/d_output_h 747 def -/cols 1 def -userdict/PStoPSxform PStoPSmatrix matrix currentmatrix - matrix invertmatrix matrix concatmatrix - matrix invertmatrix put -%%EndSetup -%%Page: (0,1) 1 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 1 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 701 M -(Network Working Group T. Ylonen) s -5 690 M -(Internet-Draft SSH Communications Security Corp) s -5 679 M -(Expires: March 31, 2004 D. Moffat, Ed.) s -5 668 M -( Sun Microsystems, Inc) s -5 657 M -( Oct 2003) s -5 624 M -( SSH Protocol Architecture) s -5 613 M -( draft-ietf-secsh-architecture-15.txt) s -5 591 M -(Status of this Memo) s -5 569 M -( This document is an Internet-Draft and is in full conformance with) s -5 558 M -( all provisions of Section 10 of RFC2026.) s -5 536 M -( Internet-Drafts are working documents of the Internet Engineering) s -5 525 M -( Task Force \(IETF\), its areas, and its working groups. Note that other) s -5 514 M -( groups may also distribute working documents as Internet-Drafts.) s -5 492 M -( Internet-Drafts are draft documents valid for a maximum of six months) s -5 481 M -( and may be updated, replaced, or obsoleted by other documents at any) s -5 470 M -( time. It is inappropriate to use Internet-Drafts as reference) s -5 459 M -( material or to cite them other than as "work in progress.") s -5 437 M -( The list of current Internet-Drafts can be accessed at http://) s -5 426 M -( www.ietf.org/ietf/1id-abstracts.txt.) s -5 404 M -( The list of Internet-Draft Shadow Directories can be accessed at) s -5 393 M -( http://www.ietf.org/shadow.html.) s -5 371 M -( This Internet-Draft will expire on March 31, 2004.) s -5 349 M -(Copyright Notice) s -5 327 M -( Copyright \(C\) The Internet Society \(2003\). All Rights Reserved.) s -5 305 M -(Abstract) s -5 283 M -( SSH is a protocol for secure remote login and other secure network) s -5 272 M -( services over an insecure network. This document describes the) s -5 261 M -( architecture of the SSH protocol, as well as the notation and) s -5 250 M -( terminology used in SSH protocol documents. It also discusses the SSH) s -5 239 M -( algorithm naming system that allows local extensions. The SSH) s -5 228 M -( protocol consists of three major components: The Transport Layer) s -5 217 M -( Protocol provides server authentication, confidentiality, and) s -5 206 M -( integrity with perfect forward secrecy. The User Authentication) s -5 195 M -( Protocol authenticates the client to the server. The Connection) s -5 184 M -( Protocol multiplexes the encrypted tunnel into several logical) s -5 173 M -( channels. Details of these protocols are described in separate) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 1]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 2 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( documents.) s -5 668 M -(Table of Contents) s -5 646 M -( 1. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 3) s -5 635 M -( 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3) s -5 624 M -( 3. Specification of Requirements . . . . . . . . . . . . . . . 3) s -5 613 M -( 4. Architecture . . . . . . . . . . . . . . . . . . . . . . . . 3) s -5 602 M -( 4.1 Host Keys . . . . . . . . . . . . . . . . . . . . . . . . . 4) s -5 591 M -( 4.2 Extensibility . . . . . . . . . . . . . . . . . . . . . . . 5) s -5 580 M -( 4.3 Policy Issues . . . . . . . . . . . . . . . . . . . . . . . 5) s -5 569 M -( 4.4 Security Properties . . . . . . . . . . . . . . . . . . . . 6) s -5 558 M -( 4.5 Packet Size and Overhead . . . . . . . . . . . . . . . . . . 6) s -5 547 M -( 4.6 Localization and Character Set Support . . . . . . . . . . . 7) s -5 536 M -( 5. Data Type Representations Used in the SSH Protocols . . . . 8) s -5 525 M -( 6. Algorithm Naming . . . . . . . . . . . . . . . . . . . . . . 10) s -5 514 M -( 7. Message Numbers . . . . . . . . . . . . . . . . . . . . . . 11) s -5 503 M -( 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . 11) s -5 492 M -( 9. Security Considerations . . . . . . . . . . . . . . . . . . 12) s -5 481 M -( 9.1 Pseudo-Random Number Generation . . . . . . . . . . . . . . 12) s -5 470 M -( 9.2 Transport . . . . . . . . . . . . . . . . . . . . . . . . . 13) s -5 459 M -( 9.2.1 Confidentiality . . . . . . . . . . . . . . . . . . . . . . 13) s -5 448 M -( 9.2.2 Data Integrity . . . . . . . . . . . . . . . . . . . . . . . 16) s -5 437 M -( 9.2.3 Replay . . . . . . . . . . . . . . . . . . . . . . . . . . . 16) s -5 426 M -( 9.2.4 Man-in-the-middle . . . . . . . . . . . . . . . . . . . . . 17) s -5 415 M -( 9.2.5 Denial-of-service . . . . . . . . . . . . . . . . . . . . . 19) s -5 404 M -( 9.2.6 Covert Channels . . . . . . . . . . . . . . . . . . . . . . 19) s -5 393 M -( 9.2.7 Forward Secrecy . . . . . . . . . . . . . . . . . . . . . . 20) s -5 382 M -( 9.3 Authentication Protocol . . . . . . . . . . . . . . . . . . 20) s -5 371 M -( 9.3.1 Weak Transport . . . . . . . . . . . . . . . . . . . . . . . 21) s -5 360 M -( 9.3.2 Debug messages . . . . . . . . . . . . . . . . . . . . . . . 21) s -5 349 M -( 9.3.3 Local security policy . . . . . . . . . . . . . . . . . . . 21) s -5 338 M -( 9.3.4 Public key authentication . . . . . . . . . . . . . . . . . 22) s -5 327 M -( 9.3.5 Password authentication . . . . . . . . . . . . . . . . . . 22) s -5 316 M -( 9.3.6 Host based authentication . . . . . . . . . . . . . . . . . 23) s -5 305 M -( 9.4 Connection protocol . . . . . . . . . . . . . . . . . . . . 23) s -5 294 M -( 9.4.1 End point security . . . . . . . . . . . . . . . . . . . . . 23) s -5 283 M -( 9.4.2 Proxy forwarding . . . . . . . . . . . . . . . . . . . . . . 23) s -5 272 M -( 9.4.3 X11 forwarding . . . . . . . . . . . . . . . . . . . . . . . 24) s -5 261 M -( Normative References . . . . . . . . . . . . . . . . . . . . 24) s -5 250 M -( Informative References . . . . . . . . . . . . . . . . . . . 25) s -5 239 M -( Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 27) s -5 228 M -( Intellectual Property and Copyright Statements . . . . . . . 28) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 2]) s -_R -S -PStoPSsaved restore -%%Page: (2,3) 2 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 3 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -(1. Contributors) s -5 668 M -( The major original contributors of this document were: Tatu Ylonen,) s -5 657 M -( Tero Kivinen, Timo J. Rinne, Sami Lehtinen \(all of SSH Communications) s -5 646 M -( Security Corp\), and Markku-Juhani O. Saarinen \(University of) s -5 635 M -( Jyvaskyla\)) s -5 613 M -( The document editor is: Darren.Moffat@Sun.COM. Comments on this) s -5 602 M -( internet draft should be sent to the IETF SECSH working group,) s -5 591 M -( details at: http://ietf.org/html.charters/secsh-charter.html) s -5 569 M -(2. Introduction) s -5 547 M -( SSH is a protocol for secure remote login and other secure network) s -5 536 M -( services over an insecure network. It consists of three major) s -5 525 M -( components:) s -5 514 M -( o The Transport Layer Protocol [SSH-TRANS] provides server) s -5 503 M -( authentication, confidentiality, and integrity. It may optionally) s -5 492 M -( also provide compression. The transport layer will typically be) s -5 481 M -( run over a TCP/IP connection, but might also be used on top of any) s -5 470 M -( other reliable data stream.) s -5 459 M -( o The User Authentication Protocol [SSH-USERAUTH] authenticates the) s -5 448 M -( client-side user to the server. It runs over the transport layer) s -5 437 M -( protocol.) s -5 426 M -( o The Connection Protocol [SSH-CONNECT] multiplexes the encrypted) s -5 415 M -( tunnel into several logical channels. It runs over the user) s -5 404 M -( authentication protocol.) s -5 382 M -( The client sends a service request once a secure transport layer) s -5 371 M -( connection has been established. A second service request is sent) s -5 360 M -( after user authentication is complete. This allows new protocols to) s -5 349 M -( be defined and coexist with the protocols listed above.) s -5 327 M -( The connection protocol provides channels that can be used for a wide) s -5 316 M -( range of purposes. Standard methods are provided for setting up) s -5 305 M -( secure interactive shell sessions and for forwarding \("tunneling"\)) s -5 294 M -( arbitrary TCP/IP ports and X11 connections.) s -5 272 M -(3. Specification of Requirements) s -5 250 M -( All documents related to the SSH protocols shall use the keywords) s -5 239 M -( "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",) s -5 228 M -( "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" to describe) s -5 217 M -( requirements. They are to be interpreted as described in [RFC2119].) s -5 195 M -(4. Architecture) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 3]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 4 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -(4.1 Host Keys) s -5 668 M -( Each server host SHOULD have a host key. Hosts MAY have multiple) s -5 657 M -( host keys using multiple different algorithms. Multiple hosts MAY) s -5 646 M -( share the same host key. If a host has keys at all, it MUST have at) s -5 635 M -( least one key using each REQUIRED public key algorithm \(DSS) s -5 624 M -( [FIPS-186]\).) s -5 602 M -( The server host key is used during key exchange to verify that the) s -5 591 M -( client is really talking to the correct server. For this to be) s -5 580 M -( possible, the client must have a priori knowledge of the server's) s -5 569 M -( public host key.) s -5 547 M -( Two different trust models can be used:) s -5 536 M -( o The client has a local database that associates each host name \(as) s -5 525 M -( typed by the user\) with the corresponding public host key. This) s -5 514 M -( method requires no centrally administered infrastructure, and no) s -5 503 M -( third-party coordination. The downside is that the database of) s -5 492 M -( name-to-key associations may become burdensome to maintain.) s -5 481 M -( o The host name-to-key association is certified by some trusted) s -5 470 M -( certification authority. The client only knows the CA root key,) s -5 459 M -( and can verify the validity of all host keys certified by accepted) s -5 448 M -( CAs.) s -5 426 M -( The second alternative eases the maintenance problem, since) s -5 415 M -( ideally only a single CA key needs to be securely stored on the) s -5 404 M -( client. On the other hand, each host key must be appropriately) s -5 393 M -( certified by a central authority before authorization is possible.) s -5 382 M -( Also, a lot of trust is placed on the central infrastructure.) s -5 360 M -( The protocol provides the option that the server name - host key) s -5 349 M -( association is not checked when connecting to the host for the first) s -5 338 M -( time. This allows communication without prior communication of host) s -5 327 M -( keys or certification. The connection still provides protection) s -5 316 M -( against passive listening; however, it becomes vulnerable to active) s -5 305 M -( man-in-the-middle attacks. Implementations SHOULD NOT normally allow) s -5 294 M -( such connections by default, as they pose a potential security) s -5 283 M -( problem. However, as there is no widely deployed key infrastructure) s -5 272 M -( available on the Internet yet, this option makes the protocol much) s -5 261 M -( more usable during the transition time until such an infrastructure) s -5 250 M -( emerges, while still providing a much higher level of security than) s -5 239 M -( that offered by older solutions \(e.g. telnet [RFC-854] and rlogin) s -5 228 M -( [RFC-1282]\).) s -5 206 M -( Implementations SHOULD try to make the best effort to check host) s -5 195 M -( keys. An example of a possible strategy is to only accept a host key) s -5 184 M -( without checking the first time a host is connected, save the key in) s -5 173 M -( a local database, and compare against that key on all future) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 4]) s -_R -S -PStoPSsaved restore -%%Page: (4,5) 3 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 5 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( connections to that host.) s -5 668 M -( Implementations MAY provide additional methods for verifying the) s -5 657 M -( correctness of host keys, e.g. a hexadecimal fingerprint derived from) s -5 646 M -( the SHA-1 hash of the public key. Such fingerprints can easily be) s -5 635 M -( verified by using telephone or other external communication channels.) s -5 613 M -( All implementations SHOULD provide an option to not accept host keys) s -5 602 M -( that cannot be verified.) s -5 580 M -( We believe that ease of use is critical to end-user acceptance of) s -5 569 M -( security solutions, and no improvement in security is gained if the) s -5 558 M -( new solutions are not used. Thus, providing the option not to check) s -5 547 M -( the server host key is believed to improve the overall security of) s -5 536 M -( the Internet, even though it reduces the security of the protocol in) s -5 525 M -( configurations where it is allowed.) s -5 503 M -(4.2 Extensibility) s -5 481 M -( We believe that the protocol will evolve over time, and some) s -5 470 M -( organizations will want to use their own encryption, authentication) s -5 459 M -( and/or key exchange methods. Central registration of all extensions) s -5 448 M -( is cumbersome, especially for experimental or classified features.) s -5 437 M -( On the other hand, having no central registration leads to conflicts) s -5 426 M -( in method identifiers, making interoperability difficult.) s -5 404 M -( We have chosen to identify algorithms, methods, formats, and) s -5 393 M -( extension protocols with textual names that are of a specific format.) s -5 382 M -( DNS names are used to create local namespaces where experimental or) s -5 371 M -( classified extensions can be defined without fear of conflicts with) s -5 360 M -( other implementations.) s -5 338 M -( One design goal has been to keep the base protocol as simple as) s -5 327 M -( possible, and to require as few algorithms as possible. However, all) s -5 316 M -( implementations MUST support a minimal set of algorithms to ensure) s -5 305 M -( interoperability \(this does not imply that the local policy on all) s -5 294 M -( hosts would necessary allow these algorithms\). The mandatory) s -5 283 M -( algorithms are specified in the relevant protocol documents.) s -5 261 M -( Additional algorithms, methods, formats, and extension protocols can) s -5 250 M -( be defined in separate drafts. See Section Algorithm Naming \(Section) s -5 239 M -( 6\) for more information.) s -5 217 M -(4.3 Policy Issues) s -5 195 M -( The protocol allows full negotiation of encryption, integrity, key) s -5 184 M -( exchange, compression, and public key algorithms and formats.) s -5 173 M -( Encryption, integrity, public key, and compression algorithms can be) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 5]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 6 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( different for each direction.) s -5 668 M -( The following policy issues SHOULD be addressed in the configuration) s -5 657 M -( mechanisms of each implementation:) s -5 646 M -( o Encryption, integrity, and compression algorithms, separately for) s -5 635 M -( each direction. The policy MUST specify which is the preferred) s -5 624 M -( algorithm \(e.g. the first algorithm listed in each category\).) s -5 613 M -( o Public key algorithms and key exchange method to be used for host) s -5 602 M -( authentication. The existence of trusted host keys for different) s -5 591 M -( public key algorithms also affects this choice.) s -5 580 M -( o The authentication methods that are to be required by the server) s -5 569 M -( for each user. The server's policy MAY require multiple) s -5 558 M -( authentication for some or all users. The required algorithms MAY) s -5 547 M -( depend on the location where the user is trying to log in from.) s -5 536 M -( o The operations that the user is allowed to perform using the) s -5 525 M -( connection protocol. Some issues are related to security; for) s -5 514 M -( example, the policy SHOULD NOT allow the server to start sessions) s -5 503 M -( or run commands on the client machine, and MUST NOT allow) s -5 492 M -( connections to the authentication agent unless forwarding such) s -5 481 M -( connections has been requested. Other issues, such as which TCP/) s -5 470 M -( IP ports can be forwarded and by whom, are clearly issues of local) s -5 459 M -( policy. Many of these issues may involve traversing or bypassing) s -5 448 M -( firewalls, and are interrelated with the local security policy.) s -5 426 M -(4.4 Security Properties) s -5 404 M -( The primary goal of the SSH protocol is improved security on the) s -5 393 M -( Internet. It attempts to do this in a way that is easy to deploy,) s -5 382 M -( even at the cost of absolute security.) s -5 371 M -( o All encryption, integrity, and public key algorithms used are) s -5 360 M -( well-known, well-established algorithms.) s -5 349 M -( o All algorithms are used with cryptographically sound key sizes) s -5 338 M -( that are believed to provide protection against even the strongest) s -5 327 M -( cryptanalytic attacks for decades.) s -5 316 M -( o All algorithms are negotiated, and in case some algorithm is) s -5 305 M -( broken, it is easy to switch to some other algorithm without) s -5 294 M -( modifying the base protocol.) s -5 272 M -( Specific concessions were made to make wide-spread fast deployment) s -5 261 M -( easier. The particular case where this comes up is verifying that) s -5 250 M -( the server host key really belongs to the desired host; the protocol) s -5 239 M -( allows the verification to be left out \(but this is NOT RECOMMENDED\).) s -5 228 M -( This is believed to significantly improve usability in the short) s -5 217 M -( term, until widespread Internet public key infrastructures emerge.) s -5 195 M -(4.5 Packet Size and Overhead) s -5 173 M -( Some readers will worry about the increase in packet size due to new) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 6]) s -_R -S -PStoPSsaved restore -%%Page: (6,7) 4 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 7 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( headers, padding, and MAC. The minimum packet size is in the order) s -5 679 M -( of 28 bytes \(depending on negotiated algorithms\). The increase is) s -5 668 M -( negligible for large packets, but very significant for one-byte) s -5 657 M -( packets \(telnet-type sessions\). There are, however, several factors) s -5 646 M -( that make this a non-issue in almost all cases:) s -5 635 M -( o The minimum size of a TCP/IP header is 32 bytes. Thus, the) s -5 624 M -( increase is actually from 33 to 51 bytes \(roughly\).) s -5 613 M -( o The minimum size of the data field of an Ethernet packet is 46) s -5 602 M -( bytes [RFC-894]. Thus, the increase is no more than 5 bytes. When) s -5 591 M -( Ethernet headers are considered, the increase is less than 10) s -5 580 M -( percent.) s -5 569 M -( o The total fraction of telnet-type data in the Internet is) s -5 558 M -( negligible, even with increased packet sizes.) s -5 536 M -( The only environment where the packet size increase is likely to have) s -5 525 M -( a significant effect is PPP [RFC-1134] over slow modem lines \(PPP) s -5 514 M -( compresses the TCP/IP headers, emphasizing the increase in packet) s -5 503 M -( size\). However, with modern modems, the time needed to transfer is in) s -5 492 M -( the order of 2 milliseconds, which is a lot faster than people can) s -5 481 M -( type.) s -5 459 M -( There are also issues related to the maximum packet size. To) s -5 448 M -( minimize delays in screen updates, one does not want excessively) s -5 437 M -( large packets for interactive sessions. The maximum packet size is) s -5 426 M -( negotiated separately for each channel.) s -5 404 M -(4.6 Localization and Character Set Support) s -5 382 M -( For the most part, the SSH protocols do not directly pass text that) s -5 371 M -( would be displayed to the user. However, there are some places where) s -5 360 M -( such data might be passed. When applicable, the character set for the) s -5 349 M -( data MUST be explicitly specified. In most places, ISO 10646 with) s -5 338 M -( UTF-8 encoding is used [RFC-2279]. When applicable, a field is also) s -5 327 M -( provided for a language tag [RFC-3066].) s -5 305 M -( One big issue is the character set of the interactive session. There) s -5 294 M -( is no clear solution, as different applications may display data in) s -5 283 M -( different formats. Different types of terminal emulation may also be) s -5 272 M -( employed in the client, and the character set to be used is) s -5 261 M -( effectively determined by the terminal emulation. Thus, no place is) s -5 250 M -( provided for directly specifying the character set or encoding for) s -5 239 M -( terminal session data. However, the terminal emulation type \(e.g.) s -5 228 M -( "vt100"\) is transmitted to the remote site, and it implicitly) s -5 217 M -( specifies the character set and encoding. Applications typically use) s -5 206 M -( the terminal type to determine what character set they use, or the) s -5 195 M -( character set is determined using some external means. The terminal) s -5 184 M -( emulation may also allow configuring the default character set. In) s -5 173 M -( any case, the character set for the terminal session is considered) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 7]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 8 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( primarily a client local issue.) s -5 668 M -( Internal names used to identify algorithms or protocols are normally) s -5 657 M -( never displayed to users, and must be in US-ASCII.) s -5 635 M -( The client and server user names are inherently constrained by what) s -5 624 M -( the server is prepared to accept. They might, however, occasionally) s -5 613 M -( be displayed in logs, reports, etc. They MUST be encoded using ISO) s -5 602 M -( 10646 UTF-8, but other encodings may be required in some cases. It) s -5 591 M -( is up to the server to decide how to map user names to accepted user) s -5 580 M -( names. Straight bit-wise binary comparison is RECOMMENDED.) s -5 558 M -( For localization purposes, the protocol attempts to minimize the) s -5 547 M -( number of textual messages transmitted. When present, such messages) s -5 536 M -( typically relate to errors, debugging information, or some externally) s -5 525 M -( configured data. For data that is normally displayed, it SHOULD be) s -5 514 M -( possible to fetch a localized message instead of the transmitted) s -5 503 M -( message by using a numerical code. The remaining messages SHOULD be) s -5 492 M -( configurable.) s -5 470 M -(5. Data Type Representations Used in the SSH Protocols) s -5 459 M -( byte) s -5 437 M -( A byte represents an arbitrary 8-bit value \(octet\) [RFC-1700].) s -5 426 M -( Fixed length data is sometimes represented as an array of bytes,) s -5 415 M -( written byte[n], where n is the number of bytes in the array.) s -5 393 M -( boolean) s -5 371 M -( A boolean value is stored as a single byte. The value 0) s -5 360 M -( represents FALSE, and the value 1 represents TRUE. All non-zero) s -5 349 M -( values MUST be interpreted as TRUE; however, applications MUST NOT) s -5 338 M -( store values other than 0 and 1.) s -5 316 M -( uint32) s -5 294 M -( Represents a 32-bit unsigned integer. Stored as four bytes in the) s -5 283 M -( order of decreasing significance \(network byte order\). For) s -5 272 M -( example, the value 699921578 \(0x29b7f4aa\) is stored as 29 b7 f4) s -5 261 M -( aa.) s -5 239 M -( uint64) s -5 217 M -( Represents a 64-bit unsigned integer. Stored as eight bytes in) s -5 206 M -( the order of decreasing significance \(network byte order\).) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 8]) s -_R -S -PStoPSsaved restore -%%Page: (8,9) 5 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 9 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( string) s -5 668 M -( Arbitrary length binary string. Strings are allowed to contain) s -5 657 M -( arbitrary binary data, including null characters and 8-bit) s -5 646 M -( characters. They are stored as a uint32 containing its length) s -5 635 M -( \(number of bytes that follow\) and zero \(= empty string\) or more) s -5 624 M -( bytes that are the value of the string. Terminating null) s -5 613 M -( characters are not used.) s -5 591 M -( Strings are also used to store text. In that case, US-ASCII is) s -5 580 M -( used for internal names, and ISO-10646 UTF-8 for text that might) s -5 569 M -( be displayed to the user. The terminating null character SHOULD) s -5 558 M -( NOT normally be stored in the string.) s -5 536 M -( For example, the US-ASCII string "testing" is represented as 00 00) s -5 525 M -( 00 07 t e s t i n g. The UTF8 mapping does not alter the encoding) s -5 514 M -( of US-ASCII characters.) s -5 492 M -( mpint) s -5 470 M -( Represents multiple precision integers in two's complement format,) s -5 459 M -( stored as a string, 8 bits per byte, MSB first. Negative numbers) s -5 448 M -( have the value 1 as the most significant bit of the first byte of) s -5 437 M -( the data partition. If the most significant bit would be set for a) s -5 426 M -( positive number, the number MUST be preceded by a zero byte.) s -5 415 M -( Unnecessary leading bytes with the value 0 or 255 MUST NOT be) s -5 404 M -( included. The value zero MUST be stored as a string with zero) s -5 393 M -( bytes of data.) s -5 371 M -( By convention, a number that is used in modular computations in) s -5 360 M -( Z_n SHOULD be represented in the range 0 <= x < n.) s -5 338 M -( Examples:) s -5 327 M -( value \(hex\) representation \(hex\)) s -5 316 M -( ---------------------------------------------------------------) s -5 305 M -( 0 00 00 00 00) s -5 294 M -( 9a378f9b2e332a7 00 00 00 08 09 a3 78 f9 b2 e3 32 a7) s -5 283 M -( 80 00 00 00 02 00 80) s -5 272 M -( -1234 00 00 00 02 ed cc) s -5 261 M -( -deadbeef 00 00 00 05 ff 21 52 41 11) s -5 217 M -( name-list) s -5 195 M -( A string containing a comma separated list of names. A name list) s -5 184 M -( is represented as a uint32 containing its length \(number of bytes) s -5 173 M -( that follow\) followed by a comma-separated list of zero or more) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 9]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 10 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( names. A name MUST be non-zero length, and it MUST NOT contain a) s -5 679 M -( comma \(','\). Context may impose additional restrictions on the) s -5 668 M -( names; for example, the names in a list may have to be valid) s -5 657 M -( algorithm identifier \(see Algorithm Naming below\), or [RFC-3066]) s -5 646 M -( language tags. The order of the names in a list may or may not be) s -5 635 M -( significant, also depending on the context where the list is is) s -5 624 M -( used. Terminating NUL characters are not used, neither for the) s -5 613 M -( individual names, nor for the list as a whole.) s -5 591 M -( Examples:) s -5 580 M -( value representation \(hex\)) s -5 569 M -( ---------------------------------------) s -5 558 M -( \(\), the empty list 00 00 00 00) s -5 547 M -( \("zlib"\) 00 00 00 04 7a 6c 69 62) s -5 536 M -( \("zlib", "none"\) 00 00 00 09 7a 6c 69 62 2c 6e 6f 6e 65) s -5 481 M -(6. Algorithm Naming) s -5 459 M -( The SSH protocols refer to particular hash, encryption, integrity,) s -5 448 M -( compression, and key exchange algorithms or protocols by names.) s -5 437 M -( There are some standard algorithms that all implementations MUST) s -5 426 M -( support. There are also algorithms that are defined in the protocol) s -5 415 M -( specification but are OPTIONAL. Furthermore, it is expected that) s -5 404 M -( some organizations will want to use their own algorithms.) s -5 382 M -( In this protocol, all algorithm identifiers MUST be printable) s -5 371 M -( US-ASCII non-empty strings no longer than 64 characters. Names MUST) s -5 360 M -( be case-sensitive.) s -5 338 M -( There are two formats for algorithm names:) s -5 327 M -( o Names that do not contain an at-sign \(@\) are reserved to be) s -5 316 M -( assigned by IETF consensus \(RFCs\). Examples include `3des-cbc',) s -5 305 M -( `sha-1', `hmac-sha1', and `zlib' \(the quotes are not part of the) s -5 294 M -( name\). Names of this format MUST NOT be used without first) s -5 283 M -( registering them. Registered names MUST NOT contain an at-sign) s -5 272 M -( \(@\) or a comma \(,\).) s -5 261 M -( o Anyone can define additional algorithms by using names in the) s -5 250 M -( format name@domainname, e.g. "ourcipher-cbc@example.com". The) s -5 239 M -( format of the part preceding the at sign is not specified; it MUST) s -5 228 M -( consist of US-ASCII characters except at-sign and comma. The part) s -5 217 M -( following the at-sign MUST be a valid fully qualified internet) s -5 206 M -( domain name [RFC-1034] controlled by the person or organization) s -5 195 M -( defining the name. It is up to each domain how it manages its) s -5 184 M -( local namespace.) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 10]) s -_R -S -PStoPSsaved restore -%%Page: (10,11) 6 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 11 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -(7. Message Numbers) s -5 668 M -( SSH packets have message numbers in the range 1 to 255. These numbers) s -5 657 M -( have been allocated as follows:) s -5 624 M -( Transport layer protocol:) s -5 602 M -( 1 to 19 Transport layer generic \(e.g. disconnect, ignore, debug,) s -5 591 M -( etc.\)) s -5 580 M -( 20 to 29 Algorithm negotiation) s -5 569 M -( 30 to 49 Key exchange method specific \(numbers can be reused for) s -5 558 M -( different authentication methods\)) s -5 536 M -( User authentication protocol:) s -5 514 M -( 50 to 59 User authentication generic) s -5 503 M -( 60 to 79 User authentication method specific \(numbers can be) s -5 492 M -( reused for different authentication methods\)) s -5 470 M -( Connection protocol:) s -5 448 M -( 80 to 89 Connection protocol generic) s -5 437 M -( 90 to 127 Channel related messages) s -5 415 M -( Reserved for client protocols:) s -5 393 M -( 128 to 191 Reserved) s -5 371 M -( Local extensions:) s -5 349 M -( 192 to 255 Local extensions) s -5 305 M -(8. IANA Considerations) s -5 283 M -( The initial state of the IANA registry is detailed in [SSH-NUMBERS].) s -5 261 M -( Allocation of the following types of names in the SSH protocols is) s -5 250 M -( assigned by IETF consensus:) s -5 239 M -( o SSH encryption algorithm names,) s -5 228 M -( o SSH MAC algorithm names,) s -5 217 M -( o SSH public key algorithm names \(public key algorithm also implies) s -5 206 M -( encoding and signature/encryption capability\),) s -5 195 M -( o SSH key exchange method names, and) s -5 184 M -( o SSH protocol \(service\) names.) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 11]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 12 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( These names MUST be printable US-ASCII strings, and MUST NOT contain) s -5 679 M -( the characters at-sign \('@'\), comma \(','\), or whitespace or control) s -5 668 M -( characters \(ASCII codes 32 or less\). Names are case-sensitive, and) s -5 657 M -( MUST NOT be longer than 64 characters.) s -5 635 M -( Names with the at-sign \('@'\) in them are allocated by the owner of) s -5 624 M -( DNS name after the at-sign \(hierarchical allocation in [RFC-2343]\),) s -5 613 M -( otherwise the same restrictions as above.) s -5 591 M -( Each category of names listed above has a separate namespace.) s -5 580 M -( However, using the same name in multiple categories SHOULD be avoided) s -5 569 M -( to minimize confusion.) s -5 547 M -( Message numbers \(see Section Message Numbers \(Section 7\)\) in the) s -5 536 M -( range of 0..191 are allocated via IETF consensus; message numbers in) s -5 525 M -( the 192..255 range \(the "Local extensions" set\) are reserved for) s -5 514 M -( private use.) s -5 492 M -(9. Security Considerations) s -5 470 M -( In order to make the entire body of Security Considerations more) s -5 459 M -( accessible, Security Considerations for the transport,) s -5 448 M -( authentication, and connection documents have been gathered here.) s -5 426 M -( The transport protocol [1] provides a confidential channel over an) s -5 415 M -( insecure network. It performs server host authentication, key) s -5 404 M -( exchange, encryption, and integrity protection. It also derives a) s -5 393 M -( unique session id that may be used by higher-level protocols.) s -5 371 M -( The authentication protocol [2] provides a suite of mechanisms which) s -5 360 M -( can be used to authenticate the client user to the server.) s -5 349 M -( Individual mechanisms specified in the in authentication protocol use) s -5 338 M -( the session id provided by the transport protocol and/or depend on) s -5 327 M -( the security and integrity guarantees of the transport protocol.) s -5 305 M -( The connection protocol [3] specifies a mechanism to multiplex) s -5 294 M -( multiple streams [channels] of data over the confidential and) s -5 283 M -( authenticated transport. It also specifies channels for accessing an) s -5 272 M -( interactive shell, for 'proxy-forwarding' various external protocols) s -5 261 M -( over the secure transport \(including arbitrary TCP/IP protocols\), and) s -5 250 M -( for accessing secure 'subsystems' on the server host.) s -5 228 M -(9.1 Pseudo-Random Number Generation) s -5 206 M -( This protocol binds each session key to the session by including) s -5 195 M -( random, session specific data in the hash used to produce session) s -5 184 M -( keys. Special care should be taken to ensure that all of the random) s -5 173 M -( numbers are of good quality. If the random data here \(e.g., DH) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 12]) s -_R -S -PStoPSsaved restore -%%Page: (12,13) 7 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 13 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( parameters\) are pseudo-random then the pseudo-random number generator) s -5 679 M -( should be cryptographically secure \(i.e., its next output not easily) s -5 668 M -( guessed even when knowing all previous outputs\) and, furthermore,) s -5 657 M -( proper entropy needs to be added to the pseudo-random number) s -5 646 M -( generator. RFC 1750 [1750] offers suggestions for sources of random) s -5 635 M -( numbers and entropy. Implementors should note the importance of) s -5 624 M -( entropy and the well-meant, anecdotal warning about the difficulty in) s -5 613 M -( properly implementing pseudo-random number generating functions.) s -5 591 M -( The amount of entropy available to a given client or server may) s -5 580 M -( sometimes be less than what is required. In this case one must) s -5 569 M -( either resort to pseudo-random number generation regardless of) s -5 558 M -( insufficient entropy or refuse to run the protocol. The latter is) s -5 547 M -( preferable.) s -5 525 M -(9.2 Transport) s -5 503 M -(9.2.1 Confidentiality) s -5 481 M -( It is beyond the scope of this document and the Secure Shell Working) s -5 470 M -( Group to analyze or recommend specific ciphers other than the ones) s -5 459 M -( which have been established and accepted within the industry. At the) s -5 448 M -( time of this writing, ciphers commonly in use include 3DES, ARCFOUR,) s -5 437 M -( twofish, serpent and blowfish. AES has been accepted by The) s -5 426 M -( published as a US Federal Information Processing Standards [FIPS-197]) s -5 415 M -( and the cryptographic community as being acceptable for this purpose) s -5 404 M -( as well has accepted AES. As always, implementors and users should) s -5 393 M -( check current literature to ensure that no recent vulnerabilities) s -5 382 M -( have been found in ciphers used within products. Implementors should) s -5 371 M -( also check to see which ciphers are considered to be relatively) s -5 360 M -( stronger than others and should recommend their use to users over) s -5 349 M -( relatively weaker ciphers. It would be considered good form for an) s -5 338 M -( implementation to politely and unobtrusively notify a user that a) s -5 327 M -( stronger cipher is available and should be used when a weaker one is) s -5 316 M -( actively chosen.) s -5 294 M -( The "none" cipher is provided for debugging and SHOULD NOT be used) s -5 283 M -( except for that purpose. It's cryptographic properties are) s -5 272 M -( sufficiently described in RFC 2410, which will show that its use does) s -5 261 M -( not meet the intent of this protocol.) s -5 239 M -( The relative merits of these and other ciphers may also be found in) s -5 228 M -( current literature. Two references that may provide information on) s -5 217 M -( the subject are [SCHNEIER] and [KAUFMAN,PERLMAN,SPECINER]. Both of) s -5 206 M -( these describe the CBC mode of operation of certain ciphers and the) s -5 195 M -( weakness of this scheme. Essentially, this mode is theoretically) s -5 184 M -( vulnerable to chosen cipher-text attacks because of the high) s -5 173 M -( predictability of the start of packet sequence. However, this attack) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 13]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 14 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( is still deemed difficult and not considered fully practicable) s -5 679 M -( especially if relatively longer block sizes are used.) s -5 657 M -( Additionally, another CBC mode attack may be mitigated through the) s -5 646 M -( insertion of packets containing SSH_MSG_IGNORE. Without this) s -5 635 M -( technique, a specific attack may be successful. For this attack) s -5 624 M -( \(commonly known as the Rogaway attack) s -5 613 M -( [ROGAWAY],[DAI],[BELLARE,KOHNO,NAMPREMPRE]\) to work, the attacker) s -5 602 M -( would need to know the IV of the next block that is going to be) s -5 591 M -( encrypted. In CBC mode that is the output of the encryption of the) s -5 580 M -( previous block. If the attacker does not have any way to see the) s -5 569 M -( packet yet \(i.e it is in the internal buffers of the ssh) s -5 558 M -( implementation or even in the kernel\) then this attack will not work.) s -5 547 M -( If the last packet has been sent out to the network \(i.e the attacker) s -5 536 M -( has access to it\) then he can use the attack.) s -5 514 M -( In the optimal case an implementor would need to add an extra packet) s -5 503 M -( only if the packet has been sent out onto the network and there are) s -5 492 M -( no other packets waiting for transmission. Implementors may wish to) s -5 481 M -( check to see if there are any unsent packets awaiting transmission,) s -5 470 M -( but unfortunately it is not normally easy to obtain this information) s -5 459 M -( from the kernel or buffers. If there are not, then a packet) s -5 448 M -( containing SSH_MSG_IGNORE SHOULD be sent. If a new packet is added) s -5 437 M -( to the stream every time the attacker knows the IV that is supposed) s -5 426 M -( to be used for the next packet, then the attacker will not be able to) s -5 415 M -( guess the correct IV, thus the attack will never be successfull.) s -5 393 M -( As an example, consider the following case:) s -5 360 M -( Client Server) s -5 349 M -( ------ ------) s -5 338 M -( TCP\(seq=x, len=500\) ->) s -5 327 M -( contains Record 1) s -5 305 M -( [500 ms passes, no ACK]) s -5 283 M -( TCP\(seq=x, len=1000\) ->) s -5 272 M -( contains Records 1,2) s -5 250 M -( ACK) s -5 217 M -( 1. The Nagle algorithm + TCP retransmits mean that the two records) s -5 206 M -( get coalesced into a single TCP segment) s -5 195 M -( 2. Record 2 is *not* at the beginning of the TCP segment and never) s -5 184 M -( will be, since it gets ACKed.) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 14]) s -_R -S -PStoPSsaved restore -%%Page: (14,15) 8 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 15 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( 3. Yet, the attack is possible because Record 1 has already been) s -5 679 M -( seen.) s -5 657 M -( As this example indicates, it's totally unsafe to use the existence) s -5 646 M -( of unflushed data in the TCP buffers proper as a guide to whether you) s -5 635 M -( need an empty packet, since when you do the second write\(\), the) s -5 624 M -( buffers will contain the un-ACKed Record 1.) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 15]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 16 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( On the other hand, it's perfectly safe to have the following) s -5 679 M -( situation:) s -5 646 M -( Client Server) s -5 635 M -( ------ ------) s -5 624 M -( TCP\(seq=x, len=500\) ->) s -5 613 M -( contains SSH_MSG_IGNORE) s -5 591 M -( TCP\(seq=y, len=500\) ->) s -5 580 M -( contains Data) s -5 558 M -( Provided that the IV for second SSH Record is fixed after the data for) s -5 547 M -( the Data packet is determined -i.e. you do:) s -5 536 M -( read from user) s -5 525 M -( encrypt null packet) s -5 514 M -( encrypt data packet) s -5 481 M -(9.2.2 Data Integrity) s -5 459 M -( This protocol does allow the Data Integrity mechanism to be disabled.) s -5 448 M -( Implementors SHOULD be wary of exposing this feature for any purpose) s -5 437 M -( other than debugging. Users and administrators SHOULD be explicitly) s -5 426 M -( warned anytime the "none" MAC is enabled.) s -5 404 M -( So long as the "none" MAC is not used, this protocol provides data) s -5 393 M -( integrity.) s -5 371 M -( Because MACs use a 32 bit sequence number, they might start to leak) s -5 360 M -( information after 2**32 packets have been sent. However, following) s -5 349 M -( the rekeying recommendations should prevent this attack. The) s -5 338 M -( transport protocol [1] recommends rekeying after one gigabyte of) s -5 327 M -( data, and the smallest possible packet is 16 bytes. Therefore,) s -5 316 M -( rekeying SHOULD happen after 2**28 packets at the very most.) s -5 294 M -(9.2.3 Replay) s -5 272 M -( The use of a MAC other than 'none' provides integrity and) s -5 261 M -( authentication. In addition, the transport protocol provides a) s -5 250 M -( unique session identifier \(bound in part to pseudo-random data that) s -5 239 M -( is part of the algorithm and key exchange process\) that can be used) s -5 228 M -( by higher level protocols to bind data to a given session and prevent) s -5 217 M -( replay of data from prior sessions. For example, the authentication) s -5 206 M -( protocol uses this to prevent replay of signatures from previous) s -5 195 M -( sessions. Because public key authentication exchanges are) s -5 184 M -( cryptographically bound to the session \(i.e., to the initial key) s -5 173 M -( exchange\) they cannot be successfully replayed in other sessions.) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 16]) s -_R -S -PStoPSsaved restore -%%Page: (16,17) 9 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 17 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( Note that the session ID can be made public without harming the) s -5 679 M -( security of the protocol.) s -5 657 M -( If two session happen to have the same session ID [hash of key) s -5 646 M -( exchanges] then packets from one can be replayed against the other.) s -5 635 M -( It must be stressed that the chances of such an occurrence are,) s -5 624 M -( needless to say, minimal when using modern cryptographic methods.) s -5 613 M -( This is all the more so true when specifying larger hash function) s -5 602 M -( outputs and DH parameters.) s -5 580 M -( Replay detection using monotonically increasing sequence numbers as) s -5 569 M -( input to the MAC, or HMAC in some cases, is described in [RFC2085] />) s -5 558 M -( [RFC2246], [RFC2743], [RFC1964], [RFC2025], and [RFC1510]. The) s -5 547 M -( underlying construct is discussed in [RFC2104]. Essentially a) s -5 536 M -( different sequence number in each packet ensures that at least this) s -5 525 M -( one input to the MAC function will be unique and will provide a) s -5 514 M -( nonrecurring MAC output that is not predictable to an attacker. If) s -5 503 M -( the session stays active long enough, however, this sequence number) s -5 492 M -( will wrap. This event may provide an attacker an opportunity to) s -5 481 M -( replay a previously recorded packet with an identical sequence number) s -5 470 M -( but only if the peers have not rekeyed since the transmission of the) s -5 459 M -( first packet with that sequence number. If the peers have rekeyed,) s -5 448 M -( then the replay will be detected as the MAC check will fail. For) s -5 437 M -( this reason, it must be emphasized that peers MUST rekey before a) s -5 426 M -( wrap of the sequence numbers. Naturally, if an attacker does attempt) s -5 415 M -( to replay a captured packet before the peers have rekeyed, then the) s -5 404 M -( receiver of the duplicate packet will not be able to validate the MAC) s -5 393 M -( and it will be discarded. The reason that the MAC will fail is) s -5 382 M -( because the receiver will formulate a MAC based upon the packet) s -5 371 M -( contents, the shared secret, and the expected sequence number. Since) s -5 360 M -( the replayed packet will not be using that expected sequence number) s -5 349 M -( \(the sequence number of the replayed packet will have already been) s -5 338 M -( passed by the receiver\) then the calculated MAC will not match the) s -5 327 M -( MAC received with the packet.) s -5 305 M -(9.2.4 Man-in-the-middle) s -5 283 M -( This protocol makes no assumptions nor provisions for an) s -5 272 M -( infrastructure or means for distributing the public keys of hosts. It) s -5 261 M -( is expected that this protocol will sometimes be used without first) s -5 250 M -( verifying the association between the server host key and the server) s -5 239 M -( host name. Such usage is vulnerable to man-in-the-middle attacks.) s -5 228 M -( This section describes this and encourages administrators and users) s -5 217 M -( to understand the importance of verifying this association before any) s -5 206 M -( session is initiated.) s -5 184 M -( There are three cases of man-in-the-middle attacks to consider. The) s -5 173 M -( first is where an attacker places a device between the client and the) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 17]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 18 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( server before the session is initiated. In this case, the attack) s -5 679 M -( device is trying to mimic the legitimate server and will offer its) s -5 668 M -( public key to the client when the client initiates a session. If it) s -5 657 M -( were to offer the public key of the server, then it would not be able) s -5 646 M -( to decrypt or sign the transmissions between the legitimate server) s -5 635 M -( and the client unless it also had access to the private-key of the) s -5 624 M -( host. The attack device will also, simultaneously to this, initiate) s -5 613 M -( a session to the legitimate server masquerading itself as the client.) s -5 602 M -( If the public key of the server had been securely distributed to the) s -5 591 M -( client prior to that session initiation, the key offered to the) s -5 580 M -( client by the attack device will not match the key stored on the) s -5 569 M -( client. In that case, the user SHOULD be given a warning that the) s -5 558 M -( offered host key does not match the host key cached on the client.) s -5 547 M -( As described in Section 3.1 of [ARCH], the user may be free to accept) s -5 536 M -( the new key and continue the session. It is RECOMMENDED that the) s -5 525 M -( warning provide sufficient information to the user of the client) s -5 514 M -( device so they may make an informed decision. If the user chooses to) s -5 503 M -( continue the session with the stored public-key of the server \(not) s -5 492 M -( the public-key offered at the start of the session\), then the session) s -5 481 M -( specific data between the attacker and server will be different) s -5 470 M -( between the client-to-attacker session and the attacker-to-server) s -5 459 M -( sessions due to the randomness discussed above. From this, the) s -5 448 M -( attacker will not be able to make this attack work since the attacker) s -5 437 M -( will not be able to correctly sign packets containing this session) s -5 426 M -( specific data from the server since he does not have the private key) s -5 415 M -( of that server.) s -5 393 M -( The second case that should be considered is similar to the first) s -5 382 M -( case in that it also happens at the time of connection but this case) s -5 371 M -( points out the need for the secure distribution of server public) s -5 360 M -( keys. If the server public keys are not securely distributed then) s -5 349 M -( the client cannot know if it is talking to the intended server. An) s -5 338 M -( attacker may use social engineering techniques to pass off server) s -5 327 M -( keys to unsuspecting users and may then place a man-in-the-middle) s -5 316 M -( attack device between the legitimate server and the clients. If this) s -5 305 M -( is allowed to happen then the clients will form client-to-attacker) s -5 294 M -( sessions and the attacker will form attacker-to-server sessions and) s -5 283 M -( will be able to monitor and manipulate all of the traffic between the) s -5 272 M -( clients and the legitimate servers. Server administrators are) s -5 261 M -( encouraged to make host key fingerprints available for checking by) s -5 250 M -( some means whose security does not rely on the integrity of the) s -5 239 M -( actual host keys. Possible mechanisms are discussed in Section 3.1) s -5 228 M -( of [SSH-ARCH] and may also include secured Web pages, physical pieces) s -5 217 M -( of paper, etc. Implementors SHOULD provide recommendations on how) s -5 206 M -( best to do this with their implementation. Because the protocol is) s -5 195 M -( extensible, future extensions to the protocol may provide better) s -5 184 M -( mechanisms for dealing with the need to know the server's host key) s -5 173 M -( before connecting. For example, making the host key fingerprint) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 18]) s -_R -S -PStoPSsaved restore -%%Page: (18,19) 10 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 19 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( available through a secure DNS lookup, or using kerberos over gssapi) s -5 679 M -( during key exchange to authenticate the server are possibilities.) s -5 657 M -( In the third man-in-the-middle case, attackers may attempt to) s -5 646 M -( manipulate packets in transit between peers after the session has) s -5 635 M -( been established. As described in the Replay part of this section, a) s -5 624 M -( successful attack of this nature is very improbable. As in the) s -5 613 M -( Replay section, this reasoning does assume that the MAC is secure and) s -5 602 M -( that it is infeasible to construct inputs to a MAC algorithm to give) s -5 591 M -( a known output. This is discussed in much greater detail in Section) s -5 580 M -( 6 of RFC 2104. If the MAC algorithm has a vulnerability or is weak) s -5 569 M -( enough, then the attacker may be able to specify certain inputs to) s -5 558 M -( yield a known MAC. With that they may be able to alter the contents) s -5 547 M -( of a packet in transit. Alternatively the attacker may be able to) s -5 536 M -( exploit the algorithm vulnerability or weakness to find the shared) s -5 525 M -( secret by reviewing the MACs from captured packets. In either of) s -5 514 M -( those cases, an attacker could construct a packet or packets that) s -5 503 M -( could be inserted into an SSH stream. To prevent that, implementors) s -5 492 M -( are encouraged to utilize commonly accepted MAC algorithms and) s -5 481 M -( administrators are encouraged to watch current literature and) s -5 470 M -( discussions of cryptography to ensure that they are not using a MAC) s -5 459 M -( algorithm that has a recently found vulnerability or weakness.) s -5 437 M -( In summary, the use of this protocol without a reliable association) s -5 426 M -( of the binding between a host and its host keys is inherently) s -5 415 M -( insecure and is NOT RECOMMENDED. It may however be necessary in) s -5 404 M -( non-security critical environments, and will still provide protection) s -5 393 M -( against passive attacks. Implementors of protocols and applications) s -5 382 M -( running on top of this protocol should keep this possibility in mind.) s -5 360 M -(9.2.5 Denial-of-service) s -5 338 M -( This protocol is designed to be used over a reliable transport. If) s -5 327 M -( transmission errors or message manipulation occur, the connection is) s -5 316 M -( closed. The connection SHOULD be re-established if this occurs.) s -5 305 M -( Denial of service attacks of this type \("wire cutter"\) are almost) s -5 294 M -( impossible to avoid.) s -5 272 M -( In addition, this protocol is vulnerable to Denial of Service attacks) s -5 261 M -( because an attacker can force the server to go through the CPU and) s -5 250 M -( memory intensive tasks of connection setup and key exchange without) s -5 239 M -( authenticating. Implementors SHOULD provide features that make this) s -5 228 M -( more difficult. For example, only allowing connections from a subset) s -5 217 M -( of IPs known to have valid users.) s -5 195 M -(9.2.6 Covert Channels) s -5 173 M -( The protocol was not designed to eliminate covert channels. For) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 19]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 20 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( example, the padding, SSH_MSG_IGNORE messages, and several other) s -5 679 M -( places in the protocol can be used to pass covert information, and) s -5 668 M -( the recipient has no reliable way to verify whether such information) s -5 657 M -( is being sent.) s -5 635 M -(9.2.7 Forward Secrecy) s -5 613 M -( It should be noted that the Diffie-Hellman key exchanges may provide) s -5 602 M -( perfect forward secrecy \(PFS\). PFS is essentially defined as the) s -5 591 M -( cryptographic property of a key-establishment protocol in which the) s -5 580 M -( compromise of a session key or long-term private key after a given) s -5 569 M -( session does not cause the compromise of any earlier session. [ANSI) s -5 558 M -( T1.523-2001] SSHv2 sessions resulting from a key exchange using) s -5 547 M -( diffie-hellman-group1-sha1 are secure even if private keying/) s -5 536 M -( authentication material is later revealed, but not if the session) s -5 525 M -( keys are revealed. So, given this definition of PFS, SSHv2 does have) s -5 514 M -( PFS. It is hoped that all other key exchange mechanisms proposed and) s -5 503 M -( used in the future will also provide PFS. This property is not) s -5 492 M -( commuted to any of the applications or protocols using SSH as a) s -5 481 M -( transport however. The transport layer of SSH provides) s -5 470 M -( confidentiality for password authentication and other methods that) s -5 459 M -( rely on secret data.) s -5 437 M -( Of course, if the DH private parameters for the client and server are) s -5 426 M -( revealed then the session key is revealed, but these items can be) s -5 415 M -( thrown away after the key exchange completes. It's worth pointing) s -5 404 M -( out that these items should not be allowed to end up on swap space) s -5 393 M -( and that they should be erased from memory as soon as the key) s -5 382 M -( exchange completes.) s -5 360 M -(9.3 Authentication Protocol) s -5 338 M -( The purpose of this protocol is to perform client user) s -5 327 M -( authentication. It assumes that this run over a secure transport) s -5 316 M -( layer protocol, which has already authenticated the server machine,) s -5 305 M -( established an encrypted communications channel, and computed a) s -5 294 M -( unique session identifier for this session.) s -5 272 M -( Several authentication methods with different security) s -5 261 M -( characteristics are allowed. It is up to the server's local policy) s -5 250 M -( to decide which methods \(or combinations of methods\) it is willing to) s -5 239 M -( accept for each user. Authentication is no stronger than the weakest) s -5 228 M -( combination allowed.) s -5 206 M -( The server may go into a "sleep" period after repeated unsuccessful) s -5 195 M -( authentication attempts to make key search more difficult for) s -5 184 M -( attackers. Care should be taken so that this doesn't become a) s -5 173 M -( self-denial of service vector.) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 20]) s -_R -S -PStoPSsaved restore -%%Page: (20,21) 11 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 21 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -(9.3.1 Weak Transport) s -5 668 M -( If the transport layer does not provide confidentiality,) s -5 657 M -( authentication methods that rely on secret data SHOULD be disabled.) s -5 646 M -( If it does not provide strong integrity protection, requests to) s -5 635 M -( change authentication data \(e.g. a password change\) SHOULD be) s -5 624 M -( disabled to prevent an attacker from modifying the ciphertext) s -5 613 M -( without being noticed, or rendering the new authentication data) s -5 602 M -( unusable \(denial of service\).) s -5 580 M -( The assumption as stated above that the Authentication Protocol only) s -5 569 M -( run over a secure transport that has previously authenticated the) s -5 558 M -( server is very important to note. People deploying SSH are reminded) s -5 547 M -( of the consequences of man-in-the-middle attacks if the client does) s -5 536 M -( not have a very strong a priori association of the server with the) s -5 525 M -( host key of that server. Specifically for the case of the) s -5 514 M -( Authentication Protocol the client may form a session to a) s -5 503 M -( man-in-the-middle attack device and divulge user credentials such as) s -5 492 M -( their username and password. Even in the cases of authentication) s -5 481 M -( where no user credentials are divulged, an attacker may still gain) s -5 470 M -( information they shouldn't have by capturing key-strokes in much the) s -5 459 M -( same way that a honeypot works.) s -5 437 M -(9.3.2 Debug messages) s -5 415 M -( Special care should be taken when designing debug messages. These) s -5 404 M -( messages may reveal surprising amounts of information about the host) s -5 393 M -( if not properly designed. Debug messages can be disabled \(during) s -5 382 M -( user authentication phase\) if high security is required.) s -5 371 M -( Administrators of host machines should make all attempts to) s -5 360 M -( compartmentalize all event notification messages and protect them) s -5 349 M -( from unwarranted observation. Developers should be aware of the) s -5 338 M -( sensitive nature of some of the normal event messages and debug) s -5 327 M -( messages and may want to provide guidance to administrators on ways) s -5 316 M -( to keep this information away from unauthorized people. Developers) s -5 305 M -( should consider minimizing the amount of sensitive information) s -5 294 M -( obtainable by users during the authentication phase in accordance) s -5 283 M -( with the local policies. For this reason, it is RECOMMENDED that) s -5 272 M -( debug messages be initially disabled at the time of deployment and) s -5 261 M -( require an active decision by an administrator to allow them to be) s -5 250 M -( enabled. It is also RECOMMENDED that a message expressing this) s -5 239 M -( concern be presented to the administrator of a system when the action) s -5 228 M -( is taken to enable debugging messages.) s -5 206 M -(9.3.3 Local security policy) s -5 184 M -( Implementer MUST ensure that the credentials provided validate the) s -5 173 M -( professed user and also MUST ensure that the local policy of the) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 21]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 22 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( server permits the user the access requested. In particular, because) s -5 679 M -( of the flexible nature of the SSH connection protocol, it may not be) s -5 668 M -( possible to determine the local security policy, if any, that should) s -5 657 M -( apply at the time of authentication because the kind of service being) s -5 646 M -( requested is not clear at that instant. For example, local policy) s -5 635 M -( might allow a user to access files on the server, but not start an) s -5 624 M -( interactive shell. However, during the authentication protocol, it is) s -5 613 M -( not known whether the user will be accessing files or attempting to) s -5 602 M -( use an interactive shell, or even both. In any event, where local) s -5 591 M -( security policy for the server host exists, it MUST be applied and) s -5 580 M -( enforced correctly.) s -5 558 M -( Implementors are encouraged to provide a default local policy and) s -5 547 M -( make its parameters known to administrators and users. At the) s -5 536 M -( discretion of the implementors, this default policy may be along the) s -5 525 M -( lines of 'anything goes' where there are no restrictions placed upon) s -5 514 M -( users, or it may be along the lines of 'excessively restrictive' in) s -5 503 M -( which case the administrators will have to actively make changes to) s -5 492 M -( this policy to meet their needs. Alternatively, it may be some) s -5 481 M -( attempt at providing something practical and immediately useful to) s -5 470 M -( the administrators of the system so they don't have to put in much) s -5 459 M -( effort to get SSH working. Whatever choice is made MUST be applied) s -5 448 M -( and enforced as required above.) s -5 426 M -(9.3.4 Public key authentication) s -5 404 M -( The use of public-key authentication assumes that the client host has) s -5 393 M -( not been compromised. It also assumes that the private-key of the) s -5 382 M -( server host has not been compromised.) s -5 360 M -( This risk can be mitigated by the use of passphrases on private keys;) s -5 349 M -( however, this is not an enforceable policy. The use of smartcards,) s -5 338 M -( or other technology to make passphrases an enforceable policy is) s -5 327 M -( suggested.) s -5 305 M -( The server could require both password and public-key authentication,) s -5 294 M -( however, this requires the client to expose its password to the) s -5 283 M -( server \(see section on password authentication below.\)) s -5 261 M -(9.3.5 Password authentication) s -5 239 M -( The password mechanism as specified in the authentication protocol) s -5 228 M -( assumes that the server has not been compromised. If the server has) s -5 217 M -( been compromised, using password authentication will reveal a valid) s -5 206 M -( username / password combination to the attacker, which may lead to) s -5 195 M -( further compromises.) s -5 173 M -( This vulnerability can be mitigated by using an alternative form of) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 22]) s -_R -S -PStoPSsaved restore -%%Page: (22,23) 12 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 23 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( authentication. For example, public-key authentication makes no) s -5 679 M -( assumptions about security on the server.) s -5 657 M -(9.3.6 Host based authentication) s -5 635 M -( Host based authentication assumes that the client has not been) s -5 624 M -( compromised. There are no mitigating strategies, other than to use) s -5 613 M -( host based authentication in combination with another authentication) s -5 602 M -( method.) s -5 580 M -(9.4 Connection protocol) s -5 558 M -(9.4.1 End point security) s -5 536 M -( End point security is assumed by the connection protocol. If the) s -5 525 M -( server has been compromised, any terminal sessions, port forwarding,) s -5 514 M -( or systems accessed on the host are compromised. There are no) s -5 503 M -( mitigating factors for this.) s -5 481 M -( If the client end point has been compromised, and the server fails to) s -5 470 M -( stop the attacker at the authentication protocol, all services) s -5 459 M -( exposed \(either as subsystems or through forwarding\) will be) s -5 448 M -( vulnerable to attack. Implementors SHOULD provide mechanisms for) s -5 437 M -( administrators to control which services are exposed to limit the) s -5 426 M -( vulnerability of other services.) s -5 404 M -( These controls might include controlling which machines and ports can) s -5 393 M -( be target in 'port-forwarding' operations, which users are allowed to) s -5 382 M -( use interactive shell facilities, or which users are allowed to use) s -5 371 M -( exposed subsystems.) s -5 349 M -(9.4.2 Proxy forwarding) s -5 327 M -( The SSH connection protocol allows for proxy forwarding of other) s -5 316 M -( protocols such as SNMP, POP3, and HTTP. This may be a concern for) s -5 305 M -( network administrators who wish to control the access of certain) s -5 294 M -( applications by users located outside of their physical location.) s -5 283 M -( Essentially, the forwarding of these protocols may violate site) s -5 272 M -( specific security policies as they may be undetectably tunneled) s -5 261 M -( through a firewall. Implementors SHOULD provide an administrative) s -5 250 M -( mechanism to control the proxy forwarding functionality so that site) s -5 239 M -( specific security policies may be upheld.) s -5 217 M -( In addition, a reverse proxy forwarding functionality is available,) s -5 206 M -( which again can be used to bypass firewall controls.) s -5 184 M -( As indicated above, end-point security is assumed during proxy) s -5 173 M -( forwarding operations. Failure of end-point security will compromise) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 23]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 24 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( all data passed over proxy forwarding.) s -5 668 M -(9.4.3 X11 forwarding) s -5 646 M -( Another form of proxy forwarding provided by the ssh connection) s -5 635 M -( protocol is the forwarding of the X11 protocol. If end-point) s -5 624 M -( security has been compromised, X11 forwarding may allow attacks) s -5 613 M -( against the X11 server. Users and administrators should, as a matter) s -5 602 M -( of course, use appropriate X11 security mechanisms to prevent) s -5 591 M -( unauthorized use of the X11 server. Implementors, administrators and) s -5 580 M -( users who wish to further explore the security mechanisms of X11 are) s -5 569 M -( invited to read [SCHEIFLER] and analyze previously reported problems) s -5 558 M -( with the interactions between SSH forwarding and X11 in CERT) s -5 547 M -( vulnerabilities VU#363181 and VU#118892 [CERT].) s -5 525 M -( X11 display forwarding with SSH, by itself, is not sufficient to) s -5 514 M -( correct well known problems with X11 security [VENEMA]. However, X11) s -5 503 M -( display forwarding in SSHv2 \(or other, secure protocols\), combined) s -5 492 M -( with actual and pseudo-displays which accept connections only over) s -5 481 M -( local IPC mechanisms authorized by permissions or ACLs, does correct) s -5 470 M -( many X11 security problems as long as the "none" MAC is not used. It) s -5 459 M -( is RECOMMENDED that X11 display implementations default to allowing) s -5 448 M -( display opens only over local IPC. It is RECOMMENDED that SSHv2) s -5 437 M -( server implementations that support X11 forwarding default to) s -5 426 M -( allowing display opens only over local IPC. On single-user systems) s -5 415 M -( it might be reasonable to default to allowing local display opens) s -5 404 M -( over TCP/IP.) s -5 382 M -( Implementors of the X11 forwarding protocol SHOULD implement the) s -5 371 M -( magic cookie access checking spoofing mechanism as described in) s -5 360 M -( [ssh-connect] as an additional mechanism to prevent unauthorized use) s -5 349 M -( of the proxy.) s -5 327 M -(Normative References) s -5 305 M -( [SSH-ARCH]) s -5 294 M -( Ylonen, T., "SSH Protocol Architecture", I-D) s -5 283 M -( draft-ietf-architecture-15.txt, Oct 2003.) s -5 261 M -( [SSH-TRANS]) s -5 250 M -( Ylonen, T., "SSH Transport Layer Protocol", I-D) s -5 239 M -( draft-ietf-transport-17.txt, Oct 2003.) s -5 217 M -( [SSH-USERAUTH]) s -5 206 M -( Ylonen, T., "SSH Authentication Protocol", I-D) s -5 195 M -( draft-ietf-userauth-18.txt, Oct 2003.) s -5 173 M -( [SSH-CONNECT]) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 24]) s -_R -S -PStoPSsaved restore -%%Page: (24,25) 13 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 25 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( Ylonen, T., "SSH Connection Protocol", I-D) s -5 679 M -( draft-ietf-connect-18.txt, Oct 2003.) s -5 657 M -( [SSH-NUMBERS]) s -5 646 M -( Lehtinen, S. and D. Moffat, "SSH Protocol Assigned) s -5 635 M -( Numbers", I-D draft-ietf-secsh-assignednumbers-05.txt, Oct) s -5 624 M -( 2003.) s -5 602 M -( [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate) s -5 591 M -( Requirement Levels", BCP 14, RFC 2119, March 1997.) s -5 569 M -(Informative References) s -5 547 M -( [FIPS-186]) s -5 536 M -( Federal Information Processing Standards Publication,) s -5 525 M -( "FIPS PUB 186, Digital Signature Standard", May 1994.) s -5 503 M -( [FIPS-197]) s -5 492 M -( National Institue of Standards and Technology, "FIPS 197,) s -5 481 M -( Specification for the Advanced Encryption Standard",) s -5 470 M -( November 2001.) s -5 448 M -( [ANSI T1.523-2001]) s -5 437 M -( American National Standards Insitute, Inc., "Telecom) s -5 426 M -( Glossary 2000", February 2001.) s -5 404 M -( [SCHEIFLER]) s -5 393 M -( Scheifler, R., "X Window System : The Complete Reference) s -5 382 M -( to Xlib, X Protocol, Icccm, Xlfd, 3rd edition.", Digital) s -5 371 M -( Press ISBN 1555580882, Feburary 1992.) s -5 349 M -( [RFC0854] Postel, J. and J. Reynolds, "Telnet Protocol) s -5 338 M -( Specification", STD 8, RFC 854, May 1983.) s -5 316 M -( [RFC0894] Hornig, C., "Standard for the transmission of IP datagrams) s -5 305 M -( over Ethernet networks", STD 41, RFC 894, April 1984.) s -5 283 M -( [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",) s -5 272 M -( STD 13, RFC 1034, November 1987.) s -5 250 M -( [RFC1134] Perkins, D., "Point-to-Point Protocol: A proposal for) s -5 239 M -( multi-protocol transmission of datagrams over) s -5 228 M -( Point-to-Point links", RFC 1134, November 1989.) s -5 206 M -( [RFC1282] Kantor, B., "BSD Rlogin", RFC 1282, December 1991.) s -5 184 M -( [RFC1510] Kohl, J. and B. Neuman, "The Kerberos Network) s -5 173 M -( Authentication Service \(V5\)", RFC 1510, September 1993.) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 25]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 26 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( [RFC1700] Reynolds, J. and J. Postel, "Assigned Numbers", RFC 1700,) s -5 679 M -( October 1994.) s -5 657 M -( [RFC1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness) s -5 646 M -( Recommendations for Security", RFC 1750, December 1994.) s -5 624 M -( [RFC3066] Alvestrand, H., "Tags for the Identification of) s -5 613 M -( Languages", BCP 47, RFC 3066, January 2001.) s -5 591 M -( [RFC1964] Linn, J., "The Kerberos Version 5 GSS-API Mechanism", RFC) s -5 580 M -( 1964, June 1996.) s -5 558 M -( [RFC2025] Adams, C., "The Simple Public-Key GSS-API Mechanism) s -5 547 M -( \(SPKM\)", RFC 2025, October 1996.) s -5 525 M -( [RFC2085] Oehler, M. and R. Glenn, "HMAC-MD5 IP Authentication with) s -5 514 M -( Replay Prevention", RFC 2085, February 1997.) s -5 492 M -( [RFC2104] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC:) s -5 481 M -( Keyed-Hashing for Message Authentication", RFC 2104,) s -5 470 M -( February 1997.) s -5 448 M -( [RFC2246] Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A.) s -5 437 M -( and P. Kocher, "The TLS Protocol Version 1.0", RFC 2246,) s -5 426 M -( January 1999.) s -5 404 M -( [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO) s -5 393 M -( 10646", RFC 2279, January 1998.) s -5 371 M -( [RFC2410] Glenn, R. and S. Kent, "The NULL Encryption Algorithm and) s -5 360 M -( Its Use With IPsec", RFC 2410, November 1998.) s -5 338 M -( [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an) s -5 327 M -( IANA Considerations Section in RFCs", BCP 26, RFC 2434,) s -5 316 M -( October 1998.) s -5 294 M -( [RFC2743] Linn, J., "Generic Security Service Application Program) s -5 283 M -( Interface Version 2, Update 1", RFC 2743, January 2000.) s -5 261 M -( [SCHNEIER]) s -5 250 M -( Schneier, B., "Applied Cryptography Second Edition:) s -5 239 M -( protocols algorithms and source in code in C", 1996.) s -5 217 M -( [KAUFMAN,PERLMAN,SPECINER]) s -5 206 M -( Kaufman, C., Perlman, R. and M. Speciner, "Network) s -5 195 M -( Security: PRIVATE Communication in a PUBLIC World", 1995.) s -5 173 M -( [CERT] CERT Coordination Center, The., "http://www.cert.org/nav/) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 26]) s -_R -S -PStoPSsaved restore -%%Page: (26,27) 14 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 27 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( index_red.html".) s -5 668 M -( [VENEMA] Venema, W., "Murphy's Law and Computer Security",) s -5 657 M -( Proceedings of 6th USENIX Security Symposium, San Jose CA) s -5 646 M -( http://www.usenix.org/publications/library/proceedings/) s -5 635 M -( sec96/venema.html, July 1996.) s -5 613 M -( [ROGAWAY] Rogaway, P., "Problems with Proposed IP Cryptography",) s -5 602 M -( Unpublished paper http://www.cs.ucdavis.edu/~rogaway/) s -5 591 M -( papers/draft-rogaway-ipsec-comments-00.txt, 1996.) s -5 569 M -( [DAI] Dai, W., "An attack against SSH2 protocol", Email to the) s -5 558 M -( SECSH Working Group ietf-ssh@netbsd.org ftp://) s -5 547 M -( ftp.ietf.org/ietf-mail-archive/secsh/2002-02.mail, Feb) s -5 536 M -( 2002.) s -5 514 M -( [BELLARE,KOHNO,NAMPREMPRE]) s -5 503 M -( Bellaire, M., Kohno, T. and C. Namprempre, "Authenticated) s -5 492 M -( Encryption in SSH: Fixing the SSH Binary Packet Protocol",) s -5 481 M -( , Sept 2002.) s -5 448 M -(Authors' Addresses) s -5 426 M -( Tatu Ylonen) s -5 415 M -( SSH Communications Security Corp) s -5 404 M -( Fredrikinkatu 42) s -5 393 M -( HELSINKI FIN-00100) s -5 382 M -( Finland) s -5 360 M -( EMail: ylo@ssh.com) s -5 327 M -( Darren J. Moffat \(editor\)) s -5 316 M -( Sun Microsystems, Inc) s -5 305 M -( 17 Network Circle) s -5 294 M -( Menlo Park CA 94025) s -5 283 M -( USA) s -5 261 M -( EMail: Darren.Moffat@Sun.COM) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 27]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 28 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -(Intellectual Property Statement) s -5 668 M -( The IETF takes no position regarding the validity or scope of any) s -5 657 M -( intellectual property or other rights that might be claimed to) s -5 646 M -( pertain to the implementation or use of the technology described in) s -5 635 M -( this document or the extent to which any license under such rights) s -5 624 M -( might or might not be available; neither does it represent that it) s -5 613 M -( has made any effort to identify any such rights. Information on the) s -5 602 M -( IETF's procedures with respect to rights in standards-track and) s -5 591 M -( standards-related documentation can be found in BCP-11. Copies of) s -5 580 M -( claims of rights made available for publication and any assurances of) s -5 569 M -( licenses to be made available, or the result of an attempt made to) s -5 558 M -( obtain a general license or permission for the use of such) s -5 547 M -( proprietary rights by implementors or users of this specification can) s -5 536 M -( be obtained from the IETF Secretariat.) s -5 514 M -( The IETF invites any interested party to bring to its attention any) s -5 503 M -( copyrights, patents or patent applications, or other proprietary) s -5 492 M -( rights which may cover technology that may be required to practice) s -5 481 M -( this standard. Please address the information to the IETF Executive) s -5 470 M -( Director.) s -5 448 M -( The IETF has been notified of intellectual property rights claimed in) s -5 437 M -( regard to some or all of the specification contained in this) s -5 426 M -( document. For more information consult the online list of claimed) s -5 415 M -( rights.) s -5 382 M -(Full Copyright Statement) s -5 360 M -( Copyright \(C\) The Internet Society \(2003\). All Rights Reserved.) s -5 338 M -( This document and translations of it may be copied and furnished to) s -5 327 M -( others, and derivative works that comment on or otherwise explain it) s -5 316 M -( or assist in its implementation may be prepared, copied, published) s -5 305 M -( and distributed, in whole or in part, without restriction of any) s -5 294 M -( kind, provided that the above copyright notice and this paragraph are) s -5 283 M -( included on all such copies and derivative works. However, this) s -5 272 M -( document itself may not be modified in any way, such as by removing) s -5 261 M -( the copyright notice or references to the Internet Society or other) s -5 250 M -( Internet organizations, except as needed for the purpose of) s -5 239 M -( developing Internet standards in which case the procedures for) s -5 228 M -( copyrights defined in the Internet Standards process must be) s -5 217 M -( followed, or as required to translate it into languages other than) s -5 206 M -( English.) s -5 184 M -( The limited permissions granted above are perpetual and will not be) s -5 173 M -( revoked by the Internet Society or its successors or assignees.) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 28]) s -_R -S -PStoPSsaved restore -%%Page: (28,29) 15 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 29 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Protocol Architecture Oct 2003) s -5 690 M -( This document and the information contained herein is provided on an) s -5 679 M -( "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING) s -5 668 M -( TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING) s -5 657 M -( BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION) s -5 646 M -( HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF) s -5 635 M -( MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.) s -5 602 M -(Acknowledgment) s -5 580 M -( Funding for the RFC Editor function is currently provided by the) s -5 569 M -( Internet Society.) s -5 129 M -(Ylonen & Moffat Expires March 31, 2004 [Page 29]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -showpage -PStoPSsaved restore -%%Trailer -%%Pages: 29 -%%DocumentNeededResources: font Courier-Bold Courier -%%EOF diff --git a/lib/ssh/doc/standard/draft-ietf-secsh-architecture-15.txt b/lib/ssh/doc/standard/draft-ietf-secsh-architecture-15.txt deleted file mode 100644 index 18070e8485..0000000000 --- a/lib/ssh/doc/standard/draft-ietf-secsh-architecture-15.txt +++ /dev/null @@ -1,1624 +0,0 @@ - - - -Network Working Group T. Ylonen -Internet-Draft SSH Communications Security Corp -Expires: March 31, 2004 D. Moffat, Ed. - Sun Microsystems, Inc - Oct 2003 - - - SSH Protocol Architecture - draft-ietf-secsh-architecture-15.txt - -Status of this Memo - - This document is an Internet-Draft and is in full conformance with - all provisions of Section 10 of RFC2026. - - Internet-Drafts are working documents of the Internet Engineering - Task Force (IETF), its areas, and its working groups. Note that other - groups may also distribute working documents as Internet-Drafts. - - Internet-Drafts are draft documents valid for a maximum of six months - and may be updated, replaced, or obsoleted by other documents at any - time. It is inappropriate to use Internet-Drafts as reference - material or to cite them other than as "work in progress." - - The list of current Internet-Drafts can be accessed at http:// - www.ietf.org/ietf/1id-abstracts.txt. - - The list of Internet-Draft Shadow Directories can be accessed at - http://www.ietf.org/shadow.html. - - This Internet-Draft will expire on March 31, 2004. - -Copyright Notice - - Copyright (C) The Internet Society (2003). All Rights Reserved. - -Abstract - - SSH is a protocol for secure remote login and other secure network - services over an insecure network. This document describes the - architecture of the SSH protocol, as well as the notation and - terminology used in SSH protocol documents. It also discusses the SSH - algorithm naming system that allows local extensions. The SSH - protocol consists of three major components: The Transport Layer - Protocol provides server authentication, confidentiality, and - integrity with perfect forward secrecy. The User Authentication - Protocol authenticates the client to the server. The Connection - Protocol multiplexes the encrypted tunnel into several logical - channels. Details of these protocols are described in separate - - - -Ylonen & Moffat Expires March 31, 2004 [Page 1] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - documents. - -Table of Contents - - 1. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 3 - 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 - 3. Specification of Requirements . . . . . . . . . . . . . . . 3 - 4. Architecture . . . . . . . . . . . . . . . . . . . . . . . . 3 - 4.1 Host Keys . . . . . . . . . . . . . . . . . . . . . . . . . 4 - 4.2 Extensibility . . . . . . . . . . . . . . . . . . . . . . . 5 - 4.3 Policy Issues . . . . . . . . . . . . . . . . . . . . . . . 5 - 4.4 Security Properties . . . . . . . . . . . . . . . . . . . . 6 - 4.5 Packet Size and Overhead . . . . . . . . . . . . . . . . . . 6 - 4.6 Localization and Character Set Support . . . . . . . . . . . 7 - 5. Data Type Representations Used in the SSH Protocols . . . . 8 - 6. Algorithm Naming . . . . . . . . . . . . . . . . . . . . . . 10 - 7. Message Numbers . . . . . . . . . . . . . . . . . . . . . . 11 - 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . 11 - 9. Security Considerations . . . . . . . . . . . . . . . . . . 12 - 9.1 Pseudo-Random Number Generation . . . . . . . . . . . . . . 12 - 9.2 Transport . . . . . . . . . . . . . . . . . . . . . . . . . 13 - 9.2.1 Confidentiality . . . . . . . . . . . . . . . . . . . . . . 13 - 9.2.2 Data Integrity . . . . . . . . . . . . . . . . . . . . . . . 16 - 9.2.3 Replay . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 - 9.2.4 Man-in-the-middle . . . . . . . . . . . . . . . . . . . . . 17 - 9.2.5 Denial-of-service . . . . . . . . . . . . . . . . . . . . . 19 - 9.2.6 Covert Channels . . . . . . . . . . . . . . . . . . . . . . 19 - 9.2.7 Forward Secrecy . . . . . . . . . . . . . . . . . . . . . . 20 - 9.3 Authentication Protocol . . . . . . . . . . . . . . . . . . 20 - 9.3.1 Weak Transport . . . . . . . . . . . . . . . . . . . . . . . 21 - 9.3.2 Debug messages . . . . . . . . . . . . . . . . . . . . . . . 21 - 9.3.3 Local security policy . . . . . . . . . . . . . . . . . . . 21 - 9.3.4 Public key authentication . . . . . . . . . . . . . . . . . 22 - 9.3.5 Password authentication . . . . . . . . . . . . . . . . . . 22 - 9.3.6 Host based authentication . . . . . . . . . . . . . . . . . 23 - 9.4 Connection protocol . . . . . . . . . . . . . . . . . . . . 23 - 9.4.1 End point security . . . . . . . . . . . . . . . . . . . . . 23 - 9.4.2 Proxy forwarding . . . . . . . . . . . . . . . . . . . . . . 23 - 9.4.3 X11 forwarding . . . . . . . . . . . . . . . . . . . . . . . 24 - Normative References . . . . . . . . . . . . . . . . . . . . 24 - Informative References . . . . . . . . . . . . . . . . . . . 25 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 27 - Intellectual Property and Copyright Statements . . . . . . . 28 - - - - - - - - -Ylonen & Moffat Expires March 31, 2004 [Page 2] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - -1. Contributors - - The major original contributors of this document were: Tatu Ylonen, - Tero Kivinen, Timo J. Rinne, Sami Lehtinen (all of SSH Communications - Security Corp), and Markku-Juhani O. Saarinen (University of - Jyvaskyla) - - The document editor is: Darren.Moffat@Sun.COM. Comments on this - internet draft should be sent to the IETF SECSH working group, - details at: http://ietf.org/html.charters/secsh-charter.html - -2. Introduction - - SSH is a protocol for secure remote login and other secure network - services over an insecure network. It consists of three major - components: - o The Transport Layer Protocol [SSH-TRANS] provides server - authentication, confidentiality, and integrity. It may optionally - also provide compression. The transport layer will typically be - run over a TCP/IP connection, but might also be used on top of any - other reliable data stream. - o The User Authentication Protocol [SSH-USERAUTH] authenticates the - client-side user to the server. It runs over the transport layer - protocol. - o The Connection Protocol [SSH-CONNECT] multiplexes the encrypted - tunnel into several logical channels. It runs over the user - authentication protocol. - - The client sends a service request once a secure transport layer - connection has been established. A second service request is sent - after user authentication is complete. This allows new protocols to - be defined and coexist with the protocols listed above. - - The connection protocol provides channels that can be used for a wide - range of purposes. Standard methods are provided for setting up - secure interactive shell sessions and for forwarding ("tunneling") - arbitrary TCP/IP ports and X11 connections. - -3. Specification of Requirements - - All documents related to the SSH protocols shall use the keywords - "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", - "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" to describe - requirements. They are to be interpreted as described in [RFC2119]. - -4. Architecture - - - - - -Ylonen & Moffat Expires March 31, 2004 [Page 3] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - -4.1 Host Keys - - Each server host SHOULD have a host key. Hosts MAY have multiple - host keys using multiple different algorithms. Multiple hosts MAY - share the same host key. If a host has keys at all, it MUST have at - least one key using each REQUIRED public key algorithm (DSS - [FIPS-186]). - - The server host key is used during key exchange to verify that the - client is really talking to the correct server. For this to be - possible, the client must have a priori knowledge of the server's - public host key. - - Two different trust models can be used: - o The client has a local database that associates each host name (as - typed by the user) with the corresponding public host key. This - method requires no centrally administered infrastructure, and no - third-party coordination. The downside is that the database of - name-to-key associations may become burdensome to maintain. - o The host name-to-key association is certified by some trusted - certification authority. The client only knows the CA root key, - and can verify the validity of all host keys certified by accepted - CAs. - - The second alternative eases the maintenance problem, since - ideally only a single CA key needs to be securely stored on the - client. On the other hand, each host key must be appropriately - certified by a central authority before authorization is possible. - Also, a lot of trust is placed on the central infrastructure. - - The protocol provides the option that the server name - host key - association is not checked when connecting to the host for the first - time. This allows communication without prior communication of host - keys or certification. The connection still provides protection - against passive listening; however, it becomes vulnerable to active - man-in-the-middle attacks. Implementations SHOULD NOT normally allow - such connections by default, as they pose a potential security - problem. However, as there is no widely deployed key infrastructure - available on the Internet yet, this option makes the protocol much - more usable during the transition time until such an infrastructure - emerges, while still providing a much higher level of security than - that offered by older solutions (e.g. telnet [RFC-854] and rlogin - [RFC-1282]). - - Implementations SHOULD try to make the best effort to check host - keys. An example of a possible strategy is to only accept a host key - without checking the first time a host is connected, save the key in - a local database, and compare against that key on all future - - - -Ylonen & Moffat Expires March 31, 2004 [Page 4] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - connections to that host. - - Implementations MAY provide additional methods for verifying the - correctness of host keys, e.g. a hexadecimal fingerprint derived from - the SHA-1 hash of the public key. Such fingerprints can easily be - verified by using telephone or other external communication channels. - - All implementations SHOULD provide an option to not accept host keys - that cannot be verified. - - We believe that ease of use is critical to end-user acceptance of - security solutions, and no improvement in security is gained if the - new solutions are not used. Thus, providing the option not to check - the server host key is believed to improve the overall security of - the Internet, even though it reduces the security of the protocol in - configurations where it is allowed. - -4.2 Extensibility - - We believe that the protocol will evolve over time, and some - organizations will want to use their own encryption, authentication - and/or key exchange methods. Central registration of all extensions - is cumbersome, especially for experimental or classified features. - On the other hand, having no central registration leads to conflicts - in method identifiers, making interoperability difficult. - - We have chosen to identify algorithms, methods, formats, and - extension protocols with textual names that are of a specific format. - DNS names are used to create local namespaces where experimental or - classified extensions can be defined without fear of conflicts with - other implementations. - - One design goal has been to keep the base protocol as simple as - possible, and to require as few algorithms as possible. However, all - implementations MUST support a minimal set of algorithms to ensure - interoperability (this does not imply that the local policy on all - hosts would necessary allow these algorithms). The mandatory - algorithms are specified in the relevant protocol documents. - - Additional algorithms, methods, formats, and extension protocols can - be defined in separate drafts. See Section Algorithm Naming (Section - 6) for more information. - -4.3 Policy Issues - - The protocol allows full negotiation of encryption, integrity, key - exchange, compression, and public key algorithms and formats. - Encryption, integrity, public key, and compression algorithms can be - - - -Ylonen & Moffat Expires March 31, 2004 [Page 5] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - different for each direction. - - The following policy issues SHOULD be addressed in the configuration - mechanisms of each implementation: - o Encryption, integrity, and compression algorithms, separately for - each direction. The policy MUST specify which is the preferred - algorithm (e.g. the first algorithm listed in each category). - o Public key algorithms and key exchange method to be used for host - authentication. The existence of trusted host keys for different - public key algorithms also affects this choice. - o The authentication methods that are to be required by the server - for each user. The server's policy MAY require multiple - authentication for some or all users. The required algorithms MAY - depend on the location where the user is trying to log in from. - o The operations that the user is allowed to perform using the - connection protocol. Some issues are related to security; for - example, the policy SHOULD NOT allow the server to start sessions - or run commands on the client machine, and MUST NOT allow - connections to the authentication agent unless forwarding such - connections has been requested. Other issues, such as which TCP/ - IP ports can be forwarded and by whom, are clearly issues of local - policy. Many of these issues may involve traversing or bypassing - firewalls, and are interrelated with the local security policy. - -4.4 Security Properties - - The primary goal of the SSH protocol is improved security on the - Internet. It attempts to do this in a way that is easy to deploy, - even at the cost of absolute security. - o All encryption, integrity, and public key algorithms used are - well-known, well-established algorithms. - o All algorithms are used with cryptographically sound key sizes - that are believed to provide protection against even the strongest - cryptanalytic attacks for decades. - o All algorithms are negotiated, and in case some algorithm is - broken, it is easy to switch to some other algorithm without - modifying the base protocol. - - Specific concessions were made to make wide-spread fast deployment - easier. The particular case where this comes up is verifying that - the server host key really belongs to the desired host; the protocol - allows the verification to be left out (but this is NOT RECOMMENDED). - This is believed to significantly improve usability in the short - term, until widespread Internet public key infrastructures emerge. - -4.5 Packet Size and Overhead - - Some readers will worry about the increase in packet size due to new - - - -Ylonen & Moffat Expires March 31, 2004 [Page 6] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - headers, padding, and MAC. The minimum packet size is in the order - of 28 bytes (depending on negotiated algorithms). The increase is - negligible for large packets, but very significant for one-byte - packets (telnet-type sessions). There are, however, several factors - that make this a non-issue in almost all cases: - o The minimum size of a TCP/IP header is 32 bytes. Thus, the - increase is actually from 33 to 51 bytes (roughly). - o The minimum size of the data field of an Ethernet packet is 46 - bytes [RFC-894]. Thus, the increase is no more than 5 bytes. When - Ethernet headers are considered, the increase is less than 10 - percent. - o The total fraction of telnet-type data in the Internet is - negligible, even with increased packet sizes. - - The only environment where the packet size increase is likely to have - a significant effect is PPP [RFC-1134] over slow modem lines (PPP - compresses the TCP/IP headers, emphasizing the increase in packet - size). However, with modern modems, the time needed to transfer is in - the order of 2 milliseconds, which is a lot faster than people can - type. - - There are also issues related to the maximum packet size. To - minimize delays in screen updates, one does not want excessively - large packets for interactive sessions. The maximum packet size is - negotiated separately for each channel. - -4.6 Localization and Character Set Support - - For the most part, the SSH protocols do not directly pass text that - would be displayed to the user. However, there are some places where - such data might be passed. When applicable, the character set for the - data MUST be explicitly specified. In most places, ISO 10646 with - UTF-8 encoding is used [RFC-2279]. When applicable, a field is also - provided for a language tag [RFC-3066]. - - One big issue is the character set of the interactive session. There - is no clear solution, as different applications may display data in - different formats. Different types of terminal emulation may also be - employed in the client, and the character set to be used is - effectively determined by the terminal emulation. Thus, no place is - provided for directly specifying the character set or encoding for - terminal session data. However, the terminal emulation type (e.g. - "vt100") is transmitted to the remote site, and it implicitly - specifies the character set and encoding. Applications typically use - the terminal type to determine what character set they use, or the - character set is determined using some external means. The terminal - emulation may also allow configuring the default character set. In - any case, the character set for the terminal session is considered - - - -Ylonen & Moffat Expires March 31, 2004 [Page 7] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - primarily a client local issue. - - Internal names used to identify algorithms or protocols are normally - never displayed to users, and must be in US-ASCII. - - The client and server user names are inherently constrained by what - the server is prepared to accept. They might, however, occasionally - be displayed in logs, reports, etc. They MUST be encoded using ISO - 10646 UTF-8, but other encodings may be required in some cases. It - is up to the server to decide how to map user names to accepted user - names. Straight bit-wise binary comparison is RECOMMENDED. - - For localization purposes, the protocol attempts to minimize the - number of textual messages transmitted. When present, such messages - typically relate to errors, debugging information, or some externally - configured data. For data that is normally displayed, it SHOULD be - possible to fetch a localized message instead of the transmitted - message by using a numerical code. The remaining messages SHOULD be - configurable. - -5. Data Type Representations Used in the SSH Protocols - byte - - A byte represents an arbitrary 8-bit value (octet) [RFC-1700]. - Fixed length data is sometimes represented as an array of bytes, - written byte[n], where n is the number of bytes in the array. - - boolean - - A boolean value is stored as a single byte. The value 0 - represents FALSE, and the value 1 represents TRUE. All non-zero - values MUST be interpreted as TRUE; however, applications MUST NOT - store values other than 0 and 1. - - uint32 - - Represents a 32-bit unsigned integer. Stored as four bytes in the - order of decreasing significance (network byte order). For - example, the value 699921578 (0x29b7f4aa) is stored as 29 b7 f4 - aa. - - uint64 - - Represents a 64-bit unsigned integer. Stored as eight bytes in - the order of decreasing significance (network byte order). - - - - - - -Ylonen & Moffat Expires March 31, 2004 [Page 8] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - string - - Arbitrary length binary string. Strings are allowed to contain - arbitrary binary data, including null characters and 8-bit - characters. They are stored as a uint32 containing its length - (number of bytes that follow) and zero (= empty string) or more - bytes that are the value of the string. Terminating null - characters are not used. - - Strings are also used to store text. In that case, US-ASCII is - used for internal names, and ISO-10646 UTF-8 for text that might - be displayed to the user. The terminating null character SHOULD - NOT normally be stored in the string. - - For example, the US-ASCII string "testing" is represented as 00 00 - 00 07 t e s t i n g. The UTF8 mapping does not alter the encoding - of US-ASCII characters. - - mpint - - Represents multiple precision integers in two's complement format, - stored as a string, 8 bits per byte, MSB first. Negative numbers - have the value 1 as the most significant bit of the first byte of - the data partition. If the most significant bit would be set for a - positive number, the number MUST be preceded by a zero byte. - Unnecessary leading bytes with the value 0 or 255 MUST NOT be - included. The value zero MUST be stored as a string with zero - bytes of data. - - By convention, a number that is used in modular computations in - Z_n SHOULD be represented in the range 0 <= x < n. - - Examples: - value (hex) representation (hex) - --------------------------------------------------------------- - 0 00 00 00 00 - 9a378f9b2e332a7 00 00 00 08 09 a3 78 f9 b2 e3 32 a7 - 80 00 00 00 02 00 80 - -1234 00 00 00 02 ed cc - -deadbeef 00 00 00 05 ff 21 52 41 11 - - - - name-list - - A string containing a comma separated list of names. A name list - is represented as a uint32 containing its length (number of bytes - that follow) followed by a comma-separated list of zero or more - - - -Ylonen & Moffat Expires March 31, 2004 [Page 9] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - names. A name MUST be non-zero length, and it MUST NOT contain a - comma (','). Context may impose additional restrictions on the - names; for example, the names in a list may have to be valid - algorithm identifier (see Algorithm Naming below), or [RFC-3066] - language tags. The order of the names in a list may or may not be - significant, also depending on the context where the list is is - used. Terminating NUL characters are not used, neither for the - individual names, nor for the list as a whole. - - Examples: - value representation (hex) - --------------------------------------- - (), the empty list 00 00 00 00 - ("zlib") 00 00 00 04 7a 6c 69 62 - ("zlib", "none") 00 00 00 09 7a 6c 69 62 2c 6e 6f 6e 65 - - - - -6. Algorithm Naming - - The SSH protocols refer to particular hash, encryption, integrity, - compression, and key exchange algorithms or protocols by names. - There are some standard algorithms that all implementations MUST - support. There are also algorithms that are defined in the protocol - specification but are OPTIONAL. Furthermore, it is expected that - some organizations will want to use their own algorithms. - - In this protocol, all algorithm identifiers MUST be printable - US-ASCII non-empty strings no longer than 64 characters. Names MUST - be case-sensitive. - - There are two formats for algorithm names: - o Names that do not contain an at-sign (@) are reserved to be - assigned by IETF consensus (RFCs). Examples include `3des-cbc', - `sha-1', `hmac-sha1', and `zlib' (the quotes are not part of the - name). Names of this format MUST NOT be used without first - registering them. Registered names MUST NOT contain an at-sign - (@) or a comma (,). - o Anyone can define additional algorithms by using names in the - format name@domainname, e.g. "ourcipher-cbc@example.com". The - format of the part preceding the at sign is not specified; it MUST - consist of US-ASCII characters except at-sign and comma. The part - following the at-sign MUST be a valid fully qualified internet - domain name [RFC-1034] controlled by the person or organization - defining the name. It is up to each domain how it manages its - local namespace. - - - - -Ylonen & Moffat Expires March 31, 2004 [Page 10] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - -7. Message Numbers - - SSH packets have message numbers in the range 1 to 255. These numbers - have been allocated as follows: - - - Transport layer protocol: - - 1 to 19 Transport layer generic (e.g. disconnect, ignore, debug, - etc.) - 20 to 29 Algorithm negotiation - 30 to 49 Key exchange method specific (numbers can be reused for - different authentication methods) - - User authentication protocol: - - 50 to 59 User authentication generic - 60 to 79 User authentication method specific (numbers can be - reused for different authentication methods) - - Connection protocol: - - 80 to 89 Connection protocol generic - 90 to 127 Channel related messages - - Reserved for client protocols: - - 128 to 191 Reserved - - Local extensions: - - 192 to 255 Local extensions - - - -8. IANA Considerations - - The initial state of the IANA registry is detailed in [SSH-NUMBERS]. - - Allocation of the following types of names in the SSH protocols is - assigned by IETF consensus: - o SSH encryption algorithm names, - o SSH MAC algorithm names, - o SSH public key algorithm names (public key algorithm also implies - encoding and signature/encryption capability), - o SSH key exchange method names, and - o SSH protocol (service) names. - - - - -Ylonen & Moffat Expires March 31, 2004 [Page 11] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - These names MUST be printable US-ASCII strings, and MUST NOT contain - the characters at-sign ('@'), comma (','), or whitespace or control - characters (ASCII codes 32 or less). Names are case-sensitive, and - MUST NOT be longer than 64 characters. - - Names with the at-sign ('@') in them are allocated by the owner of - DNS name after the at-sign (hierarchical allocation in [RFC-2343]), - otherwise the same restrictions as above. - - Each category of names listed above has a separate namespace. - However, using the same name in multiple categories SHOULD be avoided - to minimize confusion. - - Message numbers (see Section Message Numbers (Section 7)) in the - range of 0..191 are allocated via IETF consensus; message numbers in - the 192..255 range (the "Local extensions" set) are reserved for - private use. - -9. Security Considerations - - In order to make the entire body of Security Considerations more - accessible, Security Considerations for the transport, - authentication, and connection documents have been gathered here. - - The transport protocol [1] provides a confidential channel over an - insecure network. It performs server host authentication, key - exchange, encryption, and integrity protection. It also derives a - unique session id that may be used by higher-level protocols. - - The authentication protocol [2] provides a suite of mechanisms which - can be used to authenticate the client user to the server. - Individual mechanisms specified in the in authentication protocol use - the session id provided by the transport protocol and/or depend on - the security and integrity guarantees of the transport protocol. - - The connection protocol [3] specifies a mechanism to multiplex - multiple streams [channels] of data over the confidential and - authenticated transport. It also specifies channels for accessing an - interactive shell, for 'proxy-forwarding' various external protocols - over the secure transport (including arbitrary TCP/IP protocols), and - for accessing secure 'subsystems' on the server host. - -9.1 Pseudo-Random Number Generation - - This protocol binds each session key to the session by including - random, session specific data in the hash used to produce session - keys. Special care should be taken to ensure that all of the random - numbers are of good quality. If the random data here (e.g., DH - - - -Ylonen & Moffat Expires March 31, 2004 [Page 12] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - parameters) are pseudo-random then the pseudo-random number generator - should be cryptographically secure (i.e., its next output not easily - guessed even when knowing all previous outputs) and, furthermore, - proper entropy needs to be added to the pseudo-random number - generator. RFC 1750 [1750] offers suggestions for sources of random - numbers and entropy. Implementors should note the importance of - entropy and the well-meant, anecdotal warning about the difficulty in - properly implementing pseudo-random number generating functions. - - The amount of entropy available to a given client or server may - sometimes be less than what is required. In this case one must - either resort to pseudo-random number generation regardless of - insufficient entropy or refuse to run the protocol. The latter is - preferable. - -9.2 Transport - -9.2.1 Confidentiality - - It is beyond the scope of this document and the Secure Shell Working - Group to analyze or recommend specific ciphers other than the ones - which have been established and accepted within the industry. At the - time of this writing, ciphers commonly in use include 3DES, ARCFOUR, - twofish, serpent and blowfish. AES has been accepted by The - published as a US Federal Information Processing Standards [FIPS-197] - and the cryptographic community as being acceptable for this purpose - as well has accepted AES. As always, implementors and users should - check current literature to ensure that no recent vulnerabilities - have been found in ciphers used within products. Implementors should - also check to see which ciphers are considered to be relatively - stronger than others and should recommend their use to users over - relatively weaker ciphers. It would be considered good form for an - implementation to politely and unobtrusively notify a user that a - stronger cipher is available and should be used when a weaker one is - actively chosen. - - The "none" cipher is provided for debugging and SHOULD NOT be used - except for that purpose. It's cryptographic properties are - sufficiently described in RFC 2410, which will show that its use does - not meet the intent of this protocol. - - The relative merits of these and other ciphers may also be found in - current literature. Two references that may provide information on - the subject are [SCHNEIER] and [KAUFMAN,PERLMAN,SPECINER]. Both of - these describe the CBC mode of operation of certain ciphers and the - weakness of this scheme. Essentially, this mode is theoretically - vulnerable to chosen cipher-text attacks because of the high - predictability of the start of packet sequence. However, this attack - - - -Ylonen & Moffat Expires March 31, 2004 [Page 13] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - is still deemed difficult and not considered fully practicable - especially if relatively longer block sizes are used. - - Additionally, another CBC mode attack may be mitigated through the - insertion of packets containing SSH_MSG_IGNORE. Without this - technique, a specific attack may be successful. For this attack - (commonly known as the Rogaway attack - [ROGAWAY],[DAI],[BELLARE,KOHNO,NAMPREMPRE]) to work, the attacker - would need to know the IV of the next block that is going to be - encrypted. In CBC mode that is the output of the encryption of the - previous block. If the attacker does not have any way to see the - packet yet (i.e it is in the internal buffers of the ssh - implementation or even in the kernel) then this attack will not work. - If the last packet has been sent out to the network (i.e the attacker - has access to it) then he can use the attack. - - In the optimal case an implementor would need to add an extra packet - only if the packet has been sent out onto the network and there are - no other packets waiting for transmission. Implementors may wish to - check to see if there are any unsent packets awaiting transmission, - but unfortunately it is not normally easy to obtain this information - from the kernel or buffers. If there are not, then a packet - containing SSH_MSG_IGNORE SHOULD be sent. If a new packet is added - to the stream every time the attacker knows the IV that is supposed - to be used for the next packet, then the attacker will not be able to - guess the correct IV, thus the attack will never be successfull. - - As an example, consider the following case: - - - Client Server - ------ ------ - TCP(seq=x, len=500) -> - contains Record 1 - - [500 ms passes, no ACK] - - TCP(seq=x, len=1000) -> - contains Records 1,2 - - ACK - - - 1. The Nagle algorithm + TCP retransmits mean that the two records - get coalesced into a single TCP segment - 2. Record 2 is *not* at the beginning of the TCP segment and never - will be, since it gets ACKed. - - - - -Ylonen & Moffat Expires March 31, 2004 [Page 14] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - 3. Yet, the attack is possible because Record 1 has already been - seen. - - As this example indicates, it's totally unsafe to use the existence - of unflushed data in the TCP buffers proper as a guide to whether you - need an empty packet, since when you do the second write(), the - buffers will contain the un-ACKed Record 1. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Ylonen & Moffat Expires March 31, 2004 [Page 15] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - On the other hand, it's perfectly safe to have the following - situation: - - - Client Server - ------ ------ - TCP(seq=x, len=500) -> - contains SSH_MSG_IGNORE - - TCP(seq=y, len=500) -> - contains Data - - Provided that the IV for second SSH Record is fixed after the data for - the Data packet is determined -i.e. you do: - read from user - encrypt null packet - encrypt data packet - - -9.2.2 Data Integrity - - This protocol does allow the Data Integrity mechanism to be disabled. - Implementors SHOULD be wary of exposing this feature for any purpose - other than debugging. Users and administrators SHOULD be explicitly - warned anytime the "none" MAC is enabled. - - So long as the "none" MAC is not used, this protocol provides data - integrity. - - Because MACs use a 32 bit sequence number, they might start to leak - information after 2**32 packets have been sent. However, following - the rekeying recommendations should prevent this attack. The - transport protocol [1] recommends rekeying after one gigabyte of - data, and the smallest possible packet is 16 bytes. Therefore, - rekeying SHOULD happen after 2**28 packets at the very most. - -9.2.3 Replay - - The use of a MAC other than 'none' provides integrity and - authentication. In addition, the transport protocol provides a - unique session identifier (bound in part to pseudo-random data that - is part of the algorithm and key exchange process) that can be used - by higher level protocols to bind data to a given session and prevent - replay of data from prior sessions. For example, the authentication - protocol uses this to prevent replay of signatures from previous - sessions. Because public key authentication exchanges are - cryptographically bound to the session (i.e., to the initial key - exchange) they cannot be successfully replayed in other sessions. - - - -Ylonen & Moffat Expires March 31, 2004 [Page 16] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - Note that the session ID can be made public without harming the - security of the protocol. - - If two session happen to have the same session ID [hash of key - exchanges] then packets from one can be replayed against the other. - It must be stressed that the chances of such an occurrence are, - needless to say, minimal when using modern cryptographic methods. - This is all the more so true when specifying larger hash function - outputs and DH parameters. - - Replay detection using monotonically increasing sequence numbers as - input to the MAC, or HMAC in some cases, is described in [RFC2085] /> - [RFC2246], [RFC2743], [RFC1964], [RFC2025], and [RFC1510]. The - underlying construct is discussed in [RFC2104]. Essentially a - different sequence number in each packet ensures that at least this - one input to the MAC function will be unique and will provide a - nonrecurring MAC output that is not predictable to an attacker. If - the session stays active long enough, however, this sequence number - will wrap. This event may provide an attacker an opportunity to - replay a previously recorded packet with an identical sequence number - but only if the peers have not rekeyed since the transmission of the - first packet with that sequence number. If the peers have rekeyed, - then the replay will be detected as the MAC check will fail. For - this reason, it must be emphasized that peers MUST rekey before a - wrap of the sequence numbers. Naturally, if an attacker does attempt - to replay a captured packet before the peers have rekeyed, then the - receiver of the duplicate packet will not be able to validate the MAC - and it will be discarded. The reason that the MAC will fail is - because the receiver will formulate a MAC based upon the packet - contents, the shared secret, and the expected sequence number. Since - the replayed packet will not be using that expected sequence number - (the sequence number of the replayed packet will have already been - passed by the receiver) then the calculated MAC will not match the - MAC received with the packet. - -9.2.4 Man-in-the-middle - - This protocol makes no assumptions nor provisions for an - infrastructure or means for distributing the public keys of hosts. It - is expected that this protocol will sometimes be used without first - verifying the association between the server host key and the server - host name. Such usage is vulnerable to man-in-the-middle attacks. - This section describes this and encourages administrators and users - to understand the importance of verifying this association before any - session is initiated. - - There are three cases of man-in-the-middle attacks to consider. The - first is where an attacker places a device between the client and the - - - -Ylonen & Moffat Expires March 31, 2004 [Page 17] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - server before the session is initiated. In this case, the attack - device is trying to mimic the legitimate server and will offer its - public key to the client when the client initiates a session. If it - were to offer the public key of the server, then it would not be able - to decrypt or sign the transmissions between the legitimate server - and the client unless it also had access to the private-key of the - host. The attack device will also, simultaneously to this, initiate - a session to the legitimate server masquerading itself as the client. - If the public key of the server had been securely distributed to the - client prior to that session initiation, the key offered to the - client by the attack device will not match the key stored on the - client. In that case, the user SHOULD be given a warning that the - offered host key does not match the host key cached on the client. - As described in Section 3.1 of [ARCH], the user may be free to accept - the new key and continue the session. It is RECOMMENDED that the - warning provide sufficient information to the user of the client - device so they may make an informed decision. If the user chooses to - continue the session with the stored public-key of the server (not - the public-key offered at the start of the session), then the session - specific data between the attacker and server will be different - between the client-to-attacker session and the attacker-to-server - sessions due to the randomness discussed above. From this, the - attacker will not be able to make this attack work since the attacker - will not be able to correctly sign packets containing this session - specific data from the server since he does not have the private key - of that server. - - The second case that should be considered is similar to the first - case in that it also happens at the time of connection but this case - points out the need for the secure distribution of server public - keys. If the server public keys are not securely distributed then - the client cannot know if it is talking to the intended server. An - attacker may use social engineering techniques to pass off server - keys to unsuspecting users and may then place a man-in-the-middle - attack device between the legitimate server and the clients. If this - is allowed to happen then the clients will form client-to-attacker - sessions and the attacker will form attacker-to-server sessions and - will be able to monitor and manipulate all of the traffic between the - clients and the legitimate servers. Server administrators are - encouraged to make host key fingerprints available for checking by - some means whose security does not rely on the integrity of the - actual host keys. Possible mechanisms are discussed in Section 3.1 - of [SSH-ARCH] and may also include secured Web pages, physical pieces - of paper, etc. Implementors SHOULD provide recommendations on how - best to do this with their implementation. Because the protocol is - extensible, future extensions to the protocol may provide better - mechanisms for dealing with the need to know the server's host key - before connecting. For example, making the host key fingerprint - - - -Ylonen & Moffat Expires March 31, 2004 [Page 18] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - available through a secure DNS lookup, or using kerberos over gssapi - during key exchange to authenticate the server are possibilities. - - In the third man-in-the-middle case, attackers may attempt to - manipulate packets in transit between peers after the session has - been established. As described in the Replay part of this section, a - successful attack of this nature is very improbable. As in the - Replay section, this reasoning does assume that the MAC is secure and - that it is infeasible to construct inputs to a MAC algorithm to give - a known output. This is discussed in much greater detail in Section - 6 of RFC 2104. If the MAC algorithm has a vulnerability or is weak - enough, then the attacker may be able to specify certain inputs to - yield a known MAC. With that they may be able to alter the contents - of a packet in transit. Alternatively the attacker may be able to - exploit the algorithm vulnerability or weakness to find the shared - secret by reviewing the MACs from captured packets. In either of - those cases, an attacker could construct a packet or packets that - could be inserted into an SSH stream. To prevent that, implementors - are encouraged to utilize commonly accepted MAC algorithms and - administrators are encouraged to watch current literature and - discussions of cryptography to ensure that they are not using a MAC - algorithm that has a recently found vulnerability or weakness. - - In summary, the use of this protocol without a reliable association - of the binding between a host and its host keys is inherently - insecure and is NOT RECOMMENDED. It may however be necessary in - non-security critical environments, and will still provide protection - against passive attacks. Implementors of protocols and applications - running on top of this protocol should keep this possibility in mind. - -9.2.5 Denial-of-service - - This protocol is designed to be used over a reliable transport. If - transmission errors or message manipulation occur, the connection is - closed. The connection SHOULD be re-established if this occurs. - Denial of service attacks of this type ("wire cutter") are almost - impossible to avoid. - - In addition, this protocol is vulnerable to Denial of Service attacks - because an attacker can force the server to go through the CPU and - memory intensive tasks of connection setup and key exchange without - authenticating. Implementors SHOULD provide features that make this - more difficult. For example, only allowing connections from a subset - of IPs known to have valid users. - -9.2.6 Covert Channels - - The protocol was not designed to eliminate covert channels. For - - - -Ylonen & Moffat Expires March 31, 2004 [Page 19] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - example, the padding, SSH_MSG_IGNORE messages, and several other - places in the protocol can be used to pass covert information, and - the recipient has no reliable way to verify whether such information - is being sent. - -9.2.7 Forward Secrecy - - It should be noted that the Diffie-Hellman key exchanges may provide - perfect forward secrecy (PFS). PFS is essentially defined as the - cryptographic property of a key-establishment protocol in which the - compromise of a session key or long-term private key after a given - session does not cause the compromise of any earlier session. [ANSI - T1.523-2001] SSHv2 sessions resulting from a key exchange using - diffie-hellman-group1-sha1 are secure even if private keying/ - authentication material is later revealed, but not if the session - keys are revealed. So, given this definition of PFS, SSHv2 does have - PFS. It is hoped that all other key exchange mechanisms proposed and - used in the future will also provide PFS. This property is not - commuted to any of the applications or protocols using SSH as a - transport however. The transport layer of SSH provides - confidentiality for password authentication and other methods that - rely on secret data. - - Of course, if the DH private parameters for the client and server are - revealed then the session key is revealed, but these items can be - thrown away after the key exchange completes. It's worth pointing - out that these items should not be allowed to end up on swap space - and that they should be erased from memory as soon as the key - exchange completes. - -9.3 Authentication Protocol - - The purpose of this protocol is to perform client user - authentication. It assumes that this run over a secure transport - layer protocol, which has already authenticated the server machine, - established an encrypted communications channel, and computed a - unique session identifier for this session. - - Several authentication methods with different security - characteristics are allowed. It is up to the server's local policy - to decide which methods (or combinations of methods) it is willing to - accept for each user. Authentication is no stronger than the weakest - combination allowed. - - The server may go into a "sleep" period after repeated unsuccessful - authentication attempts to make key search more difficult for - attackers. Care should be taken so that this doesn't become a - self-denial of service vector. - - - -Ylonen & Moffat Expires March 31, 2004 [Page 20] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - -9.3.1 Weak Transport - - If the transport layer does not provide confidentiality, - authentication methods that rely on secret data SHOULD be disabled. - If it does not provide strong integrity protection, requests to - change authentication data (e.g. a password change) SHOULD be - disabled to prevent an attacker from modifying the ciphertext - without being noticed, or rendering the new authentication data - unusable (denial of service). - - The assumption as stated above that the Authentication Protocol only - run over a secure transport that has previously authenticated the - server is very important to note. People deploying SSH are reminded - of the consequences of man-in-the-middle attacks if the client does - not have a very strong a priori association of the server with the - host key of that server. Specifically for the case of the - Authentication Protocol the client may form a session to a - man-in-the-middle attack device and divulge user credentials such as - their username and password. Even in the cases of authentication - where no user credentials are divulged, an attacker may still gain - information they shouldn't have by capturing key-strokes in much the - same way that a honeypot works. - -9.3.2 Debug messages - - Special care should be taken when designing debug messages. These - messages may reveal surprising amounts of information about the host - if not properly designed. Debug messages can be disabled (during - user authentication phase) if high security is required. - Administrators of host machines should make all attempts to - compartmentalize all event notification messages and protect them - from unwarranted observation. Developers should be aware of the - sensitive nature of some of the normal event messages and debug - messages and may want to provide guidance to administrators on ways - to keep this information away from unauthorized people. Developers - should consider minimizing the amount of sensitive information - obtainable by users during the authentication phase in accordance - with the local policies. For this reason, it is RECOMMENDED that - debug messages be initially disabled at the time of deployment and - require an active decision by an administrator to allow them to be - enabled. It is also RECOMMENDED that a message expressing this - concern be presented to the administrator of a system when the action - is taken to enable debugging messages. - -9.3.3 Local security policy - - Implementer MUST ensure that the credentials provided validate the - professed user and also MUST ensure that the local policy of the - - - -Ylonen & Moffat Expires March 31, 2004 [Page 21] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - server permits the user the access requested. In particular, because - of the flexible nature of the SSH connection protocol, it may not be - possible to determine the local security policy, if any, that should - apply at the time of authentication because the kind of service being - requested is not clear at that instant. For example, local policy - might allow a user to access files on the server, but not start an - interactive shell. However, during the authentication protocol, it is - not known whether the user will be accessing files or attempting to - use an interactive shell, or even both. In any event, where local - security policy for the server host exists, it MUST be applied and - enforced correctly. - - Implementors are encouraged to provide a default local policy and - make its parameters known to administrators and users. At the - discretion of the implementors, this default policy may be along the - lines of 'anything goes' where there are no restrictions placed upon - users, or it may be along the lines of 'excessively restrictive' in - which case the administrators will have to actively make changes to - this policy to meet their needs. Alternatively, it may be some - attempt at providing something practical and immediately useful to - the administrators of the system so they don't have to put in much - effort to get SSH working. Whatever choice is made MUST be applied - and enforced as required above. - -9.3.4 Public key authentication - - The use of public-key authentication assumes that the client host has - not been compromised. It also assumes that the private-key of the - server host has not been compromised. - - This risk can be mitigated by the use of passphrases on private keys; - however, this is not an enforceable policy. The use of smartcards, - or other technology to make passphrases an enforceable policy is - suggested. - - The server could require both password and public-key authentication, - however, this requires the client to expose its password to the - server (see section on password authentication below.) - -9.3.5 Password authentication - - The password mechanism as specified in the authentication protocol - assumes that the server has not been compromised. If the server has - been compromised, using password authentication will reveal a valid - username / password combination to the attacker, which may lead to - further compromises. - - This vulnerability can be mitigated by using an alternative form of - - - -Ylonen & Moffat Expires March 31, 2004 [Page 22] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - authentication. For example, public-key authentication makes no - assumptions about security on the server. - -9.3.6 Host based authentication - - Host based authentication assumes that the client has not been - compromised. There are no mitigating strategies, other than to use - host based authentication in combination with another authentication - method. - -9.4 Connection protocol - -9.4.1 End point security - - End point security is assumed by the connection protocol. If the - server has been compromised, any terminal sessions, port forwarding, - or systems accessed on the host are compromised. There are no - mitigating factors for this. - - If the client end point has been compromised, and the server fails to - stop the attacker at the authentication protocol, all services - exposed (either as subsystems or through forwarding) will be - vulnerable to attack. Implementors SHOULD provide mechanisms for - administrators to control which services are exposed to limit the - vulnerability of other services. - - These controls might include controlling which machines and ports can - be target in 'port-forwarding' operations, which users are allowed to - use interactive shell facilities, or which users are allowed to use - exposed subsystems. - -9.4.2 Proxy forwarding - - The SSH connection protocol allows for proxy forwarding of other - protocols such as SNMP, POP3, and HTTP. This may be a concern for - network administrators who wish to control the access of certain - applications by users located outside of their physical location. - Essentially, the forwarding of these protocols may violate site - specific security policies as they may be undetectably tunneled - through a firewall. Implementors SHOULD provide an administrative - mechanism to control the proxy forwarding functionality so that site - specific security policies may be upheld. - - In addition, a reverse proxy forwarding functionality is available, - which again can be used to bypass firewall controls. - - As indicated above, end-point security is assumed during proxy - forwarding operations. Failure of end-point security will compromise - - - -Ylonen & Moffat Expires March 31, 2004 [Page 23] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - all data passed over proxy forwarding. - -9.4.3 X11 forwarding - - Another form of proxy forwarding provided by the ssh connection - protocol is the forwarding of the X11 protocol. If end-point - security has been compromised, X11 forwarding may allow attacks - against the X11 server. Users and administrators should, as a matter - of course, use appropriate X11 security mechanisms to prevent - unauthorized use of the X11 server. Implementors, administrators and - users who wish to further explore the security mechanisms of X11 are - invited to read [SCHEIFLER] and analyze previously reported problems - with the interactions between SSH forwarding and X11 in CERT - vulnerabilities VU#363181 and VU#118892 [CERT]. - - X11 display forwarding with SSH, by itself, is not sufficient to - correct well known problems with X11 security [VENEMA]. However, X11 - display forwarding in SSHv2 (or other, secure protocols), combined - with actual and pseudo-displays which accept connections only over - local IPC mechanisms authorized by permissions or ACLs, does correct - many X11 security problems as long as the "none" MAC is not used. It - is RECOMMENDED that X11 display implementations default to allowing - display opens only over local IPC. It is RECOMMENDED that SSHv2 - server implementations that support X11 forwarding default to - allowing display opens only over local IPC. On single-user systems - it might be reasonable to default to allowing local display opens - over TCP/IP. - - Implementors of the X11 forwarding protocol SHOULD implement the - magic cookie access checking spoofing mechanism as described in - [ssh-connect] as an additional mechanism to prevent unauthorized use - of the proxy. - -Normative References - - [SSH-ARCH] - Ylonen, T., "SSH Protocol Architecture", I-D - draft-ietf-architecture-15.txt, Oct 2003. - - [SSH-TRANS] - Ylonen, T., "SSH Transport Layer Protocol", I-D - draft-ietf-transport-17.txt, Oct 2003. - - [SSH-USERAUTH] - Ylonen, T., "SSH Authentication Protocol", I-D - draft-ietf-userauth-18.txt, Oct 2003. - - [SSH-CONNECT] - - - -Ylonen & Moffat Expires March 31, 2004 [Page 24] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - Ylonen, T., "SSH Connection Protocol", I-D - draft-ietf-connect-18.txt, Oct 2003. - - [SSH-NUMBERS] - Lehtinen, S. and D. Moffat, "SSH Protocol Assigned - Numbers", I-D draft-ietf-secsh-assignednumbers-05.txt, Oct - 2003. - - [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate - Requirement Levels", BCP 14, RFC 2119, March 1997. - -Informative References - - [FIPS-186] - Federal Information Processing Standards Publication, - "FIPS PUB 186, Digital Signature Standard", May 1994. - - [FIPS-197] - National Institue of Standards and Technology, "FIPS 197, - Specification for the Advanced Encryption Standard", - November 2001. - - [ANSI T1.523-2001] - American National Standards Insitute, Inc., "Telecom - Glossary 2000", February 2001. - - [SCHEIFLER] - Scheifler, R., "X Window System : The Complete Reference - to Xlib, X Protocol, Icccm, Xlfd, 3rd edition.", Digital - Press ISBN 1555580882, Feburary 1992. - - [RFC0854] Postel, J. and J. Reynolds, "Telnet Protocol - Specification", STD 8, RFC 854, May 1983. - - [RFC0894] Hornig, C., "Standard for the transmission of IP datagrams - over Ethernet networks", STD 41, RFC 894, April 1984. - - [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", - STD 13, RFC 1034, November 1987. - - [RFC1134] Perkins, D., "Point-to-Point Protocol: A proposal for - multi-protocol transmission of datagrams over - Point-to-Point links", RFC 1134, November 1989. - - [RFC1282] Kantor, B., "BSD Rlogin", RFC 1282, December 1991. - - [RFC1510] Kohl, J. and B. Neuman, "The Kerberos Network - Authentication Service (V5)", RFC 1510, September 1993. - - - -Ylonen & Moffat Expires March 31, 2004 [Page 25] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - [RFC1700] Reynolds, J. and J. Postel, "Assigned Numbers", RFC 1700, - October 1994. - - [RFC1750] Eastlake, D., Crocker, S. and J. Schiller, "Randomness - Recommendations for Security", RFC 1750, December 1994. - - [RFC3066] Alvestrand, H., "Tags for the Identification of - Languages", BCP 47, RFC 3066, January 2001. - - [RFC1964] Linn, J., "The Kerberos Version 5 GSS-API Mechanism", RFC - 1964, June 1996. - - [RFC2025] Adams, C., "The Simple Public-Key GSS-API Mechanism - (SPKM)", RFC 2025, October 1996. - - [RFC2085] Oehler, M. and R. Glenn, "HMAC-MD5 IP Authentication with - Replay Prevention", RFC 2085, February 1997. - - [RFC2104] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: - Keyed-Hashing for Message Authentication", RFC 2104, - February 1997. - - [RFC2246] Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A. - and P. Kocher, "The TLS Protocol Version 1.0", RFC 2246, - January 1999. - - [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO - 10646", RFC 2279, January 1998. - - [RFC2410] Glenn, R. and S. Kent, "The NULL Encryption Algorithm and - Its Use With IPsec", RFC 2410, November 1998. - - [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an - IANA Considerations Section in RFCs", BCP 26, RFC 2434, - October 1998. - - [RFC2743] Linn, J., "Generic Security Service Application Program - Interface Version 2, Update 1", RFC 2743, January 2000. - - [SCHNEIER] - Schneier, B., "Applied Cryptography Second Edition: - protocols algorithms and source in code in C", 1996. - - [KAUFMAN,PERLMAN,SPECINER] - Kaufman, C., Perlman, R. and M. Speciner, "Network - Security: PRIVATE Communication in a PUBLIC World", 1995. - - [CERT] CERT Coordination Center, The., "http://www.cert.org/nav/ - - - -Ylonen & Moffat Expires March 31, 2004 [Page 26] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - index_red.html". - - [VENEMA] Venema, W., "Murphy's Law and Computer Security", - Proceedings of 6th USENIX Security Symposium, San Jose CA - http://www.usenix.org/publications/library/proceedings/ - sec96/venema.html, July 1996. - - [ROGAWAY] Rogaway, P., "Problems with Proposed IP Cryptography", - Unpublished paper http://www.cs.ucdavis.edu/~rogaway/ - papers/draft-rogaway-ipsec-comments-00.txt, 1996. - - [DAI] Dai, W., "An attack against SSH2 protocol", Email to the - SECSH Working Group ietf-ssh@netbsd.org ftp:// - ftp.ietf.org/ietf-mail-archive/secsh/2002-02.mail, Feb - 2002. - - [BELLARE,KOHNO,NAMPREMPRE] - Bellaire, M., Kohno, T. and C. Namprempre, "Authenticated - Encryption in SSH: Fixing the SSH Binary Packet Protocol", - , Sept 2002. - - -Authors' Addresses - - Tatu Ylonen - SSH Communications Security Corp - Fredrikinkatu 42 - HELSINKI FIN-00100 - Finland - - EMail: ylo@ssh.com - - - Darren J. Moffat (editor) - Sun Microsystems, Inc - 17 Network Circle - Menlo Park CA 94025 - USA - - EMail: Darren.Moffat@Sun.COM - - - - - - - - - - - -Ylonen & Moffat Expires March 31, 2004 [Page 27] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - -Intellectual Property Statement - - The IETF takes no position regarding the validity or scope of any - intellectual property or other rights that might be claimed to - pertain to the implementation or use of the technology described in - this document or the extent to which any license under such rights - might or might not be available; neither does it represent that it - has made any effort to identify any such rights. Information on the - IETF's procedures with respect to rights in standards-track and - standards-related documentation can be found in BCP-11. Copies of - claims of rights made available for publication and any assurances of - licenses to be made available, or the result of an attempt made to - obtain a general license or permission for the use of such - proprietary rights by implementors or users of this specification can - be obtained from the IETF Secretariat. - - The IETF invites any interested party to bring to its attention any - copyrights, patents or patent applications, or other proprietary - rights which may cover technology that may be required to practice - this standard. Please address the information to the IETF Executive - Director. - - The IETF has been notified of intellectual property rights claimed in - regard to some or all of the specification contained in this - document. For more information consult the online list of claimed - rights. - - -Full Copyright Statement - - Copyright (C) The Internet Society (2003). All Rights Reserved. - - This document and translations of it may be copied and furnished to - others, and derivative works that comment on or otherwise explain it - or assist in its implementation may be prepared, copied, published - and distributed, in whole or in part, without restriction of any - kind, provided that the above copyright notice and this paragraph are - included on all such copies and derivative works. However, this - document itself may not be modified in any way, such as by removing - the copyright notice or references to the Internet Society or other - Internet organizations, except as needed for the purpose of - developing Internet standards in which case the procedures for - copyrights defined in the Internet Standards process must be - followed, or as required to translate it into languages other than - English. - - The limited permissions granted above are perpetual and will not be - revoked by the Internet Society or its successors or assignees. - - - -Ylonen & Moffat Expires March 31, 2004 [Page 28] - -Internet-Draft SSH Protocol Architecture Oct 2003 - - - This document and the information contained herein is provided on an - "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING - TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION - HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF - MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - -Acknowledgment - - Funding for the RFC Editor function is currently provided by the - Internet Society. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Ylonen & Moffat Expires March 31, 2004 [Page 29] \ No newline at end of file diff --git a/lib/ssh/doc/standard/draft-ietf-secsh-connect-18.2.ps b/lib/ssh/doc/standard/draft-ietf-secsh-connect-18.2.ps deleted file mode 100644 index 7a386724c2..0000000000 --- a/lib/ssh/doc/standard/draft-ietf-secsh-connect-18.2.ps +++ /dev/null @@ -1,2557 +0,0 @@ -%!PS-Adobe-3.0 -%%BoundingBox: 75 0 595 747 -%%Title: Enscript Output -%%For: Magnus Thoang -%%Creator: GNU enscript 1.6.1 -%%CreationDate: Fri Oct 31 13:33:02 2003 -%%Orientation: Portrait -%%Pages: 11 0 -%%DocumentMedia: A4 595 842 0 () () -%%DocumentNeededResources: (atend) -%%EndComments -%%BeginProlog -%%BeginProcSet: PStoPS 1 15 -userdict begin -[/showpage/erasepage/copypage]{dup where{pop dup load - type/operatortype eq{1 array cvx dup 0 3 index cvx put - bind def}{pop}ifelse}{pop}ifelse}forall -[/letter/legal/executivepage/a4/a4small/b5/com10envelope - /monarchenvelope/c5envelope/dlenvelope/lettersmall/note - /folio/quarto/a5]{dup where{dup wcheck{exch{}put} - {pop{}def}ifelse}{pop}ifelse}forall -/setpagedevice {pop}bind 1 index where{dup wcheck{3 1 roll put} - {pop def}ifelse}{def}ifelse -/PStoPSmatrix matrix currentmatrix def -/PStoPSxform matrix def/PStoPSclip{clippath}def -/defaultmatrix{PStoPSmatrix exch PStoPSxform exch concatmatrix}bind def -/initmatrix{matrix defaultmatrix setmatrix}bind def -/initclip[{matrix currentmatrix PStoPSmatrix setmatrix - [{currentpoint}stopped{$error/newerror false put{newpath}} - {/newpath cvx 3 1 roll/moveto cvx 4 array astore cvx}ifelse] - {[/newpath cvx{/moveto cvx}{/lineto cvx} - {/curveto cvx}{/closepath cvx}pathforall]cvx exch pop} - stopped{$error/errorname get/invalidaccess eq{cleartomark - $error/newerror false put cvx exec}{stop}ifelse}if}bind aload pop - /initclip dup load dup type dup/operatortype eq{pop exch pop} - {dup/arraytype eq exch/packedarraytype eq or - {dup xcheck{exch pop aload pop}{pop cvx}ifelse} - {pop cvx}ifelse}ifelse - {newpath PStoPSclip clip newpath exec setmatrix} bind aload pop]cvx def -/initgraphics{initmatrix newpath initclip 1 setlinewidth - 0 setlinecap 0 setlinejoin []0 setdash 0 setgray - 10 setmiterlimit}bind def -end -%%EndProcSet -%%BeginResource: procset Enscript-Prolog 1.6 1 -% -% Procedures. -% - -/_S { % save current state - /_s save def -} def -/_R { % restore from saved state - _s restore -} def - -/S { % showpage protecting gstate - gsave - showpage - grestore -} bind def - -/MF { % fontname newfontname -> - make a new encoded font - /newfontname exch def - /fontname exch def - - /fontdict fontname findfont def - /newfont fontdict maxlength dict def - - fontdict { - exch - dup /FID eq { - % skip FID pair - pop pop - } { - % copy to the new font dictionary - exch newfont 3 1 roll put - } ifelse - } forall - - newfont /FontName newfontname put - - % insert only valid encoding vectors - encoding_vector length 256 eq { - newfont /Encoding encoding_vector put - } if - - newfontname newfont definefont pop -} def - -/SF { % fontname width height -> - set a new font - /height exch def - /width exch def - - findfont - [width 0 0 height 0 0] makefont setfont -} def - -/SUF { % fontname width height -> - set a new user font - /height exch def - /width exch def - - /F-gs-user-font MF - /F-gs-user-font width height SF -} def - -/M {moveto} bind def -/s {show} bind def - -/Box { % x y w h -> - define box path - /d_h exch def /d_w exch def /d_y exch def /d_x exch def - d_x d_y moveto - d_w 0 rlineto - 0 d_h rlineto - d_w neg 0 rlineto - closepath -} def - -/bgs { % x y height blskip gray str -> - show string with bg color - /str exch def - /gray exch def - /blskip exch def - /height exch def - /y exch def - /x exch def - - gsave - x y blskip sub str stringwidth pop height Box - gray setgray - fill - grestore - x y M str s -} def - -% Highlight bars. -/highlight_bars { % nlines lineheight output_y_margin gray -> - - gsave - setgray - /ymarg exch def - /lineheight exch def - /nlines exch def - - % This 2 is just a magic number to sync highlight lines to text. - 0 d_header_y ymarg sub 2 sub translate - - /cw d_output_w cols div def - /nrows d_output_h ymarg 2 mul sub lineheight div cvi def - - % for each column - 0 1 cols 1 sub { - cw mul /xp exch def - - % for each rows - 0 1 nrows 1 sub { - /rn exch def - rn lineheight mul neg /yp exch def - rn nlines idiv 2 mod 0 eq { - % Draw highlight bar. 4 is just a magic indentation. - xp 4 add yp cw 8 sub lineheight neg Box fill - } if - } for - } for - - grestore -} def - -% Line highlight bar. -/line_highlight { % x y width height gray -> - - gsave - /gray exch def - Box gray setgray fill - grestore -} def - -% Column separator lines. -/column_lines { - gsave - .1 setlinewidth - 0 d_footer_h translate - /cw d_output_w cols div def - 1 1 cols 1 sub { - cw mul 0 moveto - 0 d_output_h rlineto stroke - } for - grestore -} def - -% Column borders. -/column_borders { - gsave - .1 setlinewidth - 0 d_footer_h moveto - 0 d_output_h rlineto - d_output_w 0 rlineto - 0 d_output_h neg rlineto - closepath stroke - grestore -} def - -% Do the actual underlay drawing -/draw_underlay { - ul_style 0 eq { - ul_str true charpath stroke - } { - ul_str show - } ifelse -} def - -% Underlay -/underlay { % - -> - - gsave - 0 d_page_h translate - d_page_h neg d_page_w atan rotate - - ul_gray setgray - ul_font setfont - /dw d_page_h dup mul d_page_w dup mul add sqrt def - ul_str stringwidth pop dw exch sub 2 div ul_h_ptsize -2 div moveto - draw_underlay - grestore -} def - -/user_underlay { % - -> - - gsave - ul_x ul_y translate - ul_angle rotate - ul_gray setgray - ul_font setfont - 0 0 ul_h_ptsize 2 div sub moveto - draw_underlay - grestore -} def - -% Page prefeed -/page_prefeed { % bool -> - - statusdict /prefeed known { - statusdict exch /prefeed exch put - } { - pop - } ifelse -} def - -% Wrapped line markers -/wrapped_line_mark { % x y charwith charheight type -> - - /type exch def - /h exch def - /w exch def - /y exch def - /x exch def - - type 2 eq { - % Black boxes (like TeX does) - gsave - 0 setlinewidth - x w 4 div add y M - 0 h rlineto w 2 div 0 rlineto 0 h neg rlineto - closepath fill - grestore - } { - type 3 eq { - % Small arrows - gsave - .2 setlinewidth - x w 2 div add y h 2 div add M - w 4 div 0 rlineto - x w 4 div add y lineto stroke - - x w 4 div add w 8 div add y h 4 div add M - x w 4 div add y lineto - w 4 div h 8 div rlineto stroke - grestore - } { - % do nothing - } ifelse - } ifelse -} def - -% EPSF import. - -/BeginEPSF { - /b4_Inc_state save def % Save state for cleanup - /dict_count countdictstack def % Count objects on dict stack - /op_count count 1 sub def % Count objects on operand stack - userdict begin - /showpage { } def - 0 setgray 0 setlinecap - 1 setlinewidth 0 setlinejoin - 10 setmiterlimit [ ] 0 setdash newpath - /languagelevel where { - pop languagelevel - 1 ne { - false setstrokeadjust false setoverprint - } if - } if -} bind def - -/EndEPSF { - count op_count sub { pos } repeat % Clean up stacks - countdictstack dict_count sub { end } repeat - b4_Inc_state restore -} bind def - -% Check PostScript language level. -/languagelevel where { - pop /gs_languagelevel languagelevel def -} { - /gs_languagelevel 1 def -} ifelse -%%EndResource -%%BeginResource: procset Enscript-Encoding-88591 1.6 1 -/encoding_vector [ -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/space /exclam /quotedbl /numbersign -/dollar /percent /ampersand /quoteright -/parenleft /parenright /asterisk /plus -/comma /hyphen /period /slash -/zero /one /two /three -/four /five /six /seven -/eight /nine /colon /semicolon -/less /equal /greater /question -/at /A /B /C -/D /E /F /G -/H /I /J /K -/L /M /N /O -/P /Q /R /S -/T /U /V /W -/X /Y /Z /bracketleft -/backslash /bracketright /asciicircum /underscore -/quoteleft /a /b /c -/d /e /f /g -/h /i /j /k -/l /m /n /o -/p /q /r /s -/t /u /v /w -/x /y /z /braceleft -/bar /braceright /tilde /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/space /exclamdown /cent /sterling -/currency /yen /brokenbar /section -/dieresis /copyright /ordfeminine /guillemotleft -/logicalnot /hyphen /registered /macron -/degree /plusminus /twosuperior /threesuperior -/acute /mu /paragraph /bullet -/cedilla /onesuperior /ordmasculine /guillemotright -/onequarter /onehalf /threequarters /questiondown -/Agrave /Aacute /Acircumflex /Atilde -/Adieresis /Aring /AE /Ccedilla -/Egrave /Eacute /Ecircumflex /Edieresis -/Igrave /Iacute /Icircumflex /Idieresis -/Eth /Ntilde /Ograve /Oacute -/Ocircumflex /Otilde /Odieresis /multiply -/Oslash /Ugrave /Uacute /Ucircumflex -/Udieresis /Yacute /Thorn /germandbls -/agrave /aacute /acircumflex /atilde -/adieresis /aring /ae /ccedilla -/egrave /eacute /ecircumflex /edieresis -/igrave /iacute /icircumflex /idieresis -/eth /ntilde /ograve /oacute -/ocircumflex /otilde /odieresis /divide -/oslash /ugrave /uacute /ucircumflex -/udieresis /yacute /thorn /ydieresis -] def -%%EndResource -%%EndProlog -%%BeginSetup -%%IncludeResource: font Courier-Bold -%%IncludeResource: font Courier -/HFpt_w 10 def -/HFpt_h 10 def -/Courier-Bold /HF-gs-font MF -/HF /HF-gs-font findfont [HFpt_w 0 0 HFpt_h 0 0] makefont def -/Courier /F-gs-font MF -/F-gs-font 10 10 SF -/#copies 1 def -/d_page_w 520 def -/d_page_h 747 def -/d_header_x 0 def -/d_header_y 747 def -/d_header_w 520 def -/d_header_h 0 def -/d_footer_x 0 def -/d_footer_y 0 def -/d_footer_w 520 def -/d_footer_h 0 def -/d_output_w 520 def -/d_output_h 747 def -/cols 1 def -userdict/PStoPSxform PStoPSmatrix matrix currentmatrix - matrix invertmatrix matrix concatmatrix - matrix invertmatrix put -%%EndSetup -%%Page: (0,1) 1 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 1 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 701 M -(Network Working Group T. Ylonen) s -5 690 M -(Internet-Draft SSH Communications Security Corp) s -5 679 M -(Expires: March 31, 2004 D. Moffat, Editor, Ed.) s -5 668 M -( Sun Microsystems, Inc) s -5 657 M -( Oct 2003) s -5 624 M -( SSH Connection Protocol) s -5 613 M -( draft-ietf-secsh-connect-18.txt) s -5 591 M -(Status of this Memo) s -5 569 M -( This document is an Internet-Draft and is in full conformance with) s -5 558 M -( all provisions of Section 10 of RFC2026.) s -5 536 M -( Internet-Drafts are working documents of the Internet Engineering) s -5 525 M -( Task Force \(IETF\), its areas, and its working groups. Note that other) s -5 514 M -( groups may also distribute working documents as Internet-Drafts.) s -5 492 M -( Internet-Drafts are draft documents valid for a maximum of six months) s -5 481 M -( and may be updated, replaced, or obsoleted by other documents at any) s -5 470 M -( time. It is inappropriate to use Internet-Drafts as reference) s -5 459 M -( material or to cite them other than as "work in progress.") s -5 437 M -( The list of current Internet-Drafts can be accessed at http://) s -5 426 M -( www.ietf.org/ietf/1id-abstracts.txt.) s -5 404 M -( The list of Internet-Draft Shadow Directories can be accessed at) s -5 393 M -( http://www.ietf.org/shadow.html.) s -5 371 M -( This Internet-Draft will expire on March 31, 2004.) s -5 349 M -(Copyright Notice) s -5 327 M -( Copyright \(C\) The Internet Society \(2003\). All Rights Reserved.) s -5 305 M -(Abstract) s -5 283 M -( SSH is a protocol for secure remote login and other secure network) s -5 272 M -( services over an insecure network.) s -5 250 M -( This document describes the SSH Connection Protocol. It provides) s -5 239 M -( interactive login sessions, remote execution of commands, forwarded) s -5 228 M -( TCP/IP connections, and forwarded X11 connections. All of these) s -5 217 M -( channels are multiplexed into a single encrypted tunnel.) s -5 195 M -( The SSH Connection Protocol has been designed to run on top of the) s -5 184 M -( SSH transport layer and user authentication protocols.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 1]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 2 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -(Table of Contents) s -5 668 M -( 1. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 3) s -5 657 M -( 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3) s -5 646 M -( 3. Conventions Used in This Document . . . . . . . . . . . . . 3) s -5 635 M -( 4. Global Requests . . . . . . . . . . . . . . . . . . . . . . 3) s -5 624 M -( 5. Channel Mechanism . . . . . . . . . . . . . . . . . . . . . 4) s -5 613 M -( 5.1 Opening a Channel . . . . . . . . . . . . . . . . . . . . . 4) s -5 602 M -( 5.2 Data Transfer . . . . . . . . . . . . . . . . . . . . . . . 5) s -5 591 M -( 5.3 Closing a Channel . . . . . . . . . . . . . . . . . . . . . 6) s -5 580 M -( 5.4 Channel-Specific Requests . . . . . . . . . . . . . . . . . 7) s -5 569 M -( 6. Interactive Sessions . . . . . . . . . . . . . . . . . . . . 8) s -5 558 M -( 6.1 Opening a Session . . . . . . . . . . . . . . . . . . . . . 8) s -5 547 M -( 6.2 Requesting a Pseudo-Terminal . . . . . . . . . . . . . . . . 8) s -5 536 M -( 6.3 X11 Forwarding . . . . . . . . . . . . . . . . . . . . . . . 9) s -5 525 M -( 6.3.1 Requesting X11 Forwarding . . . . . . . . . . . . . . . . . 9) s -5 514 M -( 6.3.2 X11 Channels . . . . . . . . . . . . . . . . . . . . . . . . 10) s -5 503 M -( 6.4 Environment Variable Passing . . . . . . . . . . . . . . . . 10) s -5 492 M -( 6.5 Starting a Shell or a Command . . . . . . . . . . . . . . . 10) s -5 481 M -( 6.6 Session Data Transfer . . . . . . . . . . . . . . . . . . . 11) s -5 470 M -( 6.7 Window Dimension Change Message . . . . . . . . . . . . . . 12) s -5 459 M -( 6.8 Local Flow Control . . . . . . . . . . . . . . . . . . . . . 12) s -5 448 M -( 6.9 Signals . . . . . . . . . . . . . . . . . . . . . . . . . . 12) s -5 437 M -( 6.10 Returning Exit Status . . . . . . . . . . . . . . . . . . . 13) s -5 426 M -( 7. TCP/IP Port Forwarding . . . . . . . . . . . . . . . . . . . 14) s -5 415 M -( 7.1 Requesting Port Forwarding . . . . . . . . . . . . . . . . . 14) s -5 404 M -( 7.2 TCP/IP Forwarding Channels . . . . . . . . . . . . . . . . . 15) s -5 393 M -( 8. Encoding of Terminal Modes . . . . . . . . . . . . . . . . . 16) s -5 382 M -( 9. Summary of Message Numbers . . . . . . . . . . . . . . . . . 18) s -5 371 M -( 10. Security Considerations . . . . . . . . . . . . . . . . . . 18) s -5 360 M -( 11. iana cONSiderations . . . . . . . . . . . . . . . . . . . . 19) s -5 349 M -( 12. Intellectual Property . . . . . . . . . . . . . . . . . . . 19) s -5 338 M -( Normative References . . . . . . . . . . . . . . . . . . . . 19) s -5 327 M -( Informative References . . . . . . . . . . . . . . . . . . . 20) s -5 316 M -( Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 20) s -5 305 M -( Intellectual Property and Copyright Statements . . . . . . . 21) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 2]) s -_R -S -PStoPSsaved restore -%%Page: (2,3) 2 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 3 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -(1. Contributors) s -5 668 M -( The major original contributors of this document were: Tatu Ylonen,) s -5 657 M -( Tero Kivinen, Timo J. Rinne, Sami Lehtinen \(all of SSH Communications) s -5 646 M -( Security Corp\), and Markku-Juhani O. Saarinen \(University of) s -5 635 M -( Jyvaskyla\)) s -5 613 M -( The document editor is: Darren.Moffat@Sun.COM. Comments on this) s -5 602 M -( internet draft should be sent to the IETF SECSH working group,) s -5 591 M -( details at: http://ietf.org/html.charters/secsh-charter.html) s -5 569 M -(2. Introduction) s -5 547 M -( The SSH Connection Protocol has been designed to run on top of the) s -5 536 M -( SSH transport layer and user authentication protocols. It provides) s -5 525 M -( interactive login sessions, remote execution of commands, forwarded) s -5 514 M -( TCP/IP connections, and forwarded X11 connections. The service name) s -5 503 M -( for this protocol is "ssh-connection".) s -5 481 M -( This document should be read only after reading the SSH architecture) s -5 470 M -( document [SSH-ARCH]. This document freely uses terminology and) s -5 459 M -( notation from the architecture document without reference or further) s -5 448 M -( explanation.) s -5 426 M -(3. Conventions Used in This Document) s -5 404 M -( The keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",) s -5 393 M -( and "MAY" that appear in this document are to be interpreted as) s -5 382 M -( described in [RFC2119].) s -5 360 M -( The used data types and terminology are specified in the architecture) s -5 349 M -( document [SSH-ARCH].) s -5 327 M -( The architecture document also discusses the algorithm naming) s -5 316 M -( conventions that MUST be used with the SSH protocols.) s -5 294 M -(4. Global Requests) s -5 272 M -( There are several kinds of requests that affect the state of the) s -5 261 M -( remote end "globally", independent of any channels. An example is a) s -5 250 M -( request to start TCP/IP forwarding for a specific port. All such) s -5 239 M -( requests use the following format.) s -5 217 M -( byte SSH_MSG_GLOBAL_REQUEST) s -5 206 M -( string request name \(restricted to US-ASCII\)) s -5 195 M -( boolean want reply) s -5 184 M -( ... request-specific data follows) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 3]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 4 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( Request names follow the DNS extensibility naming convention outlined) s -5 679 M -( in [SSH-ARCH].) s -5 657 M -( The recipient will respond to this message with) s -5 646 M -( SSH_MSG_REQUEST_SUCCESS or SSH_MSG_REQUEST_FAILURE if `want reply' is) s -5 635 M -( TRUE.) s -5 613 M -( byte SSH_MSG_REQUEST_SUCCESS) s -5 602 M -( ..... response specific data) s -5 580 M -( Usually the response specific data is non-existent.) s -5 558 M -( If the recipient does not recognize or support the request, it simply) s -5 547 M -( responds with SSH_MSG_REQUEST_FAILURE.) s -5 525 M -( byte SSH_MSG_REQUEST_FAILURE) s -5 492 M -(5. Channel Mechanism) s -5 470 M -( All terminal sessions, forwarded connections, etc. are channels.) s -5 459 M -( Either side may open a channel. Multiple channels are multiplexed) s -5 448 M -( into a single connection.) s -5 426 M -( Channels are identified by numbers at each end. The number referring) s -5 415 M -( to a channel may be different on each side. Requests to open a) s -5 404 M -( channel contain the sender's channel number. Any other) s -5 393 M -( channel-related messages contain the recipient's channel number for) s -5 382 M -( the channel.) s -5 360 M -( Channels are flow-controlled. No data may be sent to a channel until) s -5 349 M -( a message is received to indicate that window space is available.) s -5 327 M -(5.1 Opening a Channel) s -5 305 M -( When either side wishes to open a new channel, it allocates a local) s -5 294 M -( number for the channel. It then sends the following message to the) s -5 283 M -( other side, and includes the local channel number and initial window) s -5 272 M -( size in the message.) s -5 250 M -( byte SSH_MSG_CHANNEL_OPEN) s -5 239 M -( string channel type \(restricted to US-ASCII\)) s -5 228 M -( uint32 sender channel) s -5 217 M -( uint32 initial window size) s -5 206 M -( uint32 maximum packet size) s -5 195 M -( ... channel type specific data follows) s -5 173 M -( The channel type is a name as described in the SSH architecture) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 4]) s -_R -S -PStoPSsaved restore -%%Page: (4,5) 3 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 5 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( document, with similar extension mechanisms. `sender channel' is a) s -5 679 M -( local identifier for the channel used by the sender of this message.) s -5 668 M -( `initial window size' specifies how many bytes of channel data can be) s -5 657 M -( sent to the sender of this message without adjusting the window.) s -5 646 M -( `Maximum packet size' specifies the maximum size of an individual) s -5 635 M -( data packet that can be sent to the sender \(for example, one might) s -5 624 M -( want to use smaller packets for interactive connections to get better) s -5 613 M -( interactive response on slow links\).) s -5 591 M -( The remote side then decides whether it can open the channel, and) s -5 580 M -( responds with either) s -5 558 M -( byte SSH_MSG_CHANNEL_OPEN_CONFIRMATION) s -5 547 M -( uint32 recipient channel) s -5 536 M -( uint32 sender channel) s -5 525 M -( uint32 initial window size) s -5 514 M -( uint32 maximum packet size) s -5 503 M -( ... channel type specific data follows) s -5 481 M -( where `recipient channel' is the channel number given in the original) s -5 470 M -( open request, and `sender channel' is the channel number allocated by) s -5 459 M -( the other side, or) s -5 437 M -( byte SSH_MSG_CHANNEL_OPEN_FAILURE) s -5 426 M -( uint32 recipient channel) s -5 415 M -( uint32 reason code) s -5 404 M -( string additional textual information \(ISO-10646 UTF-8 [RFC2279]\)) s -5 393 M -( string language tag \(as defined in [RFC3066]\)) s -5 371 M -( If the recipient of the SSH_MSG_CHANNEL_OPEN message does not support) s -5 360 M -( the specified channel type, it simply responds with) s -5 349 M -( SSH_MSG_CHANNEL_OPEN_FAILURE. The client MAY show the additional) s -5 338 M -( information to the user. If this is done, the client software should) s -5 327 M -( take the precautions discussed in [SSH-ARCH].) s -5 305 M -( The following reason codes are defined:) s -5 283 M -( #define SSH_OPEN_ADMINISTRATIVELY_PROHIBITED 1) s -5 272 M -( #define SSH_OPEN_CONNECT_FAILED 2) s -5 261 M -( #define SSH_OPEN_UNKNOWN_CHANNEL_TYPE 3) s -5 250 M -( #define SSH_OPEN_RESOURCE_SHORTAGE 4) s -5 217 M -(5.2 Data Transfer) s -5 195 M -( The window size specifies how many bytes the other party can send) s -5 184 M -( before it must wait for the window to be adjusted. Both parties use) s -5 173 M -( the following message to adjust the window.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 5]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 6 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( byte SSH_MSG_CHANNEL_WINDOW_ADJUST) s -5 679 M -( uint32 recipient channel) s -5 668 M -( uint32 bytes to add) s -5 646 M -( After receiving this message, the recipient MAY send the given number) s -5 635 M -( of bytes more than it was previously allowed to send; the window size) s -5 624 M -( is incremented.) s -5 602 M -( Data transfer is done with messages of the following type.) s -5 580 M -( byte SSH_MSG_CHANNEL_DATA) s -5 569 M -( uint32 recipient channel) s -5 558 M -( string data) s -5 536 M -( The maximum amount of data allowed is the current window size. The) s -5 525 M -( window size is decremented by the amount of data sent. Both parties) s -5 514 M -( MAY ignore all extra data sent after the allowed window is empty.) s -5 492 M -( Additionally, some channels can transfer several types of data. An) s -5 481 M -( example of this is stderr data from interactive sessions. Such data) s -5 470 M -( can be passed with SSH_MSG_CHANNEL_EXTENDED_DATA messages, where a) s -5 459 M -( separate integer specifies the type of the data. The available types) s -5 448 M -( and their interpretation depend on the type of the channel.) s -5 426 M -( byte SSH_MSG_CHANNEL_EXTENDED_DATA) s -5 415 M -( uint32 recipient_channel) s -5 404 M -( uint32 data_type_code) s -5 393 M -( string data) s -5 371 M -( Data sent with these messages consumes the same window as ordinary) s -5 360 M -( data.) s -5 338 M -( Currently, only the following type is defined.) s -5 316 M -( #define SSH_EXTENDED_DATA_STDERR 1) s -5 283 M -(5.3 Closing a Channel) s -5 261 M -( When a party will no longer send more data to a channel, it SHOULD) s -5 250 M -( send SSH_MSG_CHANNEL_EOF.) s -5 228 M -( byte SSH_MSG_CHANNEL_EOF) s -5 217 M -( uint32 recipient_channel) s -5 195 M -( No explicit response is sent to this message; however, the) s -5 184 M -( application may send EOF to whatever is at the other end of the) s -5 173 M -( channel. Note that the channel remains open after this message, and) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 6]) s -_R -S -PStoPSsaved restore -%%Page: (6,7) 4 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 7 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( more data may still be sent in the other direction. This message) s -5 679 M -( does not consume window space and can be sent even if no window space) s -5 668 M -( is available.) s -5 646 M -( When either party wishes to terminate the channel, it sends) s -5 635 M -( SSH_MSG_CHANNEL_CLOSE. Upon receiving this message, a party MUST) s -5 624 M -( send back a SSH_MSG_CHANNEL_CLOSE unless it has already sent this) s -5 613 M -( message for the channel. The channel is considered closed for a) s -5 602 M -( party when it has both sent and received SSH_MSG_CHANNEL_CLOSE, and) s -5 591 M -( the party may then reuse the channel number. A party MAY send) s -5 580 M -( SSH_MSG_CHANNEL_CLOSE without having sent or received) s -5 569 M -( SSH_MSG_CHANNEL_EOF.) s -5 547 M -( byte SSH_MSG_CHANNEL_CLOSE) s -5 536 M -( uint32 recipient_channel) s -5 514 M -( This message does not consume window space and can be sent even if no) s -5 503 M -( window space is available.) s -5 481 M -( It is recommended that any data sent before this message is delivered) s -5 470 M -( to the actual destination, if possible.) s -5 448 M -(5.4 Channel-Specific Requests) s -5 426 M -( Many channel types have extensions that are specific to that) s -5 415 M -( particular channel type. An example is requesting a pty \(pseudo) s -5 404 M -( terminal\) for an interactive session.) s -5 382 M -( All channel-specific requests use the following format.) s -5 360 M -( byte SSH_MSG_CHANNEL_REQUEST) s -5 349 M -( uint32 recipient channel) s -5 338 M -( string request type \(restricted to US-ASCII\)) s -5 327 M -( boolean want reply) s -5 316 M -( ... type-specific data) s -5 294 M -( If want reply is FALSE, no response will be sent to the request.) s -5 283 M -( Otherwise, the recipient responds with either SSH_MSG_CHANNEL_SUCCESS) s -5 272 M -( or SSH_MSG_CHANNEL_FAILURE, or request-specific continuation) s -5 261 M -( messages. If the request is not recognized or is not supported for) s -5 250 M -( the channel, SSH_MSG_CHANNEL_FAILURE is returned.) s -5 228 M -( This message does not consume window space and can be sent even if no) s -5 217 M -( window space is available. Request types are local to each channel) s -5 206 M -( type.) s -5 184 M -( The client is allowed to send further messages without waiting for) s -5 173 M -( the response to the request.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 7]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 8 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( request type names follow the DNS extensibility naming convention) s -5 679 M -( outlined in [SSH-ARCH]) s -5 657 M -( byte SSH_MSG_CHANNEL_SUCCESS) s -5 646 M -( uint32 recipient_channel) s -5 613 M -( byte SSH_MSG_CHANNEL_FAILURE) s -5 602 M -( uint32 recipient_channel) s -5 580 M -( These messages do not consume window space and can be sent even if no) s -5 569 M -( window space is available.) s -5 547 M -(6. Interactive Sessions) s -5 525 M -( A session is a remote execution of a program. The program may be a) s -5 514 M -( shell, an application, a system command, or some built-in subsystem.) s -5 503 M -( It may or may not have a tty, and may or may not involve X11) s -5 492 M -( forwarding. Multiple sessions can be active simultaneously.) s -5 470 M -(6.1 Opening a Session) s -5 448 M -( A session is started by sending the following message.) s -5 426 M -( byte SSH_MSG_CHANNEL_OPEN) s -5 415 M -( string "session") s -5 404 M -( uint32 sender channel) s -5 393 M -( uint32 initial window size) s -5 382 M -( uint32 maximum packet size) s -5 360 M -( Client implementations SHOULD reject any session channel open) s -5 349 M -( requests to make it more difficult for a corrupt server to attack the) s -5 338 M -( client.) s -5 316 M -(6.2 Requesting a Pseudo-Terminal) s -5 294 M -( A pseudo-terminal can be allocated for the session by sending the) s -5 283 M -( following message.) s -5 261 M -( byte SSH_MSG_CHANNEL_REQUEST) s -5 250 M -( uint32 recipient_channel) s -5 239 M -( string "pty-req") s -5 228 M -( boolean want_reply) s -5 217 M -( string TERM environment variable value \(e.g., vt100\)) s -5 206 M -( uint32 terminal width, characters \(e.g., 80\)) s -5 195 M -( uint32 terminal height, rows \(e.g., 24\)) s -5 184 M -( uint32 terminal width, pixels \(e.g., 640\)) s -5 173 M -( uint32 terminal height, pixels \(e.g., 480\)) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 8]) s -_R -S -PStoPSsaved restore -%%Page: (8,9) 5 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 9 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( string encoded terminal modes) s -5 668 M -( The encoding of terminal modes is described in Section Encoding of) s -5 657 M -( Terminal Modes \(Section 8\). Zero dimension parameters MUST be) s -5 646 M -( ignored. The character/row dimensions override the pixel dimensions) s -5 635 M -( \(when nonzero\). Pixel dimensions refer to the drawable area of the) s -5 624 M -( window.) s -5 602 M -( The dimension parameters are only informational.) s -5 580 M -( The client SHOULD ignore pty requests.) s -5 558 M -(6.3 X11 Forwarding) s -5 536 M -(6.3.1 Requesting X11 Forwarding) s -5 514 M -( X11 forwarding may be requested for a session by sending) s -5 492 M -( byte SSH_MSG_CHANNEL_REQUEST) s -5 481 M -( uint32 recipient channel) s -5 470 M -( string "x11-req") s -5 459 M -( boolean want reply) s -5 448 M -( boolean single connection) s -5 437 M -( string x11 authentication protocol) s -5 426 M -( string x11 authentication cookie) s -5 415 M -( uint32 x11 screen number) s -5 393 M -( It is recommended that the authentication cookie that is sent be a) s -5 382 M -( fake, random cookie, and that the cookie is checked and replaced by) s -5 371 M -( the real cookie when a connection request is received.) s -5 349 M -( X11 connection forwarding should stop when the session channel is) s -5 338 M -( closed; however, already opened forwardings should not be) s -5 327 M -( automatically closed when the session channel is closed.) s -5 305 M -( If `single connection' is TRUE, only a single connection should be) s -5 294 M -( forwarded. No more connections will be forwarded after the first, or) s -5 283 M -( after the session channel has been closed.) s -5 261 M -( The "x11 authentication protocol" is the name of the X11) s -5 250 M -( authentication method used, e.g. "MIT-MAGIC-COOKIE-1".) s -5 228 M -( The x11 authentication cookie MUST be hexadecimal encoded.) s -5 206 M -( X Protocol is documented in [SCHEIFLER].) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 9]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 10 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -(6.3.2 X11 Channels) s -5 668 M -( X11 channels are opened with a channel open request. The resulting) s -5 657 M -( channels are independent of the session, and closing the session) s -5 646 M -( channel does not close the forwarded X11 channels.) s -5 624 M -( byte SSH_MSG_CHANNEL_OPEN) s -5 613 M -( string "x11") s -5 602 M -( uint32 sender channel) s -5 591 M -( uint32 initial window size) s -5 580 M -( uint32 maximum packet size) s -5 569 M -( string originator address \(e.g. "192.168.7.38"\)) s -5 558 M -( uint32 originator port) s -5 536 M -( The recipient should respond with SSH_MSG_CHANNEL_OPEN_CONFIRMATION) s -5 525 M -( or SSH_MSG_CHANNEL_OPEN_FAILURE.) s -5 503 M -( Implementations MUST reject any X11 channel open requests if they) s -5 492 M -( have not requested X11 forwarding.) s -5 470 M -(6.4 Environment Variable Passing) s -5 448 M -( Environment variables may be passed to the shell/command to be) s -5 437 M -( started later. Uncontrolled setting of environment variables in a) s -5 426 M -( privileged process can be a security hazard. It is recommended that) s -5 415 M -( implementations either maintain a list of allowable variable names or) s -5 404 M -( only set environment variables after the server process has dropped) s -5 393 M -( sufficient privileges.) s -5 371 M -( byte SSH_MSG_CHANNEL_REQUEST) s -5 360 M -( uint32 recipient channel) s -5 349 M -( string "env") s -5 338 M -( boolean want reply) s -5 327 M -( string variable name) s -5 316 M -( string variable value) s -5 283 M -(6.5 Starting a Shell or a Command) s -5 261 M -( Once the session has been set up, a program is started at the remote) s -5 250 M -( end. The program can be a shell, an application program or a) s -5 239 M -( subsystem with a host-independent name. Only one of these requests) s -5 228 M -( can succeed per channel.) s -5 206 M -( byte SSH_MSG_CHANNEL_REQUEST) s -5 195 M -( uint32 recipient channel) s -5 184 M -( string "shell") s -5 173 M -( boolean want reply) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 10]) s -_R -S -PStoPSsaved restore -%%Page: (10,11) 6 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 11 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( This message will request the user's default shell \(typically defined) s -5 679 M -( in /etc/passwd in UNIX systems\) to be started at the other end.) s -5 657 M -( byte SSH_MSG_CHANNEL_REQUEST) s -5 646 M -( uint32 recipient channel) s -5 635 M -( string "exec") s -5 624 M -( boolean want reply) s -5 613 M -( string command) s -5 591 M -( This message will request the server to start the execution of the) s -5 580 M -( given command. The command string may contain a path. Normal) s -5 569 M -( precautions MUST be taken to prevent the execution of unauthorized) s -5 558 M -( commands.) s -5 536 M -( byte SSH_MSG_CHANNEL_REQUEST) s -5 525 M -( uint32 recipient channel) s -5 514 M -( string "subsystem") s -5 503 M -( boolean want reply) s -5 492 M -( string subsystem name) s -5 470 M -( This last form executes a predefined subsystem. It is expected that) s -5 459 M -( these will include a general file transfer mechanism, and possibly) s -5 448 M -( other features. Implementations may also allow configuring more such) s -5 437 M -( mechanisms. As the user's shell is usually used to execute the) s -5 426 M -( subsystem, it is advisable for the subsystem protocol to have a) s -5 415 M -( "magic cookie" at the beginning of the protocol transaction to) s -5 404 M -( distinguish it from arbitrary output generated by shell) s -5 393 M -( initialization scripts etc. This spurious output from the shell may) s -5 382 M -( be filtered out either at the server or at the client.) s -5 360 M -( The server SHOULD not halt the execution of the protocol stack when) s -5 349 M -( starting a shell or a program. All input and output from these SHOULD) s -5 338 M -( be redirected to the channel or to the encrypted tunnel.) s -5 316 M -( It is RECOMMENDED to request and check the reply for these messages.) s -5 305 M -( The client SHOULD ignore these messages.) s -5 283 M -( Subsystem names follow the DNS extensibility naming convention) s -5 272 M -( outlined in [SSH-ARCH].) s -5 250 M -(6.6 Session Data Transfer) s -5 228 M -( Data transfer for a session is done using SSH_MSG_CHANNEL_DATA and) s -5 217 M -( SSH_MSG_CHANNEL_EXTENDED_DATA packets and the window mechanism. The) s -5 206 M -( extended data type SSH_EXTENDED_DATA_STDERR has been defined for) s -5 195 M -( stderr data.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 11]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 12 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -(6.7 Window Dimension Change Message) s -5 668 M -( When the window \(terminal\) size changes on the client side, it MAY) s -5 657 M -( send a message to the other side to inform it of the new dimensions.) s -5 635 M -( byte SSH_MSG_CHANNEL_REQUEST) s -5 624 M -( uint32 recipient_channel) s -5 613 M -( string "window-change") s -5 602 M -( boolean FALSE) s -5 591 M -( uint32 terminal width, columns) s -5 580 M -( uint32 terminal height, rows) s -5 569 M -( uint32 terminal width, pixels) s -5 558 M -( uint32 terminal height, pixels) s -5 536 M -( No response SHOULD be sent to this message.) s -5 514 M -(6.8 Local Flow Control) s -5 492 M -( On many systems, it is possible to determine if a pseudo-terminal is) s -5 481 M -( using control-S/control-Q flow control. When flow control is) s -5 470 M -( allowed, it is often desirable to do the flow control at the client) s -5 459 M -( end to speed up responses to user requests. This is facilitated by) s -5 448 M -( the following notification. Initially, the server is responsible for) s -5 437 M -( flow control. \(Here, again, client means the side originating the) s -5 426 M -( session, and server means the other side.\)) s -5 404 M -( The message below is used by the server to inform the client when it) s -5 393 M -( can or cannot perform flow control \(control-S/control-Q processing\).) s -5 382 M -( If `client can do' is TRUE, the client is allowed to do flow control) s -5 371 M -( using control-S and control-Q. The client MAY ignore this message.) s -5 349 M -( byte SSH_MSG_CHANNEL_REQUEST) s -5 338 M -( uint32 recipient channel) s -5 327 M -( string "xon-xoff") s -5 316 M -( boolean FALSE) s -5 305 M -( boolean client can do) s -5 283 M -( No response is sent to this message.) s -5 261 M -(6.9 Signals) s -5 239 M -( A signal can be delivered to the remote process/service using the) s -5 228 M -( following message. Some systems may not implement signals, in which) s -5 217 M -( case they SHOULD ignore this message.) s -5 195 M -( byte SSH_MSG_CHANNEL_REQUEST) s -5 184 M -( uint32 recipient channel) s -5 173 M -( string "signal") s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 12]) s -_R -S -PStoPSsaved restore -%%Page: (12,13) 7 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 13 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( boolean FALSE) s -5 679 M -( string signal name without the "SIG" prefix.) s -5 657 M -( Signal names will be encoded as discussed in the "exit-signal") s -5 646 M -( SSH_MSG_CHANNEL_REQUEST.) s -5 624 M -(6.10 Returning Exit Status) s -5 602 M -( When the command running at the other end terminates, the following) s -5 591 M -( message can be sent to return the exit status of the command.) s -5 580 M -( Returning the status is RECOMMENDED. No acknowledgment is sent for) s -5 569 M -( this message. The channel needs to be closed with) s -5 558 M -( SSH_MSG_CHANNEL_CLOSE after this message.) s -5 536 M -( The client MAY ignore these messages.) s -5 514 M -( byte SSH_MSG_CHANNEL_REQUEST) s -5 503 M -( uint32 recipient_channel) s -5 492 M -( string "exit-status") s -5 481 M -( boolean FALSE) s -5 470 M -( uint32 exit_status) s -5 448 M -( The remote command may also terminate violently due to a signal.) s -5 437 M -( Such a condition can be indicated by the following message. A zero) s -5 426 M -( exit_status usually means that the command terminated successfully.) s -5 404 M -( byte SSH_MSG_CHANNEL_REQUEST) s -5 393 M -( uint32 recipient channel) s -5 382 M -( string "exit-signal") s -5 371 M -( boolean FALSE) s -5 360 M -( string signal name without the "SIG" prefix.) s -5 349 M -( boolean core dumped) s -5 338 M -( string error message \(ISO-10646 UTF-8\)) s -5 327 M -( string language tag \(as defined in [RFC3066]\)) s -5 305 M -( The signal name is one of the following \(these are from [POSIX]\)) s -5 283 M -( ABRT) s -5 272 M -( ALRM) s -5 261 M -( FPE) s -5 250 M -( HUP) s -5 239 M -( ILL) s -5 228 M -( INT) s -5 217 M -( KILL) s -5 206 M -( PIPE) s -5 195 M -( QUIT) s -5 184 M -( SEGV) s -5 173 M -( TERM) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 13]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 14 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( USR1) s -5 679 M -( USR2) s -5 657 M -( Additional signal names MAY be sent in the format "sig-name@xyz",) s -5 646 M -( where `sig-name' and `xyz' may be anything a particular implementor) s -5 635 M -( wants \(except the `@' sign\). However, it is suggested that if a) s -5 624 M -( `configure' script is used, the non-standard signal names it finds be) s -5 613 M -( encoded as "SIG@xyz.config.guess", where `SIG' is the signal name) s -5 602 M -( without the "SIG" prefix, and `xyz' be the host type, as determined) s -5 591 M -( by `config.guess'.) s -5 569 M -( The `error message' contains an additional explanation of the error) s -5 558 M -( message. The message may consist of multiple lines. The client) s -5 547 M -( software MAY display this message to the user. If this is done, the) s -5 536 M -( client software should take the precautions discussed in [SSH-ARCH].) s -5 514 M -(7. TCP/IP Port Forwarding) s -5 492 M -(7.1 Requesting Port Forwarding) s -5 470 M -( A party need not explicitly request forwardings from its own end to) s -5 459 M -( the other direction. However, if it wishes that connections to a) s -5 448 M -( port on the other side be forwarded to the local side, it must) s -5 437 M -( explicitly request this.) s -5 404 M -( byte SSH_MSG_GLOBAL_REQUEST) s -5 393 M -( string "tcpip-forward") s -5 382 M -( boolean want reply) s -5 371 M -( string address to bind \(e.g. "0.0.0.0"\)) s -5 360 M -( uint32 port number to bind) s -5 338 M -( `Address to bind' and `port number to bind' specify the IP address) s -5 327 M -( and port to which the socket to be listened is bound. The address) s -5 316 M -( should be "0.0.0.0" if connections are allowed from anywhere. \(Note) s -5 305 M -( that the client can still filter connections based on information) s -5 294 M -( passed in the open request.\)) s -5 272 M -( Implementations should only allow forwarding privileged ports if the) s -5 261 M -( user has been authenticated as a privileged user.) s -5 239 M -( Client implementations SHOULD reject these messages; they are) s -5 228 M -( normally only sent by the client.) s -5 195 M -( If a client passes 0 as port number to bind and has want reply TRUE) s -5 184 M -( then the server allocates the next available unprivileged port number) s -5 173 M -( and replies with the following message, otherwise there is no) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 14]) s -_R -S -PStoPSsaved restore -%%Page: (14,15) 8 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 15 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( response specific data.) s -5 657 M -( byte SSH_MSG_GLOBAL_REQUEST_SUCCESS) s -5 646 M -( uint32 port that was bound on the server) s -5 624 M -( A port forwarding can be cancelled with the following message. Note) s -5 613 M -( that channel open requests may be received until a reply to this) s -5 602 M -( message is received.) s -5 580 M -( byte SSH_MSG_GLOBAL_REQUEST) s -5 569 M -( string "cancel-tcpip-forward") s -5 558 M -( boolean want reply) s -5 547 M -( string address_to_bind \(e.g. "127.0.0.1"\)) s -5 536 M -( uint32 port number to bind) s -5 514 M -( Client implementations SHOULD reject these messages; they are) s -5 503 M -( normally only sent by the client.) s -5 481 M -(7.2 TCP/IP Forwarding Channels) s -5 459 M -( When a connection comes to a port for which remote forwarding has) s -5 448 M -( been requested, a channel is opened to forward the port to the other) s -5 437 M -( side.) s -5 415 M -( byte SSH_MSG_CHANNEL_OPEN) s -5 404 M -( string "forwarded-tcpip") s -5 393 M -( uint32 sender channel) s -5 382 M -( uint32 initial window size) s -5 371 M -( uint32 maximum packet size) s -5 360 M -( string address that was connected) s -5 349 M -( uint32 port that was connected) s -5 338 M -( string originator IP address) s -5 327 M -( uint32 originator port) s -5 305 M -( Implementations MUST reject these messages unless they have) s -5 294 M -( previously requested a remote TCP/IP port forwarding with the given) s -5 283 M -( port number.) s -5 261 M -( When a connection comes to a locally forwarded TCP/IP port, the) s -5 250 M -( following packet is sent to the other side. Note that these messages) s -5 239 M -( MAY be sent also for ports for which no forwarding has been) s -5 228 M -( explicitly requested. The receiving side must decide whether to) s -5 217 M -( allow the forwarding.) s -5 195 M -( byte SSH_MSG_CHANNEL_OPEN) s -5 184 M -( string "direct-tcpip") s -5 173 M -( uint32 sender channel) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 15]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 16 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( uint32 initial window size) s -5 679 M -( uint32 maximum packet size) s -5 668 M -( string host to connect) s -5 657 M -( uint32 port to connect) s -5 646 M -( string originator IP address) s -5 635 M -( uint32 originator port) s -5 613 M -( `Host to connect' and `port to connect' specify the TCP/IP host and) s -5 602 M -( port where the recipient should connect the channel. `Host to) s -5 591 M -( connect' may be either a domain name or a numeric IP address.) s -5 569 M -( `Originator IP address' is the numeric IP address of the machine) s -5 558 M -( where the connection request comes from, and `originator port' is the) s -5 547 M -( port on the originator host from where the connection came from.) s -5 525 M -( Forwarded TCP/IP channels are independent of any sessions, and) s -5 514 M -( closing a session channel does not in any way imply that forwarded) s -5 503 M -( connections should be closed.) s -5 481 M -( Client implementations SHOULD reject direct TCP/IP open requests for) s -5 470 M -( security reasons.) s -5 448 M -(8. Encoding of Terminal Modes) s -5 426 M -( Terminal modes \(as passed in a pty request\) are encoded into a byte) s -5 415 M -( stream. It is intended that the coding be portable across different) s -5 404 M -( environments.) s -5 382 M -( The tty mode description is a stream of bytes. The stream consists) s -5 371 M -( of opcode-argument pairs. It is terminated by opcode TTY_OP_END \(0\).) s -5 360 M -( Opcodes 1 to 159 have a single uint32 argument. Opcodes 160 to 255) s -5 349 M -( are not yet defined, and cause parsing to stop \(they should only be) s -5 338 M -( used after any other data\).) s -5 316 M -( The client SHOULD put in the stream any modes it knows about, and the) s -5 305 M -( server MAY ignore any modes it does not know about. This allows some) s -5 294 M -( degree of machine-independence, at least between systems that use a) s -5 283 M -( POSIX-like tty interface. The protocol can support other systems as) s -5 272 M -( well, but the client may need to fill reasonable values for a number) s -5 261 M -( of parameters so the server pty gets set to a reasonable mode \(the) s -5 250 M -( server leaves all unspecified mode bits in their default values, and) s -5 239 M -( only some combinations make sense\).) s -5 217 M -( The following opcodes have been defined. The naming of opcodes) s -5 206 M -( mostly follows the POSIX terminal mode flags.) s -5 184 M -( 0 TTY_OP_END Indicates end of options.) s -5 173 M -( 1 VINTR Interrupt character; 255 if none. Similarly for the) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 16]) s -_R -S -PStoPSsaved restore -%%Page: (16,17) 9 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 17 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( other characters. Not all of these characters are) s -5 679 M -( supported on all systems.) s -5 668 M -( 2 VQUIT The quit character \(sends SIGQUIT signal on POSIX) s -5 657 M -( systems\).) s -5 646 M -( 3 VERASE Erase the character to left of the cursor.) s -5 635 M -( 4 VKILL Kill the current input line.) s -5 624 M -( 5 VEOF End-of-file character \(sends EOF from the terminal\).) s -5 613 M -( 6 VEOL End-of-line character in addition to carriage return) s -5 602 M -( and/or linefeed.) s -5 591 M -( 7 VEOL2 Additional end-of-line character.) s -5 580 M -( 8 VSTART Continues paused output \(normally control-Q\).) s -5 569 M -( 9 VSTOP Pauses output \(normally control-S\).) s -5 558 M -( 10 VSUSP Suspends the current program.) s -5 547 M -( 11 VDSUSP Another suspend character.) s -5 536 M -( 12 VREPRINT Reprints the current input line.) s -5 525 M -( 13 VWERASE Erases a word left of cursor.) s -5 514 M -( 14 VLNEXT Enter the next character typed literally, even if it) s -5 503 M -( is a special character) s -5 492 M -( 15 VFLUSH Character to flush output.) s -5 481 M -( 16 VSWTCH Switch to a different shell layer.) s -5 470 M -( 17 VSTATUS Prints system status line \(load, command, pid etc\).) s -5 459 M -( 18 VDISCARD Toggles the flushing of terminal output.) s -5 448 M -( 30 IGNPAR The ignore parity flag. The parameter SHOULD be 0 if) s -5 437 M -( this flag is FALSE set, and 1 if it is TRUE.) s -5 426 M -( 31 PARMRK Mark parity and framing errors.) s -5 415 M -( 32 INPCK Enable checking of parity errors.) s -5 404 M -( 33 ISTRIP Strip 8th bit off characters.) s -5 393 M -( 34 INLCR Map NL into CR on input.) s -5 382 M -( 35 IGNCR Ignore CR on input.) s -5 371 M -( 36 ICRNL Map CR to NL on input.) s -5 360 M -( 37 IUCLC Translate uppercase characters to lowercase.) s -5 349 M -( 38 IXON Enable output flow control.) s -5 338 M -( 39 IXANY Any char will restart after stop.) s -5 327 M -( 40 IXOFF Enable input flow control.) s -5 316 M -( 41 IMAXBEL Ring bell on input queue full.) s -5 305 M -( 50 ISIG Enable signals INTR, QUIT, [D]SUSP.) s -5 294 M -( 51 ICANON Canonicalize input lines.) s -5 283 M -( 52 XCASE Enable input and output of uppercase characters by) s -5 272 M -( preceding their lowercase equivalents with `\\'.) s -5 261 M -( 53 ECHO Enable echoing.) s -5 250 M -( 54 ECHOE Visually erase chars.) s -5 239 M -( 55 ECHOK Kill character discards current line.) s -5 228 M -( 56 ECHONL Echo NL even if ECHO is off.) s -5 217 M -( 57 NOFLSH Don't flush after interrupt.) s -5 206 M -( 58 TOSTOP Stop background jobs from output.) s -5 195 M -( 59 IEXTEN Enable extensions.) s -5 184 M -( 60 ECHOCTL Echo control characters as ^\(Char\).) s -5 173 M -( 61 ECHOKE Visual erase for line kill.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 17]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 18 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( 62 PENDIN Retype pending input.) s -5 679 M -( 70 OPOST Enable output processing.) s -5 668 M -( 71 OLCUC Convert lowercase to uppercase.) s -5 657 M -( 72 ONLCR Map NL to CR-NL.) s -5 646 M -( 73 OCRNL Translate carriage return to newline \(output\).) s -5 635 M -( 74 ONOCR Translate newline to carriage return-newline) s -5 624 M -( \(output\).) s -5 613 M -( 75 ONLRET Newline performs a carriage return \(output\).) s -5 602 M -( 90 CS7 7 bit mode.) s -5 591 M -( 91 CS8 8 bit mode.) s -5 580 M -( 92 PARENB Parity enable.) s -5 569 M -( 93 PARODD Odd parity, else even.) s -5 547 M -( 128 TTY_OP_ISPEED Specifies the input baud rate in bits per second.) s -5 536 M -( 129 TTY_OP_OSPEED Specifies the output baud rate in bits per second.) s -5 503 M -(9. Summary of Message Numbers) s -5 481 M -( #define SSH_MSG_GLOBAL_REQUEST 80) s -5 470 M -( #define SSH_MSG_REQUEST_SUCCESS 81) s -5 459 M -( #define SSH_MSG_REQUEST_FAILURE 82) s -5 448 M -( #define SSH_MSG_CHANNEL_OPEN 90) s -5 437 M -( #define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 91) s -5 426 M -( #define SSH_MSG_CHANNEL_OPEN_FAILURE 92) s -5 415 M -( #define SSH_MSG_CHANNEL_WINDOW_ADJUST 93) s -5 404 M -( #define SSH_MSG_CHANNEL_DATA 94) s -5 393 M -( #define SSH_MSG_CHANNEL_EXTENDED_DATA 95) s -5 382 M -( #define SSH_MSG_CHANNEL_EOF 96) s -5 371 M -( #define SSH_MSG_CHANNEL_CLOSE 97) s -5 360 M -( #define SSH_MSG_CHANNEL_REQUEST 98) s -5 349 M -( #define SSH_MSG_CHANNEL_SUCCESS 99) s -5 338 M -( #define SSH_MSG_CHANNEL_FAILURE 100) s -5 305 M -(10. Security Considerations) s -5 283 M -( This protocol is assumed to run on top of a secure, authenticated) s -5 272 M -( transport. User authentication and protection against network-level) s -5 261 M -( attacks are assumed to be provided by the underlying protocols.) s -5 239 M -( It is RECOMMENDED that implementations disable all the potentially) s -5 228 M -( dangerous features \(e.g. agent forwarding, X11 forwarding, and TCP/IP) s -5 217 M -( forwarding\) if the host key has changed.) s -5 195 M -( Full security considerations for this protocol are provided in) s -5 184 M -( Section 8 of [SSH-ARCH]) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 18]) s -_R -S -PStoPSsaved restore -%%Page: (18,19) 10 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 19 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -(11. iana cONSiderations) s -5 668 M -( This document is part of a set, the IANA considerations for the SSH) s -5 657 M -( protocol as defined in [SSH-ARCH], [SSH-TRANS], [SSH-USERAUTH],) s -5 646 M -( [SSH-CONNECT] are detailed in [SSH-NUMBERS].) s -5 624 M -(12. Intellectual Property) s -5 602 M -( The IETF takes no position regarding the validity or scope of any) s -5 591 M -( intellectual property or other rights that might be claimed to) s -5 580 M -( pertain to the implementation or use of the technology described in) s -5 569 M -( this document or the extent to which any license under such rights) s -5 558 M -( might or might not be available; neither does it represent that it) s -5 547 M -( has made any effort to identify any such rights. Information on the) s -5 536 M -( IETF's procedures with respect to rights in standards-track and) s -5 525 M -( standards-related documentation can be found in BCP-11. Copies of) s -5 514 M -( claims of rights made available for publication and any assurances of) s -5 503 M -( licenses to be made available, or the result of an attempt made to) s -5 492 M -( obtain a general license or permission for the use of such) s -5 481 M -( proprietary rights by implementers or users of this specification can) s -5 470 M -( be obtained from the IETF Secretariat.) s -5 448 M -( The IETF has been notified of intellectual property rights claimed in) s -5 437 M -( regard to some or all of the specification contained in this) s -5 426 M -( document. For more information consult the online list of claimed) s -5 415 M -( rights.) s -5 393 M -(Normative References) s -5 371 M -( [SSH-ARCH]) s -5 360 M -( Ylonen, T., "SSH Protocol Architecture", I-D) s -5 349 M -( draft-ietf-architecture-15.txt, Oct 2003.) s -5 327 M -( [SSH-TRANS]) s -5 316 M -( Ylonen, T., "SSH Transport Layer Protocol", I-D) s -5 305 M -( draft-ietf-transport-17.txt, Oct 2003.) s -5 283 M -( [SSH-USERAUTH]) s -5 272 M -( Ylonen, T., "SSH Authentication Protocol", I-D) s -5 261 M -( draft-ietf-userauth-18.txt, Oct 2003.) s -5 239 M -( [SSH-CONNECT]) s -5 228 M -( Ylonen, T., "SSH Connection Protocol", I-D) s -5 217 M -( draft-ietf-connect-18.txt, Oct 2003.) s -5 195 M -( [SSH-NUMBERS]) s -5 184 M -( Lehtinen, S. and D. Moffat, "SSH Protocol Assigned) s -5 173 M -( Numbers", I-D draft-ietf-secsh-assignednumbers-05.txt, Oct) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 19]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 20 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( 2003.) s -5 668 M -( [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate) s -5 657 M -( Requirement Levels", BCP 14, RFC 2119, March 1997.) s -5 635 M -(Informative References) s -5 613 M -( [RFC3066] Alvestrand, H., "Tags for the Identification of) s -5 602 M -( Languages", BCP 47, RFC 3066, January 2001.) s -5 580 M -( [RFC1884] Hinden, R. and S. Deering, "IP Version 6 Addressing) s -5 569 M -( Architecture", RFC 1884, December 1995.) s -5 547 M -( [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO) s -5 536 M -( 10646", RFC 2279, January 1998.) s -5 514 M -( [SCHEIFLER]) s -5 503 M -( Scheifler, R., "X Window System : The Complete Reference) s -5 492 M -( to Xlib, X Protocol, Icccm, Xlfd, 3rd edition.", Digital) s -5 481 M -( Press ISBN 1555580882, Feburary 1992.) s -5 459 M -( [POSIX] ISO/IEC, 9945-1., "Information technology -- Portable) s -5 448 M -( Operating System Interface \(POSIX\)-Part 1: System) s -5 437 M -( Application Program Interface \(API\) C Language", ANSI/IEE) s -5 426 M -( Std 1003.1, July 1996.) s -5 393 M -(Authors' Addresses) s -5 371 M -( Tatu Ylonen) s -5 360 M -( SSH Communications Security Corp) s -5 349 M -( Fredrikinkatu 42) s -5 338 M -( HELSINKI FIN-00100) s -5 327 M -( Finland) s -5 305 M -( EMail: ylo@ssh.com) s -5 272 M -( Darren J. Moffat \(editor\)) s -5 261 M -( Sun Microsystems, Inc) s -5 250 M -( 17 Network Circle) s -5 239 M -( Menlo Park CA 94025) s -5 228 M -( USA) s -5 206 M -( EMail: Darren.Moffat@Sun.COM) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 20]) s -_R -S -PStoPSsaved restore -%%Page: (20,21) 11 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 21 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -(Intellectual Property Statement) s -5 668 M -( The IETF takes no position regarding the validity or scope of any) s -5 657 M -( intellectual property or other rights that might be claimed to) s -5 646 M -( pertain to the implementation or use of the technology described in) s -5 635 M -( this document or the extent to which any license under such rights) s -5 624 M -( might or might not be available; neither does it represent that it) s -5 613 M -( has made any effort to identify any such rights. Information on the) s -5 602 M -( IETF's procedures with respect to rights in standards-track and) s -5 591 M -( standards-related documentation can be found in BCP-11. Copies of) s -5 580 M -( claims of rights made available for publication and any assurances of) s -5 569 M -( licenses to be made available, or the result of an attempt made to) s -5 558 M -( obtain a general license or permission for the use of such) s -5 547 M -( proprietary rights by implementors or users of this specification can) s -5 536 M -( be obtained from the IETF Secretariat.) s -5 514 M -( The IETF invites any interested party to bring to its attention any) s -5 503 M -( copyrights, patents or patent applications, or other proprietary) s -5 492 M -( rights which may cover technology that may be required to practice) s -5 481 M -( this standard. Please address the information to the IETF Executive) s -5 470 M -( Director.) s -5 448 M -( The IETF has been notified of intellectual property rights claimed in) s -5 437 M -( regard to some or all of the specification contained in this) s -5 426 M -( document. For more information consult the online list of claimed) s -5 415 M -( rights.) s -5 382 M -(Full Copyright Statement) s -5 360 M -( Copyright \(C\) The Internet Society \(2003\). All Rights Reserved.) s -5 338 M -( This document and translations of it may be copied and furnished to) s -5 327 M -( others, and derivative works that comment on or otherwise explain it) s -5 316 M -( or assist in its implementation may be prepared, copied, published) s -5 305 M -( and distributed, in whole or in part, without restriction of any) s -5 294 M -( kind, provided that the above copyright notice and this paragraph are) s -5 283 M -( included on all such copies and derivative works. However, this) s -5 272 M -( document itself may not be modified in any way, such as by removing) s -5 261 M -( the copyright notice or references to the Internet Society or other) s -5 250 M -( Internet organizations, except as needed for the purpose of) s -5 239 M -( developing Internet standards in which case the procedures for) s -5 228 M -( copyrights defined in the Internet Standards process must be) s -5 217 M -( followed, or as required to translate it into languages other than) s -5 206 M -( English.) s -5 184 M -( The limited permissions granted above are perpetual and will not be) s -5 173 M -( revoked by the Internet Society or its successors or assignees.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 21]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 22 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Connection Protocol Oct 2003) s -5 690 M -( This document and the information contained herein is provided on an) s -5 679 M -( "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING) s -5 668 M -( TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING) s -5 657 M -( BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION) s -5 646 M -( HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF) s -5 635 M -( MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.) s -5 602 M -(Acknowledgment) s -5 580 M -( Funding for the RFC Editor function is currently provided by the) s -5 569 M -( Internet Society.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 22]) s -_R -S -PStoPSsaved restore -%%Trailer -%%Pages: 22 -%%DocumentNeededResources: font Courier-Bold Courier -%%EOF diff --git a/lib/ssh/doc/standard/draft-ietf-secsh-connect-18.txt b/lib/ssh/doc/standard/draft-ietf-secsh-connect-18.txt deleted file mode 100644 index 1cb8ad6409..0000000000 --- a/lib/ssh/doc/standard/draft-ietf-secsh-connect-18.txt +++ /dev/null @@ -1,1232 +0,0 @@ - - - -Network Working Group T. Ylonen -Internet-Draft SSH Communications Security Corp -Expires: March 31, 2004 D. Moffat, Editor, Ed. - Sun Microsystems, Inc - Oct 2003 - - - SSH Connection Protocol - draft-ietf-secsh-connect-18.txt - -Status of this Memo - - This document is an Internet-Draft and is in full conformance with - all provisions of Section 10 of RFC2026. - - Internet-Drafts are working documents of the Internet Engineering - Task Force (IETF), its areas, and its working groups. Note that other - groups may also distribute working documents as Internet-Drafts. - - Internet-Drafts are draft documents valid for a maximum of six months - and may be updated, replaced, or obsoleted by other documents at any - time. It is inappropriate to use Internet-Drafts as reference - material or to cite them other than as "work in progress." - - The list of current Internet-Drafts can be accessed at http:// - www.ietf.org/ietf/1id-abstracts.txt. - - The list of Internet-Draft Shadow Directories can be accessed at - http://www.ietf.org/shadow.html. - - This Internet-Draft will expire on March 31, 2004. - -Copyright Notice - - Copyright (C) The Internet Society (2003). All Rights Reserved. - -Abstract - - SSH is a protocol for secure remote login and other secure network - services over an insecure network. - - This document describes the SSH Connection Protocol. It provides - interactive login sessions, remote execution of commands, forwarded - TCP/IP connections, and forwarded X11 connections. All of these - channels are multiplexed into a single encrypted tunnel. - - The SSH Connection Protocol has been designed to run on top of the - SSH transport layer and user authentication protocols. - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 1] - -Internet-Draft SSH Connection Protocol Oct 2003 - - -Table of Contents - - 1. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 3 - 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 - 3. Conventions Used in This Document . . . . . . . . . . . . . 3 - 4. Global Requests . . . . . . . . . . . . . . . . . . . . . . 3 - 5. Channel Mechanism . . . . . . . . . . . . . . . . . . . . . 4 - 5.1 Opening a Channel . . . . . . . . . . . . . . . . . . . . . 4 - 5.2 Data Transfer . . . . . . . . . . . . . . . . . . . . . . . 5 - 5.3 Closing a Channel . . . . . . . . . . . . . . . . . . . . . 6 - 5.4 Channel-Specific Requests . . . . . . . . . . . . . . . . . 7 - 6. Interactive Sessions . . . . . . . . . . . . . . . . . . . . 8 - 6.1 Opening a Session . . . . . . . . . . . . . . . . . . . . . 8 - 6.2 Requesting a Pseudo-Terminal . . . . . . . . . . . . . . . . 8 - 6.3 X11 Forwarding . . . . . . . . . . . . . . . . . . . . . . . 9 - 6.3.1 Requesting X11 Forwarding . . . . . . . . . . . . . . . . . 9 - 6.3.2 X11 Channels . . . . . . . . . . . . . . . . . . . . . . . . 10 - 6.4 Environment Variable Passing . . . . . . . . . . . . . . . . 10 - 6.5 Starting a Shell or a Command . . . . . . . . . . . . . . . 10 - 6.6 Session Data Transfer . . . . . . . . . . . . . . . . . . . 11 - 6.7 Window Dimension Change Message . . . . . . . . . . . . . . 12 - 6.8 Local Flow Control . . . . . . . . . . . . . . . . . . . . . 12 - 6.9 Signals . . . . . . . . . . . . . . . . . . . . . . . . . . 12 - 6.10 Returning Exit Status . . . . . . . . . . . . . . . . . . . 13 - 7. TCP/IP Port Forwarding . . . . . . . . . . . . . . . . . . . 14 - 7.1 Requesting Port Forwarding . . . . . . . . . . . . . . . . . 14 - 7.2 TCP/IP Forwarding Channels . . . . . . . . . . . . . . . . . 15 - 8. Encoding of Terminal Modes . . . . . . . . . . . . . . . . . 16 - 9. Summary of Message Numbers . . . . . . . . . . . . . . . . . 18 - 10. Security Considerations . . . . . . . . . . . . . . . . . . 18 - 11. iana cONSiderations . . . . . . . . . . . . . . . . . . . . 19 - 12. Intellectual Property . . . . . . . . . . . . . . . . . . . 19 - Normative References . . . . . . . . . . . . . . . . . . . . 19 - Informative References . . . . . . . . . . . . . . . . . . . 20 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 20 - Intellectual Property and Copyright Statements . . . . . . . 21 - - - - - - - - - - - - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 2] - -Internet-Draft SSH Connection Protocol Oct 2003 - - -1. Contributors - - The major original contributors of this document were: Tatu Ylonen, - Tero Kivinen, Timo J. Rinne, Sami Lehtinen (all of SSH Communications - Security Corp), and Markku-Juhani O. Saarinen (University of - Jyvaskyla) - - The document editor is: Darren.Moffat@Sun.COM. Comments on this - internet draft should be sent to the IETF SECSH working group, - details at: http://ietf.org/html.charters/secsh-charter.html - -2. Introduction - - The SSH Connection Protocol has been designed to run on top of the - SSH transport layer and user authentication protocols. It provides - interactive login sessions, remote execution of commands, forwarded - TCP/IP connections, and forwarded X11 connections. The service name - for this protocol is "ssh-connection". - - This document should be read only after reading the SSH architecture - document [SSH-ARCH]. This document freely uses terminology and - notation from the architecture document without reference or further - explanation. - -3. Conventions Used in This Document - - The keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", - and "MAY" that appear in this document are to be interpreted as - described in [RFC2119]. - - The used data types and terminology are specified in the architecture - document [SSH-ARCH]. - - The architecture document also discusses the algorithm naming - conventions that MUST be used with the SSH protocols. - -4. Global Requests - - There are several kinds of requests that affect the state of the - remote end "globally", independent of any channels. An example is a - request to start TCP/IP forwarding for a specific port. All such - requests use the following format. - - byte SSH_MSG_GLOBAL_REQUEST - string request name (restricted to US-ASCII) - boolean want reply - ... request-specific data follows - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 3] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - Request names follow the DNS extensibility naming convention outlined - in [SSH-ARCH]. - - The recipient will respond to this message with - SSH_MSG_REQUEST_SUCCESS or SSH_MSG_REQUEST_FAILURE if `want reply' is - TRUE. - - byte SSH_MSG_REQUEST_SUCCESS - ..... response specific data - - Usually the response specific data is non-existent. - - If the recipient does not recognize or support the request, it simply - responds with SSH_MSG_REQUEST_FAILURE. - - byte SSH_MSG_REQUEST_FAILURE - - -5. Channel Mechanism - - All terminal sessions, forwarded connections, etc. are channels. - Either side may open a channel. Multiple channels are multiplexed - into a single connection. - - Channels are identified by numbers at each end. The number referring - to a channel may be different on each side. Requests to open a - channel contain the sender's channel number. Any other - channel-related messages contain the recipient's channel number for - the channel. - - Channels are flow-controlled. No data may be sent to a channel until - a message is received to indicate that window space is available. - -5.1 Opening a Channel - - When either side wishes to open a new channel, it allocates a local - number for the channel. It then sends the following message to the - other side, and includes the local channel number and initial window - size in the message. - - byte SSH_MSG_CHANNEL_OPEN - string channel type (restricted to US-ASCII) - uint32 sender channel - uint32 initial window size - uint32 maximum packet size - ... channel type specific data follows - - The channel type is a name as described in the SSH architecture - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 4] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - document, with similar extension mechanisms. `sender channel' is a - local identifier for the channel used by the sender of this message. - `initial window size' specifies how many bytes of channel data can be - sent to the sender of this message without adjusting the window. - `Maximum packet size' specifies the maximum size of an individual - data packet that can be sent to the sender (for example, one might - want to use smaller packets for interactive connections to get better - interactive response on slow links). - - The remote side then decides whether it can open the channel, and - responds with either - - byte SSH_MSG_CHANNEL_OPEN_CONFIRMATION - uint32 recipient channel - uint32 sender channel - uint32 initial window size - uint32 maximum packet size - ... channel type specific data follows - - where `recipient channel' is the channel number given in the original - open request, and `sender channel' is the channel number allocated by - the other side, or - - byte SSH_MSG_CHANNEL_OPEN_FAILURE - uint32 recipient channel - uint32 reason code - string additional textual information (ISO-10646 UTF-8 [RFC2279]) - string language tag (as defined in [RFC3066]) - - If the recipient of the SSH_MSG_CHANNEL_OPEN message does not support - the specified channel type, it simply responds with - SSH_MSG_CHANNEL_OPEN_FAILURE. The client MAY show the additional - information to the user. If this is done, the client software should - take the precautions discussed in [SSH-ARCH]. - - The following reason codes are defined: - - #define SSH_OPEN_ADMINISTRATIVELY_PROHIBITED 1 - #define SSH_OPEN_CONNECT_FAILED 2 - #define SSH_OPEN_UNKNOWN_CHANNEL_TYPE 3 - #define SSH_OPEN_RESOURCE_SHORTAGE 4 - - -5.2 Data Transfer - - The window size specifies how many bytes the other party can send - before it must wait for the window to be adjusted. Both parties use - the following message to adjust the window. - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 5] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - byte SSH_MSG_CHANNEL_WINDOW_ADJUST - uint32 recipient channel - uint32 bytes to add - - After receiving this message, the recipient MAY send the given number - of bytes more than it was previously allowed to send; the window size - is incremented. - - Data transfer is done with messages of the following type. - - byte SSH_MSG_CHANNEL_DATA - uint32 recipient channel - string data - - The maximum amount of data allowed is the current window size. The - window size is decremented by the amount of data sent. Both parties - MAY ignore all extra data sent after the allowed window is empty. - - Additionally, some channels can transfer several types of data. An - example of this is stderr data from interactive sessions. Such data - can be passed with SSH_MSG_CHANNEL_EXTENDED_DATA messages, where a - separate integer specifies the type of the data. The available types - and their interpretation depend on the type of the channel. - - byte SSH_MSG_CHANNEL_EXTENDED_DATA - uint32 recipient_channel - uint32 data_type_code - string data - - Data sent with these messages consumes the same window as ordinary - data. - - Currently, only the following type is defined. - - #define SSH_EXTENDED_DATA_STDERR 1 - - -5.3 Closing a Channel - - When a party will no longer send more data to a channel, it SHOULD - send SSH_MSG_CHANNEL_EOF. - - byte SSH_MSG_CHANNEL_EOF - uint32 recipient_channel - - No explicit response is sent to this message; however, the - application may send EOF to whatever is at the other end of the - channel. Note that the channel remains open after this message, and - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 6] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - more data may still be sent in the other direction. This message - does not consume window space and can be sent even if no window space - is available. - - When either party wishes to terminate the channel, it sends - SSH_MSG_CHANNEL_CLOSE. Upon receiving this message, a party MUST - send back a SSH_MSG_CHANNEL_CLOSE unless it has already sent this - message for the channel. The channel is considered closed for a - party when it has both sent and received SSH_MSG_CHANNEL_CLOSE, and - the party may then reuse the channel number. A party MAY send - SSH_MSG_CHANNEL_CLOSE without having sent or received - SSH_MSG_CHANNEL_EOF. - - byte SSH_MSG_CHANNEL_CLOSE - uint32 recipient_channel - - This message does not consume window space and can be sent even if no - window space is available. - - It is recommended that any data sent before this message is delivered - to the actual destination, if possible. - -5.4 Channel-Specific Requests - - Many channel types have extensions that are specific to that - particular channel type. An example is requesting a pty (pseudo - terminal) for an interactive session. - - All channel-specific requests use the following format. - - byte SSH_MSG_CHANNEL_REQUEST - uint32 recipient channel - string request type (restricted to US-ASCII) - boolean want reply - ... type-specific data - - If want reply is FALSE, no response will be sent to the request. - Otherwise, the recipient responds with either SSH_MSG_CHANNEL_SUCCESS - or SSH_MSG_CHANNEL_FAILURE, or request-specific continuation - messages. If the request is not recognized or is not supported for - the channel, SSH_MSG_CHANNEL_FAILURE is returned. - - This message does not consume window space and can be sent even if no - window space is available. Request types are local to each channel - type. - - The client is allowed to send further messages without waiting for - the response to the request. - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 7] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - request type names follow the DNS extensibility naming convention - outlined in [SSH-ARCH] - - byte SSH_MSG_CHANNEL_SUCCESS - uint32 recipient_channel - - - byte SSH_MSG_CHANNEL_FAILURE - uint32 recipient_channel - - These messages do not consume window space and can be sent even if no - window space is available. - -6. Interactive Sessions - - A session is a remote execution of a program. The program may be a - shell, an application, a system command, or some built-in subsystem. - It may or may not have a tty, and may or may not involve X11 - forwarding. Multiple sessions can be active simultaneously. - -6.1 Opening a Session - - A session is started by sending the following message. - - byte SSH_MSG_CHANNEL_OPEN - string "session" - uint32 sender channel - uint32 initial window size - uint32 maximum packet size - - Client implementations SHOULD reject any session channel open - requests to make it more difficult for a corrupt server to attack the - client. - -6.2 Requesting a Pseudo-Terminal - - A pseudo-terminal can be allocated for the session by sending the - following message. - - byte SSH_MSG_CHANNEL_REQUEST - uint32 recipient_channel - string "pty-req" - boolean want_reply - string TERM environment variable value (e.g., vt100) - uint32 terminal width, characters (e.g., 80) - uint32 terminal height, rows (e.g., 24) - uint32 terminal width, pixels (e.g., 640) - uint32 terminal height, pixels (e.g., 480) - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 8] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - string encoded terminal modes - - The encoding of terminal modes is described in Section Encoding of - Terminal Modes (Section 8). Zero dimension parameters MUST be - ignored. The character/row dimensions override the pixel dimensions - (when nonzero). Pixel dimensions refer to the drawable area of the - window. - - The dimension parameters are only informational. - - The client SHOULD ignore pty requests. - -6.3 X11 Forwarding - -6.3.1 Requesting X11 Forwarding - - X11 forwarding may be requested for a session by sending - - byte SSH_MSG_CHANNEL_REQUEST - uint32 recipient channel - string "x11-req" - boolean want reply - boolean single connection - string x11 authentication protocol - string x11 authentication cookie - uint32 x11 screen number - - It is recommended that the authentication cookie that is sent be a - fake, random cookie, and that the cookie is checked and replaced by - the real cookie when a connection request is received. - - X11 connection forwarding should stop when the session channel is - closed; however, already opened forwardings should not be - automatically closed when the session channel is closed. - - If `single connection' is TRUE, only a single connection should be - forwarded. No more connections will be forwarded after the first, or - after the session channel has been closed. - - The "x11 authentication protocol" is the name of the X11 - authentication method used, e.g. "MIT-MAGIC-COOKIE-1". - - The x11 authentication cookie MUST be hexadecimal encoded. - - X Protocol is documented in [SCHEIFLER]. - - - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 9] - -Internet-Draft SSH Connection Protocol Oct 2003 - - -6.3.2 X11 Channels - - X11 channels are opened with a channel open request. The resulting - channels are independent of the session, and closing the session - channel does not close the forwarded X11 channels. - - byte SSH_MSG_CHANNEL_OPEN - string "x11" - uint32 sender channel - uint32 initial window size - uint32 maximum packet size - string originator address (e.g. "192.168.7.38") - uint32 originator port - - The recipient should respond with SSH_MSG_CHANNEL_OPEN_CONFIRMATION - or SSH_MSG_CHANNEL_OPEN_FAILURE. - - Implementations MUST reject any X11 channel open requests if they - have not requested X11 forwarding. - -6.4 Environment Variable Passing - - Environment variables may be passed to the shell/command to be - started later. Uncontrolled setting of environment variables in a - privileged process can be a security hazard. It is recommended that - implementations either maintain a list of allowable variable names or - only set environment variables after the server process has dropped - sufficient privileges. - - byte SSH_MSG_CHANNEL_REQUEST - uint32 recipient channel - string "env" - boolean want reply - string variable name - string variable value - - -6.5 Starting a Shell or a Command - - Once the session has been set up, a program is started at the remote - end. The program can be a shell, an application program or a - subsystem with a host-independent name. Only one of these requests - can succeed per channel. - - byte SSH_MSG_CHANNEL_REQUEST - uint32 recipient channel - string "shell" - boolean want reply - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 10] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - This message will request the user's default shell (typically defined - in /etc/passwd in UNIX systems) to be started at the other end. - - byte SSH_MSG_CHANNEL_REQUEST - uint32 recipient channel - string "exec" - boolean want reply - string command - - This message will request the server to start the execution of the - given command. The command string may contain a path. Normal - precautions MUST be taken to prevent the execution of unauthorized - commands. - - byte SSH_MSG_CHANNEL_REQUEST - uint32 recipient channel - string "subsystem" - boolean want reply - string subsystem name - - This last form executes a predefined subsystem. It is expected that - these will include a general file transfer mechanism, and possibly - other features. Implementations may also allow configuring more such - mechanisms. As the user's shell is usually used to execute the - subsystem, it is advisable for the subsystem protocol to have a - "magic cookie" at the beginning of the protocol transaction to - distinguish it from arbitrary output generated by shell - initialization scripts etc. This spurious output from the shell may - be filtered out either at the server or at the client. - - The server SHOULD not halt the execution of the protocol stack when - starting a shell or a program. All input and output from these SHOULD - be redirected to the channel or to the encrypted tunnel. - - It is RECOMMENDED to request and check the reply for these messages. - The client SHOULD ignore these messages. - - Subsystem names follow the DNS extensibility naming convention - outlined in [SSH-ARCH]. - -6.6 Session Data Transfer - - Data transfer for a session is done using SSH_MSG_CHANNEL_DATA and - SSH_MSG_CHANNEL_EXTENDED_DATA packets and the window mechanism. The - extended data type SSH_EXTENDED_DATA_STDERR has been defined for - stderr data. - - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 11] - -Internet-Draft SSH Connection Protocol Oct 2003 - - -6.7 Window Dimension Change Message - - When the window (terminal) size changes on the client side, it MAY - send a message to the other side to inform it of the new dimensions. - - byte SSH_MSG_CHANNEL_REQUEST - uint32 recipient_channel - string "window-change" - boolean FALSE - uint32 terminal width, columns - uint32 terminal height, rows - uint32 terminal width, pixels - uint32 terminal height, pixels - - No response SHOULD be sent to this message. - -6.8 Local Flow Control - - On many systems, it is possible to determine if a pseudo-terminal is - using control-S/control-Q flow control. When flow control is - allowed, it is often desirable to do the flow control at the client - end to speed up responses to user requests. This is facilitated by - the following notification. Initially, the server is responsible for - flow control. (Here, again, client means the side originating the - session, and server means the other side.) - - The message below is used by the server to inform the client when it - can or cannot perform flow control (control-S/control-Q processing). - If `client can do' is TRUE, the client is allowed to do flow control - using control-S and control-Q. The client MAY ignore this message. - - byte SSH_MSG_CHANNEL_REQUEST - uint32 recipient channel - string "xon-xoff" - boolean FALSE - boolean client can do - - No response is sent to this message. - -6.9 Signals - - A signal can be delivered to the remote process/service using the - following message. Some systems may not implement signals, in which - case they SHOULD ignore this message. - - byte SSH_MSG_CHANNEL_REQUEST - uint32 recipient channel - string "signal" - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 12] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - boolean FALSE - string signal name without the "SIG" prefix. - - Signal names will be encoded as discussed in the "exit-signal" - SSH_MSG_CHANNEL_REQUEST. - -6.10 Returning Exit Status - - When the command running at the other end terminates, the following - message can be sent to return the exit status of the command. - Returning the status is RECOMMENDED. No acknowledgment is sent for - this message. The channel needs to be closed with - SSH_MSG_CHANNEL_CLOSE after this message. - - The client MAY ignore these messages. - - byte SSH_MSG_CHANNEL_REQUEST - uint32 recipient_channel - string "exit-status" - boolean FALSE - uint32 exit_status - - The remote command may also terminate violently due to a signal. - Such a condition can be indicated by the following message. A zero - exit_status usually means that the command terminated successfully. - - byte SSH_MSG_CHANNEL_REQUEST - uint32 recipient channel - string "exit-signal" - boolean FALSE - string signal name without the "SIG" prefix. - boolean core dumped - string error message (ISO-10646 UTF-8) - string language tag (as defined in [RFC3066]) - - The signal name is one of the following (these are from [POSIX]) - - ABRT - ALRM - FPE - HUP - ILL - INT - KILL - PIPE - QUIT - SEGV - TERM - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 13] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - USR1 - USR2 - - Additional signal names MAY be sent in the format "sig-name@xyz", - where `sig-name' and `xyz' may be anything a particular implementor - wants (except the `@' sign). However, it is suggested that if a - `configure' script is used, the non-standard signal names it finds be - encoded as "SIG@xyz.config.guess", where `SIG' is the signal name - without the "SIG" prefix, and `xyz' be the host type, as determined - by `config.guess'. - - The `error message' contains an additional explanation of the error - message. The message may consist of multiple lines. The client - software MAY display this message to the user. If this is done, the - client software should take the precautions discussed in [SSH-ARCH]. - -7. TCP/IP Port Forwarding - -7.1 Requesting Port Forwarding - - A party need not explicitly request forwardings from its own end to - the other direction. However, if it wishes that connections to a - port on the other side be forwarded to the local side, it must - explicitly request this. - - - byte SSH_MSG_GLOBAL_REQUEST - string "tcpip-forward" - boolean want reply - string address to bind (e.g. "0.0.0.0") - uint32 port number to bind - - `Address to bind' and `port number to bind' specify the IP address - and port to which the socket to be listened is bound. The address - should be "0.0.0.0" if connections are allowed from anywhere. (Note - that the client can still filter connections based on information - passed in the open request.) - - Implementations should only allow forwarding privileged ports if the - user has been authenticated as a privileged user. - - Client implementations SHOULD reject these messages; they are - normally only sent by the client. - - - If a client passes 0 as port number to bind and has want reply TRUE - then the server allocates the next available unprivileged port number - and replies with the following message, otherwise there is no - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 14] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - response specific data. - - - byte SSH_MSG_GLOBAL_REQUEST_SUCCESS - uint32 port that was bound on the server - - A port forwarding can be cancelled with the following message. Note - that channel open requests may be received until a reply to this - message is received. - - byte SSH_MSG_GLOBAL_REQUEST - string "cancel-tcpip-forward" - boolean want reply - string address_to_bind (e.g. "127.0.0.1") - uint32 port number to bind - - Client implementations SHOULD reject these messages; they are - normally only sent by the client. - -7.2 TCP/IP Forwarding Channels - - When a connection comes to a port for which remote forwarding has - been requested, a channel is opened to forward the port to the other - side. - - byte SSH_MSG_CHANNEL_OPEN - string "forwarded-tcpip" - uint32 sender channel - uint32 initial window size - uint32 maximum packet size - string address that was connected - uint32 port that was connected - string originator IP address - uint32 originator port - - Implementations MUST reject these messages unless they have - previously requested a remote TCP/IP port forwarding with the given - port number. - - When a connection comes to a locally forwarded TCP/IP port, the - following packet is sent to the other side. Note that these messages - MAY be sent also for ports for which no forwarding has been - explicitly requested. The receiving side must decide whether to - allow the forwarding. - - byte SSH_MSG_CHANNEL_OPEN - string "direct-tcpip" - uint32 sender channel - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 15] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - uint32 initial window size - uint32 maximum packet size - string host to connect - uint32 port to connect - string originator IP address - uint32 originator port - - `Host to connect' and `port to connect' specify the TCP/IP host and - port where the recipient should connect the channel. `Host to - connect' may be either a domain name or a numeric IP address. - - `Originator IP address' is the numeric IP address of the machine - where the connection request comes from, and `originator port' is the - port on the originator host from where the connection came from. - - Forwarded TCP/IP channels are independent of any sessions, and - closing a session channel does not in any way imply that forwarded - connections should be closed. - - Client implementations SHOULD reject direct TCP/IP open requests for - security reasons. - -8. Encoding of Terminal Modes - - Terminal modes (as passed in a pty request) are encoded into a byte - stream. It is intended that the coding be portable across different - environments. - - The tty mode description is a stream of bytes. The stream consists - of opcode-argument pairs. It is terminated by opcode TTY_OP_END (0). - Opcodes 1 to 159 have a single uint32 argument. Opcodes 160 to 255 - are not yet defined, and cause parsing to stop (they should only be - used after any other data). - - The client SHOULD put in the stream any modes it knows about, and the - server MAY ignore any modes it does not know about. This allows some - degree of machine-independence, at least between systems that use a - POSIX-like tty interface. The protocol can support other systems as - well, but the client may need to fill reasonable values for a number - of parameters so the server pty gets set to a reasonable mode (the - server leaves all unspecified mode bits in their default values, and - only some combinations make sense). - - The following opcodes have been defined. The naming of opcodes - mostly follows the POSIX terminal mode flags. - - 0 TTY_OP_END Indicates end of options. - 1 VINTR Interrupt character; 255 if none. Similarly for the - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 16] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - other characters. Not all of these characters are - supported on all systems. - 2 VQUIT The quit character (sends SIGQUIT signal on POSIX - systems). - 3 VERASE Erase the character to left of the cursor. - 4 VKILL Kill the current input line. - 5 VEOF End-of-file character (sends EOF from the terminal). - 6 VEOL End-of-line character in addition to carriage return - and/or linefeed. - 7 VEOL2 Additional end-of-line character. - 8 VSTART Continues paused output (normally control-Q). - 9 VSTOP Pauses output (normally control-S). - 10 VSUSP Suspends the current program. - 11 VDSUSP Another suspend character. - 12 VREPRINT Reprints the current input line. - 13 VWERASE Erases a word left of cursor. - 14 VLNEXT Enter the next character typed literally, even if it - is a special character - 15 VFLUSH Character to flush output. - 16 VSWTCH Switch to a different shell layer. - 17 VSTATUS Prints system status line (load, command, pid etc). - 18 VDISCARD Toggles the flushing of terminal output. - 30 IGNPAR The ignore parity flag. The parameter SHOULD be 0 if - this flag is FALSE set, and 1 if it is TRUE. - 31 PARMRK Mark parity and framing errors. - 32 INPCK Enable checking of parity errors. - 33 ISTRIP Strip 8th bit off characters. - 34 INLCR Map NL into CR on input. - 35 IGNCR Ignore CR on input. - 36 ICRNL Map CR to NL on input. - 37 IUCLC Translate uppercase characters to lowercase. - 38 IXON Enable output flow control. - 39 IXANY Any char will restart after stop. - 40 IXOFF Enable input flow control. - 41 IMAXBEL Ring bell on input queue full. - 50 ISIG Enable signals INTR, QUIT, [D]SUSP. - 51 ICANON Canonicalize input lines. - 52 XCASE Enable input and output of uppercase characters by - preceding their lowercase equivalents with `\'. - 53 ECHO Enable echoing. - 54 ECHOE Visually erase chars. - 55 ECHOK Kill character discards current line. - 56 ECHONL Echo NL even if ECHO is off. - 57 NOFLSH Don't flush after interrupt. - 58 TOSTOP Stop background jobs from output. - 59 IEXTEN Enable extensions. - 60 ECHOCTL Echo control characters as ^(Char). - 61 ECHOKE Visual erase for line kill. - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 17] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - 62 PENDIN Retype pending input. - 70 OPOST Enable output processing. - 71 OLCUC Convert lowercase to uppercase. - 72 ONLCR Map NL to CR-NL. - 73 OCRNL Translate carriage return to newline (output). - 74 ONOCR Translate newline to carriage return-newline - (output). - 75 ONLRET Newline performs a carriage return (output). - 90 CS7 7 bit mode. - 91 CS8 8 bit mode. - 92 PARENB Parity enable. - 93 PARODD Odd parity, else even. - - 128 TTY_OP_ISPEED Specifies the input baud rate in bits per second. - 129 TTY_OP_OSPEED Specifies the output baud rate in bits per second. - - -9. Summary of Message Numbers - - #define SSH_MSG_GLOBAL_REQUEST 80 - #define SSH_MSG_REQUEST_SUCCESS 81 - #define SSH_MSG_REQUEST_FAILURE 82 - #define SSH_MSG_CHANNEL_OPEN 90 - #define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 91 - #define SSH_MSG_CHANNEL_OPEN_FAILURE 92 - #define SSH_MSG_CHANNEL_WINDOW_ADJUST 93 - #define SSH_MSG_CHANNEL_DATA 94 - #define SSH_MSG_CHANNEL_EXTENDED_DATA 95 - #define SSH_MSG_CHANNEL_EOF 96 - #define SSH_MSG_CHANNEL_CLOSE 97 - #define SSH_MSG_CHANNEL_REQUEST 98 - #define SSH_MSG_CHANNEL_SUCCESS 99 - #define SSH_MSG_CHANNEL_FAILURE 100 - - -10. Security Considerations - - This protocol is assumed to run on top of a secure, authenticated - transport. User authentication and protection against network-level - attacks are assumed to be provided by the underlying protocols. - - It is RECOMMENDED that implementations disable all the potentially - dangerous features (e.g. agent forwarding, X11 forwarding, and TCP/IP - forwarding) if the host key has changed. - - Full security considerations for this protocol are provided in - Section 8 of [SSH-ARCH] - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 18] - -Internet-Draft SSH Connection Protocol Oct 2003 - - -11. iana cONSiderations - - This document is part of a set, the IANA considerations for the SSH - protocol as defined in [SSH-ARCH], [SSH-TRANS], [SSH-USERAUTH], - [SSH-CONNECT] are detailed in [SSH-NUMBERS]. - -12. Intellectual Property - - The IETF takes no position regarding the validity or scope of any - intellectual property or other rights that might be claimed to - pertain to the implementation or use of the technology described in - this document or the extent to which any license under such rights - might or might not be available; neither does it represent that it - has made any effort to identify any such rights. Information on the - IETF's procedures with respect to rights in standards-track and - standards-related documentation can be found in BCP-11. Copies of - claims of rights made available for publication and any assurances of - licenses to be made available, or the result of an attempt made to - obtain a general license or permission for the use of such - proprietary rights by implementers or users of this specification can - be obtained from the IETF Secretariat. - - The IETF has been notified of intellectual property rights claimed in - regard to some or all of the specification contained in this - document. For more information consult the online list of claimed - rights. - -Normative References - - [SSH-ARCH] - Ylonen, T., "SSH Protocol Architecture", I-D - draft-ietf-architecture-15.txt, Oct 2003. - - [SSH-TRANS] - Ylonen, T., "SSH Transport Layer Protocol", I-D - draft-ietf-transport-17.txt, Oct 2003. - - [SSH-USERAUTH] - Ylonen, T., "SSH Authentication Protocol", I-D - draft-ietf-userauth-18.txt, Oct 2003. - - [SSH-CONNECT] - Ylonen, T., "SSH Connection Protocol", I-D - draft-ietf-connect-18.txt, Oct 2003. - - [SSH-NUMBERS] - Lehtinen, S. and D. Moffat, "SSH Protocol Assigned - Numbers", I-D draft-ietf-secsh-assignednumbers-05.txt, Oct - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 19] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - 2003. - - [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate - Requirement Levels", BCP 14, RFC 2119, March 1997. - -Informative References - - [RFC3066] Alvestrand, H., "Tags for the Identification of - Languages", BCP 47, RFC 3066, January 2001. - - [RFC1884] Hinden, R. and S. Deering, "IP Version 6 Addressing - Architecture", RFC 1884, December 1995. - - [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO - 10646", RFC 2279, January 1998. - - [SCHEIFLER] - Scheifler, R., "X Window System : The Complete Reference - to Xlib, X Protocol, Icccm, Xlfd, 3rd edition.", Digital - Press ISBN 1555580882, Feburary 1992. - - [POSIX] ISO/IEC, 9945-1., "Information technology -- Portable - Operating System Interface (POSIX)-Part 1: System - Application Program Interface (API) C Language", ANSI/IEE - Std 1003.1, July 1996. - - -Authors' Addresses - - Tatu Ylonen - SSH Communications Security Corp - Fredrikinkatu 42 - HELSINKI FIN-00100 - Finland - - EMail: ylo@ssh.com - - - Darren J. Moffat (editor) - Sun Microsystems, Inc - 17 Network Circle - Menlo Park CA 94025 - USA - - EMail: Darren.Moffat@Sun.COM - - - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 20] - -Internet-Draft SSH Connection Protocol Oct 2003 - - -Intellectual Property Statement - - The IETF takes no position regarding the validity or scope of any - intellectual property or other rights that might be claimed to - pertain to the implementation or use of the technology described in - this document or the extent to which any license under such rights - might or might not be available; neither does it represent that it - has made any effort to identify any such rights. Information on the - IETF's procedures with respect to rights in standards-track and - standards-related documentation can be found in BCP-11. Copies of - claims of rights made available for publication and any assurances of - licenses to be made available, or the result of an attempt made to - obtain a general license or permission for the use of such - proprietary rights by implementors or users of this specification can - be obtained from the IETF Secretariat. - - The IETF invites any interested party to bring to its attention any - copyrights, patents or patent applications, or other proprietary - rights which may cover technology that may be required to practice - this standard. Please address the information to the IETF Executive - Director. - - The IETF has been notified of intellectual property rights claimed in - regard to some or all of the specification contained in this - document. For more information consult the online list of claimed - rights. - - -Full Copyright Statement - - Copyright (C) The Internet Society (2003). All Rights Reserved. - - This document and translations of it may be copied and furnished to - others, and derivative works that comment on or otherwise explain it - or assist in its implementation may be prepared, copied, published - and distributed, in whole or in part, without restriction of any - kind, provided that the above copyright notice and this paragraph are - included on all such copies and derivative works. However, this - document itself may not be modified in any way, such as by removing - the copyright notice or references to the Internet Society or other - Internet organizations, except as needed for the purpose of - developing Internet standards in which case the procedures for - copyrights defined in the Internet Standards process must be - followed, or as required to translate it into languages other than - English. - - The limited permissions granted above are perpetual and will not be - revoked by the Internet Society or its successors or assignees. - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 21] - -Internet-Draft SSH Connection Protocol Oct 2003 - - - This document and the information contained herein is provided on an - "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING - TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION - HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF - MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - -Acknowledgment - - Funding for the RFC Editor function is currently provided by the - Internet Society. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 22] \ No newline at end of file diff --git a/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-02.2.ps b/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-02.2.ps deleted file mode 100644 index 06c91bf8cd..0000000000 --- a/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-02.2.ps +++ /dev/null @@ -1,2853 +0,0 @@ -%!PS-Adobe-3.0 -%%BoundingBox: 75 0 595 747 -%%Title: Enscript Output -%%For: Magnus Thoang -%%Creator: GNU enscript 1.6.1 -%%CreationDate: Wed Nov 12 12:26:07 2003 -%%Orientation: Portrait -%%Pages: 15 0 -%%DocumentMedia: A4 595 842 0 () () -%%DocumentNeededResources: (atend) -%%EndComments -%%BeginProlog -%%BeginProcSet: PStoPS 1 15 -userdict begin -[/showpage/erasepage/copypage]{dup where{pop dup load - type/operatortype eq{1 array cvx dup 0 3 index cvx put - bind def}{pop}ifelse}{pop}ifelse}forall -[/letter/legal/executivepage/a4/a4small/b5/com10envelope - /monarchenvelope/c5envelope/dlenvelope/lettersmall/note - /folio/quarto/a5]{dup where{dup wcheck{exch{}put} - {pop{}def}ifelse}{pop}ifelse}forall -/setpagedevice {pop}bind 1 index where{dup wcheck{3 1 roll put} - {pop def}ifelse}{def}ifelse -/PStoPSmatrix matrix currentmatrix def -/PStoPSxform matrix def/PStoPSclip{clippath}def -/defaultmatrix{PStoPSmatrix exch PStoPSxform exch concatmatrix}bind def -/initmatrix{matrix defaultmatrix setmatrix}bind def -/initclip[{matrix currentmatrix PStoPSmatrix setmatrix - [{currentpoint}stopped{$error/newerror false put{newpath}} - {/newpath cvx 3 1 roll/moveto cvx 4 array astore cvx}ifelse] - {[/newpath cvx{/moveto cvx}{/lineto cvx} - {/curveto cvx}{/closepath cvx}pathforall]cvx exch pop} - stopped{$error/errorname get/invalidaccess eq{cleartomark - $error/newerror false put cvx exec}{stop}ifelse}if}bind aload pop - /initclip dup load dup type dup/operatortype eq{pop exch pop} - {dup/arraytype eq exch/packedarraytype eq or - {dup xcheck{exch pop aload pop}{pop cvx}ifelse} - {pop cvx}ifelse}ifelse - {newpath PStoPSclip clip newpath exec setmatrix} bind aload pop]cvx def -/initgraphics{initmatrix newpath initclip 1 setlinewidth - 0 setlinecap 0 setlinejoin []0 setdash 0 setgray - 10 setmiterlimit}bind def -end -%%EndProcSet -%%BeginResource: procset Enscript-Prolog 1.6 1 -% -% Procedures. -% - -/_S { % save current state - /_s save def -} def -/_R { % restore from saved state - _s restore -} def - -/S { % showpage protecting gstate - gsave - showpage - grestore -} bind def - -/MF { % fontname newfontname -> - make a new encoded font - /newfontname exch def - /fontname exch def - - /fontdict fontname findfont def - /newfont fontdict maxlength dict def - - fontdict { - exch - dup /FID eq { - % skip FID pair - pop pop - } { - % copy to the new font dictionary - exch newfont 3 1 roll put - } ifelse - } forall - - newfont /FontName newfontname put - - % insert only valid encoding vectors - encoding_vector length 256 eq { - newfont /Encoding encoding_vector put - } if - - newfontname newfont definefont pop -} def - -/SF { % fontname width height -> - set a new font - /height exch def - /width exch def - - findfont - [width 0 0 height 0 0] makefont setfont -} def - -/SUF { % fontname width height -> - set a new user font - /height exch def - /width exch def - - /F-gs-user-font MF - /F-gs-user-font width height SF -} def - -/M {moveto} bind def -/s {show} bind def - -/Box { % x y w h -> - define box path - /d_h exch def /d_w exch def /d_y exch def /d_x exch def - d_x d_y moveto - d_w 0 rlineto - 0 d_h rlineto - d_w neg 0 rlineto - closepath -} def - -/bgs { % x y height blskip gray str -> - show string with bg color - /str exch def - /gray exch def - /blskip exch def - /height exch def - /y exch def - /x exch def - - gsave - x y blskip sub str stringwidth pop height Box - gray setgray - fill - grestore - x y M str s -} def - -% Highlight bars. -/highlight_bars { % nlines lineheight output_y_margin gray -> - - gsave - setgray - /ymarg exch def - /lineheight exch def - /nlines exch def - - % This 2 is just a magic number to sync highlight lines to text. - 0 d_header_y ymarg sub 2 sub translate - - /cw d_output_w cols div def - /nrows d_output_h ymarg 2 mul sub lineheight div cvi def - - % for each column - 0 1 cols 1 sub { - cw mul /xp exch def - - % for each rows - 0 1 nrows 1 sub { - /rn exch def - rn lineheight mul neg /yp exch def - rn nlines idiv 2 mod 0 eq { - % Draw highlight bar. 4 is just a magic indentation. - xp 4 add yp cw 8 sub lineheight neg Box fill - } if - } for - } for - - grestore -} def - -% Line highlight bar. -/line_highlight { % x y width height gray -> - - gsave - /gray exch def - Box gray setgray fill - grestore -} def - -% Column separator lines. -/column_lines { - gsave - .1 setlinewidth - 0 d_footer_h translate - /cw d_output_w cols div def - 1 1 cols 1 sub { - cw mul 0 moveto - 0 d_output_h rlineto stroke - } for - grestore -} def - -% Column borders. -/column_borders { - gsave - .1 setlinewidth - 0 d_footer_h moveto - 0 d_output_h rlineto - d_output_w 0 rlineto - 0 d_output_h neg rlineto - closepath stroke - grestore -} def - -% Do the actual underlay drawing -/draw_underlay { - ul_style 0 eq { - ul_str true charpath stroke - } { - ul_str show - } ifelse -} def - -% Underlay -/underlay { % - -> - - gsave - 0 d_page_h translate - d_page_h neg d_page_w atan rotate - - ul_gray setgray - ul_font setfont - /dw d_page_h dup mul d_page_w dup mul add sqrt def - ul_str stringwidth pop dw exch sub 2 div ul_h_ptsize -2 div moveto - draw_underlay - grestore -} def - -/user_underlay { % - -> - - gsave - ul_x ul_y translate - ul_angle rotate - ul_gray setgray - ul_font setfont - 0 0 ul_h_ptsize 2 div sub moveto - draw_underlay - grestore -} def - -% Page prefeed -/page_prefeed { % bool -> - - statusdict /prefeed known { - statusdict exch /prefeed exch put - } { - pop - } ifelse -} def - -% Wrapped line markers -/wrapped_line_mark { % x y charwith charheight type -> - - /type exch def - /h exch def - /w exch def - /y exch def - /x exch def - - type 2 eq { - % Black boxes (like TeX does) - gsave - 0 setlinewidth - x w 4 div add y M - 0 h rlineto w 2 div 0 rlineto 0 h neg rlineto - closepath fill - grestore - } { - type 3 eq { - % Small arrows - gsave - .2 setlinewidth - x w 2 div add y h 2 div add M - w 4 div 0 rlineto - x w 4 div add y lineto stroke - - x w 4 div add w 8 div add y h 4 div add M - x w 4 div add y lineto - w 4 div h 8 div rlineto stroke - grestore - } { - % do nothing - } ifelse - } ifelse -} def - -% EPSF import. - -/BeginEPSF { - /b4_Inc_state save def % Save state for cleanup - /dict_count countdictstack def % Count objects on dict stack - /op_count count 1 sub def % Count objects on operand stack - userdict begin - /showpage { } def - 0 setgray 0 setlinecap - 1 setlinewidth 0 setlinejoin - 10 setmiterlimit [ ] 0 setdash newpath - /languagelevel where { - pop languagelevel - 1 ne { - false setstrokeadjust false setoverprint - } if - } if -} bind def - -/EndEPSF { - count op_count sub { pos } repeat % Clean up stacks - countdictstack dict_count sub { end } repeat - b4_Inc_state restore -} bind def - -% Check PostScript language level. -/languagelevel where { - pop /gs_languagelevel languagelevel def -} { - /gs_languagelevel 1 def -} ifelse -%%EndResource -%%BeginResource: procset Enscript-Encoding-88591 1.6 1 -/encoding_vector [ -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/space /exclam /quotedbl /numbersign -/dollar /percent /ampersand /quoteright -/parenleft /parenright /asterisk /plus -/comma /hyphen /period /slash -/zero /one /two /three -/four /five /six /seven -/eight /nine /colon /semicolon -/less /equal /greater /question -/at /A /B /C -/D /E /F /G -/H /I /J /K -/L /M /N /O -/P /Q /R /S -/T /U /V /W -/X /Y /Z /bracketleft -/backslash /bracketright /asciicircum /underscore -/quoteleft /a /b /c -/d /e /f /g -/h /i /j /k -/l /m /n /o -/p /q /r /s -/t /u /v /w -/x /y /z /braceleft -/bar /braceright /tilde /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/space /exclamdown /cent /sterling -/currency /yen /brokenbar /section -/dieresis /copyright /ordfeminine /guillemotleft -/logicalnot /hyphen /registered /macron -/degree /plusminus /twosuperior /threesuperior -/acute /mu /paragraph /bullet -/cedilla /onesuperior /ordmasculine /guillemotright -/onequarter /onehalf /threequarters /questiondown -/Agrave /Aacute /Acircumflex /Atilde -/Adieresis /Aring /AE /Ccedilla -/Egrave /Eacute /Ecircumflex /Edieresis -/Igrave /Iacute /Icircumflex /Idieresis -/Eth /Ntilde /Ograve /Oacute -/Ocircumflex /Otilde /Odieresis /multiply -/Oslash /Ugrave /Uacute /Ucircumflex -/Udieresis /Yacute /Thorn /germandbls -/agrave /aacute /acircumflex /atilde -/adieresis /aring /ae /ccedilla -/egrave /eacute /ecircumflex /edieresis -/igrave /iacute /icircumflex /idieresis -/eth /ntilde /ograve /oacute -/ocircumflex /otilde /odieresis /divide -/oslash /ugrave /uacute /ucircumflex -/udieresis /yacute /thorn /ydieresis -] def -%%EndResource -%%EndProlog -%%BeginSetup -%%IncludeResource: font Courier-Bold -%%IncludeResource: font Courier -/HFpt_w 10 def -/HFpt_h 10 def -/Courier-Bold /HF-gs-font MF -/HF /HF-gs-font findfont [HFpt_w 0 0 HFpt_h 0 0] makefont def -/Courier /F-gs-font MF -/F-gs-font 10 10 SF -/#copies 1 def -/d_page_w 520 def -/d_page_h 747 def -/d_header_x 0 def -/d_header_y 747 def -/d_header_w 520 def -/d_header_h 0 def -/d_footer_x 0 def -/d_footer_y 0 def -/d_footer_w 520 def -/d_footer_h 0 def -/d_output_w 520 def -/d_output_h 747 def -/cols 1 def -userdict/PStoPSxform PStoPSmatrix matrix currentmatrix - matrix invertmatrix matrix concatmatrix - matrix invertmatrix put -%%EndSetup -%%Page: (0,1) 1 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 1 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 701 M -(Network Working Group T. Ylonen) s -5 690 M -(Internet-Draft S. Lehtinen) s -5 679 M -(Expires: April 1, 2002 SSH Communications Security Corp) s -5 668 M -( October 2001) s -5 635 M -( SSH File Transfer Protocol) s -5 624 M -( draft-ietf-secsh-filexfer-02.txt) s -5 602 M -(Status of this Memo) s -5 580 M -( This document is an Internet-Draft and is in full conformance with) s -5 569 M -( all provisions of Section 10 of RFC2026.) s -5 547 M -( Internet-Drafts are working documents of the Internet Engineering) s -5 536 M -( Task Force \(IETF\), its areas, and its working groups. Note that) s -5 525 M -( other groups may also distribute working documents as Internet-) s -5 514 M -( Drafts.) s -5 492 M -( Internet-Drafts are draft documents valid for a maximum of six months) s -5 481 M -( and may be updated, replaced, or obsoleted by other documents at any) s -5 470 M -( time. It is inappropriate to use Internet-Drafts as reference) s -5 459 M -( material or to cite them other than as "work in progress.") s -5 437 M -( The list of current Internet-Drafts can be accessed at http://) s -5 426 M -( www.ietf.org/ietf/1id-abstracts.txt.) s -5 404 M -( The list of Internet-Draft Shadow Directories can be accessed at) s -5 393 M -( http://www.ietf.org/shadow.html.) s -5 371 M -( This Internet-Draft will expire on April 1, 2002.) s -5 349 M -(Copyright Notice) s -5 327 M -( Copyright \(C\) The Internet Society \(2001\). All Rights Reserved.) s -5 305 M -(Abstract) s -5 283 M -( The SSH File Transfer Protocol provides secure file transfer) s -5 272 M -( functionality over any reliable data stream. It is the standard file) s -5 261 M -( transfer protocol for use with the SSH2 protocol. This document) s -5 250 M -( describes the file transfer protocol and its interface to the SSH2) s -5 239 M -( protocol suite.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 1]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 2 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(Table of Contents) s -5 668 M -( 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3) s -5 657 M -( 2. Use with the SSH Connection Protocol . . . . . . . . . . . . 4) s -5 646 M -( 3. General Packet Format . . . . . . . . . . . . . . . . . . . 5) s -5 635 M -( 4. Protocol Initialization . . . . . . . . . . . . . . . . . . 7) s -5 624 M -( 5. File Attributes . . . . . . . . . . . . . . . . . . . . . . 8) s -5 613 M -( 6. Requests From the Client to the Server . . . . . . . . . . . 10) s -5 602 M -( 6.1 Request Synchronization and Reordering . . . . . . . . . . . 10) s -5 591 M -( 6.2 File Names . . . . . . . . . . . . . . . . . . . . . . . . . 11) s -5 580 M -( 6.3 Opening, Creating, and Closing Files . . . . . . . . . . . . 11) s -5 569 M -( 6.4 Reading and Writing . . . . . . . . . . . . . . . . . . . . 13) s -5 558 M -( 6.5 Removing and Renaming Files . . . . . . . . . . . . . . . . 14) s -5 547 M -( 6.6 Creating and Deleting Directories . . . . . . . . . . . . . 15) s -5 536 M -( 6.7 Scanning Directories . . . . . . . . . . . . . . . . . . . . 15) s -5 525 M -( 6.8 Retrieving File Attributes . . . . . . . . . . . . . . . . . 16) s -5 514 M -( 6.9 Setting File Attributes . . . . . . . . . . . . . . . . . . 17) s -5 503 M -( 6.10 Dealing with Symbolic links . . . . . . . . . . . . . . . . 18) s -5 492 M -( 6.11 Canonicalizing the Server-Side Path Name . . . . . . . . . . 18) s -5 481 M -( 7. Responses from the Server to the Client . . . . . . . . . . 20) s -5 470 M -( 8. Vendor-Specific Extensions . . . . . . . . . . . . . . . . . 24) s -5 459 M -( 9. Security Considerations . . . . . . . . . . . . . . . . . . 25) s -5 448 M -( 10. Changes from previous protocol versions . . . . . . . . . . 26) s -5 437 M -( 10.1 Changes between versions 3 and 2 . . . . . . . . . . . . . . 26) s -5 426 M -( 10.2 Changes between versions 2 and 1 . . . . . . . . . . . . . . 26) s -5 415 M -( 10.3 Changes between versions 1 and 0 . . . . . . . . . . . . . . 26) s -5 404 M -( 11. Trademark Issues . . . . . . . . . . . . . . . . . . . . . . 27) s -5 393 M -( References . . . . . . . . . . . . . . . . . . . . . . . . . 28) s -5 382 M -( Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 28) s -5 371 M -( Full Copyright Statement . . . . . . . . . . . . . . . . . . 29) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 2]) s -_R -S -PStoPSsaved restore -%%Page: (2,3) 2 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 3 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(1. Introduction) s -5 668 M -( This protocol provides secure file transfer \(and more generally file) s -5 657 M -( system access\) functionality over a reliable data stream, such as a) s -5 646 M -( channel in the SSH2 protocol [3].) s -5 624 M -( This protocol is designed so that it could be used to implement a) s -5 613 M -( secure remote file system service, as well as a secure file transfer) s -5 602 M -( service.) s -5 580 M -( This protocol assumes that it runs over a secure channel, and that) s -5 569 M -( the server has already authenticated the user at the client end, and) s -5 558 M -( that the identity of the client user is externally available to the) s -5 547 M -( server implementation.) s -5 525 M -( In general, this protocol follows a simple request-response model.) s -5 514 M -( Each request and response contains a sequence number and multiple) s -5 503 M -( requests may be pending simultaneously. There are a relatively large) s -5 492 M -( number of different request messages, but a small number of possible) s -5 481 M -( response messages. Each request has one or more response messages) s -5 470 M -( that may be returned in result \(e.g., a read either returns data or) s -5 459 M -( reports error status\).) s -5 437 M -( The packet format descriptions in this specification follow the) s -5 426 M -( notation presented in the secsh architecture draft.[3].) s -5 404 M -( Even though this protocol is described in the context of the SSH2) s -5 393 M -( protocol, this protocol is general and independent of the rest of the) s -5 382 M -( SSH2 protocol suite. It could be used in a number of different) s -5 371 M -( applications, such as secure file transfer over TLS RFC 2246 [1] and) s -5 360 M -( transfer of management information in VPN applications.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 3]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 4 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(2. Use with the SSH Connection Protocol) s -5 668 M -( When used with the SSH2 Protocol suite, this protocol is intended to) s -5 657 M -( be used from the SSH Connection Protocol [5] as a subsystem, as) s -5 646 M -( described in section ``Starting a Shell or a Command''. The) s -5 635 M -( subsystem name used with this protocol is "sftp".) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 4]) s -_R -S -PStoPSsaved restore -%%Page: (4,5) 3 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 5 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(3. General Packet Format) s -5 668 M -( All packets transmitted over the secure connection are of the) s -5 657 M -( following format:) s -5 635 M -( uint32 length) s -5 624 M -( byte type) s -5 613 M -( byte[length - 1] data payload) s -5 591 M -( That is, they are just data preceded by 32-bit length and 8-bit type) s -5 580 M -( fields. The `length' is the length of the data area, and does not) s -5 569 M -( include the `length' field itself. The format and interpretation of) s -5 558 M -( the data area depends on the packet type.) s -5 536 M -( All packet descriptions below only specify the packet type and the) s -5 525 M -( data that goes into the data field. Thus, they should be prefixed by) s -5 514 M -( the `length' and `type' fields.) s -5 492 M -( The maximum size of a packet is in practice determined by the client) s -5 481 M -( \(the maximum size of read or write requests that it sends, plus a few) s -5 470 M -( bytes of packet overhead\). All servers SHOULD support packets of at) s -5 459 M -( least 34000 bytes \(where the packet size refers to the full length,) s -5 448 M -( including the header above\). This should allow for reads and writes) s -5 437 M -( of at most 32768 bytes.) s -5 415 M -( There is no limit on the number of outstanding \(non-acknowledged\)) s -5 404 M -( requests that the client may send to the server. In practice this is) s -5 393 M -( limited by the buffering available on the data stream and the queuing) s -5 382 M -( performed by the server. If the server's queues are full, it should) s -5 371 M -( not read any more data from the stream, and flow control will prevent) s -5 360 M -( the client from sending more requests. Note, however, that while) s -5 349 M -( there is no restriction on the protocol level, the client's API may) s -5 338 M -( provide a limit in order to prevent infinite queuing of outgoing) s -5 327 M -( requests at the client.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 5]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 6 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -( The following values are defined for packet types.) s -5 668 M -( #define SSH_FXP_INIT 1) s -5 657 M -( #define SSH_FXP_VERSION 2) s -5 646 M -( #define SSH_FXP_OPEN 3) s -5 635 M -( #define SSH_FXP_CLOSE 4) s -5 624 M -( #define SSH_FXP_READ 5) s -5 613 M -( #define SSH_FXP_WRITE 6) s -5 602 M -( #define SSH_FXP_LSTAT 7) s -5 591 M -( #define SSH_FXP_FSTAT 8) s -5 580 M -( #define SSH_FXP_SETSTAT 9) s -5 569 M -( #define SSH_FXP_FSETSTAT 10) s -5 558 M -( #define SSH_FXP_OPENDIR 11) s -5 547 M -( #define SSH_FXP_READDIR 12) s -5 536 M -( #define SSH_FXP_REMOVE 13) s -5 525 M -( #define SSH_FXP_MKDIR 14) s -5 514 M -( #define SSH_FXP_RMDIR 15) s -5 503 M -( #define SSH_FXP_REALPATH 16) s -5 492 M -( #define SSH_FXP_STAT 17) s -5 481 M -( #define SSH_FXP_RENAME 18) s -5 470 M -( #define SSH_FXP_READLINK 19) s -5 459 M -( #define SSH_FXP_SYMLINK 20) s -5 448 M -( #define SSH_FXP_STATUS 101) s -5 437 M -( #define SSH_FXP_HANDLE 102) s -5 426 M -( #define SSH_FXP_DATA 103) s -5 415 M -( #define SSH_FXP_NAME 104) s -5 404 M -( #define SSH_FXP_ATTRS 105) s -5 393 M -( #define SSH_FXP_EXTENDED 200) s -5 382 M -( #define SSH_FXP_EXTENDED_REPLY 201) s -5 360 M -( Additional packet types should only be defined if the protocol) s -5 349 M -( version number \(see Section ``Protocol Initialization''\) is) s -5 338 M -( incremented, and their use MUST be negotiated using the version) s -5 327 M -( number. However, the SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY) s -5 316 M -( packets can be used to implement vendor-specific extensions. See) s -5 305 M -( Section ``Vendor-Specific-Extensions'' for more details.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 6]) s -_R -S -PStoPSsaved restore -%%Page: (6,7) 4 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 7 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(4. Protocol Initialization) s -5 668 M -( When the file transfer protocol starts, it first sends a SSH_FXP_INIT) s -5 657 M -( \(including its version number\) packet to the server. The server) s -5 646 M -( responds with a SSH_FXP_VERSION packet, supplying the lowest of its) s -5 635 M -( own and the client's version number. Both parties should from then) s -5 624 M -( on adhere to particular version of the protocol.) s -5 602 M -( The SSH_FXP_INIT packet \(from client to server\) has the following) s -5 591 M -( data:) s -5 569 M -( uint32 version) s -5 558 M -( ) s -5 536 M -( The SSH_FXP_VERSION packet \(from server to client\) has the following) s -5 525 M -( data:) s -5 503 M -( uint32 version) s -5 492 M -( ) s -5 470 M -( The version number of the protocol specified in this document is 3.) s -5 459 M -( The version number should be incremented for each incompatible) s -5 448 M -( revision of this protocol.) s -5 426 M -( The extension data in the above packets may be empty, or may be a) s -5 415 M -( sequence of) s -5 393 M -( string extension_name) s -5 382 M -( string extension_data) s -5 360 M -( pairs \(both strings MUST always be present if one is, but the) s -5 349 M -( `extension_data' string may be of zero length\). If present, these) s -5 338 M -( strings indicate extensions to the baseline protocol. The) s -5 327 M -( `extension_name' field\(s\) identify the name of the extension. The) s -5 316 M -( name should be of the form "name@domain", where the domain is the DNS) s -5 305 M -( domain name of the organization defining the extension. Additional) s -5 294 M -( names that are not of this format may be defined later by the IETF.) s -5 283 M -( Implementations MUST silently ignore any extensions whose name they) s -5 272 M -( do not recognize.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 7]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 8 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(5. File Attributes) s -5 668 M -( A new compound data type is defined for encoding file attributes. It) s -5 657 M -( is basically just a combination of elementary types, but is defined) s -5 646 M -( once because of the non-trivial description of the fields and to) s -5 635 M -( ensure maintainability.) s -5 613 M -( The same encoding is used both when returning file attributes from) s -5 602 M -( the server and when sending file attributes to the server. When) s -5 591 M -( sending it to the server, the flags field specifies which attributes) s -5 580 M -( are included, and the server will use default values for the) s -5 569 M -( remaining attributes \(or will not modify the values of remaining) s -5 558 M -( attributes\). When receiving attributes from the server, the flags) s -5 547 M -( specify which attributes are included in the returned data. The) s -5 536 M -( server normally returns all attributes it knows about.) s -5 514 M -( uint32 flags) s -5 503 M -( uint64 size present only if flag SSH_FILEXFER_ATTR_SIZE) s -5 492 M -( uint32 uid present only if flag SSH_FILEXFER_ATTR_UIDGID) s -5 481 M -( uint32 gid present only if flag SSH_FILEXFER_ATTR_UIDGID) s -5 470 M -( uint32 permissions present only if flag SSH_FILEXFER_ATTR_PERMISSIONS) s -5 459 M -( uint32 atime present only if flag SSH_FILEXFER_ACMODTIME) s -5 448 M -( uint32 mtime present only if flag SSH_FILEXFER_ACMODTIME) s -5 437 M -( uint32 extended_count present only if flag SSH_FILEXFER_ATTR_EXTENDED) s -5 426 M -( string extended_type) s -5 415 M -( string extended_data) s -5 404 M -( ... more extended data \(extended_type - extended_data pairs\),) s -5 393 M -( so that number of pairs equals extended_count) s -5 371 M -( The `flags' specify which of the fields are present. Those fields) s -5 360 M -( for which the corresponding flag is not set are not present \(not) s -5 349 M -( included in the packet\). New flags can only be added by incrementing) s -5 338 M -( the protocol version number \(or by using the extension mechanism) s -5 327 M -( described below\).) s -5 305 M -( The `size' field specifies the size of the file in bytes.) s -5 283 M -( The `uid' and `gid' fields contain numeric Unix-like user and group) s -5 272 M -( identifiers, respectively.) s -5 250 M -( The `permissions' field contains a bit mask of file permissions as) s -5 239 M -( defined by posix [1].) s -5 217 M -( The `atime' and `mtime' contain the access and modification times of) s -5 206 M -( the files, respectively. They are represented as seconds from Jan 1,) s -5 195 M -( 1970 in UTC.) s -5 173 M -( The SSH_FILEXFER_ATTR_EXTENDED flag provides a general extension) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 8]) s -_R -S -PStoPSsaved restore -%%Page: (8,9) 5 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 9 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -( mechanism for vendor-specific extensions. If the flag is specified,) s -5 679 M -( then the `extended_count' field is present. It specifies the number) s -5 668 M -( of extended_type-extended_data pairs that follow. Each of these) s -5 657 M -( pairs specifies an extended attribute. For each of the attributes,) s -5 646 M -( the extended_type field should be a string of the format) s -5 635 M -( "name@domain", where "domain" is a valid, registered domain name and) s -5 624 M -( "name" identifies the method. The IETF may later standardize certain) s -5 613 M -( names that deviate from this format \(e.g., that do not contain the) s -5 602 M -( "@" sign\). The interpretation of `extended_data' depends on the) s -5 591 M -( type. Implementations SHOULD ignore extended data fields that they) s -5 580 M -( do not understand.) s -5 558 M -( Additional fields can be added to the attributes by either defining) s -5 547 M -( additional bits to the flags field to indicate their presence, or by) s -5 536 M -( defining extended attributes for them. The extended attributes) s -5 525 M -( mechanism is recommended for most purposes; additional flags bits) s -5 514 M -( should only be defined by an IETF standards action that also) s -5 503 M -( increments the protocol version number. The use of such new fields) s -5 492 M -( MUST be negotiated by the version number in the protocol exchange.) s -5 481 M -( It is a protocol error if a packet with unsupported protocol bits is) s -5 470 M -( received.) s -5 448 M -( The flags bits are defined to have the following values:) s -5 426 M -( #define SSH_FILEXFER_ATTR_SIZE 0x00000001) s -5 415 M -( #define SSH_FILEXFER_ATTR_UIDGID 0x00000002) s -5 404 M -( #define SSH_FILEXFER_ATTR_PERMISSIONS 0x00000004) s -5 393 M -( #define SSH_FILEXFER_ATTR_ACMODTIME 0x00000008) s -5 382 M -( #define SSH_FILEXFER_ATTR_EXTENDED 0x80000000) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 9]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 10 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(6. Requests From the Client to the Server) s -5 668 M -( Requests from the client to the server represent the various file) s -5 657 M -( system operations. Each request begins with an `id' field, which is) s -5 646 M -( a 32-bit identifier identifying the request \(selected by the client\).) s -5 635 M -( The same identifier will be returned in the response to the request.) s -5 624 M -( One possible implementation of it is a monotonically increasing) s -5 613 M -( request sequence number \(modulo 2^32\).) s -5 591 M -( Many operations in the protocol operate on open files. The) s -5 580 M -( SSH_FXP_OPEN request can return a file handle \(which is an opaque) s -5 569 M -( variable-length string\) which may be used to access the file later) s -5 558 M -( \(e.g. in a read operation\). The client MUST NOT send requests the) s -5 547 M -( server with bogus or closed handles. However, the server MUST) s -5 536 M -( perform adequate checks on the handle in order to avoid security) s -5 525 M -( risks due to fabricated handles.) s -5 503 M -( This design allows either stateful and stateless server) s -5 492 M -( implementation, as well as an implementation which caches state) s -5 481 M -( between requests but may also flush it. The contents of the file) s -5 470 M -( handle string are entirely up to the server and its design. The) s -5 459 M -( client should not modify or attempt to interpret the file handle) s -5 448 M -( strings.) s -5 426 M -( The file handle strings MUST NOT be longer than 256 bytes.) s -5 404 M -(6.1 Request Synchronization and Reordering) s -5 382 M -( The protocol and implementations MUST process requests relating to) s -5 371 M -( the same file in the order in which they are received. In other) s -5 360 M -( words, if an application submits multiple requests to the server, the) s -5 349 M -( results in the responses will be the same as if it had sent the) s -5 338 M -( requests one at a time and waited for the response in each case. For) s -5 327 M -( example, the server may process non-overlapping read/write requests) s -5 316 M -( to the same file in parallel, but overlapping reads and writes cannot) s -5 305 M -( be reordered or parallelized. However, there are no ordering) s -5 294 M -( restrictions on the server for processing requests from two different) s -5 283 M -( file transfer connections. The server may interleave and parallelize) s -5 272 M -( them at will.) s -5 250 M -( There are no restrictions on the order in which responses to) s -5 239 M -( outstanding requests are delivered to the client, except that the) s -5 228 M -( server must ensure fairness in the sense that processing of no) s -5 217 M -( request will be indefinitely delayed even if the client is sending) s -5 206 M -( other requests so that there are multiple outstanding requests all) s -5 195 M -( the time.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 10]) s -_R -S -PStoPSsaved restore -%%Page: (10,11) 6 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 11 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(6.2 File Names) s -5 668 M -( This protocol represents file names as strings. File names are) s -5 657 M -( assumed to use the slash \('/'\) character as a directory separator.) s -5 635 M -( File names starting with a slash are "absolute", and are relative to) s -5 624 M -( the root of the file system. Names starting with any other character) s -5 613 M -( are relative to the user's default directory \(home directory\). Note) s -5 602 M -( that identifying the user is assumed to take place outside of this) s -5 591 M -( protocol.) s -5 569 M -( Servers SHOULD interpret a path name component ".." as referring to) s -5 558 M -( the parent directory, and "." as referring to the current directory.) s -5 547 M -( If the server implementation limits access to certain parts of the) s -5 536 M -( file system, it must be extra careful in parsing file names when) s -5 525 M -( enforcing such restrictions. There have been numerous reported) s -5 514 M -( security bugs where a ".." in a path name has allowed access outside) s -5 503 M -( the intended area.) s -5 481 M -( An empty path name is valid, and it refers to the user's default) s -5 470 M -( directory \(usually the user's home directory\).) s -5 448 M -( Otherwise, no syntax is defined for file names by this specification.) s -5 437 M -( Clients should not make any other assumptions; however, they can) s -5 426 M -( splice path name components returned by SSH_FXP_READDIR together) s -5 415 M -( using a slash \('/'\) as the separator, and that will work as expected.) s -5 393 M -( It is understood that the lack of well-defined semantics for file) s -5 382 M -( names may cause interoperability problems between clients and servers) s -5 371 M -( using radically different operating systems. However, this approach) s -5 360 M -( is known to work acceptably with most systems, and alternative) s -5 349 M -( approaches that e.g. treat file names as sequences of structured) s -5 338 M -( components are quite complicated.) s -5 316 M -(6.3 Opening, Creating, and Closing Files) s -5 294 M -( Files are opened and created using the SSH_FXP_OPEN message, whose) s -5 283 M -( data part is as follows:) s -5 261 M -( uint32 id) s -5 250 M -( string filename) s -5 239 M -( uint32 pflags) s -5 228 M -( ATTRS attrs) s -5 206 M -( The `id' field is the request identifier as for all requests.) s -5 184 M -( The `filename' field specifies the file name. See Section ``File) s -5 173 M -( Names'' for more information.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 11]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 12 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -( The `pflags' field is a bitmask. The following bits have been) s -5 679 M -( defined.) s -5 657 M -( #define SSH_FXF_READ 0x00000001) s -5 646 M -( #define SSH_FXF_WRITE 0x00000002) s -5 635 M -( #define SSH_FXF_APPEND 0x00000004) s -5 624 M -( #define SSH_FXF_CREAT 0x00000008) s -5 613 M -( #define SSH_FXF_TRUNC 0x00000010) s -5 602 M -( #define SSH_FXF_EXCL 0x00000020) s -5 580 M -( These have the following meanings:) s -5 558 M -( SSH_FXF_READ) s -5 547 M -( Open the file for reading.) s -5 525 M -( SSH_FXF_WRITE) s -5 514 M -( Open the file for writing. If both this and SSH_FXF_READ are) s -5 503 M -( specified, the file is opened for both reading and writing.) s -5 481 M -( SSH_FXF_APPEND) s -5 470 M -( Force all writes to append data at the end of the file.) s -5 448 M -( SSH_FXF_CREAT) s -5 437 M -( If this flag is specified, then a new file will be created if one) s -5 426 M -( does not already exist \(if O_TRUNC is specified, the new file will) s -5 415 M -( be truncated to zero length if it previously exists\).) s -5 393 M -( SSH_FXF_TRUNC) s -5 382 M -( Forces an existing file with the same name to be truncated to zero) s -5 371 M -( length when creating a file by specifying SSH_FXF_CREAT.) s -5 360 M -( SSH_FXF_CREAT MUST also be specified if this flag is used.) s -5 338 M -( SSH_FXF_EXCL) s -5 327 M -( Causes the request to fail if the named file already exists.) s -5 316 M -( SSH_FXF_CREAT MUST also be specified if this flag is used.) s -5 294 M -( The `attrs' field specifies the initial attributes for the file.) s -5 283 M -( Default values will be used for those attributes that are not) s -5 272 M -( specified. See Section ``File Attributes'' for more information.) s -5 250 M -( Regardless the server operating system, the file will always be) s -5 239 M -( opened in "binary" mode \(i.e., no translations between different) s -5 228 M -( character sets and newline encodings\).) s -5 206 M -( The response to this message will be either SSH_FXP_HANDLE \(if the) s -5 195 M -( operation is successful\) or SSH_FXP_STATUS \(if the operation fails\).) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 12]) s -_R -S -PStoPSsaved restore -%%Page: (12,13) 7 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 13 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -( A file is closed by using the SSH_FXP_CLOSE request. Its data field) s -5 679 M -( has the following format:) s -5 657 M -( uint32 id) s -5 646 M -( string handle) s -5 624 M -( where `id' is the request identifier, and `handle' is a handle) s -5 613 M -( previously returned in the response to SSH_FXP_OPEN or) s -5 602 M -( SSH_FXP_OPENDIR. The handle becomes invalid immediately after this) s -5 591 M -( request has been sent.) s -5 569 M -( The response to this request will be a SSH_FXP_STATUS message. One) s -5 558 M -( should note that on some server platforms even a close can fail.) s -5 547 M -( This can happen e.g. if the server operating system caches writes,) s -5 536 M -( and an error occurs while flushing cached writes during the close.) s -5 514 M -(6.4 Reading and Writing) s -5 492 M -( Once a file has been opened, it can be read using the SSH_FXP_READ) s -5 481 M -( message, which has the following format:) s -5 459 M -( uint32 id) s -5 448 M -( string handle) s -5 437 M -( uint64 offset) s -5 426 M -( uint32 len) s -5 404 M -( where `id' is the request identifier, `handle' is an open file handle) s -5 393 M -( returned by SSH_FXP_OPEN, `offset' is the offset \(in bytes\) relative) s -5 382 M -( to the beginning of the file from where to start reading, and `len') s -5 371 M -( is the maximum number of bytes to read.) s -5 349 M -( In response to this request, the server will read as many bytes as it) s -5 338 M -( can from the file \(up to `len'\), and return them in a SSH_FXP_DATA) s -5 327 M -( message. If an error occurs or EOF is encountered before reading any) s -5 316 M -( data, the server will respond with SSH_FXP_STATUS. For normal disk) s -5 305 M -( files, it is guaranteed that this will read the specified number of) s -5 294 M -( bytes, or up to end of file. For e.g. device files this may return) s -5 283 M -( fewer bytes than requested.) s -5 261 M -( Writing to a file is achieved using the SSH_FXP_WRITE message, which) s -5 250 M -( has the following format:) s -5 228 M -( uint32 id) s -5 217 M -( string handle) s -5 206 M -( uint64 offset) s -5 195 M -( string data) s -5 173 M -( where `id' is a request identifier, `handle' is a file handle) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 13]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 14 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -( returned by SSH_FXP_OPEN, `offset' is the offset \(in bytes\) from the) s -5 679 M -( beginning of the file where to start writing, and `data' is the data) s -5 668 M -( to be written.) s -5 646 M -( The write will extend the file if writing beyond the end of the file.) s -5 635 M -( It is legal to write way beyond the end of the file; the semantics) s -5 624 M -( are to write zeroes from the end of the file to the specified offset) s -5 613 M -( and then the data. On most operating systems, such writes do not) s -5 602 M -( allocate disk space but instead leave "holes" in the file.) s -5 580 M -( The server responds to a write request with a SSH_FXP_STATUS message.) s -5 558 M -(6.5 Removing and Renaming Files) s -5 536 M -( Files can be removed using the SSH_FXP_REMOVE message. It has the) s -5 525 M -( following format:) s -5 503 M -( uint32 id) s -5 492 M -( string filename) s -5 470 M -( where `id' is the request identifier and `filename' is the name of) s -5 459 M -( the file to be removed. See Section ``File Names'' for more) s -5 448 M -( information. This request cannot be used to remove directories.) s -5 426 M -( The server will respond to this request with a SSH_FXP_STATUS) s -5 415 M -( message.) s -5 393 M -( Files \(and directories\) can be renamed using the SSH_FXP_RENAME) s -5 382 M -( message. Its data is as follows:) s -5 360 M -( uint32 id) s -5 349 M -( string oldpath) s -5 338 M -( string newpath) s -5 316 M -( where `id' is the request identifier, `oldpath' is the name of an) s -5 305 M -( existing file or directory, and `newpath' is the new name for the) s -5 294 M -( file or directory. It is an error if there already exists a file) s -5 283 M -( with the name specified by newpath. The server may also fail rename) s -5 272 M -( requests in other situations, for example if `oldpath' and `newpath') s -5 261 M -( point to different file systems on the server.) s -5 239 M -( The server will respond to this request with a SSH_FXP_STATUS) s -5 228 M -( message.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 14]) s -_R -S -PStoPSsaved restore -%%Page: (14,15) 8 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 15 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(6.6 Creating and Deleting Directories) s -5 668 M -( New directories can be created using the SSH_FXP_MKDIR request. It) s -5 657 M -( has the following format:) s -5 635 M -( uint32 id) s -5 624 M -( string path) s -5 613 M -( ATTRS attrs) s -5 591 M -( where `id' is the request identifier, `path' and `attrs' specifies) s -5 580 M -( the modifications to be made to its attributes. See Section ``File) s -5 569 M -( Names'' for more information on file names. Attributes are discussed) s -5 558 M -( in more detail in Section ``File Attributes''. specifies the) s -5 547 M -( directory to be created. An error will be returned if a file or) s -5 536 M -( directory with the specified path already exists. The server will) s -5 525 M -( respond to this request with a SSH_FXP_STATUS message.) s -5 503 M -( Directories can be removed using the SSH_FXP_RMDIR request, which) s -5 492 M -( has the following format:) s -5 470 M -( uint32 id) s -5 459 M -( string path) s -5 437 M -( where `id' is the request identifier, and `path' specifies the) s -5 426 M -( directory to be removed. See Section ``File Names'' for more) s -5 415 M -( information on file names. An error will be returned if no directory) s -5 404 M -( with the specified path exists, or if the specified directory is not) s -5 393 M -( empty, or if the path specified a file system object other than a) s -5 382 M -( directory. The server responds to this request with a SSH_FXP_STATUS) s -5 371 M -( message.) s -5 349 M -(6.7 Scanning Directories) s -5 327 M -( The files in a directory can be listed using the SSH_FXP_OPENDIR and) s -5 316 M -( SSH_FXP_READDIR requests. Each SSH_FXP_READDIR request returns one) s -5 305 M -( or more file names with full file attributes for each file. The) s -5 294 M -( client should call SSH_FXP_READDIR repeatedly until it has found the) s -5 283 M -( file it is looking for or until the server responds with a) s -5 272 M -( SSH_FXP_STATUS message indicating an error \(normally SSH_FX_EOF if) s -5 261 M -( there are no more files in the directory\). The client should then) s -5 250 M -( close the handle using the SSH_FXP_CLOSE request.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 15]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 16 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -( The SSH_FXP_OPENDIR opens a directory for reading. It has the) s -5 679 M -( following format:) s -5 657 M -( uint32 id) s -5 646 M -( string path) s -5 624 M -( where `id' is the request identifier and `path' is the path name of) s -5 613 M -( the directory to be listed \(without any trailing slash\). See Section) s -5 602 M -( ``File Names'' for more information on file names. This will return) s -5 591 M -( an error if the path does not specify a directory or if the directory) s -5 580 M -( is not readable. The server will respond to this request with either) s -5 569 M -( a SSH_FXP_HANDLE or a SSH_FXP_STATUS message.) s -5 547 M -( Once the directory has been successfully opened, files \(and) s -5 536 M -( directories\) contained in it can be listed using SSH_FXP_READDIR) s -5 525 M -( requests. These are of the format) s -5 503 M -( uint32 id) s -5 492 M -( string handle) s -5 470 M -( where `id' is the request identifier, and `handle' is a handle) s -5 459 M -( returned by SSH_FXP_OPENDIR. \(It is a protocol error to attempt to) s -5 448 M -( use an ordinary file handle returned by SSH_FXP_OPEN.\)) s -5 426 M -( The server responds to this request with either a SSH_FXP_NAME or a) s -5 415 M -( SSH_FXP_STATUS message. One or more names may be returned at a time.) s -5 404 M -( Full status information is returned for each name in order to speed) s -5 393 M -( up typical directory listings.) s -5 371 M -( When the client no longer wishes to read more names from the) s -5 360 M -( directory, it SHOULD call SSH_FXP_CLOSE for the handle. The handle) s -5 349 M -( should be closed regardless of whether an error has occurred or not.) s -5 327 M -(6.8 Retrieving File Attributes) s -5 305 M -( Very often, file attributes are automatically returned by) s -5 294 M -( SSH_FXP_READDIR. However, sometimes there is need to specifically) s -5 283 M -( retrieve the attributes for a named file. This can be done using the) s -5 272 M -( SSH_FXP_STAT, SSH_FXP_LSTAT and SSH_FXP_FSTAT requests.) s -5 250 M -( SSH_FXP_STAT and SSH_FXP_LSTAT only differ in that SSH_FXP_STAT) s -5 239 M -( follows symbolic links on the server, whereas SSH_FXP_LSTAT does not) s -5 228 M -( follow symbolic links. Both have the same format:) s -5 206 M -( uint32 id) s -5 195 M -( string path) s -5 173 M -( where `id' is the request identifier, and `path' specifies the file) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 16]) s -_R -S -PStoPSsaved restore -%%Page: (16,17) 9 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 17 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -( system object for which status is to be returned. The server) s -5 679 M -( responds to this request with either SSH_FXP_ATTRS or SSH_FXP_STATUS.) s -5 657 M -( SSH_FXP_FSTAT differs from the others in that it returns status) s -5 646 M -( information for an open file \(identified by the file handle\). Its) s -5 635 M -( format is as follows:) s -5 613 M -( uint32 id) s -5 602 M -( string handle) s -5 580 M -( where `id' is the request identifier and `handle' is a file handle) s -5 569 M -( returned by SSH_FXP_OPEN. The server responds to this request with) s -5 558 M -( SSH_FXP_ATTRS or SSH_FXP_STATUS.) s -5 536 M -(6.9 Setting File Attributes) s -5 514 M -( File attributes may be modified using the SSH_FXP_SETSTAT and) s -5 503 M -( SSH_FXP_FSETSTAT requests. These requests are used for operations) s -5 492 M -( such as changing the ownership, permissions or access times, as well) s -5 481 M -( as for truncating a file.) s -5 459 M -( The SSH_FXP_SETSTAT request is of the following format:) s -5 437 M -( uint32 id) s -5 426 M -( string path) s -5 415 M -( ATTRS attrs) s -5 393 M -( where `id' is the request identifier, `path' specifies the file) s -5 382 M -( system object \(e.g. file or directory\) whose attributes are to be) s -5 371 M -( modified, and `attrs' specifies the modifications to be made to its) s -5 360 M -( attributes. Attributes are discussed in more detail in Section) s -5 349 M -( ``File Attributes''.) s -5 327 M -( An error will be returned if the specified file system object does) s -5 316 M -( not exist or the user does not have sufficient rights to modify the) s -5 305 M -( specified attributes. The server responds to this request with a) s -5 294 M -( SSH_FXP_STATUS message.) s -5 272 M -( The SSH_FXP_FSETSTAT request modifies the attributes of a file which) s -5 261 M -( is already open. It has the following format:) s -5 239 M -( uint32 id) s -5 228 M -( string handle) s -5 217 M -( ATTRS attrs) s -5 195 M -( where `id' is the request identifier, `handle' \(MUST be returned by) s -5 184 M -( SSH_FXP_OPEN\) identifies the file whose attributes are to be) s -5 173 M -( modified, and `attrs' specifies the modifications to be made to its) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 17]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 18 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -( attributes. Attributes are discussed in more detail in Section) s -5 679 M -( ``File Attributes''. The server will respond to this request with) s -5 668 M -( SSH_FXP_STATUS.) s -5 646 M -(6.10 Dealing with Symbolic links) s -5 624 M -( The SSH_FXP_READLINK request may be used to read the target of a) s -5 613 M -( symbolic link. It would have a data part as follows:) s -5 591 M -( uint32 id) s -5 580 M -( string path) s -5 558 M -( where `id' is the request identifier and `path' specifies the path) s -5 547 M -( name of the symlink to be read.) s -5 525 M -( The server will respond with a SSH_FXP_NAME packet containing only) s -5 514 M -( one name and a dummy attributes value. The name in the returned) s -5 503 M -( packet contains the target of the link. If an error occurs, the) s -5 492 M -( server may respond with SSH_FXP_STATUS.) s -5 470 M -( The SSH_FXP_SYMLINK request will create a symbolic link on the) s -5 459 M -( server. It is of the following format) s -5 437 M -( uint32 id) s -5 426 M -( string linkpath) s -5 415 M -( string targetpath) s -5 393 M -( where `id' is the request identifier, `linkpath' specifies the path) s -5 382 M -( name of the symlink to be created and `targetpath' specifies the) s -5 371 M -( target of the symlink. The server shall respond with a) s -5 360 M -( SSH_FXP_STATUS indicating either success \(SSH_FX_OK\) or an error) s -5 349 M -( condition.) s -5 327 M -(6.11 Canonicalizing the Server-Side Path Name) s -5 305 M -( The SSH_FXP_REALPATH request can be used to have the server) s -5 294 M -( canonicalize any given path name to an absolute path. This is useful) s -5 283 M -( for converting path names containing ".." components or relative) s -5 272 M -( pathnames without a leading slash into absolute paths. The format of) s -5 261 M -( the request is as follows:) s -5 239 M -( uint32 id) s -5 228 M -( string path) s -5 206 M -( where `id' is the request identifier and `path' specifies the path) s -5 195 M -( name to be canonicalized. The server will respond with a) s -5 184 M -( SSH_FXP_NAME packet containing only one name and a dummy attributes) s -5 173 M -( value. The name is the returned packet will be in canonical form.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 18]) s -_R -S -PStoPSsaved restore -%%Page: (18,19) 10 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 19 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -( If an error occurs, the server may also respond with SSH_FXP_STATUS.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 19]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 20 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(7. Responses from the Server to the Client) s -5 668 M -( The server responds to the client using one of a few response) s -5 657 M -( packets. All requests can return a SSH_FXP_STATUS response upon) s -5 646 M -( failure. When the operation is successful, any of the responses may) s -5 635 M -( be returned \(depending on the operation\). If no data needs to be) s -5 624 M -( returned to the client, the SSH_FXP_STATUS response with SSH_FX_OK) s -5 613 M -( status is appropriate. Otherwise, the SSH_FXP_HANDLE message is used) s -5 602 M -( to return a file handle \(for SSH_FXP_OPEN and SSH_FXP_OPENDIR) s -5 591 M -( requests\), SSH_FXP_DATA is used to return data from SSH_FXP_READ,) s -5 580 M -( SSH_FXP_NAME is used to return one or more file names from a) s -5 569 M -( SSH_FXP_READDIR or SSH_FXP_REALPATH request, and SSH_FXP_ATTRS is) s -5 558 M -( used to return file attributes from SSH_FXP_STAT, SSH_FXP_LSTAT, and) s -5 547 M -( SSH_FXP_FSTAT requests.) s -5 525 M -( Exactly one response will be returned for each request. Each) s -5 514 M -( response packet contains a request identifier which can be used to) s -5 503 M -( match each response with the corresponding request. Note that it is) s -5 492 M -( legal to have several requests outstanding simultaneously, and the) s -5 481 M -( server is allowed to send responses to them in a different order from) s -5 470 M -( the order in which the requests were sent \(the result of their) s -5 459 M -( execution, however, is guaranteed to be as if they had been processed) s -5 448 M -( one at a time in the order in which the requests were sent\).) s -5 426 M -( Response packets are of the same general format as request packets.) s -5 415 M -( Each response packet begins with the request identifier.) s -5 393 M -( The format of the data portion of the SSH_FXP_STATUS response is as) s -5 382 M -( follows:) s -5 360 M -( uint32 id) s -5 349 M -( uint32 error/status code) s -5 338 M -( string error message \(ISO-10646 UTF-8 [RFC-2279]\)) s -5 327 M -( string language tag \(as defined in [RFC-1766]\)) s -5 305 M -( where `id' is the request identifier, and `error/status code') s -5 294 M -( indicates the result of the requested operation. The value SSH_FX_OK) s -5 283 M -( indicates success, and all other values indicate failure.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 20]) s -_R -S -PStoPSsaved restore -%%Page: (20,21) 11 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 21 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -( Currently, the following values are defined \(other values may be) s -5 679 M -( defined by future versions of this protocol\):) s -5 657 M -( #define SSH_FX_OK 0) s -5 646 M -( #define SSH_FX_EOF 1) s -5 635 M -( #define SSH_FX_NO_SUCH_FILE 2) s -5 624 M -( #define SSH_FX_PERMISSION_DENIED 3) s -5 613 M -( #define SSH_FX_FAILURE 4) s -5 602 M -( #define SSH_FX_BAD_MESSAGE 5) s -5 591 M -( #define SSH_FX_NO_CONNECTION 6) s -5 580 M -( #define SSH_FX_CONNECTION_LOST 7) s -5 569 M -( #define SSH_FX_OP_UNSUPPORTED 8) s -5 547 M -( SSH_FX_OK) s -5 536 M -( Indicates successful completion of the operation.) s -5 514 M -( SSH_FX_EOF) s -5 503 M -( indicates end-of-file condition; for SSH_FX_READ it means that no) s -5 492 M -( more data is available in the file, and for SSH_FX_READDIR it) s -5 481 M -( indicates that no more files are contained in the directory.) s -5 459 M -( SSH_FX_NO_SUCH_FILE) s -5 448 M -( is returned when a reference is made to a file which should exist) s -5 437 M -( but doesn't.) s -5 415 M -( SSH_FX_PERMISSION_DENIED) s -5 404 M -( is returned when the authenticated user does not have sufficient) s -5 393 M -( permissions to perform the operation.) s -5 371 M -( SSH_FX_FAILURE) s -5 360 M -( is a generic catch-all error message; it should be returned if an) s -5 349 M -( error occurs for which there is no more specific error code) s -5 338 M -( defined.) s -5 316 M -( SSH_FX_BAD_MESSAGE) s -5 305 M -( may be returned if a badly formatted packet or protocol) s -5 294 M -( incompatibility is detected.) s -5 272 M -( SSH_FX_NO_CONNECTION) s -5 261 M -( is a pseudo-error which indicates that the client has no) s -5 250 M -( connection to the server \(it can only be generated locally by the) s -5 239 M -( client, and MUST NOT be returned by servers\).) s -5 217 M -( SSH_FX_CONNECTION_LOST) s -5 206 M -( is a pseudo-error which indicates that the connection to the) s -5 195 M -( server has been lost \(it can only be generated locally by the) s -5 184 M -( client, and MUST NOT be returned by servers\).) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 21]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 22 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -( SSH_FX_OP_UNSUPPORTED) s -5 679 M -( indicates that an attempt was made to perform an operation which) s -5 668 M -( is not supported for the server \(it may be generated locally by) s -5 657 M -( the client if e.g. the version number exchange indicates that a) s -5 646 M -( required feature is not supported by the server, or it may be) s -5 635 M -( returned by the server if the server does not implement an) s -5 624 M -( operation\).) s -5 602 M -( The SSH_FXP_HANDLE response has the following format:) s -5 580 M -( uint32 id) s -5 569 M -( string handle) s -5 547 M -( where `id' is the request identifier, and `handle' is an arbitrary) s -5 536 M -( string that identifies an open file or directory on the server. The) s -5 525 M -( handle is opaque to the client; the client MUST NOT attempt to) s -5 514 M -( interpret or modify it in any way. The length of the handle string) s -5 503 M -( MUST NOT exceed 256 data bytes.) s -5 481 M -( The SSH_FXP_DATA response has the following format:) s -5 459 M -( uint32 id) s -5 448 M -( string data) s -5 426 M -( where `id' is the request identifier, and `data' is an arbitrary byte) s -5 415 M -( string containing the requested data. The data string may be at most) s -5 404 M -( the number of bytes requested in a SSH_FXP_READ request, but may also) s -5 393 M -( be shorter if end of file is reached or if the read is from something) s -5 382 M -( other than a regular file.) s -5 360 M -( The SSH_FXP_NAME response has the following format:) s -5 338 M -( uint32 id) s -5 327 M -( uint32 count) s -5 316 M -( repeats count times:) s -5 305 M -( string filename) s -5 294 M -( string longname) s -5 283 M -( ATTRS attrs) s -5 261 M -( where `id' is the request identifier, `count' is the number of names) s -5 250 M -( returned in this response, and the remaining fields repeat `count') s -5 239 M -( times \(so that all three fields are first included for the first) s -5 228 M -( file, then for the second file, etc\). In the repeated part,) s -5 217 M -( `filename' is a file name being returned \(for SSH_FXP_READDIR, it) s -5 206 M -( will be a relative name within the directory, without any path) s -5 195 M -( components; for SSH_FXP_REALPATH it will be an absolute path name\),) s -5 184 M -( `longname' is an expanded format for the file name, similar to what) s -5 173 M -( is returned by "ls -l" on Unix systems, and `attrs' is the attributes) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 22]) s -_R -S -PStoPSsaved restore -%%Page: (22,23) 12 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 23 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -( of the file as described in Section ``File Attributes''.) s -5 668 M -( The format of the `longname' field is unspecified by this protocol.) s -5 657 M -( It MUST be suitable for use in the output of a directory listing) s -5 646 M -( command \(in fact, the recommended operation for a directory listing) s -5 635 M -( command is to simply display this data\). However, clients SHOULD NOT) s -5 624 M -( attempt to parse the longname field for file attributes; they SHOULD) s -5 613 M -( use the attrs field instead.) s -5 591 M -( The recommended format for the longname field is as follows:) s -5 569 M -( -rwxr-xr-x 1 mjos staff 348911 Mar 25 14:29 t-filexfer) s -5 558 M -( 1234567890 123 12345678 12345678 12345678 123456789012) s -5 536 M -( Here, the first line is sample output, and the second field indicates) s -5 525 M -( widths of the various fields. Fields are separated by spaces. The) s -5 514 M -( first field lists file permissions for user, group, and others; the) s -5 503 M -( second field is link count; the third field is the name of the user) s -5 492 M -( who owns the file; the fourth field is the name of the group that) s -5 481 M -( owns the file; the fifth field is the size of the file in bytes; the) s -5 470 M -( sixth field \(which actually may contain spaces, but is fixed to 12) s -5 459 M -( characters\) is the file modification time, and the seventh field is) s -5 448 M -( the file name. Each field is specified to be a minimum of certain) s -5 437 M -( number of character positions \(indicated by the second line above\),) s -5 426 M -( but may also be longer if the data does not fit in the specified) s -5 415 M -( length.) s -5 393 M -( The SSH_FXP_ATTRS response has the following format:) s -5 371 M -( uint32 id) s -5 360 M -( ATTRS attrs) s -5 338 M -( where `id' is the request identifier, and `attrs' is the returned) s -5 327 M -( file attributes as described in Section ``File Attributes''.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 23]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 24 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(8. Vendor-Specific Extensions) s -5 668 M -( The SSH_FXP_EXTENDED request provides a generic extension mechanism) s -5 657 M -( for adding vendor-specific commands. The request has the following) s -5 646 M -( format:) s -5 624 M -( uint32 id) s -5 613 M -( string extended-request) s -5 602 M -( ... any request-specific data ...) s -5 580 M -( where `id' is the request identifier, and `extended-request' is a) s -5 569 M -( string of the format "name@domain", where domain is an internet) s -5 558 M -( domain name of the vendor defining the request. The rest of the) s -5 547 M -( request is completely vendor-specific, and servers should only) s -5 536 M -( attempt to interpret it if they recognize the `extended-request') s -5 525 M -( name.) s -5 503 M -( The server may respond to such requests using any of the response) s -5 492 M -( packets defined in Section ``Responses from the Server to the) s -5 481 M -( Client''. Additionally, the server may also respond with a) s -5 470 M -( SSH_FXP_EXTENDED_REPLY packet, as defined below. If the server does) s -5 459 M -( not recognize the `extended-request' name, then the server MUST) s -5 448 M -( respond with SSH_FXP_STATUS with error/status set to) s -5 437 M -( SSH_FX_OP_UNSUPPORTED.) s -5 415 M -( The SSH_FXP_EXTENDED_REPLY packet can be used to carry arbitrary) s -5 404 M -( extension-specific data from the server to the client. It is of the) s -5 393 M -( following format:) s -5 371 M -( uint32 id) s -5 360 M -( ... any request-specific data ...) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 24]) s -_R -S -PStoPSsaved restore -%%Page: (24,25) 13 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 25 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(9. Security Considerations) s -5 668 M -( This protocol assumes that it is run over a secure channel and that) s -5 657 M -( the endpoints of the channel have been authenticated. Thus, this) s -5 646 M -( protocol assumes that it is externally protected from network-level) s -5 635 M -( attacks.) s -5 613 M -( This protocol provides file system access to arbitrary files on the) s -5 602 M -( server \(only constrained by the server implementation\). It is the) s -5 591 M -( responsibility of the server implementation to enforce any access) s -5 580 M -( controls that may be required to limit the access allowed for any) s -5 569 M -( particular user \(the user being authenticated externally to this) s -5 558 M -( protocol, typically using the SSH User Authentication Protocol [6].) s -5 536 M -( Care must be taken in the server implementation to check the validity) s -5 525 M -( of received file handle strings. The server should not rely on them) s -5 514 M -( directly; it MUST check the validity of each handle before relying on) s -5 503 M -( it.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 25]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 26 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(10. Changes from previous protocol versions) s -5 668 M -( The SSH File Transfer Protocol has changed over time, before it's) s -5 657 M -( standardization. The following is a description of the incompatible) s -5 646 M -( changes between different versions.) s -5 624 M -(10.1 Changes between versions 3 and 2) s -5 602 M -( o The SSH_FXP_READLINK and SSH_FXP_SYMLINK messages were added.) s -5 580 M -( o The SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY messages were) s -5 569 M -( added.) s -5 547 M -( o The SSH_FXP_STATUS message was changed to include fields `error) s -5 536 M -( message' and `language tag'.) s -5 503 M -(10.2 Changes between versions 2 and 1) s -5 481 M -( o The SSH_FXP_RENAME message was added.) s -5 448 M -(10.3 Changes between versions 1 and 0) s -5 426 M -( o Implementation changes, no actual protocol changes.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 26]) s -_R -S -PStoPSsaved restore -%%Page: (26,27) 14 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 27 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(11. Trademark Issues) s -5 668 M -( "ssh" is a registered trademark of SSH Communications Security Corp) s -5 657 M -( in the United States and/or other countries.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 27]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 28 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(References) s -5 668 M -( [1] Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A. and) s -5 657 M -( P. Kocher, "The TLS Protocol Version 1.0", RFC 2246, January) s -5 646 M -( 1999.) s -5 624 M -( [2] Institute of Electrical and Electronics Engineers, "Information) s -5 613 M -( Technology - Portable Operating System Interface \(POSIX\) - Part) s -5 602 M -( 1: System Application Program Interface \(API\) [C Language]",) s -5 591 M -( IEEE Standard 1003.2, 1996.) s -5 569 M -( [3] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.) s -5 558 M -( Lehtinen, "SSH Protocol Architecture", draft-ietf-secsh-) s -5 547 M -( architecture-09 \(work in progress\), July 2001.) s -5 525 M -( [4] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.) s -5 514 M -( Lehtinen, "SSH Protocol Transport Protocol", draft-ietf-secsh-) s -5 503 M -( architecture-09 \(work in progress\), July 2001.) s -5 481 M -( [5] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.) s -5 470 M -( Lehtinen, "SSH Connection Protocol", draft-ietf-secsh-connect-11) s -5 459 M -( \(work in progress\), July 2001.) s -5 437 M -( [6] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.) s -5 426 M -( Lehtinen, "SSH Authentication Protocol", draft-ietf-secsh-) s -5 415 M -( userauth-11 \(work in progress\), July 2001.) s -5 382 M -(Authors' Addresses) s -5 360 M -( Tatu Ylonen) s -5 349 M -( SSH Communications Security Corp) s -5 338 M -( Fredrikinkatu 42) s -5 327 M -( HELSINKI FIN-00100) s -5 316 M -( Finland) s -5 294 M -( EMail: ylo@ssh.com) s -5 261 M -( Sami Lehtinen) s -5 250 M -( SSH Communications Security Corp) s -5 239 M -( Fredrikinkatu 42) s -5 228 M -( HELSINKI FIN-00100) s -5 217 M -( Finland) s -5 195 M -( EMail: sjl@ssh.com) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 28]) s -_R -S -PStoPSsaved restore -%%Page: (28,29) 15 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 29 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2001) s -5 690 M -(Full Copyright Statement) s -5 668 M -( Copyright \(C\) The Internet Society \(2001\). All Rights Reserved.) s -5 646 M -( This document and translations of it may be copied and furnished to) s -5 635 M -( others, and derivative works that comment on or otherwise explain it) s -5 624 M -( or assist in its implementation may be prepared, copied, published) s -5 613 M -( and distributed, in whole or in part, without restriction of any) s -5 602 M -( kind, provided that the above copyright notice and this paragraph are) s -5 591 M -( included on all such copies and derivative works. However, this) s -5 580 M -( document itself may not be modified in any way, such as by removing) s -5 569 M -( the copyright notice or references to the Internet Society or other) s -5 558 M -( Internet organizations, except as needed for the purpose of) s -5 547 M -( developing Internet standards in which case the procedures for) s -5 536 M -( copyrights defined in the Internet Standards process must be) s -5 525 M -( followed, or as required to translate it into languages other than) s -5 514 M -( English.) s -5 492 M -( The limited permissions granted above are perpetual and will not be) s -5 481 M -( revoked by the Internet Society or its successors or assigns.) s -5 459 M -( This document and the information contained herein is provided on an) s -5 448 M -( "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING) s -5 437 M -( TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING) s -5 426 M -( BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION) s -5 415 M -( HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF) s -5 404 M -( MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.) s -5 382 M -(Acknowledgement) s -5 360 M -( Funding for the RFC Editor function is currently provided by the) s -5 349 M -( Internet Society.) s -5 129 M -(Ylonen & Lehtinen Expires April 1, 2002 [Page 29]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 30 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -_R -S -PStoPSsaved restore -%%Trailer -%%Pages: 30 -%%DocumentNeededResources: font Courier-Bold Courier -%%EOF diff --git a/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-02.txt b/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-02.txt deleted file mode 100644 index c4ec8c1125..0000000000 --- a/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-02.txt +++ /dev/null @@ -1,1627 +0,0 @@ - - - -Network Working Group T. Ylonen -Internet-Draft S. Lehtinen -Expires: April 1, 2002 SSH Communications Security Corp - October 2001 - - - SSH File Transfer Protocol - draft-ietf-secsh-filexfer-02.txt - -Status of this Memo - - This document is an Internet-Draft and is in full conformance with - all provisions of Section 10 of RFC2026. - - Internet-Drafts are working documents of the Internet Engineering - Task Force (IETF), its areas, and its working groups. Note that - other groups may also distribute working documents as Internet- - Drafts. - - Internet-Drafts are draft documents valid for a maximum of six months - and may be updated, replaced, or obsoleted by other documents at any - time. It is inappropriate to use Internet-Drafts as reference - material or to cite them other than as "work in progress." - - The list of current Internet-Drafts can be accessed at http:// - www.ietf.org/ietf/1id-abstracts.txt. - - The list of Internet-Draft Shadow Directories can be accessed at - http://www.ietf.org/shadow.html. - - This Internet-Draft will expire on April 1, 2002. - -Copyright Notice - - Copyright (C) The Internet Society (2001). All Rights Reserved. - -Abstract - - The SSH File Transfer Protocol provides secure file transfer - functionality over any reliable data stream. It is the standard file - transfer protocol for use with the SSH2 protocol. This document - describes the file transfer protocol and its interface to the SSH2 - protocol suite. - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 1] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -Table of Contents - - 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 - 2. Use with the SSH Connection Protocol . . . . . . . . . . . . 4 - 3. General Packet Format . . . . . . . . . . . . . . . . . . . 5 - 4. Protocol Initialization . . . . . . . . . . . . . . . . . . 7 - 5. File Attributes . . . . . . . . . . . . . . . . . . . . . . 8 - 6. Requests From the Client to the Server . . . . . . . . . . . 10 - 6.1 Request Synchronization and Reordering . . . . . . . . . . . 10 - 6.2 File Names . . . . . . . . . . . . . . . . . . . . . . . . . 11 - 6.3 Opening, Creating, and Closing Files . . . . . . . . . . . . 11 - 6.4 Reading and Writing . . . . . . . . . . . . . . . . . . . . 13 - 6.5 Removing and Renaming Files . . . . . . . . . . . . . . . . 14 - 6.6 Creating and Deleting Directories . . . . . . . . . . . . . 15 - 6.7 Scanning Directories . . . . . . . . . . . . . . . . . . . . 15 - 6.8 Retrieving File Attributes . . . . . . . . . . . . . . . . . 16 - 6.9 Setting File Attributes . . . . . . . . . . . . . . . . . . 17 - 6.10 Dealing with Symbolic links . . . . . . . . . . . . . . . . 18 - 6.11 Canonicalizing the Server-Side Path Name . . . . . . . . . . 18 - 7. Responses from the Server to the Client . . . . . . . . . . 20 - 8. Vendor-Specific Extensions . . . . . . . . . . . . . . . . . 24 - 9. Security Considerations . . . . . . . . . . . . . . . . . . 25 - 10. Changes from previous protocol versions . . . . . . . . . . 26 - 10.1 Changes between versions 3 and 2 . . . . . . . . . . . . . . 26 - 10.2 Changes between versions 2 and 1 . . . . . . . . . . . . . . 26 - 10.3 Changes between versions 1 and 0 . . . . . . . . . . . . . . 26 - 11. Trademark Issues . . . . . . . . . . . . . . . . . . . . . . 27 - References . . . . . . . . . . . . . . . . . . . . . . . . . 28 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 28 - Full Copyright Statement . . . . . . . . . . . . . . . . . . 29 - - - - - - - - - - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 2] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -1. Introduction - - This protocol provides secure file transfer (and more generally file - system access) functionality over a reliable data stream, such as a - channel in the SSH2 protocol [3]. - - This protocol is designed so that it could be used to implement a - secure remote file system service, as well as a secure file transfer - service. - - This protocol assumes that it runs over a secure channel, and that - the server has already authenticated the user at the client end, and - that the identity of the client user is externally available to the - server implementation. - - In general, this protocol follows a simple request-response model. - Each request and response contains a sequence number and multiple - requests may be pending simultaneously. There are a relatively large - number of different request messages, but a small number of possible - response messages. Each request has one or more response messages - that may be returned in result (e.g., a read either returns data or - reports error status). - - The packet format descriptions in this specification follow the - notation presented in the secsh architecture draft.[3]. - - Even though this protocol is described in the context of the SSH2 - protocol, this protocol is general and independent of the rest of the - SSH2 protocol suite. It could be used in a number of different - applications, such as secure file transfer over TLS RFC 2246 [1] and - transfer of management information in VPN applications. - - - - - - - - - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 3] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -2. Use with the SSH Connection Protocol - - When used with the SSH2 Protocol suite, this protocol is intended to - be used from the SSH Connection Protocol [5] as a subsystem, as - described in section ``Starting a Shell or a Command''. The - subsystem name used with this protocol is "sftp". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 4] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -3. General Packet Format - - All packets transmitted over the secure connection are of the - following format: - - uint32 length - byte type - byte[length - 1] data payload - - That is, they are just data preceded by 32-bit length and 8-bit type - fields. The `length' is the length of the data area, and does not - include the `length' field itself. The format and interpretation of - the data area depends on the packet type. - - All packet descriptions below only specify the packet type and the - data that goes into the data field. Thus, they should be prefixed by - the `length' and `type' fields. - - The maximum size of a packet is in practice determined by the client - (the maximum size of read or write requests that it sends, plus a few - bytes of packet overhead). All servers SHOULD support packets of at - least 34000 bytes (where the packet size refers to the full length, - including the header above). This should allow for reads and writes - of at most 32768 bytes. - - There is no limit on the number of outstanding (non-acknowledged) - requests that the client may send to the server. In practice this is - limited by the buffering available on the data stream and the queuing - performed by the server. If the server's queues are full, it should - not read any more data from the stream, and flow control will prevent - the client from sending more requests. Note, however, that while - there is no restriction on the protocol level, the client's API may - provide a limit in order to prevent infinite queuing of outgoing - requests at the client. - - - - - - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 5] - -Internet-Draft SSH File Transfer Protocol October 2001 - - - The following values are defined for packet types. - - #define SSH_FXP_INIT 1 - #define SSH_FXP_VERSION 2 - #define SSH_FXP_OPEN 3 - #define SSH_FXP_CLOSE 4 - #define SSH_FXP_READ 5 - #define SSH_FXP_WRITE 6 - #define SSH_FXP_LSTAT 7 - #define SSH_FXP_FSTAT 8 - #define SSH_FXP_SETSTAT 9 - #define SSH_FXP_FSETSTAT 10 - #define SSH_FXP_OPENDIR 11 - #define SSH_FXP_READDIR 12 - #define SSH_FXP_REMOVE 13 - #define SSH_FXP_MKDIR 14 - #define SSH_FXP_RMDIR 15 - #define SSH_FXP_REALPATH 16 - #define SSH_FXP_STAT 17 - #define SSH_FXP_RENAME 18 - #define SSH_FXP_READLINK 19 - #define SSH_FXP_SYMLINK 20 - #define SSH_FXP_STATUS 101 - #define SSH_FXP_HANDLE 102 - #define SSH_FXP_DATA 103 - #define SSH_FXP_NAME 104 - #define SSH_FXP_ATTRS 105 - #define SSH_FXP_EXTENDED 200 - #define SSH_FXP_EXTENDED_REPLY 201 - - Additional packet types should only be defined if the protocol - version number (see Section ``Protocol Initialization'') is - incremented, and their use MUST be negotiated using the version - number. However, the SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY - packets can be used to implement vendor-specific extensions. See - Section ``Vendor-Specific-Extensions'' for more details. - - - - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 6] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -4. Protocol Initialization - - When the file transfer protocol starts, it first sends a SSH_FXP_INIT - (including its version number) packet to the server. The server - responds with a SSH_FXP_VERSION packet, supplying the lowest of its - own and the client's version number. Both parties should from then - on adhere to particular version of the protocol. - - The SSH_FXP_INIT packet (from client to server) has the following - data: - - uint32 version - - - The SSH_FXP_VERSION packet (from server to client) has the following - data: - - uint32 version - - - The version number of the protocol specified in this document is 3. - The version number should be incremented for each incompatible - revision of this protocol. - - The extension data in the above packets may be empty, or may be a - sequence of - - string extension_name - string extension_data - - pairs (both strings MUST always be present if one is, but the - `extension_data' string may be of zero length). If present, these - strings indicate extensions to the baseline protocol. The - `extension_name' field(s) identify the name of the extension. The - name should be of the form "name@domain", where the domain is the DNS - domain name of the organization defining the extension. Additional - names that are not of this format may be defined later by the IETF. - Implementations MUST silently ignore any extensions whose name they - do not recognize. - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 7] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -5. File Attributes - - A new compound data type is defined for encoding file attributes. It - is basically just a combination of elementary types, but is defined - once because of the non-trivial description of the fields and to - ensure maintainability. - - The same encoding is used both when returning file attributes from - the server and when sending file attributes to the server. When - sending it to the server, the flags field specifies which attributes - are included, and the server will use default values for the - remaining attributes (or will not modify the values of remaining - attributes). When receiving attributes from the server, the flags - specify which attributes are included in the returned data. The - server normally returns all attributes it knows about. - - uint32 flags - uint64 size present only if flag SSH_FILEXFER_ATTR_SIZE - uint32 uid present only if flag SSH_FILEXFER_ATTR_UIDGID - uint32 gid present only if flag SSH_FILEXFER_ATTR_UIDGID - uint32 permissions present only if flag SSH_FILEXFER_ATTR_PERMISSIONS - uint32 atime present only if flag SSH_FILEXFER_ACMODTIME - uint32 mtime present only if flag SSH_FILEXFER_ACMODTIME - uint32 extended_count present only if flag SSH_FILEXFER_ATTR_EXTENDED - string extended_type - string extended_data - ... more extended data (extended_type - extended_data pairs), - so that number of pairs equals extended_count - - The `flags' specify which of the fields are present. Those fields - for which the corresponding flag is not set are not present (not - included in the packet). New flags can only be added by incrementing - the protocol version number (or by using the extension mechanism - described below). - - The `size' field specifies the size of the file in bytes. - - The `uid' and `gid' fields contain numeric Unix-like user and group - identifiers, respectively. - - The `permissions' field contains a bit mask of file permissions as - defined by posix [1]. - - The `atime' and `mtime' contain the access and modification times of - the files, respectively. They are represented as seconds from Jan 1, - 1970 in UTC. - - The SSH_FILEXFER_ATTR_EXTENDED flag provides a general extension - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 8] - -Internet-Draft SSH File Transfer Protocol October 2001 - - - mechanism for vendor-specific extensions. If the flag is specified, - then the `extended_count' field is present. It specifies the number - of extended_type-extended_data pairs that follow. Each of these - pairs specifies an extended attribute. For each of the attributes, - the extended_type field should be a string of the format - "name@domain", where "domain" is a valid, registered domain name and - "name" identifies the method. The IETF may later standardize certain - names that deviate from this format (e.g., that do not contain the - "@" sign). The interpretation of `extended_data' depends on the - type. Implementations SHOULD ignore extended data fields that they - do not understand. - - Additional fields can be added to the attributes by either defining - additional bits to the flags field to indicate their presence, or by - defining extended attributes for them. The extended attributes - mechanism is recommended for most purposes; additional flags bits - should only be defined by an IETF standards action that also - increments the protocol version number. The use of such new fields - MUST be negotiated by the version number in the protocol exchange. - It is a protocol error if a packet with unsupported protocol bits is - received. - - The flags bits are defined to have the following values: - - #define SSH_FILEXFER_ATTR_SIZE 0x00000001 - #define SSH_FILEXFER_ATTR_UIDGID 0x00000002 - #define SSH_FILEXFER_ATTR_PERMISSIONS 0x00000004 - #define SSH_FILEXFER_ATTR_ACMODTIME 0x00000008 - #define SSH_FILEXFER_ATTR_EXTENDED 0x80000000 - - - - - - - - - - - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 9] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -6. Requests From the Client to the Server - - Requests from the client to the server represent the various file - system operations. Each request begins with an `id' field, which is - a 32-bit identifier identifying the request (selected by the client). - The same identifier will be returned in the response to the request. - One possible implementation of it is a monotonically increasing - request sequence number (modulo 2^32). - - Many operations in the protocol operate on open files. The - SSH_FXP_OPEN request can return a file handle (which is an opaque - variable-length string) which may be used to access the file later - (e.g. in a read operation). The client MUST NOT send requests the - server with bogus or closed handles. However, the server MUST - perform adequate checks on the handle in order to avoid security - risks due to fabricated handles. - - This design allows either stateful and stateless server - implementation, as well as an implementation which caches state - between requests but may also flush it. The contents of the file - handle string are entirely up to the server and its design. The - client should not modify or attempt to interpret the file handle - strings. - - The file handle strings MUST NOT be longer than 256 bytes. - -6.1 Request Synchronization and Reordering - - The protocol and implementations MUST process requests relating to - the same file in the order in which they are received. In other - words, if an application submits multiple requests to the server, the - results in the responses will be the same as if it had sent the - requests one at a time and waited for the response in each case. For - example, the server may process non-overlapping read/write requests - to the same file in parallel, but overlapping reads and writes cannot - be reordered or parallelized. However, there are no ordering - restrictions on the server for processing requests from two different - file transfer connections. The server may interleave and parallelize - them at will. - - There are no restrictions on the order in which responses to - outstanding requests are delivered to the client, except that the - server must ensure fairness in the sense that processing of no - request will be indefinitely delayed even if the client is sending - other requests so that there are multiple outstanding requests all - the time. - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 10] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -6.2 File Names - - This protocol represents file names as strings. File names are - assumed to use the slash ('/') character as a directory separator. - - File names starting with a slash are "absolute", and are relative to - the root of the file system. Names starting with any other character - are relative to the user's default directory (home directory). Note - that identifying the user is assumed to take place outside of this - protocol. - - Servers SHOULD interpret a path name component ".." as referring to - the parent directory, and "." as referring to the current directory. - If the server implementation limits access to certain parts of the - file system, it must be extra careful in parsing file names when - enforcing such restrictions. There have been numerous reported - security bugs where a ".." in a path name has allowed access outside - the intended area. - - An empty path name is valid, and it refers to the user's default - directory (usually the user's home directory). - - Otherwise, no syntax is defined for file names by this specification. - Clients should not make any other assumptions; however, they can - splice path name components returned by SSH_FXP_READDIR together - using a slash ('/') as the separator, and that will work as expected. - - It is understood that the lack of well-defined semantics for file - names may cause interoperability problems between clients and servers - using radically different operating systems. However, this approach - is known to work acceptably with most systems, and alternative - approaches that e.g. treat file names as sequences of structured - components are quite complicated. - -6.3 Opening, Creating, and Closing Files - - Files are opened and created using the SSH_FXP_OPEN message, whose - data part is as follows: - - uint32 id - string filename - uint32 pflags - ATTRS attrs - - The `id' field is the request identifier as for all requests. - - The `filename' field specifies the file name. See Section ``File - Names'' for more information. - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 11] - -Internet-Draft SSH File Transfer Protocol October 2001 - - - The `pflags' field is a bitmask. The following bits have been - defined. - - #define SSH_FXF_READ 0x00000001 - #define SSH_FXF_WRITE 0x00000002 - #define SSH_FXF_APPEND 0x00000004 - #define SSH_FXF_CREAT 0x00000008 - #define SSH_FXF_TRUNC 0x00000010 - #define SSH_FXF_EXCL 0x00000020 - - These have the following meanings: - - SSH_FXF_READ - Open the file for reading. - - SSH_FXF_WRITE - Open the file for writing. If both this and SSH_FXF_READ are - specified, the file is opened for both reading and writing. - - SSH_FXF_APPEND - Force all writes to append data at the end of the file. - - SSH_FXF_CREAT - If this flag is specified, then a new file will be created if one - does not already exist (if O_TRUNC is specified, the new file will - be truncated to zero length if it previously exists). - - SSH_FXF_TRUNC - Forces an existing file with the same name to be truncated to zero - length when creating a file by specifying SSH_FXF_CREAT. - SSH_FXF_CREAT MUST also be specified if this flag is used. - - SSH_FXF_EXCL - Causes the request to fail if the named file already exists. - SSH_FXF_CREAT MUST also be specified if this flag is used. - - The `attrs' field specifies the initial attributes for the file. - Default values will be used for those attributes that are not - specified. See Section ``File Attributes'' for more information. - - Regardless the server operating system, the file will always be - opened in "binary" mode (i.e., no translations between different - character sets and newline encodings). - - The response to this message will be either SSH_FXP_HANDLE (if the - operation is successful) or SSH_FXP_STATUS (if the operation fails). - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 12] - -Internet-Draft SSH File Transfer Protocol October 2001 - - - A file is closed by using the SSH_FXP_CLOSE request. Its data field - has the following format: - - uint32 id - string handle - - where `id' is the request identifier, and `handle' is a handle - previously returned in the response to SSH_FXP_OPEN or - SSH_FXP_OPENDIR. The handle becomes invalid immediately after this - request has been sent. - - The response to this request will be a SSH_FXP_STATUS message. One - should note that on some server platforms even a close can fail. - This can happen e.g. if the server operating system caches writes, - and an error occurs while flushing cached writes during the close. - -6.4 Reading and Writing - - Once a file has been opened, it can be read using the SSH_FXP_READ - message, which has the following format: - - uint32 id - string handle - uint64 offset - uint32 len - - where `id' is the request identifier, `handle' is an open file handle - returned by SSH_FXP_OPEN, `offset' is the offset (in bytes) relative - to the beginning of the file from where to start reading, and `len' - is the maximum number of bytes to read. - - In response to this request, the server will read as many bytes as it - can from the file (up to `len'), and return them in a SSH_FXP_DATA - message. If an error occurs or EOF is encountered before reading any - data, the server will respond with SSH_FXP_STATUS. For normal disk - files, it is guaranteed that this will read the specified number of - bytes, or up to end of file. For e.g. device files this may return - fewer bytes than requested. - - Writing to a file is achieved using the SSH_FXP_WRITE message, which - has the following format: - - uint32 id - string handle - uint64 offset - string data - - where `id' is a request identifier, `handle' is a file handle - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 13] - -Internet-Draft SSH File Transfer Protocol October 2001 - - - returned by SSH_FXP_OPEN, `offset' is the offset (in bytes) from the - beginning of the file where to start writing, and `data' is the data - to be written. - - The write will extend the file if writing beyond the end of the file. - It is legal to write way beyond the end of the file; the semantics - are to write zeroes from the end of the file to the specified offset - and then the data. On most operating systems, such writes do not - allocate disk space but instead leave "holes" in the file. - - The server responds to a write request with a SSH_FXP_STATUS message. - -6.5 Removing and Renaming Files - - Files can be removed using the SSH_FXP_REMOVE message. It has the - following format: - - uint32 id - string filename - - where `id' is the request identifier and `filename' is the name of - the file to be removed. See Section ``File Names'' for more - information. This request cannot be used to remove directories. - - The server will respond to this request with a SSH_FXP_STATUS - message. - - Files (and directories) can be renamed using the SSH_FXP_RENAME - message. Its data is as follows: - - uint32 id - string oldpath - string newpath - - where `id' is the request identifier, `oldpath' is the name of an - existing file or directory, and `newpath' is the new name for the - file or directory. It is an error if there already exists a file - with the name specified by newpath. The server may also fail rename - requests in other situations, for example if `oldpath' and `newpath' - point to different file systems on the server. - - The server will respond to this request with a SSH_FXP_STATUS - message. - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 14] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -6.6 Creating and Deleting Directories - - New directories can be created using the SSH_FXP_MKDIR request. It - has the following format: - - uint32 id - string path - ATTRS attrs - - where `id' is the request identifier, `path' and `attrs' specifies - the modifications to be made to its attributes. See Section ``File - Names'' for more information on file names. Attributes are discussed - in more detail in Section ``File Attributes''. specifies the - directory to be created. An error will be returned if a file or - directory with the specified path already exists. The server will - respond to this request with a SSH_FXP_STATUS message. - - Directories can be removed using the SSH_FXP_RMDIR request, which - has the following format: - - uint32 id - string path - - where `id' is the request identifier, and `path' specifies the - directory to be removed. See Section ``File Names'' for more - information on file names. An error will be returned if no directory - with the specified path exists, or if the specified directory is not - empty, or if the path specified a file system object other than a - directory. The server responds to this request with a SSH_FXP_STATUS - message. - -6.7 Scanning Directories - - The files in a directory can be listed using the SSH_FXP_OPENDIR and - SSH_FXP_READDIR requests. Each SSH_FXP_READDIR request returns one - or more file names with full file attributes for each file. The - client should call SSH_FXP_READDIR repeatedly until it has found the - file it is looking for or until the server responds with a - SSH_FXP_STATUS message indicating an error (normally SSH_FX_EOF if - there are no more files in the directory). The client should then - close the handle using the SSH_FXP_CLOSE request. - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 15] - -Internet-Draft SSH File Transfer Protocol October 2001 - - - The SSH_FXP_OPENDIR opens a directory for reading. It has the - following format: - - uint32 id - string path - - where `id' is the request identifier and `path' is the path name of - the directory to be listed (without any trailing slash). See Section - ``File Names'' for more information on file names. This will return - an error if the path does not specify a directory or if the directory - is not readable. The server will respond to this request with either - a SSH_FXP_HANDLE or a SSH_FXP_STATUS message. - - Once the directory has been successfully opened, files (and - directories) contained in it can be listed using SSH_FXP_READDIR - requests. These are of the format - - uint32 id - string handle - - where `id' is the request identifier, and `handle' is a handle - returned by SSH_FXP_OPENDIR. (It is a protocol error to attempt to - use an ordinary file handle returned by SSH_FXP_OPEN.) - - The server responds to this request with either a SSH_FXP_NAME or a - SSH_FXP_STATUS message. One or more names may be returned at a time. - Full status information is returned for each name in order to speed - up typical directory listings. - - When the client no longer wishes to read more names from the - directory, it SHOULD call SSH_FXP_CLOSE for the handle. The handle - should be closed regardless of whether an error has occurred or not. - -6.8 Retrieving File Attributes - - Very often, file attributes are automatically returned by - SSH_FXP_READDIR. However, sometimes there is need to specifically - retrieve the attributes for a named file. This can be done using the - SSH_FXP_STAT, SSH_FXP_LSTAT and SSH_FXP_FSTAT requests. - - SSH_FXP_STAT and SSH_FXP_LSTAT only differ in that SSH_FXP_STAT - follows symbolic links on the server, whereas SSH_FXP_LSTAT does not - follow symbolic links. Both have the same format: - - uint32 id - string path - - where `id' is the request identifier, and `path' specifies the file - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 16] - -Internet-Draft SSH File Transfer Protocol October 2001 - - - system object for which status is to be returned. The server - responds to this request with either SSH_FXP_ATTRS or SSH_FXP_STATUS. - - SSH_FXP_FSTAT differs from the others in that it returns status - information for an open file (identified by the file handle). Its - format is as follows: - - uint32 id - string handle - - where `id' is the request identifier and `handle' is a file handle - returned by SSH_FXP_OPEN. The server responds to this request with - SSH_FXP_ATTRS or SSH_FXP_STATUS. - -6.9 Setting File Attributes - - File attributes may be modified using the SSH_FXP_SETSTAT and - SSH_FXP_FSETSTAT requests. These requests are used for operations - such as changing the ownership, permissions or access times, as well - as for truncating a file. - - The SSH_FXP_SETSTAT request is of the following format: - - uint32 id - string path - ATTRS attrs - - where `id' is the request identifier, `path' specifies the file - system object (e.g. file or directory) whose attributes are to be - modified, and `attrs' specifies the modifications to be made to its - attributes. Attributes are discussed in more detail in Section - ``File Attributes''. - - An error will be returned if the specified file system object does - not exist or the user does not have sufficient rights to modify the - specified attributes. The server responds to this request with a - SSH_FXP_STATUS message. - - The SSH_FXP_FSETSTAT request modifies the attributes of a file which - is already open. It has the following format: - - uint32 id - string handle - ATTRS attrs - - where `id' is the request identifier, `handle' (MUST be returned by - SSH_FXP_OPEN) identifies the file whose attributes are to be - modified, and `attrs' specifies the modifications to be made to its - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 17] - -Internet-Draft SSH File Transfer Protocol October 2001 - - - attributes. Attributes are discussed in more detail in Section - ``File Attributes''. The server will respond to this request with - SSH_FXP_STATUS. - -6.10 Dealing with Symbolic links - - The SSH_FXP_READLINK request may be used to read the target of a - symbolic link. It would have a data part as follows: - - uint32 id - string path - - where `id' is the request identifier and `path' specifies the path - name of the symlink to be read. - - The server will respond with a SSH_FXP_NAME packet containing only - one name and a dummy attributes value. The name in the returned - packet contains the target of the link. If an error occurs, the - server may respond with SSH_FXP_STATUS. - - The SSH_FXP_SYMLINK request will create a symbolic link on the - server. It is of the following format - - uint32 id - string linkpath - string targetpath - - where `id' is the request identifier, `linkpath' specifies the path - name of the symlink to be created and `targetpath' specifies the - target of the symlink. The server shall respond with a - SSH_FXP_STATUS indicating either success (SSH_FX_OK) or an error - condition. - -6.11 Canonicalizing the Server-Side Path Name - - The SSH_FXP_REALPATH request can be used to have the server - canonicalize any given path name to an absolute path. This is useful - for converting path names containing ".." components or relative - pathnames without a leading slash into absolute paths. The format of - the request is as follows: - - uint32 id - string path - - where `id' is the request identifier and `path' specifies the path - name to be canonicalized. The server will respond with a - SSH_FXP_NAME packet containing only one name and a dummy attributes - value. The name is the returned packet will be in canonical form. - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 18] - -Internet-Draft SSH File Transfer Protocol October 2001 - - - If an error occurs, the server may also respond with SSH_FXP_STATUS. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 19] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -7. Responses from the Server to the Client - - The server responds to the client using one of a few response - packets. All requests can return a SSH_FXP_STATUS response upon - failure. When the operation is successful, any of the responses may - be returned (depending on the operation). If no data needs to be - returned to the client, the SSH_FXP_STATUS response with SSH_FX_OK - status is appropriate. Otherwise, the SSH_FXP_HANDLE message is used - to return a file handle (for SSH_FXP_OPEN and SSH_FXP_OPENDIR - requests), SSH_FXP_DATA is used to return data from SSH_FXP_READ, - SSH_FXP_NAME is used to return one or more file names from a - SSH_FXP_READDIR or SSH_FXP_REALPATH request, and SSH_FXP_ATTRS is - used to return file attributes from SSH_FXP_STAT, SSH_FXP_LSTAT, and - SSH_FXP_FSTAT requests. - - Exactly one response will be returned for each request. Each - response packet contains a request identifier which can be used to - match each response with the corresponding request. Note that it is - legal to have several requests outstanding simultaneously, and the - server is allowed to send responses to them in a different order from - the order in which the requests were sent (the result of their - execution, however, is guaranteed to be as if they had been processed - one at a time in the order in which the requests were sent). - - Response packets are of the same general format as request packets. - Each response packet begins with the request identifier. - - The format of the data portion of the SSH_FXP_STATUS response is as - follows: - - uint32 id - uint32 error/status code - string error message (ISO-10646 UTF-8 [RFC-2279]) - string language tag (as defined in [RFC-1766]) - - where `id' is the request identifier, and `error/status code' - indicates the result of the requested operation. The value SSH_FX_OK - indicates success, and all other values indicate failure. - - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 20] - -Internet-Draft SSH File Transfer Protocol October 2001 - - - Currently, the following values are defined (other values may be - defined by future versions of this protocol): - - #define SSH_FX_OK 0 - #define SSH_FX_EOF 1 - #define SSH_FX_NO_SUCH_FILE 2 - #define SSH_FX_PERMISSION_DENIED 3 - #define SSH_FX_FAILURE 4 - #define SSH_FX_BAD_MESSAGE 5 - #define SSH_FX_NO_CONNECTION 6 - #define SSH_FX_CONNECTION_LOST 7 - #define SSH_FX_OP_UNSUPPORTED 8 - - SSH_FX_OK - Indicates successful completion of the operation. - - SSH_FX_EOF - indicates end-of-file condition; for SSH_FX_READ it means that no - more data is available in the file, and for SSH_FX_READDIR it - indicates that no more files are contained in the directory. - - SSH_FX_NO_SUCH_FILE - is returned when a reference is made to a file which should exist - but doesn't. - - SSH_FX_PERMISSION_DENIED - is returned when the authenticated user does not have sufficient - permissions to perform the operation. - - SSH_FX_FAILURE - is a generic catch-all error message; it should be returned if an - error occurs for which there is no more specific error code - defined. - - SSH_FX_BAD_MESSAGE - may be returned if a badly formatted packet or protocol - incompatibility is detected. - - SSH_FX_NO_CONNECTION - is a pseudo-error which indicates that the client has no - connection to the server (it can only be generated locally by the - client, and MUST NOT be returned by servers). - - SSH_FX_CONNECTION_LOST - is a pseudo-error which indicates that the connection to the - server has been lost (it can only be generated locally by the - client, and MUST NOT be returned by servers). - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 21] - -Internet-Draft SSH File Transfer Protocol October 2001 - - - SSH_FX_OP_UNSUPPORTED - indicates that an attempt was made to perform an operation which - is not supported for the server (it may be generated locally by - the client if e.g. the version number exchange indicates that a - required feature is not supported by the server, or it may be - returned by the server if the server does not implement an - operation). - - The SSH_FXP_HANDLE response has the following format: - - uint32 id - string handle - - where `id' is the request identifier, and `handle' is an arbitrary - string that identifies an open file or directory on the server. The - handle is opaque to the client; the client MUST NOT attempt to - interpret or modify it in any way. The length of the handle string - MUST NOT exceed 256 data bytes. - - The SSH_FXP_DATA response has the following format: - - uint32 id - string data - - where `id' is the request identifier, and `data' is an arbitrary byte - string containing the requested data. The data string may be at most - the number of bytes requested in a SSH_FXP_READ request, but may also - be shorter if end of file is reached or if the read is from something - other than a regular file. - - The SSH_FXP_NAME response has the following format: - - uint32 id - uint32 count - repeats count times: - string filename - string longname - ATTRS attrs - - where `id' is the request identifier, `count' is the number of names - returned in this response, and the remaining fields repeat `count' - times (so that all three fields are first included for the first - file, then for the second file, etc). In the repeated part, - `filename' is a file name being returned (for SSH_FXP_READDIR, it - will be a relative name within the directory, without any path - components; for SSH_FXP_REALPATH it will be an absolute path name), - `longname' is an expanded format for the file name, similar to what - is returned by "ls -l" on Unix systems, and `attrs' is the attributes - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 22] - -Internet-Draft SSH File Transfer Protocol October 2001 - - - of the file as described in Section ``File Attributes''. - - The format of the `longname' field is unspecified by this protocol. - It MUST be suitable for use in the output of a directory listing - command (in fact, the recommended operation for a directory listing - command is to simply display this data). However, clients SHOULD NOT - attempt to parse the longname field for file attributes; they SHOULD - use the attrs field instead. - - The recommended format for the longname field is as follows: - - -rwxr-xr-x 1 mjos staff 348911 Mar 25 14:29 t-filexfer - 1234567890 123 12345678 12345678 12345678 123456789012 - - Here, the first line is sample output, and the second field indicates - widths of the various fields. Fields are separated by spaces. The - first field lists file permissions for user, group, and others; the - second field is link count; the third field is the name of the user - who owns the file; the fourth field is the name of the group that - owns the file; the fifth field is the size of the file in bytes; the - sixth field (which actually may contain spaces, but is fixed to 12 - characters) is the file modification time, and the seventh field is - the file name. Each field is specified to be a minimum of certain - number of character positions (indicated by the second line above), - but may also be longer if the data does not fit in the specified - length. - - The SSH_FXP_ATTRS response has the following format: - - uint32 id - ATTRS attrs - - where `id' is the request identifier, and `attrs' is the returned - file attributes as described in Section ``File Attributes''. - - - - - - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 23] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -8. Vendor-Specific Extensions - - The SSH_FXP_EXTENDED request provides a generic extension mechanism - for adding vendor-specific commands. The request has the following - format: - - uint32 id - string extended-request - ... any request-specific data ... - - where `id' is the request identifier, and `extended-request' is a - string of the format "name@domain", where domain is an internet - domain name of the vendor defining the request. The rest of the - request is completely vendor-specific, and servers should only - attempt to interpret it if they recognize the `extended-request' - name. - - The server may respond to such requests using any of the response - packets defined in Section ``Responses from the Server to the - Client''. Additionally, the server may also respond with a - SSH_FXP_EXTENDED_REPLY packet, as defined below. If the server does - not recognize the `extended-request' name, then the server MUST - respond with SSH_FXP_STATUS with error/status set to - SSH_FX_OP_UNSUPPORTED. - - The SSH_FXP_EXTENDED_REPLY packet can be used to carry arbitrary - extension-specific data from the server to the client. It is of the - following format: - - uint32 id - ... any request-specific data ... - - - - - - - - - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 24] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -9. Security Considerations - - This protocol assumes that it is run over a secure channel and that - the endpoints of the channel have been authenticated. Thus, this - protocol assumes that it is externally protected from network-level - attacks. - - This protocol provides file system access to arbitrary files on the - server (only constrained by the server implementation). It is the - responsibility of the server implementation to enforce any access - controls that may be required to limit the access allowed for any - particular user (the user being authenticated externally to this - protocol, typically using the SSH User Authentication Protocol [6]. - - Care must be taken in the server implementation to check the validity - of received file handle strings. The server should not rely on them - directly; it MUST check the validity of each handle before relying on - it. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 25] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -10. Changes from previous protocol versions - - The SSH File Transfer Protocol has changed over time, before it's - standardization. The following is a description of the incompatible - changes between different versions. - -10.1 Changes between versions 3 and 2 - - o The SSH_FXP_READLINK and SSH_FXP_SYMLINK messages were added. - - o The SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY messages were - added. - - o The SSH_FXP_STATUS message was changed to include fields `error - message' and `language tag'. - - -10.2 Changes between versions 2 and 1 - - o The SSH_FXP_RENAME message was added. - - -10.3 Changes between versions 1 and 0 - - o Implementation changes, no actual protocol changes. - - - - - - - - - - - - - - - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 26] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -11. Trademark Issues - - "ssh" is a registered trademark of SSH Communications Security Corp - in the United States and/or other countries. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 27] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -References - - [1] Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A. and - P. Kocher, "The TLS Protocol Version 1.0", RFC 2246, January - 1999. - - [2] Institute of Electrical and Electronics Engineers, "Information - Technology - Portable Operating System Interface (POSIX) - Part - 1: System Application Program Interface (API) [C Language]", - IEEE Standard 1003.2, 1996. - - [3] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. - Lehtinen, "SSH Protocol Architecture", draft-ietf-secsh- - architecture-09 (work in progress), July 2001. - - [4] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. - Lehtinen, "SSH Protocol Transport Protocol", draft-ietf-secsh- - architecture-09 (work in progress), July 2001. - - [5] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. - Lehtinen, "SSH Connection Protocol", draft-ietf-secsh-connect-11 - (work in progress), July 2001. - - [6] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. - Lehtinen, "SSH Authentication Protocol", draft-ietf-secsh- - userauth-11 (work in progress), July 2001. - - -Authors' Addresses - - Tatu Ylonen - SSH Communications Security Corp - Fredrikinkatu 42 - HELSINKI FIN-00100 - Finland - - EMail: ylo@ssh.com - - - Sami Lehtinen - SSH Communications Security Corp - Fredrikinkatu 42 - HELSINKI FIN-00100 - Finland - - EMail: sjl@ssh.com - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 28] - -Internet-Draft SSH File Transfer Protocol October 2001 - - -Full Copyright Statement - - Copyright (C) The Internet Society (2001). All Rights Reserved. - - This document and translations of it may be copied and furnished to - others, and derivative works that comment on or otherwise explain it - or assist in its implementation may be prepared, copied, published - and distributed, in whole or in part, without restriction of any - kind, provided that the above copyright notice and this paragraph are - included on all such copies and derivative works. However, this - document itself may not be modified in any way, such as by removing - the copyright notice or references to the Internet Society or other - Internet organizations, except as needed for the purpose of - developing Internet standards in which case the procedures for - copyrights defined in the Internet Standards process must be - followed, or as required to translate it into languages other than - English. - - The limited permissions granted above are perpetual and will not be - revoked by the Internet Society or its successors or assigns. - - This document and the information contained herein is provided on an - "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING - TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION - HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF - MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - -Acknowledgement - - Funding for the RFC Editor function is currently provided by the - Internet Society. - - - - - - - - - - - - - - - - - - - -Ylonen & Lehtinen Expires April 1, 2002 [Page 29] - - - diff --git a/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-03.2.ps b/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-03.2.ps deleted file mode 100644 index 6a40cd6067..0000000000 --- a/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-03.2.ps +++ /dev/null @@ -1,3511 +0,0 @@ -%!PS-Adobe-3.0 -%%BoundingBox: 75 0 595 747 -%%Title: Enscript Output -%%For: Magnus Thoang -%%Creator: GNU enscript 1.6.1 -%%CreationDate: Wed Nov 12 12:18:50 2003 -%%Orientation: Portrait -%%Pages: 18 0 -%%DocumentMedia: A4 595 842 0 () () -%%DocumentNeededResources: (atend) -%%EndComments -%%BeginProlog -%%BeginProcSet: PStoPS 1 15 -userdict begin -[/showpage/erasepage/copypage]{dup where{pop dup load - type/operatortype eq{1 array cvx dup 0 3 index cvx put - bind def}{pop}ifelse}{pop}ifelse}forall -[/letter/legal/executivepage/a4/a4small/b5/com10envelope - /monarchenvelope/c5envelope/dlenvelope/lettersmall/note - /folio/quarto/a5]{dup where{dup wcheck{exch{}put} - {pop{}def}ifelse}{pop}ifelse}forall -/setpagedevice {pop}bind 1 index where{dup wcheck{3 1 roll put} - {pop def}ifelse}{def}ifelse -/PStoPSmatrix matrix currentmatrix def -/PStoPSxform matrix def/PStoPSclip{clippath}def -/defaultmatrix{PStoPSmatrix exch PStoPSxform exch concatmatrix}bind def -/initmatrix{matrix defaultmatrix setmatrix}bind def -/initclip[{matrix currentmatrix PStoPSmatrix setmatrix - [{currentpoint}stopped{$error/newerror false put{newpath}} - {/newpath cvx 3 1 roll/moveto cvx 4 array astore cvx}ifelse] - {[/newpath cvx{/moveto cvx}{/lineto cvx} - {/curveto cvx}{/closepath cvx}pathforall]cvx exch pop} - stopped{$error/errorname get/invalidaccess eq{cleartomark - $error/newerror false put cvx exec}{stop}ifelse}if}bind aload pop - /initclip dup load dup type dup/operatortype eq{pop exch pop} - {dup/arraytype eq exch/packedarraytype eq or - {dup xcheck{exch pop aload pop}{pop cvx}ifelse} - {pop cvx}ifelse}ifelse - {newpath PStoPSclip clip newpath exec setmatrix} bind aload pop]cvx def -/initgraphics{initmatrix newpath initclip 1 setlinewidth - 0 setlinecap 0 setlinejoin []0 setdash 0 setgray - 10 setmiterlimit}bind def -end -%%EndProcSet -%%BeginResource: procset Enscript-Prolog 1.6 1 -% -% Procedures. -% - -/_S { % save current state - /_s save def -} def -/_R { % restore from saved state - _s restore -} def - -/S { % showpage protecting gstate - gsave - showpage - grestore -} bind def - -/MF { % fontname newfontname -> - make a new encoded font - /newfontname exch def - /fontname exch def - - /fontdict fontname findfont def - /newfont fontdict maxlength dict def - - fontdict { - exch - dup /FID eq { - % skip FID pair - pop pop - } { - % copy to the new font dictionary - exch newfont 3 1 roll put - } ifelse - } forall - - newfont /FontName newfontname put - - % insert only valid encoding vectors - encoding_vector length 256 eq { - newfont /Encoding encoding_vector put - } if - - newfontname newfont definefont pop -} def - -/SF { % fontname width height -> - set a new font - /height exch def - /width exch def - - findfont - [width 0 0 height 0 0] makefont setfont -} def - -/SUF { % fontname width height -> - set a new user font - /height exch def - /width exch def - - /F-gs-user-font MF - /F-gs-user-font width height SF -} def - -/M {moveto} bind def -/s {show} bind def - -/Box { % x y w h -> - define box path - /d_h exch def /d_w exch def /d_y exch def /d_x exch def - d_x d_y moveto - d_w 0 rlineto - 0 d_h rlineto - d_w neg 0 rlineto - closepath -} def - -/bgs { % x y height blskip gray str -> - show string with bg color - /str exch def - /gray exch def - /blskip exch def - /height exch def - /y exch def - /x exch def - - gsave - x y blskip sub str stringwidth pop height Box - gray setgray - fill - grestore - x y M str s -} def - -% Highlight bars. -/highlight_bars { % nlines lineheight output_y_margin gray -> - - gsave - setgray - /ymarg exch def - /lineheight exch def - /nlines exch def - - % This 2 is just a magic number to sync highlight lines to text. - 0 d_header_y ymarg sub 2 sub translate - - /cw d_output_w cols div def - /nrows d_output_h ymarg 2 mul sub lineheight div cvi def - - % for each column - 0 1 cols 1 sub { - cw mul /xp exch def - - % for each rows - 0 1 nrows 1 sub { - /rn exch def - rn lineheight mul neg /yp exch def - rn nlines idiv 2 mod 0 eq { - % Draw highlight bar. 4 is just a magic indentation. - xp 4 add yp cw 8 sub lineheight neg Box fill - } if - } for - } for - - grestore -} def - -% Line highlight bar. -/line_highlight { % x y width height gray -> - - gsave - /gray exch def - Box gray setgray fill - grestore -} def - -% Column separator lines. -/column_lines { - gsave - .1 setlinewidth - 0 d_footer_h translate - /cw d_output_w cols div def - 1 1 cols 1 sub { - cw mul 0 moveto - 0 d_output_h rlineto stroke - } for - grestore -} def - -% Column borders. -/column_borders { - gsave - .1 setlinewidth - 0 d_footer_h moveto - 0 d_output_h rlineto - d_output_w 0 rlineto - 0 d_output_h neg rlineto - closepath stroke - grestore -} def - -% Do the actual underlay drawing -/draw_underlay { - ul_style 0 eq { - ul_str true charpath stroke - } { - ul_str show - } ifelse -} def - -% Underlay -/underlay { % - -> - - gsave - 0 d_page_h translate - d_page_h neg d_page_w atan rotate - - ul_gray setgray - ul_font setfont - /dw d_page_h dup mul d_page_w dup mul add sqrt def - ul_str stringwidth pop dw exch sub 2 div ul_h_ptsize -2 div moveto - draw_underlay - grestore -} def - -/user_underlay { % - -> - - gsave - ul_x ul_y translate - ul_angle rotate - ul_gray setgray - ul_font setfont - 0 0 ul_h_ptsize 2 div sub moveto - draw_underlay - grestore -} def - -% Page prefeed -/page_prefeed { % bool -> - - statusdict /prefeed known { - statusdict exch /prefeed exch put - } { - pop - } ifelse -} def - -% Wrapped line markers -/wrapped_line_mark { % x y charwith charheight type -> - - /type exch def - /h exch def - /w exch def - /y exch def - /x exch def - - type 2 eq { - % Black boxes (like TeX does) - gsave - 0 setlinewidth - x w 4 div add y M - 0 h rlineto w 2 div 0 rlineto 0 h neg rlineto - closepath fill - grestore - } { - type 3 eq { - % Small arrows - gsave - .2 setlinewidth - x w 2 div add y h 2 div add M - w 4 div 0 rlineto - x w 4 div add y lineto stroke - - x w 4 div add w 8 div add y h 4 div add M - x w 4 div add y lineto - w 4 div h 8 div rlineto stroke - grestore - } { - % do nothing - } ifelse - } ifelse -} def - -% EPSF import. - -/BeginEPSF { - /b4_Inc_state save def % Save state for cleanup - /dict_count countdictstack def % Count objects on dict stack - /op_count count 1 sub def % Count objects on operand stack - userdict begin - /showpage { } def - 0 setgray 0 setlinecap - 1 setlinewidth 0 setlinejoin - 10 setmiterlimit [ ] 0 setdash newpath - /languagelevel where { - pop languagelevel - 1 ne { - false setstrokeadjust false setoverprint - } if - } if -} bind def - -/EndEPSF { - count op_count sub { pos } repeat % Clean up stacks - countdictstack dict_count sub { end } repeat - b4_Inc_state restore -} bind def - -% Check PostScript language level. -/languagelevel where { - pop /gs_languagelevel languagelevel def -} { - /gs_languagelevel 1 def -} ifelse -%%EndResource -%%BeginResource: procset Enscript-Encoding-88591 1.6 1 -/encoding_vector [ -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/space /exclam /quotedbl /numbersign -/dollar /percent /ampersand /quoteright -/parenleft /parenright /asterisk /plus -/comma /hyphen /period /slash -/zero /one /two /three -/four /five /six /seven -/eight /nine /colon /semicolon -/less /equal /greater /question -/at /A /B /C -/D /E /F /G -/H /I /J /K -/L /M /N /O -/P /Q /R /S -/T /U /V /W -/X /Y /Z /bracketleft -/backslash /bracketright /asciicircum /underscore -/quoteleft /a /b /c -/d /e /f /g -/h /i /j /k -/l /m /n /o -/p /q /r /s -/t /u /v /w -/x /y /z /braceleft -/bar /braceright /tilde /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/space /exclamdown /cent /sterling -/currency /yen /brokenbar /section -/dieresis /copyright /ordfeminine /guillemotleft -/logicalnot /hyphen /registered /macron -/degree /plusminus /twosuperior /threesuperior -/acute /mu /paragraph /bullet -/cedilla /onesuperior /ordmasculine /guillemotright -/onequarter /onehalf /threequarters /questiondown -/Agrave /Aacute /Acircumflex /Atilde -/Adieresis /Aring /AE /Ccedilla -/Egrave /Eacute /Ecircumflex /Edieresis -/Igrave /Iacute /Icircumflex /Idieresis -/Eth /Ntilde /Ograve /Oacute -/Ocircumflex /Otilde /Odieresis /multiply -/Oslash /Ugrave /Uacute /Ucircumflex -/Udieresis /Yacute /Thorn /germandbls -/agrave /aacute /acircumflex /atilde -/adieresis /aring /ae /ccedilla -/egrave /eacute /ecircumflex /edieresis -/igrave /iacute /icircumflex /idieresis -/eth /ntilde /ograve /oacute -/ocircumflex /otilde /odieresis /divide -/oslash /ugrave /uacute /ucircumflex -/udieresis /yacute /thorn /ydieresis -] def -%%EndResource -%%EndProlog -%%BeginSetup -%%IncludeResource: font Courier-Bold -%%IncludeResource: font Courier -/HFpt_w 10 def -/HFpt_h 10 def -/Courier-Bold /HF-gs-font MF -/HF /HF-gs-font findfont [HFpt_w 0 0 HFpt_h 0 0] makefont def -/Courier /F-gs-font MF -/F-gs-font 10 10 SF -/#copies 1 def -/d_page_w 520 def -/d_page_h 747 def -/d_header_x 0 def -/d_header_y 747 def -/d_header_w 520 def -/d_header_h 0 def -/d_footer_x 0 def -/d_footer_y 0 def -/d_footer_w 520 def -/d_footer_h 0 def -/d_output_w 520 def -/d_output_h 747 def -/cols 1 def -userdict/PStoPSxform PStoPSmatrix matrix currentmatrix - matrix invertmatrix matrix concatmatrix - matrix invertmatrix put -%%EndSetup -%%Page: (0,1) 1 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 1 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 701 M -(Secure Shell Working Group J. Galbraith) s -5 690 M -(Internet-Draft VanDyke Software) s -5 679 M -(Expires: April 16, 2003 T. Ylonen) s -5 668 M -( S. Lehtinen) s -5 657 M -( SSH Communications Security Corp) s -5 646 M -( October 16, 2002) s -5 613 M -( SSH File Transfer Protocol) s -5 602 M -( draft-ietf-secsh-filexfer-03.txt) s -5 580 M -(Status of this Memo) s -5 558 M -( This document is an Internet-Draft and is in full conformance with) s -5 547 M -( all provisions of Section 10 of RFC2026.) s -5 525 M -( Internet-Drafts are working documents of the Internet Engineering) s -5 514 M -( Task Force \(IETF\), its areas, and its working groups. Note that) s -5 503 M -( other groups may also distribute working documents as Internet-) s -5 492 M -( Drafts.) s -5 470 M -( Internet-Drafts are draft documents valid for a maximum of six months) s -5 459 M -( and may be updated, replaced, or obsoleted by other documents at any) s -5 448 M -( time. It is inappropriate to use Internet-Drafts as reference) s -5 437 M -( material or to cite them other than as "work in progress.") s -5 415 M -( The list of current Internet-Drafts can be accessed at http://) s -5 404 M -( www.ietf.org/ietf/1id-abstracts.txt.) s -5 382 M -( The list of Internet-Draft Shadow Directories can be accessed at) s -5 371 M -( http://www.ietf.org/shadow.html.) s -5 349 M -( This Internet-Draft will expire on April 16, 2003.) s -5 327 M -(Copyright Notice) s -5 305 M -( Copyright \(C\) The Internet Society \(2002\). All Rights Reserved.) s -5 283 M -(Abstract) s -5 261 M -( The SSH File Transfer Protocol provides secure file transfer) s -5 250 M -( functionality over any reliable data stream. It is the standard file) s -5 239 M -( transfer protocol for use with the SSH2 protocol. This document) s -5 228 M -( describes the file transfer protocol and its interface to the SSH2) s -5 217 M -( protocol suite.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 1]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 2 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(Table of Contents) s -5 668 M -( 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 3) s -5 657 M -( 2. Use with the SSH Connection Protocol . . . . . . . . . . . 4) s -5 646 M -( 3. General Packet Format . . . . . . . . . . . . . . . . . . 5) s -5 635 M -( 4. Protocol Initialization . . . . . . . . . . . . . . . . . 7) s -5 624 M -( 4.1 Client Initialization . . . . . . . . . . . . . . . . . . 7) s -5 613 M -( 4.2 Server Initialization . . . . . . . . . . . . . . . . . . 7) s -5 602 M -( 4.3 Determining Server Newline Convention . . . . . . . . . . 8) s -5 591 M -( 5. File Attributes . . . . . . . . . . . . . . . . . . . . . 9) s -5 580 M -( 5.1 Flags . . . . . . . . . . . . . . . . . . . . . . . . . . 9) s -5 569 M -( 5.2 Type . . . . . . . . . . . . . . . . . . . . . . . . . . . 10) s -5 558 M -( 5.3 Size . . . . . . . . . . . . . . . . . . . . . . . . . . . 10) s -5 547 M -( 5.4 Owner and Group . . . . . . . . . . . . . . . . . . . . . 10) s -5 536 M -( 5.5 Permissions . . . . . . . . . . . . . . . . . . . . . . . 11) s -5 525 M -( 5.6 Times . . . . . . . . . . . . . . . . . . . . . . . . . . 11) s -5 514 M -( 5.7 ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . 11) s -5 503 M -( 5.8 Extended attributes . . . . . . . . . . . . . . . . . . . 12) s -5 492 M -( 6. Requests From the Client to the Server . . . . . . . . . . 13) s -5 481 M -( 6.1 Request Synchronization and Reordering . . . . . . . . . . 13) s -5 470 M -( 6.2 File Names . . . . . . . . . . . . . . . . . . . . . . . . 14) s -5 459 M -( 6.3 Opening, Creating, and Closing Files . . . . . . . . . . . 14) s -5 448 M -( 6.4 Reading and Writing . . . . . . . . . . . . . . . . . . . 17) s -5 437 M -( 6.5 Removing and Renaming Files . . . . . . . . . . . . . . . 18) s -5 426 M -( 6.6 Creating and Deleting Directories . . . . . . . . . . . . 19) s -5 415 M -( 6.7 Scanning Directories . . . . . . . . . . . . . . . . . . . 19) s -5 404 M -( 6.8 Retrieving File Attributes . . . . . . . . . . . . . . . . 20) s -5 393 M -( 6.9 Setting File Attributes . . . . . . . . . . . . . . . . . 21) s -5 382 M -( 6.10 Dealing with Symbolic links . . . . . . . . . . . . . . . 22) s -5 371 M -( 6.11 Canonicalizing the Server-Side Path Name . . . . . . . . . 23) s -5 360 M -( 6.11.1 Best practice for dealing with paths . . . . . . . . . . . 23) s -5 349 M -( 7. Responses from the Server to the Client . . . . . . . . . 24) s -5 338 M -( 8. Vendor-Specific Extensions . . . . . . . . . . . . . . . . 28) s -5 327 M -( 9. Security Considerations . . . . . . . . . . . . . . . . . 29) s -5 316 M -( 10. Changes from previous protocol versions . . . . . . . . . 30) s -5 305 M -( 10.1 Changes between versions 4 and 3 . . . . . . . . . . . . . 30) s -5 294 M -( 10.2 Changes between versions 3 and 2 . . . . . . . . . . . . . 31) s -5 283 M -( 10.3 Changes between versions 2 and 1 . . . . . . . . . . . . . 31) s -5 272 M -( 10.4 Changes between versions 1 and 0 . . . . . . . . . . . . . 31) s -5 261 M -( 11. Trademark Issues . . . . . . . . . . . . . . . . . . . . . 32) s -5 250 M -( References . . . . . . . . . . . . . . . . . . . . . . . . 33) s -5 239 M -( Authors' Addresses . . . . . . . . . . . . . . . . . . . . 33) s -5 228 M -( Full Copyright Statement . . . . . . . . . . . . . . . . . 35) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 2]) s -_R -S -PStoPSsaved restore -%%Page: (2,3) 2 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 3 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(1. Introduction) s -5 668 M -( This protocol provides secure file transfer \(and more generally file) s -5 657 M -( system access\) functionality over a reliable data stream, such as a) s -5 646 M -( channel in the SSH2 protocol [5].) s -5 624 M -( This protocol is designed so that it could be used to implement a) s -5 613 M -( secure remote file system service, as well as a secure file transfer) s -5 602 M -( service.) s -5 580 M -( This protocol assumes that it runs over a secure channel, and that) s -5 569 M -( the server has already authenticated the user at the client end, and) s -5 558 M -( that the identity of the client user is externally available to the) s -5 547 M -( server implementation.) s -5 525 M -( In general, this protocol follows a simple request-response model.) s -5 514 M -( Each request and response contains a sequence number and multiple) s -5 503 M -( requests may be pending simultaneously. There are a relatively large) s -5 492 M -( number of different request messages, but a small number of possible) s -5 481 M -( response messages. Each request has one or more response messages) s -5 470 M -( that may be returned in result \(e.g., a read either returns data or) s -5 459 M -( reports error status\).) s -5 437 M -( The packet format descriptions in this specification follow the) s -5 426 M -( notation presented in the secsh architecture draft. [5]) s -5 404 M -( Even though this protocol is described in the context of the SSH2) s -5 393 M -( protocol, this protocol is general and independent of the rest of the) s -5 382 M -( SSH2 protocol suite. It could be used in a number of different) s -5 371 M -( applications, such as secure file transfer over TLS RFC 2246 [1] and) s -5 360 M -( transfer of management information in VPN applications.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 3]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 4 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(2. Use with the SSH Connection Protocol) s -5 668 M -( When used with the SSH2 Protocol suite, this protocol is intended to) s -5 657 M -( be used from the SSH Connection Protocol [7] as a subsystem, as) s -5 646 M -( described in section ``Starting a Shell or a Command''. The) s -5 635 M -( subsystem name used with this protocol is "sftp".) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 4]) s -_R -S -PStoPSsaved restore -%%Page: (4,5) 3 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 5 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(3. General Packet Format) s -5 668 M -( All packets transmitted over the secure connection are of the) s -5 657 M -( following format:) s -5 635 M -( uint32 length) s -5 624 M -( byte type) s -5 613 M -( byte[length - 1] data payload) s -5 591 M -( That is, they are just data preceded by 32-bit length and 8-bit type) s -5 580 M -( fields. The `length' is the length of the data area, and does not) s -5 569 M -( include the `length' field itself. The format and interpretation of) s -5 558 M -( the data area depends on the packet type.) s -5 536 M -( All packet descriptions below only specify the packet type and the) s -5 525 M -( data that goes into the data field. Thus, they should be prefixed by) s -5 514 M -( the `length' and `type' fields.) s -5 492 M -( The maximum size of a packet is in practice determined by the client) s -5 481 M -( \(the maximum size of read or write requests that it sends, plus a few) s -5 470 M -( bytes of packet overhead\). All servers SHOULD support packets of at) s -5 459 M -( least 34000 bytes \(where the packet size refers to the full length,) s -5 448 M -( including the header above\). This should allow for reads and writes) s -5 437 M -( of at most 32768 bytes.) s -5 415 M -( There is no limit on the number of outstanding \(non-acknowledged\)) s -5 404 M -( requests that the client may send to the server. In practice this is) s -5 393 M -( limited by the buffering available on the data stream and the queuing) s -5 382 M -( performed by the server. If the server's queues are full, it should) s -5 371 M -( not read any more data from the stream, and flow control will prevent) s -5 360 M -( the client from sending more requests. Note, however, that while) s -5 349 M -( there is no restriction on the protocol level, the client's API may) s -5 338 M -( provide a limit in order to prevent infinite queuing of outgoing) s -5 327 M -( requests at the client.) s -5 305 M -( The following values are defined for packet types.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 5]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 6 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( #define SSH_FXP_INIT 1) s -5 679 M -( #define SSH_FXP_VERSION 2) s -5 668 M -( #define SSH_FXP_OPEN 3) s -5 657 M -( #define SSH_FXP_CLOSE 4) s -5 646 M -( #define SSH_FXP_READ 5) s -5 635 M -( #define SSH_FXP_WRITE 6) s -5 624 M -( #define SSH_FXP_LSTAT 7) s -5 613 M -( #define SSH_FXP_FSTAT 8) s -5 602 M -( #define SSH_FXP_SETSTAT 9) s -5 591 M -( #define SSH_FXP_FSETSTAT 10) s -5 580 M -( #define SSH_FXP_OPENDIR 11) s -5 569 M -( #define SSH_FXP_READDIR 12) s -5 558 M -( #define SSH_FXP_REMOVE 13) s -5 547 M -( #define SSH_FXP_MKDIR 14) s -5 536 M -( #define SSH_FXP_RMDIR 15) s -5 525 M -( #define SSH_FXP_REALPATH 16) s -5 514 M -( #define SSH_FXP_STAT 17) s -5 503 M -( #define SSH_FXP_RENAME 18) s -5 492 M -( #define SSH_FXP_READLINK 19) s -5 481 M -( #define SSH_FXP_SYMLINK 20) s -5 459 M -( #define SSH_FXP_STATUS 101) s -5 448 M -( #define SSH_FXP_HANDLE 102) s -5 437 M -( #define SSH_FXP_DATA 103) s -5 426 M -( #define SSH_FXP_NAME 104) s -5 415 M -( #define SSH_FXP_ATTRS 105) s -5 393 M -( #define SSH_FXP_EXTENDED 200) s -5 382 M -( #define SSH_FXP_EXTENDED_REPLY 201) s -5 360 M -( RESERVED_FOR_EXTENSIONS 210-255) s -5 338 M -( Additional packet types should only be defined if the protocol) s -5 327 M -( version number \(see Section ``Protocol Initialization''\) is) s -5 316 M -( incremented, and their use MUST be negotiated using the version) s -5 305 M -( number. However, the SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY) s -5 294 M -( packets can be used to implement vendor-specific extensions. See) s -5 283 M -( Section ``Vendor-Specific-Extensions'' for more details.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 6]) s -_R -S -PStoPSsaved restore -%%Page: (6,7) 4 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 7 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(4. Protocol Initialization) s -5 668 M -( When the file transfer protocol starts, the client first sends a) s -5 657 M -( SSH_FXP_INIT \(including its version number\) packet to the server.) s -5 646 M -( The server responds with a SSH_FXP_VERSION packet, supplying the) s -5 635 M -( lowest of its own and the client's version number. Both parties) s -5 624 M -( should from then on adhere to particular version of the protocol.) s -5 602 M -( The version number of the protocol specified in this document is 4.) s -5 591 M -( The version number should be incremented for each incompatible) s -5 580 M -( revision of this protocol.) s -5 558 M -(4.1 Client Initialization) s -5 536 M -( The SSH_FXP_INIT packet \(from client to server\) has the following) s -5 525 M -( data:) s -5 503 M -( uint32 version) s -5 481 M -( Version 3 of this protocol allowed clients to include extensions in) s -5 470 M -( the SSH_FXP_INIT packet; however, this can cause interoperability) s -5 459 M -( problems with version 1 and version 2 servers because the client must) s -5 448 M -( send this packet before knowing the servers version.) s -5 426 M -( In this version of the protocol, clients MUST use the) s -5 415 M -( SSH_FXP_EXTENDED packet to send extensions to the server after) s -5 404 M -( version exchange has completed. Clients MUST NOT include extensions) s -5 393 M -( in the version packet. This will prevent interoperability problems) s -5 382 M -( with older servers) s -5 360 M -(4.2 Server Initialization) s -5 338 M -( The SSH_FXP_VERSION packet \(from server to client\) has the following) s -5 327 M -( data:) s -5 305 M -( uint32 version) s -5 294 M -( ) s -5 272 M -( 'version' is the lower of the protocol version supported by the) s -5 261 M -( server and the version number received from the client.) s -5 239 M -( The extension data may be empty, or may be a sequence of) s -5 217 M -( string extension_name) s -5 206 M -( string extension_data) s -5 184 M -( pairs \(both strings MUST always be present if one is, but the) s -5 173 M -( `extension_data' string may be of zero length\). If present, these) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 7]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 8 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( strings indicate extensions to the baseline protocol. The) s -5 679 M -( `extension_name' field\(s\) identify the name of the extension. The) s -5 668 M -( name should be of the form "name@domain", where the domain is the DNS) s -5 657 M -( domain name of the organization defining the extension. Additional) s -5 646 M -( names that are not of this format may be defined later by the IETF.) s -5 635 M -( Implementations MUST silently ignore any extensions whose name they) s -5 624 M -( do not recognize.) s -5 602 M -(4.3 Determining Server Newline Convention) s -5 580 M -( In order to correctly process text files in a cross platform) s -5 569 M -( compatible way, the newline convention must be converted from that of) s -5 558 M -( the server to that of the client, or, during an upload, from that of) s -5 547 M -( the client to that of the server.) s -5 525 M -( Versions 3 and prior of this protocol made no provisions for) s -5 514 M -( processing text files. Many clients implemented some sort of) s -5 503 M -( conversion algorithm, but without either a 'canonical' on the wire) s -5 492 M -( format or knowledge of the servers newline convention, correct) s -5 481 M -( conversion was not always possible.) s -5 459 M -( Starting with Version 4, the SSH_FXF_TEXT file open flag \(Section) s -5 448 M -( 6.3\) makes it possible to request that the server translate a file to) s -5 437 M -( a 'canonical' on the wire format. This format uses \\r\\n as the line) s -5 426 M -( separator.) s -5 404 M -( Servers for systems using multiple newline characters \(for example,) s -5 393 M -( Mac OS X or VMS\) or systems using counted records, MUST translate to) s -5 382 M -( the canonical form.) s -5 360 M -( However, to ease the burden of implementation on servers that use a) s -5 349 M -( single, simple separator sequence, the following extension allows the) s -5 338 M -( canonical format to be changed.) s -5 316 M -( string "newline") s -5 305 M -( string new-canonical-separator \(usually "\\r" or "\\n" or "\\r\\n"\)) s -5 283 M -( All clients MUST support this extension.) s -5 261 M -( When processing text files, clients SHOULD NOT translate any) s -5 250 M -( character or sequence that is not an exact match of the servers) s -5 239 M -( newline separator.) s -5 217 M -( In particular, if the newline sequence being used is the canonical) s -5 206 M -( "\\r\\n" sequence, a lone \\r or a lone \\n SHOULD be written through) s -5 195 M -( without change.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 8]) s -_R -S -PStoPSsaved restore -%%Page: (8,9) 5 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 9 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(5. File Attributes) s -5 668 M -( A new compound data type is defined for encoding file attributes.) s -5 657 M -( The same encoding is used both when returning file attributes from) s -5 646 M -( the server and when sending file attributes to the server. When) s -5 635 M -( sending it to the server, the flags field specifies which attributes) s -5 624 M -( are included, and the server will use default values for the) s -5 613 M -( remaining attributes \(or will not modify the values of remaining) s -5 602 M -( attributes\). When receiving attributes from the server, the flags) s -5 591 M -( specify which attributes are included in the returned data. The) s -5 580 M -( server normally returns all attributes it knows about.) s -5 558 M -( uint32 flags) s -5 547 M -( byte type always present) s -5 536 M -( uint64 size present only if flag SSH_FILEXFER_ATTR_SIZE) s -5 525 M -( string owner present only if flag SSH_FILEXFER_ATTR_OWNERGROUP) s -5 514 M -( string group present only if flag SSH_FILEXFER_ATTR_OWNERGROUP) s -5 503 M -( uint32 permissions present only if flag SSH_FILEXFER_ATTR_PERMISSIONS) s -5 492 M -( uint32 atime present only if flag SSH_FILEXFER_ATTR_ACCESSTIME) s -5 481 M -( uint32 createtime present only if flag SSH_FILEXFER_ATTR_CREATETIME) s -5 470 M -( uint32 mtime present only if flag SSH_FILEXFER_ATTR_MODIFYTIME) s -5 459 M -( string acl present only if flag SSH_FILEXFER_ATTR_ACL) s -5 448 M -( uint32 extended_count present only if flag SSH_FILEXFER_ATTR_EXTENDED) s -5 437 M -( string extended_type) s -5 426 M -( string extended_data) s -5 415 M -( ... more extended data \(extended_type - extended_data pairs\),) s -5 404 M -( so that number of pairs equals extended_count) s -5 371 M -(5.1 Flags) s -5 349 M -( The `flags' specify which of the fields are present. Those fields) s -5 338 M -( for which the corresponding flag is not set are not present \(not) s -5 327 M -( included in the packet\). New flags can only be added by incrementing) s -5 316 M -( the protocol version number \(or by using the extension mechanism) s -5 305 M -( described below\).) s -5 283 M -( The flags bits are defined to have the following values:) s -5 261 M -( #define SSH_FILEXFER_ATTR_SIZE 0x00000001) s -5 250 M -( #define SSH_FILEXFER_ATTR_PERMISSIONS 0x00000004) s -5 239 M -( #define SSH_FILEXFER_ATTR_ACCESSTIME 0x00000008) s -5 228 M -( #define SSH_FILEXFER_ATTR_CREATETIME 0x00000010) s -5 217 M -( #define SSH_FILEXFER_ATTR_MODIFYTIME 0x00000020) s -5 206 M -( #define SSH_FILEXFER_ATTR_ACL 0x00000040) s -5 195 M -( #define SSH_FILEXFER_ATTR_OWNERGROUP 0x00000080) s -5 184 M -( #define SSH_FILEXFER_ATTR_EXTENDED 0x80000000) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 9]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 10 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( In previous versions of this protocol flags value 0x00000002 was) s -5 679 M -( SSH_FILEXFER_ATTR_UIDGID. This value is now unused, and OWNERGROUP) s -5 668 M -( was given a new value in order to ease implementation burden.) s -5 657 M -( 0x00000002 MUST NOT appear in the mask. Some future version of this) s -5 646 M -( protocol may reuse flag 0x00000002.) s -5 624 M -(5.2 Type) s -5 602 M -( The type field is always present. The following types are defined:) s -5 580 M -( #define SSH_FILEXFER_TYPE_REGULAR 1) s -5 569 M -( #define SSH_FILEXFER_TYPE_DIRECTORY 2) s -5 558 M -( #define SSH_FILEXFER_TYPE_SYMLINK 3) s -5 547 M -( #define SSH_FILEXFER_TYPE_SPECIAL 4) s -5 536 M -( #define SSH_FILEXFER_TYPE_UNKNOWN 5) s -5 514 M -( On a POSIX system, these values would be derived from the permission) s -5 503 M -( field.) s -5 481 M -(5.3 Size) s -5 459 M -( The `size' field specifies the size of the file on disk, in bytes.) s -5 448 M -( If it is present during file creation, it should be considered a hint) s -5 437 M -( as to the files eventual size.) s -5 415 M -( Files opened with the SSH_FXF_TEXT flag may have a size that is) s -5 404 M -( greater or less than the value of the size field.) s -5 382 M -(5.4 Owner and Group) s -5 360 M -( The `owner' and `group' fields are represented as UTF-8 strings; this) s -5 349 M -( is the form used by NFS v4. See NFS version 4 Protocol. [3] The) s -5 338 M -( following text is selected quotations from section 5.6.) s -5 316 M -( To avoid a representation that is tied to a particular underlying) s -5 305 M -( implementation at the client or server, the use of UTF-8 strings has) s -5 294 M -( been chosen. The string should be of the form user@dns_domain".) s -5 283 M -( This will allow for a client and server that do not use the same) s -5 272 M -( local representation the ability to translate to a common syntax that) s -5 261 M -( can be interpreted by both. In the case where there is no) s -5 250 M -( translation available to the client or server, the attribute value) s -5 239 M -( must be constructed without the "@". Therefore, the absence of the @) s -5 228 M -( from the owner or owner_group attribute signifies that no translation) s -5 217 M -( was available and the receiver of the attribute should not place any) s -5 206 M -( special meaning with the attribute value. Even though the attribute) s -5 195 M -( value can not be translated, it may still be useful. In the case of) s -5 184 M -( a client, the attribute string may be used for local display of) s -5 173 M -( ownership.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 10]) s -_R -S -PStoPSsaved restore -%%Page: (10,11) 6 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 11 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(5.5 Permissions) s -5 668 M -( The `permissions' field contains a bit mask of file permissions as) s -5 657 M -( defined by POSIX [1].) s -5 635 M -(5.6 Times) s -5 613 M -( The 'atime', 'createtime', and 'mtime' contain the access, creation,) s -5 602 M -( and modification times of the files, respectively. They are) s -5 591 M -( represented as seconds from Jan 1, 1970 in UTC.) s -5 569 M -(5.7 ACL) s -5 547 M -( The 'ACL' field contains an ACL similar to that defined in section) s -5 536 M -( 5.9 of NFS version 4 Protocol [3].) s -5 514 M -( uint32 ace-count) s -5 492 M -( repeated ace-count time:) s -5 481 M -( uint32 ace-type) s -5 470 M -( uint32 ace-flag) s -5 459 M -( uint32 ace-mask) s -5 448 M -( string who [UTF-8]) s -5 426 M -( ace-type is one of the following four values \(taken from NFS Version) s -5 415 M -( 4 Protocol [3]:) s -5 393 M -( const ACE4_ACCESS_ALLOWED_ACE_TYPE = 0x00000000;) s -5 382 M -( const ACE4_ACCESS_DENIED_ACE_TYPE = 0x00000001;) s -5 371 M -( const ACE4_SYSTEM_AUDIT_ACE_TYPE = 0x00000002;) s -5 360 M -( const ACE4_SYSTEM_ALARM_ACE_TYPE = 0x00000003;) s -5 338 M -( ace-flag is a combination of the following flag values. See NFS) s -5 327 M -( Version 4 Protocol [3] section 5.9.2:) s -5 305 M -( const ACE4_FILE_INHERIT_ACE = 0x00000001;) s -5 294 M -( const ACE4_DIRECTORY_INHERIT_ACE = 0x00000002;) s -5 283 M -( const ACE4_NO_PROPAGATE_INHERIT_ACE = 0x00000004;) s -5 272 M -( const ACE4_INHERIT_ONLY_ACE = 0x00000008;) s -5 261 M -( const ACE4_SUCCESSFUL_ACCESS_ACE_FLAG = 0x00000010;) s -5 250 M -( const ACE4_FAILED_ACCESS_ACE_FLAG = 0x00000020;) s -5 239 M -( const ACE4_IDENTIFIER_GROUP = 0x00000040;) s -5 217 M -( ace-mask is any combination of the following flags \(taken from NFS) s -5 206 M -( Version 4 Protocol [3] section 5.9.3:) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 11]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 12 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( const ACE4_READ_DATA = 0x00000001;) s -5 679 M -( const ACE4_LIST_DIRECTORY = 0x00000001;) s -5 668 M -( const ACE4_WRITE_DATA = 0x00000002;) s -5 657 M -( const ACE4_ADD_FILE = 0x00000002;) s -5 646 M -( const ACE4_APPEND_DATA = 0x00000004;) s -5 635 M -( const ACE4_ADD_SUBDIRECTORY = 0x00000004;) s -5 624 M -( const ACE4_READ_NAMED_ATTRS = 0x00000008;) s -5 613 M -( const ACE4_WRITE_NAMED_ATTRS = 0x00000010;) s -5 602 M -( const ACE4_EXECUTE = 0x00000020;) s -5 591 M -( const ACE4_DELETE_CHILD = 0x00000040;) s -5 580 M -( const ACE4_READ_ATTRIBUTES = 0x00000080;) s -5 569 M -( const ACE4_WRITE_ATTRIBUTES = 0x00000100;) s -5 558 M -( const ACE4_DELETE = 0x00010000;) s -5 547 M -( const ACE4_READ_ACL = 0x00020000;) s -5 536 M -( const ACE4_WRITE_ACL = 0x00040000;) s -5 525 M -( const ACE4_WRITE_OWNER = 0x00080000;) s -5 514 M -( const ACE4_SYNCHRONIZE = 0x00100000;) s -5 492 M -( who is a UTF-8 string of the form described in 'Owner and Group') s -5 481 M -( \(Section 5.4\)) s -5 459 M -(5.8 Extended attributes) s -5 437 M -( The SSH_FILEXFER_ATTR_EXTENDED flag provides a general extension) s -5 426 M -( mechanism for vendor-specific extensions. If the flag is specified,) s -5 415 M -( then the `extended_count' field is present. It specifies the number) s -5 404 M -( of extended_type-extended_data pairs that follow. Each of these) s -5 393 M -( pairs specifies an extended attribute. For each of the attributes,) s -5 382 M -( the extended_type field should be a string of the format) s -5 371 M -( "name@domain", where "domain" is a valid, registered domain name and) s -5 360 M -( "name" identifies the method. The IETF may later standardize certain) s -5 349 M -( names that deviate from this format \(e.g., that do not contain the) s -5 338 M -( "@" sign\). The interpretation of `extended_data' depends on the) s -5 327 M -( type. Implementations SHOULD ignore extended data fields that they) s -5 316 M -( do not understand.) s -5 294 M -( Additional fields can be added to the attributes by either defining) s -5 283 M -( additional bits to the flags field to indicate their presence, or by) s -5 272 M -( defining extended attributes for them. The extended attributes) s -5 261 M -( mechanism is recommended for most purposes; additional flags bits) s -5 250 M -( should only be defined by an IETF standards action that also) s -5 239 M -( increments the protocol version number. The use of such new fields) s -5 228 M -( MUST be negotiated by the version number in the protocol exchange.) s -5 217 M -( It is a protocol error if a packet with unsupported protocol bits is) s -5 206 M -( received.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 12]) s -_R -S -PStoPSsaved restore -%%Page: (12,13) 7 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 13 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(6. Requests From the Client to the Server) s -5 668 M -( Requests from the client to the server represent the various file) s -5 657 M -( system operations. Each request begins with an `id' field, which is) s -5 646 M -( a 32-bit identifier identifying the request \(selected by the client\).) s -5 635 M -( The same identifier will be returned in the response to the request.) s -5 624 M -( One possible implementation is a monotonically increasing request) s -5 613 M -( sequence number \(modulo 2^32\).) s -5 591 M -( Many operations in the protocol operate on open files. The) s -5 580 M -( SSH_FXP_OPEN request can return a file handle \(which is an opaque) s -5 569 M -( variable-length string\) which may be used to access the file later) s -5 558 M -( \(e.g. in a read operation\). The client MUST NOT send requests the) s -5 547 M -( server with bogus or closed handles. However, the server MUST) s -5 536 M -( perform adequate checks on the handle in order to avoid security) s -5 525 M -( risks due to fabricated handles.) s -5 503 M -( This design allows either stateful and stateless server) s -5 492 M -( implementation, as well as an implementation which caches state) s -5 481 M -( between requests but may also flush it. The contents of the file) s -5 470 M -( handle string are entirely up to the server and its design. The) s -5 459 M -( client should not modify or attempt to interpret the file handle) s -5 448 M -( strings.) s -5 426 M -( The file handle strings MUST NOT be longer than 256 bytes.) s -5 404 M -(6.1 Request Synchronization and Reordering) s -5 382 M -( The protocol and implementations MUST process requests relating to) s -5 371 M -( the same file in the order in which they are received. In other) s -5 360 M -( words, if an application submits multiple requests to the server, the) s -5 349 M -( results in the responses will be the same as if it had sent the) s -5 338 M -( requests one at a time and waited for the response in each case. For) s -5 327 M -( example, the server may process non-overlapping read/write requests) s -5 316 M -( to the same file in parallel, but overlapping reads and writes cannot) s -5 305 M -( be reordered or parallelized. However, there are no ordering) s -5 294 M -( restrictions on the server for processing requests from two different) s -5 283 M -( file transfer connections. The server may interleave and parallelize) s -5 272 M -( them at will.) s -5 250 M -( There are no restrictions on the order in which responses to) s -5 239 M -( outstanding requests are delivered to the client, except that the) s -5 228 M -( server must ensure fairness in the sense that processing of no) s -5 217 M -( request will be indefinitely delayed even if the client is sending) s -5 206 M -( other requests so that there are multiple outstanding requests all) s -5 195 M -( the time.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 13]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 14 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(6.2 File Names) s -5 668 M -( This protocol represents file names as strings. File names are) s -5 657 M -( assumed to use the slash \('/'\) character as a directory separator.) s -5 635 M -( File names starting with a slash are "absolute", and are relative to) s -5 624 M -( the root of the file system. Names starting with any other character) s -5 613 M -( are relative to the user's default directory \(home directory\). Note) s -5 602 M -( that identifying the user is assumed to take place outside of this) s -5 591 M -( protocol.) s -5 569 M -( Servers SHOULD interpret a path name component ".." as referring to) s -5 558 M -( the parent directory, and "." as referring to the current directory.) s -5 547 M -( If the server implementation limits access to certain parts of the) s -5 536 M -( file system, it must be extra careful in parsing file names when) s -5 525 M -( enforcing such restrictions. There have been numerous reported) s -5 514 M -( security bugs where a ".." in a path name has allowed access outside) s -5 503 M -( the intended area.) s -5 481 M -( An empty path name is valid, and it refers to the user's default) s -5 470 M -( directory \(usually the user's home directory\).) s -5 448 M -( Otherwise, no syntax is defined for file names by this specification.) s -5 437 M -( Clients should not make any other assumptions; however, they can) s -5 426 M -( splice path name components returned by SSH_FXP_READDIR together) s -5 415 M -( using a slash \('/'\) as the separator, and that will work as expected.) s -5 393 M -( In order to comply with IETF Policy on Character Sets and Languages) s -5 382 M -( [2], all filenames are to be encoded in UTF-8. The shortest valid) s -5 371 M -( UTF-8 encoding of the UNICODE data MUST be used. The server is) s -5 360 M -( responsible for converting the UNICODE data to whatever canonical) s -5 349 M -( form it requires.) s -5 327 M -( For example, if the server requires that precomposed characters) s -5 316 M -( always be used, the server MUST NOT assume the filename as sent by) s -5 305 M -( the client has this attribute, but must do this normalization itself.) s -5 283 M -( It is understood that the lack of well-defined semantics for file) s -5 272 M -( names may cause interoperability problems between clients and servers) s -5 261 M -( using radically different operating systems. However, this approach) s -5 250 M -( is known to work acceptably with most systems, and alternative) s -5 239 M -( approaches that e.g. treat file names as sequences of structured) s -5 228 M -( components are quite complicated.) s -5 206 M -(6.3 Opening, Creating, and Closing Files) s -5 184 M -( Files are opened and created using the SSH_FXP_OPEN message, whose) s -5 173 M -( data part is as follows:) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 14]) s -_R -S -PStoPSsaved restore -%%Page: (14,15) 8 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 15 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( uint32 id) s -5 679 M -( string filename [UTF-8]) s -5 668 M -( uint32 pflags) s -5 657 M -( ATTRS attrs) s -5 635 M -( The `id' field is the request identifier as for all requests.) s -5 613 M -( The `filename' field specifies the file name. See Section ``File) s -5 602 M -( Names'' for more information.) s -5 580 M -( The `pflags' field is a bitmask. The following bits have been) s -5 569 M -( defined.) s -5 547 M -( #define SSH_FXF_READ 0x00000001) s -5 536 M -( #define SSH_FXF_WRITE 0x00000002) s -5 525 M -( #define SSH_FXF_APPEND 0x00000004) s -5 514 M -( #define SSH_FXF_CREAT 0x00000008) s -5 503 M -( #define SSH_FXF_TRUNC 0x00000010) s -5 492 M -( #define SSH_FXF_EXCL 0x00000020) s -5 481 M -( #define SSH_FXF_TEXT 0x00000040) s -5 459 M -( These have the following meanings:) s -5 437 M -( SSH_FXF_READ) s -5 426 M -( Open the file for reading.) s -5 404 M -( SSH_FXF_WRITE) s -5 393 M -( Open the file for writing. If both this and SSH_FXF_READ are) s -5 382 M -( specified, the file is opened for both reading and writing.) s -5 360 M -( SSH_FXF_APPEND) s -5 349 M -( Force all writes to append data at the end of the file. The) s -5 338 M -( offset parameter to write will be ignored.) s -5 316 M -( SSH_FXF_CREAT) s -5 305 M -( If this flag is specified, then a new file will be created if one) s -5 294 M -( does not already exist \(if O_TRUNC is specified, the new file will) s -5 283 M -( be truncated to zero length if it previously exists\).) s -5 261 M -( SSH_FXF_TRUNC) s -5 250 M -( Forces an existing file with the same name to be truncated to zero) s -5 239 M -( length when creating a file by specifying SSH_FXF_CREAT.) s -5 228 M -( SSH_FXF_CREAT MUST also be specified if this flag is used.) s -5 206 M -( SSH_FXF_EXCL) s -5 195 M -( Causes the request to fail if the named file already exists.) s -5 184 M -( SSH_FXF_CREAT MUST also be specified if this flag is used.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 15]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 16 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( SSH_FXF_TEXT) s -5 679 M -( Indicates that the server should treat the file as text and) s -5 668 M -( convert it to the canonical newline convention in use. \(See) s -5 657 M -( Determining Server Newline Convention. \(Section 4.3\)) s -5 635 M -( When a file is opened with the FXF_TEXT flag, the offset field in) s -5 624 M -( both the read and write function are ignored.) s -5 602 M -( Servers MUST correctly process multiple parallel reads and writes) s -5 591 M -( correctly in this mode. Naturally, it is permissible for them to) s -5 580 M -( do this by serializing the requests. It would not be possible for) s -5 569 M -( a client to reliably detect a server that does not implement) s -5 558 M -( parallel writes in time to prevent damage.) s -5 536 M -( Clients SHOULD use the SSH_FXF_APPEND flag to append data to a) s -5 525 M -( text file rather then using write with a calculated offset.) s -5 503 M -( To support seeks on text file the following SSH_FXP_EXTENDED) s -5 492 M -( packet is defined.) s -5 448 M -( string "text-seek") s -5 437 M -( string file-handle) s -5 426 M -( uint64 line-number) s -5 404 M -( line-number is the index of the line number to seek to, where byte) s -5 393 M -( 0 in the file is line number 0, and the byte directly following) s -5 382 M -( the first newline sequence in the file is line number 1 and so on.) s -5 360 M -( The response to a "text-seek" request is an SSH_FXP_STATUS) s -5 349 M -( message.) s -5 327 M -( An attempt to seek past the end-of-file should result in a) s -5 316 M -( SSH_FX_EOF status.) s -5 294 M -( Servers SHOULD support at least one "text-seek" in order to) s -5 283 M -( support resume. However, a client MUST be prepared to receive) s -5 272 M -( SSH_FX_OP_UNSUPPORTED when attempting a "text-seek" operation.) s -5 261 M -( The client can then try a fall-back strategy, if it has one.) s -5 239 M -( Clients MUST be prepared to handle SSH_FX_OP_UNSUPPORTED returned) s -5 228 M -( for read or write operations that are not sequential.) s -5 206 M -( The `attrs' field specifies the initial attributes for the file.) s -5 195 M -( Default values will be used for those attributes that are not) s -5 184 M -( specified. See Section ``File Attributes'' for more information.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 16]) s -_R -S -PStoPSsaved restore -%%Page: (16,17) 9 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 17 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( The response to this message will be either SSH_FXP_HANDLE \(if the) s -5 679 M -( operation is successful\) or SSH_FXP_STATUS \(if the operation fails\).) s -5 657 M -( A file is closed by using the SSH_FXP_CLOSE request. Its data field) s -5 646 M -( has the following format:) s -5 624 M -( uint32 id) s -5 613 M -( string handle) s -5 591 M -( where `id' is the request identifier, and `handle' is a handle) s -5 580 M -( previously returned in the response to SSH_FXP_OPEN or) s -5 569 M -( SSH_FXP_OPENDIR. The handle becomes invalid immediately after this) s -5 558 M -( request has been sent.) s -5 536 M -( The response to this request will be a SSH_FXP_STATUS message. One) s -5 525 M -( should note that on some server platforms even a close can fail.) s -5 514 M -( This can happen e.g. if the server operating system caches writes,) s -5 503 M -( and an error occurs while flushing cached writes during the close.) s -5 481 M -(6.4 Reading and Writing) s -5 459 M -( Once a file has been opened, it can be read using the SSH_FXP_READ) s -5 448 M -( message, which has the following format:) s -5 426 M -( uint32 id) s -5 415 M -( string handle) s -5 404 M -( uint64 offset) s -5 393 M -( uint32 len) s -5 371 M -( where `id' is the request identifier, `handle' is an open file handle) s -5 360 M -( returned by SSH_FXP_OPEN, `offset' is the offset \(in bytes\) relative) s -5 349 M -( to the beginning of the file from where to start reading, and `len') s -5 338 M -( is the maximum number of bytes to read.) s -5 316 M -( In response to this request, the server will read as many bytes as it) s -5 305 M -( can from the file \(up to `len'\), and return them in a SSH_FXP_DATA) s -5 294 M -( message. If an error occurs or EOF is encountered before reading any) s -5 283 M -( data, the server will respond with SSH_FXP_STATUS. For normal disk) s -5 272 M -( files, it is guaranteed that this will read the specified number of) s -5 261 M -( bytes, or up to end of file. For e.g. device files this may return) s -5 250 M -( fewer bytes than requested.) s -5 228 M -( Writing to a file is achieved using the SSH_FXP_WRITE message, which) s -5 217 M -( has the following format:) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 17]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 18 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( uint32 id) s -5 679 M -( string handle) s -5 668 M -( uint64 offset) s -5 657 M -( string data) s -5 635 M -( where `id' is a request identifier, `handle' is a file handle) s -5 624 M -( returned by SSH_FXP_OPEN, `offset' is the offset \(in bytes\) from the) s -5 613 M -( beginning of the file where to start writing, and `data' is the data) s -5 602 M -( to be written.) s -5 580 M -( The write will extend the file if writing beyond the end of the file.) s -5 569 M -( It is legal to write way beyond the end of the file; the semantics) s -5 558 M -( are to write zeroes from the end of the file to the specified offset) s -5 547 M -( and then the data. On most operating systems, such writes do not) s -5 536 M -( allocate disk space but instead leave "holes" in the file.) s -5 514 M -( The server responds to a write request with a SSH_FXP_STATUS message.) s -5 492 M -(6.5 Removing and Renaming Files) s -5 470 M -( Files can be removed using the SSH_FXP_REMOVE message. It has the) s -5 459 M -( following format:) s -5 437 M -( uint32 id) s -5 426 M -( string filename [UTF-8]) s -5 404 M -( where `id' is the request identifier and `filename' is the name of) s -5 393 M -( the file to be removed. See Section ``File Names'' for more) s -5 382 M -( information. This request cannot be used to remove directories.) s -5 360 M -( The server will respond to this request with a SSH_FXP_STATUS) s -5 349 M -( message.) s -5 327 M -( Files \(and directories\) can be renamed using the SSH_FXP_RENAME) s -5 316 M -( message. Its data is as follows:) s -5 294 M -( uint32 id) s -5 283 M -( string oldpath [UTF-8]) s -5 272 M -( string newpath [UTF-8]) s -5 250 M -( where `id' is the request identifier, `oldpath' is the name of an) s -5 239 M -( existing file or directory, and `newpath' is the new name for the) s -5 228 M -( file or directory. It is an error if there already exists a file) s -5 217 M -( with the name specified by newpath. The server may also fail rename) s -5 206 M -( requests in other situations, for example if `oldpath' and `newpath') s -5 195 M -( point to different file systems on the server.) s -5 173 M -( The server will respond to this request with a SSH_FXP_STATUS) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 18]) s -_R -S -PStoPSsaved restore -%%Page: (18,19) 10 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 19 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( message.) s -5 668 M -(6.6 Creating and Deleting Directories) s -5 646 M -( New directories can be created using the SSH_FXP_MKDIR request. It) s -5 635 M -( has the following format:) s -5 613 M -( uint32 id) s -5 602 M -( string path [UTF-8]) s -5 591 M -( ATTRS attrs) s -5 569 M -( where `id' is the request identifier.) s -5 547 M -( `path' specifies the directory to be created. See Section ``File) s -5 536 M -( Names'' for more information on file names.) s -5 514 M -( `attrs' specifies the attributes that should be applied to it upon) s -5 503 M -( creation. Attributes are discussed in more detail in Section ``File) s -5 492 M -( Attributes''.) s -5 470 M -( The server will respond to this request with a SSH_FXP_STATUS) s -5 459 M -( message. If a file or directory with the specified path already) s -5 448 M -( exists, an error will be returned.) s -5 426 M -( Directories can be removed using the SSH_FXP_RMDIR request, which has) s -5 415 M -( the following format:) s -5 393 M -( uint32 id) s -5 382 M -( string path [UTF-8]) s -5 360 M -( where `id' is the request identifier, and `path' specifies the) s -5 349 M -( directory to be removed. See Section ``File Names'' for more) s -5 338 M -( information on file names.) s -5 316 M -( The server responds to this request with a SSH_FXP_STATUS message.) s -5 305 M -( Errors may be returned from this operation for various reasons,) s -5 294 M -( including, but not limited to, the path does not exist, the path does) s -5 283 M -( not refer to a directory object, the directory is not empty, or the) s -5 272 M -( user has insufficient access or permission to perform the requested) s -5 261 M -( operation.) s -5 239 M -(6.7 Scanning Directories) s -5 217 M -( The files in a directory can be listed using the SSH_FXP_OPENDIR and) s -5 206 M -( SSH_FXP_READDIR requests. Each SSH_FXP_READDIR request returns one) s -5 195 M -( or more file names with full file attributes for each file. The) s -5 184 M -( client should call SSH_FXP_READDIR repeatedly until it has found the) s -5 173 M -( file it is looking for or until the server responds with a) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 19]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 20 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( SSH_FXP_STATUS message indicating an error \(normally SSH_FX_EOF if) s -5 679 M -( there are no more files in the directory\). The client should then) s -5 668 M -( close the handle using the SSH_FXP_CLOSE request.) s -5 646 M -( The SSH_FXP_OPENDIR opens a directory for reading. It has the) s -5 635 M -( following format:) s -5 613 M -( uint32 id) s -5 602 M -( string path [UTF-8]) s -5 580 M -( where `id' is the request identifier and `path' is the path name of) s -5 569 M -( the directory to be listed \(without any trailing slash\). See Section) s -5 558 M -( ``File Names'' for more information on file names. This will return) s -5 547 M -( an error if the path does not specify a directory or if the directory) s -5 536 M -( is not readable. The server will respond to this request with either) s -5 525 M -( a SSH_FXP_HANDLE or a SSH_FXP_STATUS message.) s -5 503 M -( Once the directory has been successfully opened, files \(and) s -5 492 M -( directories\) contained in it can be listed using SSH_FXP_READDIR) s -5 481 M -( requests. These are of the format) s -5 459 M -( uint32 id) s -5 448 M -( string handle) s -5 426 M -( where `id' is the request identifier, and `handle' is a handle) s -5 415 M -( returned by SSH_FXP_OPENDIR. \(It is a protocol error to attempt to) s -5 404 M -( use an ordinary file handle returned by SSH_FXP_OPEN.\)) s -5 382 M -( The server responds to this request with either a SSH_FXP_NAME or a) s -5 371 M -( SSH_FXP_STATUS message. One or more names may be returned at a time.) s -5 360 M -( Full status information is returned for each name in order to speed) s -5 349 M -( up typical directory listings.) s -5 327 M -( If there are no more names available to be read, the server MUST) s -5 316 M -( respond with a SSH_FXP_STATUS message with error code of SSH_FX_EOF.) s -5 294 M -( When the client no longer wishes to read more names from the) s -5 283 M -( directory, it SHOULD call SSH_FXP_CLOSE for the handle. The handle) s -5 272 M -( should be closed regardless of whether an error has occurred or not.) s -5 250 M -(6.8 Retrieving File Attributes) s -5 228 M -( Very often, file attributes are automatically returned by) s -5 217 M -( SSH_FXP_READDIR. However, sometimes there is need to specifically) s -5 206 M -( retrieve the attributes for a named file. This can be done using the) s -5 195 M -( SSH_FXP_STAT, SSH_FXP_LSTAT and SSH_FXP_FSTAT requests.) s -5 173 M -( SSH_FXP_STAT and SSH_FXP_LSTAT only differ in that SSH_FXP_STAT) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 20]) s -_R -S -PStoPSsaved restore -%%Page: (20,21) 11 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 21 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( follows symbolic links on the server, whereas SSH_FXP_LSTAT does not) s -5 679 M -( follow symbolic links. Both have the same format:) s -5 657 M -( uint32 id) s -5 646 M -( string path [UTF-8]) s -5 635 M -( uint32 flags) s -5 613 M -( where `id' is the request identifier, and `path' specifies the file) s -5 602 M -( system object for which status is to be returned. The server) s -5 591 M -( responds to this request with either SSH_FXP_ATTRS or SSH_FXP_STATUS.) s -5 569 M -( The flags field specify the attribute flags in which the client has) s -5 558 M -( particular interest. This is a hint to the server. For example,) s -5 547 M -( because retrieving owner / group and acl information can be an) s -5 536 M -( expensive operation under some operating systems, the server may) s -5 525 M -( choose not to retrieve this information unless the client expresses a) s -5 514 M -( specific interest in it.) s -5 492 M -( The client has no guarantee the server will provide all the fields) s -5 481 M -( that it has expressed an interest in.) s -5 459 M -( SSH_FXP_FSTAT differs from the others in that it returns status) s -5 448 M -( information for an open file \(identified by the file handle\). Its) s -5 437 M -( format is as follows:) s -5 415 M -( uint32 id) s -5 404 M -( string handle) s -5 393 M -( uint32 flags) s -5 371 M -( where `id' is the request identifier and `handle' is a file handle) s -5 360 M -( returned by SSH_FXP_OPEN. The server responds to this request with) s -5 349 M -( SSH_FXP_ATTRS or SSH_FXP_STATUS.) s -5 327 M -(6.9 Setting File Attributes) s -5 305 M -( File attributes may be modified using the SSH_FXP_SETSTAT and) s -5 294 M -( SSH_FXP_FSETSTAT requests. These requests are used for operations) s -5 283 M -( such as changing the ownership, permissions or access times, as well) s -5 272 M -( as for truncating a file.) s -5 250 M -( The SSH_FXP_SETSTAT request is of the following format:) s -5 228 M -( uint32 id) s -5 217 M -( string path [UTF-8]) s -5 206 M -( ATTRS attrs) s -5 184 M -( where `id' is the request identifier, `path' specifies the file) s -5 173 M -( system object \(e.g. file or directory\) whose attributes are to be) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 21]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 22 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( modified, and `attrs' specifies the modifications to be made to its) s -5 679 M -( attributes. Attributes are discussed in more detail in Section) s -5 668 M -( ``File Attributes''.) s -5 646 M -( An error will be returned if the specified file system object does) s -5 635 M -( not exist or the user does not have sufficient rights to modify the) s -5 624 M -( specified attributes. The server responds to this request with a) s -5 613 M -( SSH_FXP_STATUS message.) s -5 591 M -( The SSH_FXP_FSETSTAT request modifies the attributes of a file which) s -5 580 M -( is already open. It has the following format:) s -5 558 M -( uint32 id) s -5 547 M -( string handle) s -5 536 M -( ATTRS attrs) s -5 514 M -( where `id' is the request identifier, `handle' \(MUST be returned by) s -5 503 M -( SSH_FXP_OPEN\) identifies the file whose attributes are to be) s -5 492 M -( modified, and `attrs' specifies the modifications to be made to its) s -5 481 M -( attributes. Attributes are discussed in more detail in Section) s -5 470 M -( ``File Attributes''. The server will respond to this request with) s -5 459 M -( SSH_FXP_STATUS.) s -5 437 M -(6.10 Dealing with Symbolic links) s -5 415 M -( The SSH_FXP_READLINK request may be used to read the target of a) s -5 404 M -( symbolic link. It would have a data part as follows:) s -5 382 M -( uint32 id) s -5 371 M -( string path [UTF-8]) s -5 349 M -( where `id' is the request identifier and `path' specifies the path) s -5 338 M -( name of the symlink to be read.) s -5 316 M -( The server will respond with a SSH_FXP_NAME packet containing only) s -5 305 M -( one name and a dummy attributes value. The name in the returned) s -5 294 M -( packet contains the target of the link. If an error occurs, the) s -5 283 M -( server may respond with SSH_FXP_STATUS.) s -5 261 M -( The SSH_FXP_SYMLINK request will create a symbolic link on the) s -5 250 M -( server. It is of the following format) s -5 228 M -( uint32 id) s -5 217 M -( string linkpath [UTF-8]) s -5 206 M -( string targetpath [UTF-8]) s -5 184 M -( where `id' is the request identifier, `linkpath' specifies the path) s -5 173 M -( name of the symlink to be created and `targetpath' specifies the) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 22]) s -_R -S -PStoPSsaved restore -%%Page: (22,23) 12 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 23 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( target of the symlink. The server shall respond with a) s -5 679 M -( SSH_FXP_STATUS indicating either success \(SSH_FX_OK\) or an error) s -5 668 M -( condition.) s -5 646 M -(6.11 Canonicalizing the Server-Side Path Name) s -5 624 M -( The SSH_FXP_REALPATH request can be used to have the server) s -5 613 M -( canonicalize any given path name to an absolute path. This is useful) s -5 602 M -( for converting path names containing ".." components or relative) s -5 591 M -( pathnames without a leading slash into absolute paths. The format of) s -5 580 M -( the request is as follows:) s -5 558 M -( uint32 id) s -5 547 M -( string path [UTF-8]) s -5 525 M -( where `id' is the request identifier and `path' specifies the path) s -5 514 M -( name to be canonicalized. The server will respond with a) s -5 503 M -( SSH_FXP_NAME packet containing the name in canonical form and a dummy) s -5 492 M -( attributes value. If an error occurs, the server may also respond) s -5 481 M -( with SSH_FXP_STATUS.) s -5 459 M -(6.11.1 Best practice for dealing with paths) s -5 437 M -( The client SHOULD treat the results of SSH_FXP_REALPATH as a) s -5 426 M -( canonical absolute path, even if the path does not appear to be) s -5 415 M -( absolute. A client that use REALPATH\("."\) and treats the result as) s -5 404 M -( absolute, even if there is no leading slash, will continue to) s -5 393 M -( function correctly, even when talking to a Windows NT or VMS style) s -5 382 M -( system, where absolute paths may not begin with a slash.) s -5 360 M -( For example, if the client wishes to change directory up, and the) s -5 349 M -( server has returned "c:/x/y/z" from REALPATH, the client SHOULD use) s -5 338 M -( "c:/x/y/z/..".) s -5 316 M -( As a second example, if the client wishes to open the file "x.txt" in) s -5 305 M -( the current directory, and server has returned "dka100:/x/y/z" as the) s -5 294 M -( canonical path of the directory, the client SHOULD open "dka100:/x/y/) s -5 283 M -( z/x.txt") s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 23]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 24 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(7. Responses from the Server to the Client) s -5 668 M -( The server responds to the client using one of a few response) s -5 657 M -( packets. All requests can return a SSH_FXP_STATUS response upon) s -5 646 M -( failure. When the operation is successful, any of the responses may) s -5 635 M -( be returned \(depending on the operation\). If no data needs to be) s -5 624 M -( returned to the client, the SSH_FXP_STATUS response with SSH_FX_OK) s -5 613 M -( status is appropriate. Otherwise, the SSH_FXP_HANDLE message is used) s -5 602 M -( to return a file handle \(for SSH_FXP_OPEN and SSH_FXP_OPENDIR) s -5 591 M -( requests\), SSH_FXP_DATA is used to return data from SSH_FXP_READ,) s -5 580 M -( SSH_FXP_NAME is used to return one or more file names from a) s -5 569 M -( SSH_FXP_READDIR or SSH_FXP_REALPATH request, and SSH_FXP_ATTRS is) s -5 558 M -( used to return file attributes from SSH_FXP_STAT, SSH_FXP_LSTAT, and) s -5 547 M -( SSH_FXP_FSTAT requests.) s -5 525 M -( Exactly one response will be returned for each request. Each) s -5 514 M -( response packet contains a request identifier which can be used to) s -5 503 M -( match each response with the corresponding request. Note that it is) s -5 492 M -( legal to have several requests outstanding simultaneously, and the) s -5 481 M -( server is allowed to send responses to them in a different order from) s -5 470 M -( the order in which the requests were sent \(the result of their) s -5 459 M -( execution, however, is guaranteed to be as if they had been processed) s -5 448 M -( one at a time in the order in which the requests were sent\).) s -5 426 M -( Response packets are of the same general format as request packets.) s -5 415 M -( Each response packet begins with the request identifier.) s -5 393 M -( The format of the data portion of the SSH_FXP_STATUS response is as) s -5 382 M -( follows:) s -5 360 M -( uint32 id) s -5 349 M -( uint32 error/status code) s -5 338 M -( string error message \(ISO-10646 UTF-8 [RFC-2279]\)) s -5 327 M -( string language tag \(as defined in [RFC-1766]\)) s -5 305 M -( where `id' is the request identifier, and `error/status code') s -5 294 M -( indicates the result of the requested operation. The value SSH_FX_OK) s -5 283 M -( indicates success, and all other values indicate failure.) s -5 261 M -( Currently, the following values are defined \(other values may be) s -5 250 M -( defined by future versions of this protocol\):) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 24]) s -_R -S -PStoPSsaved restore -%%Page: (24,25) 13 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 25 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( #define SSH_FX_OK 0) s -5 679 M -( #define SSH_FX_EOF 1) s -5 668 M -( #define SSH_FX_NO_SUCH_FILE 2) s -5 657 M -( #define SSH_FX_PERMISSION_DENIED 3) s -5 646 M -( #define SSH_FX_FAILURE 4) s -5 635 M -( #define SSH_FX_BAD_MESSAGE 5) s -5 624 M -( #define SSH_FX_NO_CONNECTION 6) s -5 613 M -( #define SSH_FX_CONNECTION_LOST 7) s -5 602 M -( #define SSH_FX_OP_UNSUPPORTED 8) s -5 591 M -( #define SSH_FX_INVALID_HANDLE 9) s -5 580 M -( #define SSH_FX_NO_SUCH_PATH 10) s -5 569 M -( #define SSH_FX_FILE_ALREADY_EXISTS 11) s -5 558 M -( #define SSH_FX_WRITE_PROTECT 12) s -5 536 M -( SSH_FX_OK) s -5 525 M -( Indicates successful completion of the operation.) s -5 503 M -( SSH_FX_EOF) s -5 492 M -( indicates end-of-file condition; for SSH_FX_READ it means that no) s -5 481 M -( more data is available in the file, and for SSH_FX_READDIR it) s -5 470 M -( indicates that no more files are contained in the directory.) s -5 448 M -( SSH_FX_NO_SUCH_FILE) s -5 437 M -( is returned when a reference is made to a file which does not) s -5 426 M -( exist.) s -5 404 M -( SSH_FX_PERMISSION_DENIED) s -5 393 M -( is returned when the authenticated user does not have sufficient) s -5 382 M -( permissions to perform the operation.) s -5 360 M -( SSH_FX_FAILURE) s -5 349 M -( is a generic catch-all error message; it should be returned if an) s -5 338 M -( error occurs for which there is no more specific error code) s -5 327 M -( defined.) s -5 305 M -( SSH_FX_BAD_MESSAGE) s -5 294 M -( may be returned if a badly formatted packet or protocol) s -5 283 M -( incompatibility is detected.) s -5 261 M -( SSH_FX_NO_CONNECTION) s -5 250 M -( is a pseudo-error which indicates that the client has no) s -5 239 M -( connection to the server \(it can only be generated locally by the) s -5 228 M -( client, and MUST NOT be returned by servers\).) s -5 206 M -( SSH_FX_CONNECTION_LOST) s -5 195 M -( is a pseudo-error which indicates that the connection to the) s -5 184 M -( server has been lost \(it can only be generated locally by the) s -5 173 M -( client, and MUST NOT be returned by servers\).) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 25]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 26 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( SSH_FX_OP_UNSUPPORTED) s -5 679 M -( indicates that an attempt was made to perform an operation which) s -5 668 M -( is not supported for the server \(it may be generated locally by) s -5 657 M -( the client if e.g. the version number exchange indicates that a) s -5 646 M -( required feature is not supported by the server, or it may be) s -5 635 M -( returned by the server if the server does not implement an) s -5 624 M -( operation\).) s -5 602 M -( SSH_FX_INVALID_HANDLE) s -5 591 M -( The handle value was invalid.) s -5 569 M -( SSH_FX_NO_SUCH_PATH) s -5 558 M -( The file path does not exist or is invalid.) s -5 536 M -( SSH_FX_FILE_ALREADY_EXISTS) s -5 525 M -( The file already exists.) s -5 503 M -( SSH_FX_WRITE_PROTECT) s -5 492 M -( The file is on read only media, or the media is write protected.) s -5 470 M -( The SSH_FXP_HANDLE response has the following format:) s -5 448 M -( uint32 id) s -5 437 M -( string handle) s -5 415 M -( where `id' is the request identifier, and `handle' is an arbitrary) s -5 404 M -( string that identifies an open file or directory on the server. The) s -5 393 M -( handle is opaque to the client; the client MUST NOT attempt to) s -5 382 M -( interpret or modify it in any way. The length of the handle string) s -5 371 M -( MUST NOT exceed 256 data bytes.) s -5 349 M -( The SSH_FXP_DATA response has the following format:) s -5 327 M -( uint32 id) s -5 316 M -( string data) s -5 294 M -( where `id' is the request identifier, and `data' is an arbitrary byte) s -5 283 M -( string containing the requested data. The data string may be at most) s -5 272 M -( the number of bytes requested in a SSH_FXP_READ request, but may also) s -5 261 M -( be shorter if end of file is reached or if the read is from something) s -5 250 M -( other than a regular file.) s -5 228 M -( The SSH_FXP_NAME response has the following format:) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 26]) s -_R -S -PStoPSsaved restore -%%Page: (26,27) 14 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 27 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( uint32 id) s -5 679 M -( uint32 count) s -5 668 M -( repeats count times:) s -5 657 M -( string filename [UTF-8]) s -5 646 M -( ATTRS attrs) s -5 624 M -( where `id' is the request identifier, `count' is the number of names) s -5 613 M -( returned in this response, and the remaining fields repeat `count') s -5 602 M -( times \(so that all three fields are first included for the first) s -5 591 M -( file, then for the second file, etc\). In the repeated part,) s -5 580 M -( `filename' is a file name being returned \(for SSH_FXP_READDIR, it) s -5 569 M -( will be a relative name within the directory, without any path) s -5 558 M -( components; for SSH_FXP_REALPATH it will be an absolute path name\),) s -5 547 M -( and `attrs' is the attributes of the file as described in Section) s -5 536 M -( ``File Attributes''.) s -5 514 M -( The SSH_FXP_ATTRS response has the following format:) s -5 492 M -( uint32 id) s -5 481 M -( ATTRS attrs) s -5 459 M -( where `id' is the request identifier, and `attrs' is the returned) s -5 448 M -( file attributes as described in Section ``File Attributes''.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 27]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 28 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(8. Vendor-Specific Extensions) s -5 668 M -( The SSH_FXP_EXTENDED request provides a generic extension mechanism) s -5 657 M -( for adding vendor-specific commands. The request has the following) s -5 646 M -( format:) s -5 624 M -( uint32 id) s -5 613 M -( string extended-request) s -5 602 M -( ... any request-specific data ...) s -5 580 M -( where `id' is the request identifier, and `extended-request' is a) s -5 569 M -( string of the format "name@domain", where domain is an internet) s -5 558 M -( domain name of the vendor defining the request. The rest of the) s -5 547 M -( request is completely vendor-specific, and servers should only) s -5 536 M -( attempt to interpret it if they recognize the `extended-request') s -5 525 M -( name.) s -5 503 M -( The server may respond to such requests using any of the response) s -5 492 M -( packets defined in Section ``Responses from the Server to the) s -5 481 M -( Client''. Additionally, the server may also respond with a) s -5 470 M -( SSH_FXP_EXTENDED_REPLY packet, as defined below. If the server does) s -5 459 M -( not recognize the `extended-request' name, then the server MUST) s -5 448 M -( respond with SSH_FXP_STATUS with error/status set to) s -5 437 M -( SSH_FX_OP_UNSUPPORTED.) s -5 415 M -( The SSH_FXP_EXTENDED_REPLY packet can be used to carry arbitrary) s -5 404 M -( extension-specific data from the server to the client. It is of the) s -5 393 M -( following format:) s -5 371 M -( uint32 id) s -5 360 M -( ... any request-specific data ...) s -5 338 M -( There is a range of packet types reserved for use by extensions. In) s -5 327 M -( order to avoid collision, extensions that turn on the use of) s -5 316 M -( additional packet types should determine those numbers dynamically.) s -5 294 M -( The suggested way of doing this is have an extension request from the) s -5 283 M -( client to the server that enables the extension; the extension) s -5 272 M -( response from the server to the client would specify the actual type) s -5 261 M -( values to use, in additional to any other data.) s -5 239 M -( Extension authors should be mindful of the limited range of packet) s -5 228 M -( types available \(there are only 45 values available\) and avoid) s -5 217 M -( requiring a new packet type where possible.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 28]) s -_R -S -PStoPSsaved restore -%%Page: (28,29) 15 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 29 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(9. Security Considerations) s -5 668 M -( This protocol assumes that it is run over a secure channel and that) s -5 657 M -( the endpoints of the channel have been authenticated. Thus, this) s -5 646 M -( protocol assumes that it is externally protected from network-level) s -5 635 M -( attacks.) s -5 613 M -( This protocol provides file system access to arbitrary files on the) s -5 602 M -( server \(only constrained by the server implementation\). It is the) s -5 591 M -( responsibility of the server implementation to enforce any access) s -5 580 M -( controls that may be required to limit the access allowed for any) s -5 569 M -( particular user \(the user being authenticated externally to this) s -5 558 M -( protocol, typically using the SSH User Authentication Protocol [8].) s -5 536 M -( Care must be taken in the server implementation to check the validity) s -5 525 M -( of received file handle strings. The server should not rely on them) s -5 514 M -( directly; it MUST check the validity of each handle before relying on) s -5 503 M -( it.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 29]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 30 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(10. Changes from previous protocol versions) s -5 668 M -( The SSH File Transfer Protocol has changed over time, before it's) s -5 657 M -( standardization. The following is a description of the incompatible) s -5 646 M -( changes between different versions.) s -5 624 M -(10.1 Changes between versions 4 and 3) s -5 602 M -( Many of the changes between version 4 and version 3 are to the) s -5 591 M -( attribute structure to make it more flexible for non-unix platforms.) s -5 569 M -( o Make all filenames UTF-8.) s -5 547 M -( o Added 'newline' extension.) s -5 525 M -( o Made file attribute owner and group strings so they can actually) s -5 514 M -( be used on disparate systems.) s -5 492 M -( o Added createtime field, and added separate flags for atime,) s -5 481 M -( createtime, and mtime so they can be set separately.) s -5 459 M -( o Split the file type out of the permissions field and into it's own) s -5 448 M -( field \(which is always present.\)) s -5 426 M -( o Added acl attribute.) s -5 404 M -( o Added SSH_FXF_TEXT file open flag.) s -5 382 M -( o Added flags field to the get stat commands so that the client can) s -5 371 M -( specifically request information the server might not normally) s -5 360 M -( included for performance reasons.) s -5 338 M -( o Removed the long filename from the names structure-- it can now be) s -5 327 M -( built from information available in the attrs structure.) s -5 305 M -( o Added reserved range of packet numbers for extensions.) s -5 283 M -( o Added several additional error codes.) s -5 261 M -( o Change the way version negotiate works slightly. Previously, if) s -5 250 M -( the client version were higher than the server version, the server) s -5 239 M -( was supposed to 'echo back' the clients version. The server now) s -5 228 M -( sends it's own version and the lower of the two is considered to) s -5 217 M -( be the one in use.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 30]) s -_R -S -PStoPSsaved restore -%%Page: (30,31) 16 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 31 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(10.2 Changes between versions 3 and 2) s -5 668 M -( o The SSH_FXP_READLINK and SSH_FXP_SYMLINK messages were added.) s -5 646 M -( o The SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY messages were) s -5 635 M -( added.) s -5 613 M -( o The SSH_FXP_STATUS message was changed to include fields `error) s -5 602 M -( message' and `language tag'.) s -5 569 M -(10.3 Changes between versions 2 and 1) s -5 547 M -( o The SSH_FXP_RENAME message was added.) s -5 514 M -(10.4 Changes between versions 1 and 0) s -5 492 M -( o Implementation changes, no actual protocol changes.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 31]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 32 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(11. Trademark Issues) s -5 668 M -( "ssh" is a registered trademark of SSH Communications Security Corp) s -5 657 M -( in the United States and/or other countries.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 32]) s -_R -S -PStoPSsaved restore -%%Page: (32,33) 17 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 33 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(References) s -5 668 M -( [1] Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A. and) s -5 657 M -( P. Kocher, "The TLS Protocol Version 1.0", RFC 2246, January) s -5 646 M -( 1999.) s -5 624 M -( [2] Alvestrand, H., "IETF Policy on Character Sets and Languages",) s -5 613 M -( BCP 18, RFC 2277, January 1998.) s -5 591 M -( [3] Shepler, S., Callaghan, B., Robinson, D., Thurlow, R., Beame,) s -5 580 M -( C., Eisler, M. and D. Noveck, "NFS version 4 Protocol", RFC) s -5 569 M -( 3010, December 2000.) s -5 547 M -( [4] Institute of Electrical and Electronics Engineers, "Information) s -5 536 M -( Technology - Portable Operating System Interface \(POSIX\) - Part) s -5 525 M -( 1: System Application Program Interface \(API\) [C Language]",) s -5 514 M -( IEEE Standard 1003.2, 1996.) s -5 492 M -( [5] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.) s -5 481 M -( Lehtinen, "SSH Protocol Architecture", draft-ietf-secsh-) s -5 470 M -( architecture-13 \(work in progress\), September 2002.) s -5 448 M -( [6] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.) s -5 437 M -( Lehtinen, "SSH Protocol Transport Protocol", draft-ietf-secsh-) s -5 426 M -( transport-15 \(work in progress\), September 2002.) s -5 404 M -( [7] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.) s -5 393 M -( Lehtinen, "SSH Connection Protocol", draft-ietf-secsh-connect-16) s -5 382 M -( \(work in progress\), September 2002.) s -5 360 M -( [8] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S.) s -5 349 M -( Lehtinen, "SSH Authentication Protocol", draft-ietf-secsh-) s -5 338 M -( userauth-16 \(work in progress\), September 2002.) s -5 305 M -(Authors' Addresses) s -5 283 M -( Joseph Galbraith) s -5 272 M -( VanDyke Software) s -5 261 M -( 4848 Tramway Ridge Blvd) s -5 250 M -( Suite 101) s -5 239 M -( Albuquerque, NM 87111) s -5 228 M -( US) s -5 206 M -( Phone: +1 505 332 5700) s -5 195 M -( EMail: galb-list@vandyke.com) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 33]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 34 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -( Tatu Ylonen) s -5 679 M -( SSH Communications Security Corp) s -5 668 M -( Fredrikinkatu 42) s -5 657 M -( HELSINKI FIN-00100) s -5 646 M -( Finland) s -5 624 M -( EMail: ylo@ssh.com) s -5 591 M -( Sami Lehtinen) s -5 580 M -( SSH Communications Security Corp) s -5 569 M -( Fredrikinkatu 42) s -5 558 M -( HELSINKI FIN-00100) s -5 547 M -( Finland) s -5 525 M -( EMail: sjl@ssh.com) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 34]) s -_R -S -PStoPSsaved restore -%%Page: (34,35) 18 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 35 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH File Transfer Protocol October 2002) s -5 690 M -(Full Copyright Statement) s -5 668 M -( Copyright \(C\) The Internet Society \(2002\). All Rights Reserved.) s -5 646 M -( This document and translations of it may be copied and furnished to) s -5 635 M -( others, and derivative works that comment on or otherwise explain it) s -5 624 M -( or assist in its implementation may be prepared, copied, published) s -5 613 M -( and distributed, in whole or in part, without restriction of any) s -5 602 M -( kind, provided that the above copyright notice and this paragraph are) s -5 591 M -( included on all such copies and derivative works. However, this) s -5 580 M -( document itself may not be modified in any way, such as by removing) s -5 569 M -( the copyright notice or references to the Internet Society or other) s -5 558 M -( Internet organizations, except as needed for the purpose of) s -5 547 M -( developing Internet standards in which case the procedures for) s -5 536 M -( copyrights defined in the Internet Standards process must be) s -5 525 M -( followed, or as required to translate it into languages other than) s -5 514 M -( English.) s -5 492 M -( The limited permissions granted above are perpetual and will not be) s -5 481 M -( revoked by the Internet Society or its successors or assigns.) s -5 459 M -( This document and the information contained herein is provided on an) s -5 448 M -( "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING) s -5 437 M -( TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING) s -5 426 M -( BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION) s -5 415 M -( HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF) s -5 404 M -( MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.) s -5 382 M -(Acknowledgement) s -5 360 M -( Funding for the RFC Editor function is currently provided by the) s -5 349 M -( Internet Society.) s -5 129 M -(Galbraith, et al. Expires April 16, 2003 [Page 35]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 36 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -_R -S -PStoPSsaved restore -%%Trailer -%%Pages: 36 -%%DocumentNeededResources: font Courier-Bold Courier -%%EOF diff --git a/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-03.txt b/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-03.txt deleted file mode 100644 index 83960ae976..0000000000 --- a/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-03.txt +++ /dev/null @@ -1,1962 +0,0 @@ - - - -Secure Shell Working Group J. Galbraith -Internet-Draft VanDyke Software -Expires: April 16, 2003 T. Ylonen - S. Lehtinen - SSH Communications Security Corp - October 16, 2002 - - - SSH File Transfer Protocol - draft-ietf-secsh-filexfer-03.txt - -Status of this Memo - - This document is an Internet-Draft and is in full conformance with - all provisions of Section 10 of RFC2026. - - Internet-Drafts are working documents of the Internet Engineering - Task Force (IETF), its areas, and its working groups. Note that - other groups may also distribute working documents as Internet- - Drafts. - - Internet-Drafts are draft documents valid for a maximum of six months - and may be updated, replaced, or obsoleted by other documents at any - time. It is inappropriate to use Internet-Drafts as reference - material or to cite them other than as "work in progress." - - The list of current Internet-Drafts can be accessed at http:// - www.ietf.org/ietf/1id-abstracts.txt. - - The list of Internet-Draft Shadow Directories can be accessed at - http://www.ietf.org/shadow.html. - - This Internet-Draft will expire on April 16, 2003. - -Copyright Notice - - Copyright (C) The Internet Society (2002). All Rights Reserved. - -Abstract - - The SSH File Transfer Protocol provides secure file transfer - functionality over any reliable data stream. It is the standard file - transfer protocol for use with the SSH2 protocol. This document - describes the file transfer protocol and its interface to the SSH2 - protocol suite. - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 1] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -Table of Contents - - 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 3 - 2. Use with the SSH Connection Protocol . . . . . . . . . . . 4 - 3. General Packet Format . . . . . . . . . . . . . . . . . . 5 - 4. Protocol Initialization . . . . . . . . . . . . . . . . . 7 - 4.1 Client Initialization . . . . . . . . . . . . . . . . . . 7 - 4.2 Server Initialization . . . . . . . . . . . . . . . . . . 7 - 4.3 Determining Server Newline Convention . . . . . . . . . . 8 - 5. File Attributes . . . . . . . . . . . . . . . . . . . . . 9 - 5.1 Flags . . . . . . . . . . . . . . . . . . . . . . . . . . 9 - 5.2 Type . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 - 5.3 Size . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 - 5.4 Owner and Group . . . . . . . . . . . . . . . . . . . . . 10 - 5.5 Permissions . . . . . . . . . . . . . . . . . . . . . . . 11 - 5.6 Times . . . . . . . . . . . . . . . . . . . . . . . . . . 11 - 5.7 ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 - 5.8 Extended attributes . . . . . . . . . . . . . . . . . . . 12 - 6. Requests From the Client to the Server . . . . . . . . . . 13 - 6.1 Request Synchronization and Reordering . . . . . . . . . . 13 - 6.2 File Names . . . . . . . . . . . . . . . . . . . . . . . . 14 - 6.3 Opening, Creating, and Closing Files . . . . . . . . . . . 14 - 6.4 Reading and Writing . . . . . . . . . . . . . . . . . . . 17 - 6.5 Removing and Renaming Files . . . . . . . . . . . . . . . 18 - 6.6 Creating and Deleting Directories . . . . . . . . . . . . 19 - 6.7 Scanning Directories . . . . . . . . . . . . . . . . . . . 19 - 6.8 Retrieving File Attributes . . . . . . . . . . . . . . . . 20 - 6.9 Setting File Attributes . . . . . . . . . . . . . . . . . 21 - 6.10 Dealing with Symbolic links . . . . . . . . . . . . . . . 22 - 6.11 Canonicalizing the Server-Side Path Name . . . . . . . . . 23 - 6.11.1 Best practice for dealing with paths . . . . . . . . . . . 23 - 7. Responses from the Server to the Client . . . . . . . . . 24 - 8. Vendor-Specific Extensions . . . . . . . . . . . . . . . . 28 - 9. Security Considerations . . . . . . . . . . . . . . . . . 29 - 10. Changes from previous protocol versions . . . . . . . . . 30 - 10.1 Changes between versions 4 and 3 . . . . . . . . . . . . . 30 - 10.2 Changes between versions 3 and 2 . . . . . . . . . . . . . 31 - 10.3 Changes between versions 2 and 1 . . . . . . . . . . . . . 31 - 10.4 Changes between versions 1 and 0 . . . . . . . . . . . . . 31 - 11. Trademark Issues . . . . . . . . . . . . . . . . . . . . . 32 - References . . . . . . . . . . . . . . . . . . . . . . . . 33 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . 33 - Full Copyright Statement . . . . . . . . . . . . . . . . . 35 - - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 2] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -1. Introduction - - This protocol provides secure file transfer (and more generally file - system access) functionality over a reliable data stream, such as a - channel in the SSH2 protocol [5]. - - This protocol is designed so that it could be used to implement a - secure remote file system service, as well as a secure file transfer - service. - - This protocol assumes that it runs over a secure channel, and that - the server has already authenticated the user at the client end, and - that the identity of the client user is externally available to the - server implementation. - - In general, this protocol follows a simple request-response model. - Each request and response contains a sequence number and multiple - requests may be pending simultaneously. There are a relatively large - number of different request messages, but a small number of possible - response messages. Each request has one or more response messages - that may be returned in result (e.g., a read either returns data or - reports error status). - - The packet format descriptions in this specification follow the - notation presented in the secsh architecture draft. [5] - - Even though this protocol is described in the context of the SSH2 - protocol, this protocol is general and independent of the rest of the - SSH2 protocol suite. It could be used in a number of different - applications, such as secure file transfer over TLS RFC 2246 [1] and - transfer of management information in VPN applications. - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 3] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -2. Use with the SSH Connection Protocol - - When used with the SSH2 Protocol suite, this protocol is intended to - be used from the SSH Connection Protocol [7] as a subsystem, as - described in section ``Starting a Shell or a Command''. The - subsystem name used with this protocol is "sftp". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 4] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -3. General Packet Format - - All packets transmitted over the secure connection are of the - following format: - - uint32 length - byte type - byte[length - 1] data payload - - That is, they are just data preceded by 32-bit length and 8-bit type - fields. The `length' is the length of the data area, and does not - include the `length' field itself. The format and interpretation of - the data area depends on the packet type. - - All packet descriptions below only specify the packet type and the - data that goes into the data field. Thus, they should be prefixed by - the `length' and `type' fields. - - The maximum size of a packet is in practice determined by the client - (the maximum size of read or write requests that it sends, plus a few - bytes of packet overhead). All servers SHOULD support packets of at - least 34000 bytes (where the packet size refers to the full length, - including the header above). This should allow for reads and writes - of at most 32768 bytes. - - There is no limit on the number of outstanding (non-acknowledged) - requests that the client may send to the server. In practice this is - limited by the buffering available on the data stream and the queuing - performed by the server. If the server's queues are full, it should - not read any more data from the stream, and flow control will prevent - the client from sending more requests. Note, however, that while - there is no restriction on the protocol level, the client's API may - provide a limit in order to prevent infinite queuing of outgoing - requests at the client. - - The following values are defined for packet types. - - - - - - - - - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 5] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - #define SSH_FXP_INIT 1 - #define SSH_FXP_VERSION 2 - #define SSH_FXP_OPEN 3 - #define SSH_FXP_CLOSE 4 - #define SSH_FXP_READ 5 - #define SSH_FXP_WRITE 6 - #define SSH_FXP_LSTAT 7 - #define SSH_FXP_FSTAT 8 - #define SSH_FXP_SETSTAT 9 - #define SSH_FXP_FSETSTAT 10 - #define SSH_FXP_OPENDIR 11 - #define SSH_FXP_READDIR 12 - #define SSH_FXP_REMOVE 13 - #define SSH_FXP_MKDIR 14 - #define SSH_FXP_RMDIR 15 - #define SSH_FXP_REALPATH 16 - #define SSH_FXP_STAT 17 - #define SSH_FXP_RENAME 18 - #define SSH_FXP_READLINK 19 - #define SSH_FXP_SYMLINK 20 - - #define SSH_FXP_STATUS 101 - #define SSH_FXP_HANDLE 102 - #define SSH_FXP_DATA 103 - #define SSH_FXP_NAME 104 - #define SSH_FXP_ATTRS 105 - - #define SSH_FXP_EXTENDED 200 - #define SSH_FXP_EXTENDED_REPLY 201 - - RESERVED_FOR_EXTENSIONS 210-255 - - Additional packet types should only be defined if the protocol - version number (see Section ``Protocol Initialization'') is - incremented, and their use MUST be negotiated using the version - number. However, the SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY - packets can be used to implement vendor-specific extensions. See - Section ``Vendor-Specific-Extensions'' for more details. - - - - - - - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 6] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -4. Protocol Initialization - - When the file transfer protocol starts, the client first sends a - SSH_FXP_INIT (including its version number) packet to the server. - The server responds with a SSH_FXP_VERSION packet, supplying the - lowest of its own and the client's version number. Both parties - should from then on adhere to particular version of the protocol. - - The version number of the protocol specified in this document is 4. - The version number should be incremented for each incompatible - revision of this protocol. - -4.1 Client Initialization - - The SSH_FXP_INIT packet (from client to server) has the following - data: - - uint32 version - - Version 3 of this protocol allowed clients to include extensions in - the SSH_FXP_INIT packet; however, this can cause interoperability - problems with version 1 and version 2 servers because the client must - send this packet before knowing the servers version. - - In this version of the protocol, clients MUST use the - SSH_FXP_EXTENDED packet to send extensions to the server after - version exchange has completed. Clients MUST NOT include extensions - in the version packet. This will prevent interoperability problems - with older servers - -4.2 Server Initialization - - The SSH_FXP_VERSION packet (from server to client) has the following - data: - - uint32 version - - - 'version' is the lower of the protocol version supported by the - server and the version number received from the client. - - The extension data may be empty, or may be a sequence of - - string extension_name - string extension_data - - pairs (both strings MUST always be present if one is, but the - `extension_data' string may be of zero length). If present, these - - - -Galbraith, et al. Expires April 16, 2003 [Page 7] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - strings indicate extensions to the baseline protocol. The - `extension_name' field(s) identify the name of the extension. The - name should be of the form "name@domain", where the domain is the DNS - domain name of the organization defining the extension. Additional - names that are not of this format may be defined later by the IETF. - Implementations MUST silently ignore any extensions whose name they - do not recognize. - -4.3 Determining Server Newline Convention - - In order to correctly process text files in a cross platform - compatible way, the newline convention must be converted from that of - the server to that of the client, or, during an upload, from that of - the client to that of the server. - - Versions 3 and prior of this protocol made no provisions for - processing text files. Many clients implemented some sort of - conversion algorithm, but without either a 'canonical' on the wire - format or knowledge of the servers newline convention, correct - conversion was not always possible. - - Starting with Version 4, the SSH_FXF_TEXT file open flag (Section - 6.3) makes it possible to request that the server translate a file to - a 'canonical' on the wire format. This format uses \r\n as the line - separator. - - Servers for systems using multiple newline characters (for example, - Mac OS X or VMS) or systems using counted records, MUST translate to - the canonical form. - - However, to ease the burden of implementation on servers that use a - single, simple separator sequence, the following extension allows the - canonical format to be changed. - - string "newline" - string new-canonical-separator (usually "\r" or "\n" or "\r\n") - - All clients MUST support this extension. - - When processing text files, clients SHOULD NOT translate any - character or sequence that is not an exact match of the servers - newline separator. - - In particular, if the newline sequence being used is the canonical - "\r\n" sequence, a lone \r or a lone \n SHOULD be written through - without change. - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 8] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -5. File Attributes - - A new compound data type is defined for encoding file attributes. - The same encoding is used both when returning file attributes from - the server and when sending file attributes to the server. When - sending it to the server, the flags field specifies which attributes - are included, and the server will use default values for the - remaining attributes (or will not modify the values of remaining - attributes). When receiving attributes from the server, the flags - specify which attributes are included in the returned data. The - server normally returns all attributes it knows about. - - uint32 flags - byte type always present - uint64 size present only if flag SSH_FILEXFER_ATTR_SIZE - string owner present only if flag SSH_FILEXFER_ATTR_OWNERGROUP - string group present only if flag SSH_FILEXFER_ATTR_OWNERGROUP - uint32 permissions present only if flag SSH_FILEXFER_ATTR_PERMISSIONS - uint32 atime present only if flag SSH_FILEXFER_ATTR_ACCESSTIME - uint32 createtime present only if flag SSH_FILEXFER_ATTR_CREATETIME - uint32 mtime present only if flag SSH_FILEXFER_ATTR_MODIFYTIME - string acl present only if flag SSH_FILEXFER_ATTR_ACL - uint32 extended_count present only if flag SSH_FILEXFER_ATTR_EXTENDED - string extended_type - string extended_data - ... more extended data (extended_type - extended_data pairs), - so that number of pairs equals extended_count - - -5.1 Flags - - The `flags' specify which of the fields are present. Those fields - for which the corresponding flag is not set are not present (not - included in the packet). New flags can only be added by incrementing - the protocol version number (or by using the extension mechanism - described below). - - The flags bits are defined to have the following values: - - #define SSH_FILEXFER_ATTR_SIZE 0x00000001 - #define SSH_FILEXFER_ATTR_PERMISSIONS 0x00000004 - #define SSH_FILEXFER_ATTR_ACCESSTIME 0x00000008 - #define SSH_FILEXFER_ATTR_CREATETIME 0x00000010 - #define SSH_FILEXFER_ATTR_MODIFYTIME 0x00000020 - #define SSH_FILEXFER_ATTR_ACL 0x00000040 - #define SSH_FILEXFER_ATTR_OWNERGROUP 0x00000080 - #define SSH_FILEXFER_ATTR_EXTENDED 0x80000000 - - - - -Galbraith, et al. Expires April 16, 2003 [Page 9] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - In previous versions of this protocol flags value 0x00000002 was - SSH_FILEXFER_ATTR_UIDGID. This value is now unused, and OWNERGROUP - was given a new value in order to ease implementation burden. - 0x00000002 MUST NOT appear in the mask. Some future version of this - protocol may reuse flag 0x00000002. - -5.2 Type - - The type field is always present. The following types are defined: - - #define SSH_FILEXFER_TYPE_REGULAR 1 - #define SSH_FILEXFER_TYPE_DIRECTORY 2 - #define SSH_FILEXFER_TYPE_SYMLINK 3 - #define SSH_FILEXFER_TYPE_SPECIAL 4 - #define SSH_FILEXFER_TYPE_UNKNOWN 5 - - On a POSIX system, these values would be derived from the permission - field. - -5.3 Size - - The `size' field specifies the size of the file on disk, in bytes. - If it is present during file creation, it should be considered a hint - as to the files eventual size. - - Files opened with the SSH_FXF_TEXT flag may have a size that is - greater or less than the value of the size field. - -5.4 Owner and Group - - The `owner' and `group' fields are represented as UTF-8 strings; this - is the form used by NFS v4. See NFS version 4 Protocol. [3] The - following text is selected quotations from section 5.6. - - To avoid a representation that is tied to a particular underlying - implementation at the client or server, the use of UTF-8 strings has - been chosen. The string should be of the form user@dns_domain". - This will allow for a client and server that do not use the same - local representation the ability to translate to a common syntax that - can be interpreted by both. In the case where there is no - translation available to the client or server, the attribute value - must be constructed without the "@". Therefore, the absence of the @ - from the owner or owner_group attribute signifies that no translation - was available and the receiver of the attribute should not place any - special meaning with the attribute value. Even though the attribute - value can not be translated, it may still be useful. In the case of - a client, the attribute string may be used for local display of - ownership. - - - -Galbraith, et al. Expires April 16, 2003 [Page 10] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -5.5 Permissions - - The `permissions' field contains a bit mask of file permissions as - defined by POSIX [1]. - -5.6 Times - - The 'atime', 'createtime', and 'mtime' contain the access, creation, - and modification times of the files, respectively. They are - represented as seconds from Jan 1, 1970 in UTC. - -5.7 ACL - - The 'ACL' field contains an ACL similar to that defined in section - 5.9 of NFS version 4 Protocol [3]. - - uint32 ace-count - - repeated ace-count time: - uint32 ace-type - uint32 ace-flag - uint32 ace-mask - string who [UTF-8] - - ace-type is one of the following four values (taken from NFS Version - 4 Protocol [3]: - - const ACE4_ACCESS_ALLOWED_ACE_TYPE = 0x00000000; - const ACE4_ACCESS_DENIED_ACE_TYPE = 0x00000001; - const ACE4_SYSTEM_AUDIT_ACE_TYPE = 0x00000002; - const ACE4_SYSTEM_ALARM_ACE_TYPE = 0x00000003; - - ace-flag is a combination of the following flag values. See NFS - Version 4 Protocol [3] section 5.9.2: - - const ACE4_FILE_INHERIT_ACE = 0x00000001; - const ACE4_DIRECTORY_INHERIT_ACE = 0x00000002; - const ACE4_NO_PROPAGATE_INHERIT_ACE = 0x00000004; - const ACE4_INHERIT_ONLY_ACE = 0x00000008; - const ACE4_SUCCESSFUL_ACCESS_ACE_FLAG = 0x00000010; - const ACE4_FAILED_ACCESS_ACE_FLAG = 0x00000020; - const ACE4_IDENTIFIER_GROUP = 0x00000040; - - ace-mask is any combination of the following flags (taken from NFS - Version 4 Protocol [3] section 5.9.3: - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 11] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - const ACE4_READ_DATA = 0x00000001; - const ACE4_LIST_DIRECTORY = 0x00000001; - const ACE4_WRITE_DATA = 0x00000002; - const ACE4_ADD_FILE = 0x00000002; - const ACE4_APPEND_DATA = 0x00000004; - const ACE4_ADD_SUBDIRECTORY = 0x00000004; - const ACE4_READ_NAMED_ATTRS = 0x00000008; - const ACE4_WRITE_NAMED_ATTRS = 0x00000010; - const ACE4_EXECUTE = 0x00000020; - const ACE4_DELETE_CHILD = 0x00000040; - const ACE4_READ_ATTRIBUTES = 0x00000080; - const ACE4_WRITE_ATTRIBUTES = 0x00000100; - const ACE4_DELETE = 0x00010000; - const ACE4_READ_ACL = 0x00020000; - const ACE4_WRITE_ACL = 0x00040000; - const ACE4_WRITE_OWNER = 0x00080000; - const ACE4_SYNCHRONIZE = 0x00100000; - - who is a UTF-8 string of the form described in 'Owner and Group' - (Section 5.4) - -5.8 Extended attributes - - The SSH_FILEXFER_ATTR_EXTENDED flag provides a general extension - mechanism for vendor-specific extensions. If the flag is specified, - then the `extended_count' field is present. It specifies the number - of extended_type-extended_data pairs that follow. Each of these - pairs specifies an extended attribute. For each of the attributes, - the extended_type field should be a string of the format - "name@domain", where "domain" is a valid, registered domain name and - "name" identifies the method. The IETF may later standardize certain - names that deviate from this format (e.g., that do not contain the - "@" sign). The interpretation of `extended_data' depends on the - type. Implementations SHOULD ignore extended data fields that they - do not understand. - - Additional fields can be added to the attributes by either defining - additional bits to the flags field to indicate their presence, or by - defining extended attributes for them. The extended attributes - mechanism is recommended for most purposes; additional flags bits - should only be defined by an IETF standards action that also - increments the protocol version number. The use of such new fields - MUST be negotiated by the version number in the protocol exchange. - It is a protocol error if a packet with unsupported protocol bits is - received. - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 12] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -6. Requests From the Client to the Server - - Requests from the client to the server represent the various file - system operations. Each request begins with an `id' field, which is - a 32-bit identifier identifying the request (selected by the client). - The same identifier will be returned in the response to the request. - One possible implementation is a monotonically increasing request - sequence number (modulo 2^32). - - Many operations in the protocol operate on open files. The - SSH_FXP_OPEN request can return a file handle (which is an opaque - variable-length string) which may be used to access the file later - (e.g. in a read operation). The client MUST NOT send requests the - server with bogus or closed handles. However, the server MUST - perform adequate checks on the handle in order to avoid security - risks due to fabricated handles. - - This design allows either stateful and stateless server - implementation, as well as an implementation which caches state - between requests but may also flush it. The contents of the file - handle string are entirely up to the server and its design. The - client should not modify or attempt to interpret the file handle - strings. - - The file handle strings MUST NOT be longer than 256 bytes. - -6.1 Request Synchronization and Reordering - - The protocol and implementations MUST process requests relating to - the same file in the order in which they are received. In other - words, if an application submits multiple requests to the server, the - results in the responses will be the same as if it had sent the - requests one at a time and waited for the response in each case. For - example, the server may process non-overlapping read/write requests - to the same file in parallel, but overlapping reads and writes cannot - be reordered or parallelized. However, there are no ordering - restrictions on the server for processing requests from two different - file transfer connections. The server may interleave and parallelize - them at will. - - There are no restrictions on the order in which responses to - outstanding requests are delivered to the client, except that the - server must ensure fairness in the sense that processing of no - request will be indefinitely delayed even if the client is sending - other requests so that there are multiple outstanding requests all - the time. - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 13] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -6.2 File Names - - This protocol represents file names as strings. File names are - assumed to use the slash ('/') character as a directory separator. - - File names starting with a slash are "absolute", and are relative to - the root of the file system. Names starting with any other character - are relative to the user's default directory (home directory). Note - that identifying the user is assumed to take place outside of this - protocol. - - Servers SHOULD interpret a path name component ".." as referring to - the parent directory, and "." as referring to the current directory. - If the server implementation limits access to certain parts of the - file system, it must be extra careful in parsing file names when - enforcing such restrictions. There have been numerous reported - security bugs where a ".." in a path name has allowed access outside - the intended area. - - An empty path name is valid, and it refers to the user's default - directory (usually the user's home directory). - - Otherwise, no syntax is defined for file names by this specification. - Clients should not make any other assumptions; however, they can - splice path name components returned by SSH_FXP_READDIR together - using a slash ('/') as the separator, and that will work as expected. - - In order to comply with IETF Policy on Character Sets and Languages - [2], all filenames are to be encoded in UTF-8. The shortest valid - UTF-8 encoding of the UNICODE data MUST be used. The server is - responsible for converting the UNICODE data to whatever canonical - form it requires. - - For example, if the server requires that precomposed characters - always be used, the server MUST NOT assume the filename as sent by - the client has this attribute, but must do this normalization itself. - - It is understood that the lack of well-defined semantics for file - names may cause interoperability problems between clients and servers - using radically different operating systems. However, this approach - is known to work acceptably with most systems, and alternative - approaches that e.g. treat file names as sequences of structured - components are quite complicated. - -6.3 Opening, Creating, and Closing Files - - Files are opened and created using the SSH_FXP_OPEN message, whose - data part is as follows: - - - -Galbraith, et al. Expires April 16, 2003 [Page 14] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - uint32 id - string filename [UTF-8] - uint32 pflags - ATTRS attrs - - The `id' field is the request identifier as for all requests. - - The `filename' field specifies the file name. See Section ``File - Names'' for more information. - - The `pflags' field is a bitmask. The following bits have been - defined. - - #define SSH_FXF_READ 0x00000001 - #define SSH_FXF_WRITE 0x00000002 - #define SSH_FXF_APPEND 0x00000004 - #define SSH_FXF_CREAT 0x00000008 - #define SSH_FXF_TRUNC 0x00000010 - #define SSH_FXF_EXCL 0x00000020 - #define SSH_FXF_TEXT 0x00000040 - - These have the following meanings: - - SSH_FXF_READ - Open the file for reading. - - SSH_FXF_WRITE - Open the file for writing. If both this and SSH_FXF_READ are - specified, the file is opened for both reading and writing. - - SSH_FXF_APPEND - Force all writes to append data at the end of the file. The - offset parameter to write will be ignored. - - SSH_FXF_CREAT - If this flag is specified, then a new file will be created if one - does not already exist (if O_TRUNC is specified, the new file will - be truncated to zero length if it previously exists). - - SSH_FXF_TRUNC - Forces an existing file with the same name to be truncated to zero - length when creating a file by specifying SSH_FXF_CREAT. - SSH_FXF_CREAT MUST also be specified if this flag is used. - - SSH_FXF_EXCL - Causes the request to fail if the named file already exists. - SSH_FXF_CREAT MUST also be specified if this flag is used. - - - - -Galbraith, et al. Expires April 16, 2003 [Page 15] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - SSH_FXF_TEXT - Indicates that the server should treat the file as text and - convert it to the canonical newline convention in use. (See - Determining Server Newline Convention. (Section 4.3) - - When a file is opened with the FXF_TEXT flag, the offset field in - both the read and write function are ignored. - - Servers MUST correctly process multiple parallel reads and writes - correctly in this mode. Naturally, it is permissible for them to - do this by serializing the requests. It would not be possible for - a client to reliably detect a server that does not implement - parallel writes in time to prevent damage. - - Clients SHOULD use the SSH_FXF_APPEND flag to append data to a - text file rather then using write with a calculated offset. - - To support seeks on text file the following SSH_FXP_EXTENDED - packet is defined. - - - - string "text-seek" - string file-handle - uint64 line-number - - line-number is the index of the line number to seek to, where byte - 0 in the file is line number 0, and the byte directly following - the first newline sequence in the file is line number 1 and so on. - - The response to a "text-seek" request is an SSH_FXP_STATUS - message. - - An attempt to seek past the end-of-file should result in a - SSH_FX_EOF status. - - Servers SHOULD support at least one "text-seek" in order to - support resume. However, a client MUST be prepared to receive - SSH_FX_OP_UNSUPPORTED when attempting a "text-seek" operation. - The client can then try a fall-back strategy, if it has one. - - Clients MUST be prepared to handle SSH_FX_OP_UNSUPPORTED returned - for read or write operations that are not sequential. - - The `attrs' field specifies the initial attributes for the file. - Default values will be used for those attributes that are not - specified. See Section ``File Attributes'' for more information. - - - - -Galbraith, et al. Expires April 16, 2003 [Page 16] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - The response to this message will be either SSH_FXP_HANDLE (if the - operation is successful) or SSH_FXP_STATUS (if the operation fails). - - A file is closed by using the SSH_FXP_CLOSE request. Its data field - has the following format: - - uint32 id - string handle - - where `id' is the request identifier, and `handle' is a handle - previously returned in the response to SSH_FXP_OPEN or - SSH_FXP_OPENDIR. The handle becomes invalid immediately after this - request has been sent. - - The response to this request will be a SSH_FXP_STATUS message. One - should note that on some server platforms even a close can fail. - This can happen e.g. if the server operating system caches writes, - and an error occurs while flushing cached writes during the close. - -6.4 Reading and Writing - - Once a file has been opened, it can be read using the SSH_FXP_READ - message, which has the following format: - - uint32 id - string handle - uint64 offset - uint32 len - - where `id' is the request identifier, `handle' is an open file handle - returned by SSH_FXP_OPEN, `offset' is the offset (in bytes) relative - to the beginning of the file from where to start reading, and `len' - is the maximum number of bytes to read. - - In response to this request, the server will read as many bytes as it - can from the file (up to `len'), and return them in a SSH_FXP_DATA - message. If an error occurs or EOF is encountered before reading any - data, the server will respond with SSH_FXP_STATUS. For normal disk - files, it is guaranteed that this will read the specified number of - bytes, or up to end of file. For e.g. device files this may return - fewer bytes than requested. - - Writing to a file is achieved using the SSH_FXP_WRITE message, which - has the following format: - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 17] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - uint32 id - string handle - uint64 offset - string data - - where `id' is a request identifier, `handle' is a file handle - returned by SSH_FXP_OPEN, `offset' is the offset (in bytes) from the - beginning of the file where to start writing, and `data' is the data - to be written. - - The write will extend the file if writing beyond the end of the file. - It is legal to write way beyond the end of the file; the semantics - are to write zeroes from the end of the file to the specified offset - and then the data. On most operating systems, such writes do not - allocate disk space but instead leave "holes" in the file. - - The server responds to a write request with a SSH_FXP_STATUS message. - -6.5 Removing and Renaming Files - - Files can be removed using the SSH_FXP_REMOVE message. It has the - following format: - - uint32 id - string filename [UTF-8] - - where `id' is the request identifier and `filename' is the name of - the file to be removed. See Section ``File Names'' for more - information. This request cannot be used to remove directories. - - The server will respond to this request with a SSH_FXP_STATUS - message. - - Files (and directories) can be renamed using the SSH_FXP_RENAME - message. Its data is as follows: - - uint32 id - string oldpath [UTF-8] - string newpath [UTF-8] - - where `id' is the request identifier, `oldpath' is the name of an - existing file or directory, and `newpath' is the new name for the - file or directory. It is an error if there already exists a file - with the name specified by newpath. The server may also fail rename - requests in other situations, for example if `oldpath' and `newpath' - point to different file systems on the server. - - The server will respond to this request with a SSH_FXP_STATUS - - - -Galbraith, et al. Expires April 16, 2003 [Page 18] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - message. - -6.6 Creating and Deleting Directories - - New directories can be created using the SSH_FXP_MKDIR request. It - has the following format: - - uint32 id - string path [UTF-8] - ATTRS attrs - - where `id' is the request identifier. - - `path' specifies the directory to be created. See Section ``File - Names'' for more information on file names. - - `attrs' specifies the attributes that should be applied to it upon - creation. Attributes are discussed in more detail in Section ``File - Attributes''. - - The server will respond to this request with a SSH_FXP_STATUS - message. If a file or directory with the specified path already - exists, an error will be returned. - - Directories can be removed using the SSH_FXP_RMDIR request, which has - the following format: - - uint32 id - string path [UTF-8] - - where `id' is the request identifier, and `path' specifies the - directory to be removed. See Section ``File Names'' for more - information on file names. - - The server responds to this request with a SSH_FXP_STATUS message. - Errors may be returned from this operation for various reasons, - including, but not limited to, the path does not exist, the path does - not refer to a directory object, the directory is not empty, or the - user has insufficient access or permission to perform the requested - operation. - -6.7 Scanning Directories - - The files in a directory can be listed using the SSH_FXP_OPENDIR and - SSH_FXP_READDIR requests. Each SSH_FXP_READDIR request returns one - or more file names with full file attributes for each file. The - client should call SSH_FXP_READDIR repeatedly until it has found the - file it is looking for or until the server responds with a - - - -Galbraith, et al. Expires April 16, 2003 [Page 19] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - SSH_FXP_STATUS message indicating an error (normally SSH_FX_EOF if - there are no more files in the directory). The client should then - close the handle using the SSH_FXP_CLOSE request. - - The SSH_FXP_OPENDIR opens a directory for reading. It has the - following format: - - uint32 id - string path [UTF-8] - - where `id' is the request identifier and `path' is the path name of - the directory to be listed (without any trailing slash). See Section - ``File Names'' for more information on file names. This will return - an error if the path does not specify a directory or if the directory - is not readable. The server will respond to this request with either - a SSH_FXP_HANDLE or a SSH_FXP_STATUS message. - - Once the directory has been successfully opened, files (and - directories) contained in it can be listed using SSH_FXP_READDIR - requests. These are of the format - - uint32 id - string handle - - where `id' is the request identifier, and `handle' is a handle - returned by SSH_FXP_OPENDIR. (It is a protocol error to attempt to - use an ordinary file handle returned by SSH_FXP_OPEN.) - - The server responds to this request with either a SSH_FXP_NAME or a - SSH_FXP_STATUS message. One or more names may be returned at a time. - Full status information is returned for each name in order to speed - up typical directory listings. - - If there are no more names available to be read, the server MUST - respond with a SSH_FXP_STATUS message with error code of SSH_FX_EOF. - - When the client no longer wishes to read more names from the - directory, it SHOULD call SSH_FXP_CLOSE for the handle. The handle - should be closed regardless of whether an error has occurred or not. - -6.8 Retrieving File Attributes - - Very often, file attributes are automatically returned by - SSH_FXP_READDIR. However, sometimes there is need to specifically - retrieve the attributes for a named file. This can be done using the - SSH_FXP_STAT, SSH_FXP_LSTAT and SSH_FXP_FSTAT requests. - - SSH_FXP_STAT and SSH_FXP_LSTAT only differ in that SSH_FXP_STAT - - - -Galbraith, et al. Expires April 16, 2003 [Page 20] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - follows symbolic links on the server, whereas SSH_FXP_LSTAT does not - follow symbolic links. Both have the same format: - - uint32 id - string path [UTF-8] - uint32 flags - - where `id' is the request identifier, and `path' specifies the file - system object for which status is to be returned. The server - responds to this request with either SSH_FXP_ATTRS or SSH_FXP_STATUS. - - The flags field specify the attribute flags in which the client has - particular interest. This is a hint to the server. For example, - because retrieving owner / group and acl information can be an - expensive operation under some operating systems, the server may - choose not to retrieve this information unless the client expresses a - specific interest in it. - - The client has no guarantee the server will provide all the fields - that it has expressed an interest in. - - SSH_FXP_FSTAT differs from the others in that it returns status - information for an open file (identified by the file handle). Its - format is as follows: - - uint32 id - string handle - uint32 flags - - where `id' is the request identifier and `handle' is a file handle - returned by SSH_FXP_OPEN. The server responds to this request with - SSH_FXP_ATTRS or SSH_FXP_STATUS. - -6.9 Setting File Attributes - - File attributes may be modified using the SSH_FXP_SETSTAT and - SSH_FXP_FSETSTAT requests. These requests are used for operations - such as changing the ownership, permissions or access times, as well - as for truncating a file. - - The SSH_FXP_SETSTAT request is of the following format: - - uint32 id - string path [UTF-8] - ATTRS attrs - - where `id' is the request identifier, `path' specifies the file - system object (e.g. file or directory) whose attributes are to be - - - -Galbraith, et al. Expires April 16, 2003 [Page 21] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - modified, and `attrs' specifies the modifications to be made to its - attributes. Attributes are discussed in more detail in Section - ``File Attributes''. - - An error will be returned if the specified file system object does - not exist or the user does not have sufficient rights to modify the - specified attributes. The server responds to this request with a - SSH_FXP_STATUS message. - - The SSH_FXP_FSETSTAT request modifies the attributes of a file which - is already open. It has the following format: - - uint32 id - string handle - ATTRS attrs - - where `id' is the request identifier, `handle' (MUST be returned by - SSH_FXP_OPEN) identifies the file whose attributes are to be - modified, and `attrs' specifies the modifications to be made to its - attributes. Attributes are discussed in more detail in Section - ``File Attributes''. The server will respond to this request with - SSH_FXP_STATUS. - -6.10 Dealing with Symbolic links - - The SSH_FXP_READLINK request may be used to read the target of a - symbolic link. It would have a data part as follows: - - uint32 id - string path [UTF-8] - - where `id' is the request identifier and `path' specifies the path - name of the symlink to be read. - - The server will respond with a SSH_FXP_NAME packet containing only - one name and a dummy attributes value. The name in the returned - packet contains the target of the link. If an error occurs, the - server may respond with SSH_FXP_STATUS. - - The SSH_FXP_SYMLINK request will create a symbolic link on the - server. It is of the following format - - uint32 id - string linkpath [UTF-8] - string targetpath [UTF-8] - - where `id' is the request identifier, `linkpath' specifies the path - name of the symlink to be created and `targetpath' specifies the - - - -Galbraith, et al. Expires April 16, 2003 [Page 22] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - target of the symlink. The server shall respond with a - SSH_FXP_STATUS indicating either success (SSH_FX_OK) or an error - condition. - -6.11 Canonicalizing the Server-Side Path Name - - The SSH_FXP_REALPATH request can be used to have the server - canonicalize any given path name to an absolute path. This is useful - for converting path names containing ".." components or relative - pathnames without a leading slash into absolute paths. The format of - the request is as follows: - - uint32 id - string path [UTF-8] - - where `id' is the request identifier and `path' specifies the path - name to be canonicalized. The server will respond with a - SSH_FXP_NAME packet containing the name in canonical form and a dummy - attributes value. If an error occurs, the server may also respond - with SSH_FXP_STATUS. - -6.11.1 Best practice for dealing with paths - - The client SHOULD treat the results of SSH_FXP_REALPATH as a - canonical absolute path, even if the path does not appear to be - absolute. A client that use REALPATH(".") and treats the result as - absolute, even if there is no leading slash, will continue to - function correctly, even when talking to a Windows NT or VMS style - system, where absolute paths may not begin with a slash. - - For example, if the client wishes to change directory up, and the - server has returned "c:/x/y/z" from REALPATH, the client SHOULD use - "c:/x/y/z/..". - - As a second example, if the client wishes to open the file "x.txt" in - the current directory, and server has returned "dka100:/x/y/z" as the - canonical path of the directory, the client SHOULD open "dka100:/x/y/ - z/x.txt" - - - - - - - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 23] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -7. Responses from the Server to the Client - - The server responds to the client using one of a few response - packets. All requests can return a SSH_FXP_STATUS response upon - failure. When the operation is successful, any of the responses may - be returned (depending on the operation). If no data needs to be - returned to the client, the SSH_FXP_STATUS response with SSH_FX_OK - status is appropriate. Otherwise, the SSH_FXP_HANDLE message is used - to return a file handle (for SSH_FXP_OPEN and SSH_FXP_OPENDIR - requests), SSH_FXP_DATA is used to return data from SSH_FXP_READ, - SSH_FXP_NAME is used to return one or more file names from a - SSH_FXP_READDIR or SSH_FXP_REALPATH request, and SSH_FXP_ATTRS is - used to return file attributes from SSH_FXP_STAT, SSH_FXP_LSTAT, and - SSH_FXP_FSTAT requests. - - Exactly one response will be returned for each request. Each - response packet contains a request identifier which can be used to - match each response with the corresponding request. Note that it is - legal to have several requests outstanding simultaneously, and the - server is allowed to send responses to them in a different order from - the order in which the requests were sent (the result of their - execution, however, is guaranteed to be as if they had been processed - one at a time in the order in which the requests were sent). - - Response packets are of the same general format as request packets. - Each response packet begins with the request identifier. - - The format of the data portion of the SSH_FXP_STATUS response is as - follows: - - uint32 id - uint32 error/status code - string error message (ISO-10646 UTF-8 [RFC-2279]) - string language tag (as defined in [RFC-1766]) - - where `id' is the request identifier, and `error/status code' - indicates the result of the requested operation. The value SSH_FX_OK - indicates success, and all other values indicate failure. - - Currently, the following values are defined (other values may be - defined by future versions of this protocol): - - - - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 24] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - #define SSH_FX_OK 0 - #define SSH_FX_EOF 1 - #define SSH_FX_NO_SUCH_FILE 2 - #define SSH_FX_PERMISSION_DENIED 3 - #define SSH_FX_FAILURE 4 - #define SSH_FX_BAD_MESSAGE 5 - #define SSH_FX_NO_CONNECTION 6 - #define SSH_FX_CONNECTION_LOST 7 - #define SSH_FX_OP_UNSUPPORTED 8 - #define SSH_FX_INVALID_HANDLE 9 - #define SSH_FX_NO_SUCH_PATH 10 - #define SSH_FX_FILE_ALREADY_EXISTS 11 - #define SSH_FX_WRITE_PROTECT 12 - - SSH_FX_OK - Indicates successful completion of the operation. - - SSH_FX_EOF - indicates end-of-file condition; for SSH_FX_READ it means that no - more data is available in the file, and for SSH_FX_READDIR it - indicates that no more files are contained in the directory. - - SSH_FX_NO_SUCH_FILE - is returned when a reference is made to a file which does not - exist. - - SSH_FX_PERMISSION_DENIED - is returned when the authenticated user does not have sufficient - permissions to perform the operation. - - SSH_FX_FAILURE - is a generic catch-all error message; it should be returned if an - error occurs for which there is no more specific error code - defined. - - SSH_FX_BAD_MESSAGE - may be returned if a badly formatted packet or protocol - incompatibility is detected. - - SSH_FX_NO_CONNECTION - is a pseudo-error which indicates that the client has no - connection to the server (it can only be generated locally by the - client, and MUST NOT be returned by servers). - - SSH_FX_CONNECTION_LOST - is a pseudo-error which indicates that the connection to the - server has been lost (it can only be generated locally by the - client, and MUST NOT be returned by servers). - - - -Galbraith, et al. Expires April 16, 2003 [Page 25] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - SSH_FX_OP_UNSUPPORTED - indicates that an attempt was made to perform an operation which - is not supported for the server (it may be generated locally by - the client if e.g. the version number exchange indicates that a - required feature is not supported by the server, or it may be - returned by the server if the server does not implement an - operation). - - SSH_FX_INVALID_HANDLE - The handle value was invalid. - - SSH_FX_NO_SUCH_PATH - The file path does not exist or is invalid. - - SSH_FX_FILE_ALREADY_EXISTS - The file already exists. - - SSH_FX_WRITE_PROTECT - The file is on read only media, or the media is write protected. - - The SSH_FXP_HANDLE response has the following format: - - uint32 id - string handle - - where `id' is the request identifier, and `handle' is an arbitrary - string that identifies an open file or directory on the server. The - handle is opaque to the client; the client MUST NOT attempt to - interpret or modify it in any way. The length of the handle string - MUST NOT exceed 256 data bytes. - - The SSH_FXP_DATA response has the following format: - - uint32 id - string data - - where `id' is the request identifier, and `data' is an arbitrary byte - string containing the requested data. The data string may be at most - the number of bytes requested in a SSH_FXP_READ request, but may also - be shorter if end of file is reached or if the read is from something - other than a regular file. - - The SSH_FXP_NAME response has the following format: - - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 26] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - uint32 id - uint32 count - repeats count times: - string filename [UTF-8] - ATTRS attrs - - where `id' is the request identifier, `count' is the number of names - returned in this response, and the remaining fields repeat `count' - times (so that all three fields are first included for the first - file, then for the second file, etc). In the repeated part, - `filename' is a file name being returned (for SSH_FXP_READDIR, it - will be a relative name within the directory, without any path - components; for SSH_FXP_REALPATH it will be an absolute path name), - and `attrs' is the attributes of the file as described in Section - ``File Attributes''. - - The SSH_FXP_ATTRS response has the following format: - - uint32 id - ATTRS attrs - - where `id' is the request identifier, and `attrs' is the returned - file attributes as described in Section ``File Attributes''. - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 27] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -8. Vendor-Specific Extensions - - The SSH_FXP_EXTENDED request provides a generic extension mechanism - for adding vendor-specific commands. The request has the following - format: - - uint32 id - string extended-request - ... any request-specific data ... - - where `id' is the request identifier, and `extended-request' is a - string of the format "name@domain", where domain is an internet - domain name of the vendor defining the request. The rest of the - request is completely vendor-specific, and servers should only - attempt to interpret it if they recognize the `extended-request' - name. - - The server may respond to such requests using any of the response - packets defined in Section ``Responses from the Server to the - Client''. Additionally, the server may also respond with a - SSH_FXP_EXTENDED_REPLY packet, as defined below. If the server does - not recognize the `extended-request' name, then the server MUST - respond with SSH_FXP_STATUS with error/status set to - SSH_FX_OP_UNSUPPORTED. - - The SSH_FXP_EXTENDED_REPLY packet can be used to carry arbitrary - extension-specific data from the server to the client. It is of the - following format: - - uint32 id - ... any request-specific data ... - - There is a range of packet types reserved for use by extensions. In - order to avoid collision, extensions that turn on the use of - additional packet types should determine those numbers dynamically. - - The suggested way of doing this is have an extension request from the - client to the server that enables the extension; the extension - response from the server to the client would specify the actual type - values to use, in additional to any other data. - - Extension authors should be mindful of the limited range of packet - types available (there are only 45 values available) and avoid - requiring a new packet type where possible. - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 28] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -9. Security Considerations - - This protocol assumes that it is run over a secure channel and that - the endpoints of the channel have been authenticated. Thus, this - protocol assumes that it is externally protected from network-level - attacks. - - This protocol provides file system access to arbitrary files on the - server (only constrained by the server implementation). It is the - responsibility of the server implementation to enforce any access - controls that may be required to limit the access allowed for any - particular user (the user being authenticated externally to this - protocol, typically using the SSH User Authentication Protocol [8]. - - Care must be taken in the server implementation to check the validity - of received file handle strings. The server should not rely on them - directly; it MUST check the validity of each handle before relying on - it. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 29] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -10. Changes from previous protocol versions - - The SSH File Transfer Protocol has changed over time, before it's - standardization. The following is a description of the incompatible - changes between different versions. - -10.1 Changes between versions 4 and 3 - - Many of the changes between version 4 and version 3 are to the - attribute structure to make it more flexible for non-unix platforms. - - o Make all filenames UTF-8. - - o Added 'newline' extension. - - o Made file attribute owner and group strings so they can actually - be used on disparate systems. - - o Added createtime field, and added separate flags for atime, - createtime, and mtime so they can be set separately. - - o Split the file type out of the permissions field and into it's own - field (which is always present.) - - o Added acl attribute. - - o Added SSH_FXF_TEXT file open flag. - - o Added flags field to the get stat commands so that the client can - specifically request information the server might not normally - included for performance reasons. - - o Removed the long filename from the names structure-- it can now be - built from information available in the attrs structure. - - o Added reserved range of packet numbers for extensions. - - o Added several additional error codes. - - o Change the way version negotiate works slightly. Previously, if - the client version were higher than the server version, the server - was supposed to 'echo back' the clients version. The server now - sends it's own version and the lower of the two is considered to - be the one in use. - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 30] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -10.2 Changes between versions 3 and 2 - - o The SSH_FXP_READLINK and SSH_FXP_SYMLINK messages were added. - - o The SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY messages were - added. - - o The SSH_FXP_STATUS message was changed to include fields `error - message' and `language tag'. - - -10.3 Changes between versions 2 and 1 - - o The SSH_FXP_RENAME message was added. - - -10.4 Changes between versions 1 and 0 - - o Implementation changes, no actual protocol changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 31] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -11. Trademark Issues - - "ssh" is a registered trademark of SSH Communications Security Corp - in the United States and/or other countries. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 32] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -References - - [1] Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A. and - P. Kocher, "The TLS Protocol Version 1.0", RFC 2246, January - 1999. - - [2] Alvestrand, H., "IETF Policy on Character Sets and Languages", - BCP 18, RFC 2277, January 1998. - - [3] Shepler, S., Callaghan, B., Robinson, D., Thurlow, R., Beame, - C., Eisler, M. and D. Noveck, "NFS version 4 Protocol", RFC - 3010, December 2000. - - [4] Institute of Electrical and Electronics Engineers, "Information - Technology - Portable Operating System Interface (POSIX) - Part - 1: System Application Program Interface (API) [C Language]", - IEEE Standard 1003.2, 1996. - - [5] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. - Lehtinen, "SSH Protocol Architecture", draft-ietf-secsh- - architecture-13 (work in progress), September 2002. - - [6] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. - Lehtinen, "SSH Protocol Transport Protocol", draft-ietf-secsh- - transport-15 (work in progress), September 2002. - - [7] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. - Lehtinen, "SSH Connection Protocol", draft-ietf-secsh-connect-16 - (work in progress), September 2002. - - [8] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. - Lehtinen, "SSH Authentication Protocol", draft-ietf-secsh- - userauth-16 (work in progress), September 2002. - - -Authors' Addresses - - Joseph Galbraith - VanDyke Software - 4848 Tramway Ridge Blvd - Suite 101 - Albuquerque, NM 87111 - US - - Phone: +1 505 332 5700 - EMail: galb-list@vandyke.com - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 33] - -Internet-Draft SSH File Transfer Protocol October 2002 - - - Tatu Ylonen - SSH Communications Security Corp - Fredrikinkatu 42 - HELSINKI FIN-00100 - Finland - - EMail: ylo@ssh.com - - - Sami Lehtinen - SSH Communications Security Corp - Fredrikinkatu 42 - HELSINKI FIN-00100 - Finland - - EMail: sjl@ssh.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 34] - -Internet-Draft SSH File Transfer Protocol October 2002 - - -Full Copyright Statement - - Copyright (C) The Internet Society (2002). All Rights Reserved. - - This document and translations of it may be copied and furnished to - others, and derivative works that comment on or otherwise explain it - or assist in its implementation may be prepared, copied, published - and distributed, in whole or in part, without restriction of any - kind, provided that the above copyright notice and this paragraph are - included on all such copies and derivative works. However, this - document itself may not be modified in any way, such as by removing - the copyright notice or references to the Internet Society or other - Internet organizations, except as needed for the purpose of - developing Internet standards in which case the procedures for - copyrights defined in the Internet Standards process must be - followed, or as required to translate it into languages other than - English. - - The limited permissions granted above are perpetual and will not be - revoked by the Internet Society or its successors or assigns. - - This document and the information contained herein is provided on an - "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING - TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION - HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF - MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - -Acknowledgement - - Funding for the RFC Editor function is currently provided by the - Internet Society. - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires April 16, 2003 [Page 35] - - diff --git a/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-04.txt b/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-04.txt deleted file mode 100644 index 9f51883cd2..0000000000 --- a/lib/ssh/doc/standard/draft-ietf-secsh-filexfer-04.txt +++ /dev/null @@ -1,2130 +0,0 @@ - - - -Secure Shell Working Group J. Galbraith -Internet-Draft VanDyke Software -Expires: June 18, 2003 T. Ylonen - S. Lehtinen - SSH Communications Security Corp - December 18, 2002 - - - SSH File Transfer Protocol - draft-ietf-secsh-filexfer-04.txt - -Status of this Memo - - This document is an Internet-Draft and is in full conformance with - all provisions of Section 10 of RFC2026. - - Internet-Drafts are working documents of the Internet Engineering - Task Force (IETF), its areas, and its working groups. Note that - other groups may also distribute working documents as - Internet-Drafts. - - Internet-Drafts are draft documents valid for a maximum of six months - and may be updated, replaced, or obsoleted by other documents at any - time. It is inappropriate to use Internet-Drafts as reference - material or to cite them other than as "work in progress." - - The list of current Internet-Drafts can be accessed at http:// - www.ietf.org/ietf/1id-abstracts.txt. - - The list of Internet-Draft Shadow Directories can be accessed at - http://www.ietf.org/shadow.html. - - This Internet-Draft will expire on June 18, 2003. - -Copyright Notice - - Copyright (C) The Internet Society (2002). All Rights Reserved. - -Abstract - - The SSH File Transfer Protocol provides secure file transfer - functionality over any reliable data stream. It is the standard file - transfer protocol for use with the SSH2 protocol. This document - describes the file transfer protocol and its interface to the SSH2 - protocol suite. - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 1] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -Table of Contents - - 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 3 - 2. Use with the SSH Connection Protocol . . . . . . . . . . . 4 - 3. General Packet Format . . . . . . . . . . . . . . . . . . 5 - 3.1 The use of stderr in the server . . . . . . . . . . . . . 6 - 4. Protocol Initialization . . . . . . . . . . . . . . . . . 8 - 4.1 Client Initialization . . . . . . . . . . . . . . . . . . 8 - 4.2 Server Initialization . . . . . . . . . . . . . . . . . . 8 - 4.3 Determining Server Newline Convention . . . . . . . . . . 9 - 5. File Attributes . . . . . . . . . . . . . . . . . . . . . 10 - 5.1 Flags . . . . . . . . . . . . . . . . . . . . . . . . . . 10 - 5.2 Type . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 - 5.3 Size . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 - 5.4 Owner and Group . . . . . . . . . . . . . . . . . . . . . 11 - 5.5 Permissions . . . . . . . . . . . . . . . . . . . . . . . 12 - 5.6 Times . . . . . . . . . . . . . . . . . . . . . . . . . . 12 - 5.7 ACL . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 - 5.8 Extended attributes . . . . . . . . . . . . . . . . . . . 14 - 6. Requests From the Client to the Server . . . . . . . . . . 15 - 6.1 Request Synchronization and Reordering . . . . . . . . . . 15 - 6.2 File Names . . . . . . . . . . . . . . . . . . . . . . . . 16 - 6.3 Opening, Creating, and Closing Files . . . . . . . . . . . 16 - 6.4 Reading and Writing . . . . . . . . . . . . . . . . . . . 19 - 6.5 Removing and Renaming Files . . . . . . . . . . . . . . . 20 - 6.6 Creating and Deleting Directories . . . . . . . . . . . . 21 - 6.7 Scanning Directories . . . . . . . . . . . . . . . . . . . 21 - 6.8 Retrieving File Attributes . . . . . . . . . . . . . . . . 22 - 6.9 Setting File Attributes . . . . . . . . . . . . . . . . . 23 - 6.10 Dealing with Symbolic links . . . . . . . . . . . . . . . 24 - 6.11 Canonicalizing the Server-Side Path Name . . . . . . . . . 25 - 6.11.1 Best practice for dealing with paths . . . . . . . . . . . 25 - 7. Responses from the Server to the Client . . . . . . . . . 26 - 8. Vendor-Specific Extensions . . . . . . . . . . . . . . . . 30 - 9. Security Considerations . . . . . . . . . . . . . . . . . 31 - 10. Changes from previous protocol versions . . . . . . . . . 32 - 10.1 Changes between versions 4 and 3 . . . . . . . . . . . . . 32 - 10.2 Changes between versions 3 and 2 . . . . . . . . . . . . . 33 - 10.3 Changes between versions 2 and 1 . . . . . . . . . . . . . 33 - 10.4 Changes between versions 1 and 0 . . . . . . . . . . . . . 33 - 11. Trademark Issues . . . . . . . . . . . . . . . . . . . . . 34 - References . . . . . . . . . . . . . . . . . . . . . . . . 35 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . 35 - Intellectual Property and Copyright Statements . . . . . . 37 - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 2] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -1. Introduction - - This protocol provides secure file transfer (and more generally file - system access) functionality over a reliable data stream, such as a - channel in the SSH2 protocol [5]. - - This protocol is designed so that it could be used to implement a - secure remote file system service, as well as a secure file transfer - service. - - This protocol assumes that it runs over a secure channel, and that - the server has already authenticated the user at the client end, and - that the identity of the client user is externally available to the - server implementation. - - In general, this protocol follows a simple request-response model. - Each request and response contains a sequence number and multiple - requests may be pending simultaneously. There are a relatively large - number of different request messages, but a small number of possible - response messages. Each request has one or more response messages - that may be returned in result (e.g., a read either returns data or - reports error status). - - The packet format descriptions in this specification follow the - notation presented in the secsh architecture draft. [5] - - Even though this protocol is described in the context of the SSH2 - protocol, this protocol is general and independent of the rest of the - SSH2 protocol suite. It could be used in a number of different - applications, such as secure file transfer over TLS RFC 2246 [1] and - transfer of management information in VPN applications. - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 3] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -2. Use with the SSH Connection Protocol - - When used with the SSH2 Protocol suite, this protocol is intended to - be used from the SSH Connection Protocol [7] as a subsystem, as - described in section ``Starting a Shell or a Command''. The - subsystem name used with this protocol is "sftp". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 4] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -3. General Packet Format - - All packets transmitted over the secure connection are of the - following format: - - uint32 length - byte type - byte[length - 1] data payload - - That is, they are just data preceded by 32-bit length and 8-bit type - fields. The `length' is the length of the data area, and does not - include the `length' field itself. The format and interpretation of - the data area depends on the packet type. - - All packet descriptions below only specify the packet type and the - data that goes into the data field. Thus, they should be prefixed by - the `length' and `type' fields. - - The maximum size of a packet is in practice determined by the client - (the maximum size of read or write requests that it sends, plus a few - bytes of packet overhead). All servers SHOULD support packets of at - least 34000 bytes (where the packet size refers to the full length, - including the header above). This should allow for reads and writes - of at most 32768 bytes. - - There is no limit on the number of outstanding (non-acknowledged) - requests that the client may send to the server. In practice this is - limited by the buffering available on the data stream and the queuing - performed by the server. If the server's queues are full, it should - not read any more data from the stream, and flow control will prevent - the client from sending more requests. Note, however, that while - there is no restriction on the protocol level, the client's API may - provide a limit in order to prevent infinite queuing of outgoing - requests at the client. - - The following values are defined for packet types. - - - - - - - - - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 5] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - #define SSH_FXP_INIT 1 - #define SSH_FXP_VERSION 2 - #define SSH_FXP_OPEN 3 - #define SSH_FXP_CLOSE 4 - #define SSH_FXP_READ 5 - #define SSH_FXP_WRITE 6 - #define SSH_FXP_LSTAT 7 - #define SSH_FXP_FSTAT 8 - #define SSH_FXP_SETSTAT 9 - #define SSH_FXP_FSETSTAT 10 - #define SSH_FXP_OPENDIR 11 - #define SSH_FXP_READDIR 12 - #define SSH_FXP_REMOVE 13 - #define SSH_FXP_MKDIR 14 - #define SSH_FXP_RMDIR 15 - #define SSH_FXP_REALPATH 16 - #define SSH_FXP_STAT 17 - #define SSH_FXP_RENAME 18 - #define SSH_FXP_READLINK 19 - #define SSH_FXP_SYMLINK 20 - - #define SSH_FXP_STATUS 101 - #define SSH_FXP_HANDLE 102 - #define SSH_FXP_DATA 103 - #define SSH_FXP_NAME 104 - #define SSH_FXP_ATTRS 105 - - #define SSH_FXP_EXTENDED 200 - #define SSH_FXP_EXTENDED_REPLY 201 - - RESERVED_FOR_EXTENSIONS 210-255 - - Additional packet types should only be defined if the protocol - version number (see Section ``Protocol Initialization'') is - incremented, and their use MUST be negotiated using the version - number. However, the SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY - packets can be used to implement vendor-specific extensions. See - Section ``Vendor-Specific-Extensions'' for more details. - -3.1 The use of stderr in the server - - Packets are sent and received on stdout and stdin. Data sent on - stderr by the server SHOULD be considered debug or supplemental error - information, and MAY be displayed to the user. - - For example, during initialization, there is no client request - active, so errors or warning information cannot be sent to the client - as part of the SFTP protocol at this early stage. However, the - - - -Galbraith, et al. Expires June 18, 2003 [Page 6] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - errors or warnings MAY be sent as stderr text. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 7] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -4. Protocol Initialization - - When the file transfer protocol starts, the client first sends a - SSH_FXP_INIT (including its version number) packet to the server. - The server responds with a SSH_FXP_VERSION packet, supplying the - lowest of its own and the client's version number. Both parties - should from then on adhere to particular version of the protocol. - - The version number of the protocol specified in this document is 4. - The version number should be incremented for each incompatible - revision of this protocol. - -4.1 Client Initialization - - The SSH_FXP_INIT packet (from client to server) has the following - data: - - uint32 version - - Version 3 of this protocol allowed clients to include extensions in - the SSH_FXP_INIT packet; however, this can cause interoperability - problems with version 1 and version 2 servers because the client must - send this packet before knowing the servers version. - - In this version of the protocol, clients MUST use the - SSH_FXP_EXTENDED packet to send extensions to the server after - version exchange has completed. Clients MUST NOT include extensions - in the version packet. This will prevent interoperability problems - with older servers - -4.2 Server Initialization - - The SSH_FXP_VERSION packet (from server to client) has the following - data: - - uint32 version - - - 'version' is the lower of the protocol version supported by the - server and the version number received from the client. - - The extension data may be empty, or may be a sequence of - - string extension_name - string extension_data - - pairs (both strings MUST always be present if one is, but the - `extension_data' string may be of zero length). If present, these - - - -Galbraith, et al. Expires June 18, 2003 [Page 8] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - strings indicate extensions to the baseline protocol. The - `extension_name' field(s) identify the name of the extension. The - name should be of the form "name@domain", where the domain is the DNS - domain name of the organization defining the extension. Additional - names that are not of this format may be defined later by the IETF. - Implementations MUST silently ignore any extensions whose name they - do not recognize. - -4.3 Determining Server Newline Convention - - In order to correctly process text files in a cross platform - compatible way, the newline convention must be converted from that of - the server to that of the client, or, during an upload, from that of - the client to that of the server. - - Versions 3 and prior of this protocol made no provisions for - processing text files. Many clients implemented some sort of - conversion algorithm, but without either a 'canonical' on the wire - format or knowledge of the servers newline convention, correct - conversion was not always possible. - - Starting with Version 4, the SSH_FXF_TEXT file open flag (Section - 6.3) makes it possible to request that the server translate a file to - a 'canonical' on the wire format. This format uses \r\n as the line - separator. - - Servers for systems using multiple newline characters (for example, - Mac OS X or VMS) or systems using counted records, MUST translate to - the canonical form. - - However, to ease the burden of implementation on servers that use a - single, simple separator sequence, the following extension allows the - canonical format to be changed. - - string "newline" - string new-canonical-separator (usually "\r" or "\n" or "\r\n") - - All clients MUST support this extension. - - When processing text files, clients SHOULD NOT translate any - character or sequence that is not an exact match of the servers - newline separator. - - In particular, if the newline sequence being used is the canonical - "\r\n" sequence, a lone \r or a lone \n SHOULD be written through - without change. - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 9] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -5. File Attributes - - A new compound data type is defined for encoding file attributes. - The same encoding is used both when returning file attributes from - the server and when sending file attributes to the server. When - sending it to the server, the flags field specifies which attributes - are included, and the server will use default values for the - remaining attributes (or will not modify the values of remaining - attributes). When receiving attributes from the server, the flags - specify which attributes are included in the returned data. The - server normally returns all attributes it knows about. - - uint32 flags - byte type always present - uint64 size present only if flag SIZE - string owner present only if flag OWNERGROUP - string group present only if flag OWNERGROUP - uint32 permissions present only if flag PERMISSIONS - uint64 atime present only if flag ACCESSTIME - uint32 atime_nseconds present only if flag SUBSECOND_TIMES - uint64 createtime present only if flag CREATETIME - uint32 createtime_nseconds present only if flag SUBSECOND_TIMES - uint64 mtime present only if flag MODIFYTIME - uint32 mtime_nseconds present only if flag SUBSECOND_TIMES - string acl present only if flag ACL - uint32 extended_count present only if flag EXTENDED - string extended_type - string extended_data - ... more extended data (extended_type - extended_data pairs), - so that number of pairs equals extended_count - - -5.1 Flags - - The `flags' specify which of the fields are present. Those fields - for which the corresponding flag is not set are not present (not - included in the packet). New flags can only be added by incrementing - the protocol version number (or by using the extension mechanism - described below). - - The flags bits are defined to have the following values: - - - - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 10] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - #define SSH_FILEXFER_ATTR_SIZE 0x00000001 - #define SSH_FILEXFER_ATTR_PERMISSIONS 0x00000040 - #define SSH_FILEXFER_ATTR_ACCESSTIME 0x00000008 - #define SSH_FILEXFER_ATTR_CREATETIME 0x00000010 - #define SSH_FILEXFER_ATTR_MODIFYTIME 0x00000020 - #define SSH_FILEXFER_ATTR_ACL 0x00000040 - #define SSH_FILEXFER_ATTR_OWNERGROUP 0x00000080 - #define SSH_FILEXFER_ATTR_SUBSECOND_TIMES 0x00000100 - #define SSH_FILEXFER_ATTR_EXTENDED 0x80000000 - - In previous versions of this protocol flags value 0x00000002 was - SSH_FILEXFER_ATTR_UIDGID. This value is now unused, and OWNERGROUP - was given a new value in order to ease implementation burden. - 0x00000002 MUST NOT appear in the mask. Some future version of this - protocol may reuse flag 0x00000002. - -5.2 Type - - The type field is always present. The following types are defined: - - #define SSH_FILEXFER_TYPE_REGULAR 1 - #define SSH_FILEXFER_TYPE_DIRECTORY 2 - #define SSH_FILEXFER_TYPE_SYMLINK 3 - #define SSH_FILEXFER_TYPE_SPECIAL 4 - #define SSH_FILEXFER_TYPE_UNKNOWN 5 - - On a POSIX system, these values would be derived from the permission - field. - -5.3 Size - - The `size' field specifies the size of the file on disk, in bytes. - If it is present during file creation, it should be considered a hint - as to the files eventual size. - - Files opened with the SSH_FXF_TEXT flag may have a size that is - greater or less than the value of the size field. - -5.4 Owner and Group - - The `owner' and `group' fields are represented as UTF-8 strings; this - is the form used by NFS v4. See NFS version 4 Protocol. [3] The - following text is selected quotations from section 5.6. - - To avoid a representation that is tied to a particular underlying - implementation at the client or server, the use of UTF-8 strings has - been chosen. The string should be of the form user@dns_domain". - This will allow for a client and server that do not use the same - - - -Galbraith, et al. Expires June 18, 2003 [Page 11] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - local representation the ability to translate to a common syntax that - can be interpreted by both. In the case where there is no - translation available to the client or server, the attribute value - must be constructed without the "@". Therefore, the absence of the @ - from the owner or owner_group attribute signifies that no translation - was available and the receiver of the attribute should not place any - special meaning with the attribute value. Even though the attribute - value can not be translated, it may still be useful. In the case of - a client, the attribute string may be used for local display of - ownership. - -5.5 Permissions - - The `permissions' field contains a bit mask of file permissions as - defined by POSIX [1]. - -5.6 Times - - The 'atime', 'createtime', and 'mtime' contain the access, creation, - and modification times of the files, respectively. They are - represented as seconds from Jan 1, 1970 in UTC. - - A negative value indicates number of seconds before Jan 1, 1970. In - both cases, if the SSH_FILEXFER_ATTR_SUBSECOND_TIMES flag is set, the - nseconds field is to be added to the seconds field for the final time - representation. For example, if the time to be represented is - one-half second before 0 hour January 1, 1970, the seconds field - would have a value of negative one (-1) and the nseconds fields would - have a value of one-half second (500000000). Values greater than - 999,999,999 for nseconds are considered invalid. - -5.7 ACL - - The 'ACL' field contains an ACL similar to that defined in section - 5.9 of NFS version 4 Protocol [3]. - - uint32 ace-count - - repeated ace-count time: - uint32 ace-type - uint32 ace-flag - uint32 ace-mask - string who [UTF-8] - - ace-type is one of the following four values (taken from NFS Version - 4 Protocol [3]: - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 12] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - const ACE4_ACCESS_ALLOWED_ACE_TYPE = 0x00000000; - const ACE4_ACCESS_DENIED_ACE_TYPE = 0x00000001; - const ACE4_SYSTEM_AUDIT_ACE_TYPE = 0x00000002; - const ACE4_SYSTEM_ALARM_ACE_TYPE = 0x00000003; - - ace-flag is a combination of the following flag values. See NFS - Version 4 Protocol [3] section 5.9.2: - - const ACE4_FILE_INHERIT_ACE = 0x00000001; - const ACE4_DIRECTORY_INHERIT_ACE = 0x00000002; - const ACE4_NO_PROPAGATE_INHERIT_ACE = 0x00000004; - const ACE4_INHERIT_ONLY_ACE = 0x00000008; - const ACE4_SUCCESSFUL_ACCESS_ACE_FLAG = 0x00000010; - const ACE4_FAILED_ACCESS_ACE_FLAG = 0x00000020; - const ACE4_IDENTIFIER_GROUP = 0x00000040; - - ace-mask is any combination of the following flags (taken from NFS - Version 4 Protocol [3] section 5.9.3: - - const ACE4_READ_DATA = 0x00000001; - const ACE4_LIST_DIRECTORY = 0x00000001; - const ACE4_WRITE_DATA = 0x00000002; - const ACE4_ADD_FILE = 0x00000002; - const ACE4_APPEND_DATA = 0x00000004; - const ACE4_ADD_SUBDIRECTORY = 0x00000004; - const ACE4_READ_NAMED_ATTRS = 0x00000008; - const ACE4_WRITE_NAMED_ATTRS = 0x00000010; - const ACE4_EXECUTE = 0x00000020; - const ACE4_DELETE_CHILD = 0x00000040; - const ACE4_READ_ATTRIBUTES = 0x00000080; - const ACE4_WRITE_ATTRIBUTES = 0x00000100; - const ACE4_DELETE = 0x00010000; - const ACE4_READ_ACL = 0x00020000; - const ACE4_WRITE_ACL = 0x00040000; - const ACE4_WRITE_OWNER = 0x00080000; - const ACE4_SYNCHRONIZE = 0x00100000; - - who is a UTF-8 string of the form described in 'Owner and Group' - (Section 5.4) - - Also, as per '5.9.4 ACE who' [3] there are several identifiers that - need to be understood universally. Some of these identifiers cannot - be understood when an client access the server, but have meaning when - a local process accesses the file. The ability to display and modify - these permissions is permitted over SFTP. - - OWNER The owner of the file. - - - - -Galbraith, et al. Expires June 18, 2003 [Page 13] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - GROUP The group associated with the file. - - EVERYONE The world. - - INTERACTIVE Accessed from an interactive terminal. - - NETWORK Accessed via the network. - - DIALUP Accessed as a dialup user to the server. - - BATCH Accessed from a batch job. - - ANONYMOUS Accessed without any authentication. - - AUTHENTICATED Any authenticated user (opposite of ANONYMOUS). - - SERVICE Access from a system service. - - To avoid conflict, these special identifiers are distinguish by an - appended "@" and should appear in the form "xxxx@" (note: no domain - name after the "@"). For example: ANONYMOUS@. - -5.8 Extended attributes - - The SSH_FILEXFER_ATTR_EXTENDED flag provides a general extension - mechanism for vendor-specific extensions. If the flag is specified, - then the `extended_count' field is present. It specifies the number - of extended_type-extended_data pairs that follow. Each of these - pairs specifies an extended attribute. For each of the attributes, - the extended_type field should be a string of the format - "name@domain", where "domain" is a valid, registered domain name and - "name" identifies the method. The IETF may later standardize certain - names that deviate from this format (e.g., that do not contain the - "@" sign). The interpretation of `extended_data' depends on the - type. Implementations SHOULD ignore extended data fields that they - do not understand. - - Additional fields can be added to the attributes by either defining - additional bits to the flags field to indicate their presence, or by - defining extended attributes for them. The extended attributes - mechanism is recommended for most purposes; additional flags bits - should only be defined by an IETF standards action that also - increments the protocol version number. The use of such new fields - MUST be negotiated by the version number in the protocol exchange. - It is a protocol error if a packet with unsupported protocol bits is - received. - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 14] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -6. Requests From the Client to the Server - - Requests from the client to the server represent the various file - system operations. Each request begins with an `id' field, which is - a 32-bit identifier identifying the request (selected by the client). - The same identifier will be returned in the response to the request. - One possible implementation is a monotonically increasing request - sequence number (modulo 2^32). - - Many operations in the protocol operate on open files. The - SSH_FXP_OPEN request can return a file handle (which is an opaque - variable-length string) which may be used to access the file later - (e.g. in a read operation). The client MUST NOT send requests the - server with bogus or closed handles. However, the server MUST - perform adequate checks on the handle in order to avoid security - risks due to fabricated handles. - - This design allows either stateful and stateless server - implementation, as well as an implementation which caches state - between requests but may also flush it. The contents of the file - handle string are entirely up to the server and its design. The - client should not modify or attempt to interpret the file handle - strings. - - The file handle strings MUST NOT be longer than 256 bytes. - -6.1 Request Synchronization and Reordering - - The protocol and implementations MUST process requests relating to - the same file in the order in which they are received. In other - words, if an application submits multiple requests to the server, the - results in the responses will be the same as if it had sent the - requests one at a time and waited for the response in each case. For - example, the server may process non-overlapping read/write requests - to the same file in parallel, but overlapping reads and writes cannot - be reordered or parallelized. However, there are no ordering - restrictions on the server for processing requests from two different - file transfer connections. The server may interleave and parallelize - them at will. - - There are no restrictions on the order in which responses to - outstanding requests are delivered to the client, except that the - server must ensure fairness in the sense that processing of no - request will be indefinitely delayed even if the client is sending - other requests so that there are multiple outstanding requests all - the time. - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 15] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -6.2 File Names - - This protocol represents file names as strings. File names are - assumed to use the slash ('/') character as a directory separator. - - File names starting with a slash are "absolute", and are relative to - the root of the file system. Names starting with any other character - are relative to the user's default directory (home directory). Note - that identifying the user is assumed to take place outside of this - protocol. - - Servers SHOULD interpret a path name component ".." as referring to - the parent directory, and "." as referring to the current directory. - If the server implementation limits access to certain parts of the - file system, it must be extra careful in parsing file names when - enforcing such restrictions. There have been numerous reported - security bugs where a ".." in a path name has allowed access outside - the intended area. - - An empty path name is valid, and it refers to the user's default - directory (usually the user's home directory). - - Otherwise, no syntax is defined for file names by this specification. - Clients should not make any other assumptions; however, they can - splice path name components returned by SSH_FXP_READDIR together - using a slash ('/') as the separator, and that will work as expected. - - In order to comply with IETF Policy on Character Sets and Languages - [2], all filenames are to be encoded in UTF-8. The shortest valid - UTF-8 encoding of the UNICODE data MUST be used. The server is - responsible for converting the UNICODE data to whatever canonical - form it requires. - - For example, if the server requires that precomposed characters - always be used, the server MUST NOT assume the filename as sent by - the client has this attribute, but must do this normalization itself. - - It is understood that the lack of well-defined semantics for file - names may cause interoperability problems between clients and servers - using radically different operating systems. However, this approach - is known to work acceptably with most systems, and alternative - approaches that e.g. treat file names as sequences of structured - components are quite complicated. - -6.3 Opening, Creating, and Closing Files - - Files are opened and created using the SSH_FXP_OPEN message, whose - data part is as follows: - - - -Galbraith, et al. Expires June 18, 2003 [Page 16] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - uint32 id - string filename [UTF-8] - uint32 pflags - ATTRS attrs - - The `id' field is the request identifier as for all requests. - - The `filename' field specifies the file name. See Section ``File - Names'' for more information. - - The `pflags' field is a bitmask. The following bits have been - defined. - - #define SSH_FXF_READ 0x00000001 - #define SSH_FXF_WRITE 0x00000002 - #define SSH_FXF_APPEND 0x00000004 - #define SSH_FXF_CREAT 0x00000008 - #define SSH_FXF_TRUNC 0x00000010 - #define SSH_FXF_EXCL 0x00000020 - #define SSH_FXF_TEXT 0x00000040 - - These have the following meanings: - - SSH_FXF_READ - Open the file for reading. - - SSH_FXF_WRITE - Open the file for writing. If both this and SSH_FXF_READ are - specified, the file is opened for both reading and writing. - - SSH_FXF_APPEND - Force all writes to append data at the end of the file. The - offset parameter to write will be ignored. - - SSH_FXF_CREAT - If this flag is specified, then a new file will be created if one - does not already exist (if O_TRUNC is specified, the new file will - be truncated to zero length if it previously exists). - - SSH_FXF_TRUNC - Forces an existing file with the same name to be truncated to zero - length when creating a file by specifying SSH_FXF_CREAT. - SSH_FXF_CREAT MUST also be specified if this flag is used. - - SSH_FXF_EXCL - Causes the request to fail if the named file already exists. - SSH_FXF_CREAT MUST also be specified if this flag is used. - - - - -Galbraith, et al. Expires June 18, 2003 [Page 17] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - SSH_FXF_TEXT - Indicates that the server should treat the file as text and - convert it to the canonical newline convention in use. (See - Determining Server Newline Convention. (Section 4.3) - - When a file is opened with the FXF_TEXT flag, the offset field in - both the read and write function are ignored. - - Servers MUST correctly process multiple parallel reads and writes - correctly in this mode. Naturally, it is permissible for them to - do this by serializing the requests. It would not be possible for - a client to reliably detect a server that does not implement - parallel writes in time to prevent damage. - - Clients SHOULD use the SSH_FXF_APPEND flag to append data to a - text file rather then using write with a calculated offset. - - To support seeks on text file the following SSH_FXP_EXTENDED - packet is defined. - - - - string "text-seek" - string file-handle - uint64 line-number - - line-number is the index of the line number to seek to, where byte - 0 in the file is line number 0, and the byte directly following - the first newline sequence in the file is line number 1 and so on. - - The response to a "text-seek" request is an SSH_FXP_STATUS - message. - - An attempt to seek past the end-of-file should result in a - SSH_FX_EOF status. - - Servers SHOULD support at least one "text-seek" in order to - support resume. However, a client MUST be prepared to receive - SSH_FX_OP_UNSUPPORTED when attempting a "text-seek" operation. - The client can then try a fall-back strategy, if it has one. - - Clients MUST be prepared to handle SSH_FX_OP_UNSUPPORTED returned - for read or write operations that are not sequential. - - The `attrs' field specifies the initial attributes for the file. - Default values will be used for those attributes that are not - specified. See Section ``File Attributes'' for more information. - - - - -Galbraith, et al. Expires June 18, 2003 [Page 18] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - The response to this message will be either SSH_FXP_HANDLE (if the - operation is successful) or SSH_FXP_STATUS (if the operation fails). - - A file is closed by using the SSH_FXP_CLOSE request. Its data field - has the following format: - - uint32 id - string handle - - where `id' is the request identifier, and `handle' is a handle - previously returned in the response to SSH_FXP_OPEN or - SSH_FXP_OPENDIR. The handle becomes invalid immediately after this - request has been sent. - - The response to this request will be a SSH_FXP_STATUS message. One - should note that on some server platforms even a close can fail. - This can happen e.g. if the server operating system caches writes, - and an error occurs while flushing cached writes during the close. - -6.4 Reading and Writing - - Once a file has been opened, it can be read using the following - message: - - byte SSH_FXP_READ - uint32 id - string handle - uint64 offset - uint32 len - - where `id' is the request identifier, `handle' is an open file handle - returned by SSH_FXP_OPEN, `offset' is the offset (in bytes) relative - to the beginning of the file from where to start reading, and `len' - is the maximum number of bytes to read. - - In response to this request, the server will read as many bytes as it - can from the file (up to `len'), and return them in a SSH_FXP_DATA - message. If an error occurs or EOF is encountered before reading any - data, the server will respond with SSH_FXP_STATUS. - - For normal disk files, it is normally guaranteed that this will read - the specified number of bytes, or up to end of file. However, if the - read length is very long, the server may truncate it if it doesn't - support packets of that length. See General Packet Format (Section - 3). - - For e.g. device files this may return fewer bytes than requested. - - - - -Galbraith, et al. Expires June 18, 2003 [Page 19] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - Writing to a file is achieved using the following message: - - byte SSH_FXP_WRITE - uint32 id - string handle - uint64 offset - string data - - where `id' is a request identifier, `handle' is a file handle - returned by SSH_FXP_OPEN, `offset' is the offset (in bytes) from the - beginning of the file where to start writing, and `data' is the data - to be written. - - The write will extend the file if writing beyond the end of the file. - It is legal to write way beyond the end of the file; the semantics - are to write zeroes from the end of the file to the specified offset - and then the data. On most operating systems, such writes do not - allocate disk space but instead leave "holes" in the file. - - The server responds to a write request with a SSH_FXP_STATUS message. - -6.5 Removing and Renaming Files - - Files can be removed using the SSH_FXP_REMOVE message. It has the - following format: - - uint32 id - string filename [UTF-8] - - where `id' is the request identifier and `filename' is the name of - the file to be removed. See Section ``File Names'' for more - information. This request cannot be used to remove directories. - - The server will respond to this request with a SSH_FXP_STATUS - message. - - Files (and directories) can be renamed using the SSH_FXP_RENAME - message. Its data is as follows: - - uint32 id - string oldpath [UTF-8] - string newpath [UTF-8] - - where `id' is the request identifier, `oldpath' is the name of an - existing file or directory, and `newpath' is the new name for the - file or directory. It is an error if there already exists a file - with the name specified by newpath. The server may also fail rename - requests in other situations, for example if `oldpath' and `newpath' - - - -Galbraith, et al. Expires June 18, 2003 [Page 20] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - point to different file systems on the server. - - The server will respond to this request with a SSH_FXP_STATUS - message. - -6.6 Creating and Deleting Directories - - New directories can be created using the SSH_FXP_MKDIR request. It - has the following format: - - uint32 id - string path [UTF-8] - ATTRS attrs - - where `id' is the request identifier. - - `path' specifies the directory to be created. See Section ``File - Names'' for more information on file names. - - `attrs' specifies the attributes that should be applied to it upon - creation. Attributes are discussed in more detail in Section ``File - Attributes''. - - The server will respond to this request with a SSH_FXP_STATUS - message. If a file or directory with the specified path already - exists, an error will be returned. - - Directories can be removed using the SSH_FXP_RMDIR request, which has - the following format: - - uint32 id - string path [UTF-8] - - where `id' is the request identifier, and `path' specifies the - directory to be removed. See Section ``File Names'' for more - information on file names. - - The server responds to this request with a SSH_FXP_STATUS message. - Errors may be returned from this operation for various reasons, - including, but not limited to, the path does not exist, the path does - not refer to a directory object, the directory is not empty, or the - user has insufficient access or permission to perform the requested - operation. - -6.7 Scanning Directories - - The files in a directory can be listed using the SSH_FXP_OPENDIR and - SSH_FXP_READDIR requests. Each SSH_FXP_READDIR request returns one - - - -Galbraith, et al. Expires June 18, 2003 [Page 21] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - or more file names with full file attributes for each file. The - client should call SSH_FXP_READDIR repeatedly until it has found the - file it is looking for or until the server responds with a - SSH_FXP_STATUS message indicating an error (normally SSH_FX_EOF if - there are no more files in the directory). The client should then - close the handle using the SSH_FXP_CLOSE request. - - The SSH_FXP_OPENDIR opens a directory for reading. It has the - following format: - - uint32 id - string path [UTF-8] - - where `id' is the request identifier and `path' is the path name of - the directory to be listed (without any trailing slash). See Section - ``File Names'' for more information on file names. This will return - an error if the path does not specify a directory or if the directory - is not readable. The server will respond to this request with either - a SSH_FXP_HANDLE or a SSH_FXP_STATUS message. - - Once the directory has been successfully opened, files (and - directories) contained in it can be listed using SSH_FXP_READDIR - requests. These are of the format - - uint32 id - string handle - - where `id' is the request identifier, and `handle' is a handle - returned by SSH_FXP_OPENDIR. (It is a protocol error to attempt to - use an ordinary file handle returned by SSH_FXP_OPEN.) - - The server responds to this request with either a SSH_FXP_NAME or a - SSH_FXP_STATUS message. One or more names may be returned at a time. - Full status information is returned for each name in order to speed - up typical directory listings. - - If there are no more names available to be read, the server MUST - respond with a SSH_FXP_STATUS message with error code of SSH_FX_EOF. - - When the client no longer wishes to read more names from the - directory, it SHOULD call SSH_FXP_CLOSE for the handle. The handle - should be closed regardless of whether an error has occurred or not. - -6.8 Retrieving File Attributes - - Very often, file attributes are automatically returned by - SSH_FXP_READDIR. However, sometimes there is need to specifically - retrieve the attributes for a named file. This can be done using the - - - -Galbraith, et al. Expires June 18, 2003 [Page 22] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - SSH_FXP_STAT, SSH_FXP_LSTAT and SSH_FXP_FSTAT requests. - - SSH_FXP_STAT and SSH_FXP_LSTAT only differ in that SSH_FXP_STAT - follows symbolic links on the server, whereas SSH_FXP_LSTAT does not - follow symbolic links. Both have the same format: - - uint32 id - string path [UTF-8] - uint32 flags - - where `id' is the request identifier, and `path' specifies the file - system object for which status is to be returned. The server - responds to this request with either SSH_FXP_ATTRS or SSH_FXP_STATUS. - - The flags field specify the attribute flags in which the client has - particular interest. This is a hint to the server. For example, - because retrieving owner / group and acl information can be an - expensive operation under some operating systems, the server may - choose not to retrieve this information unless the client expresses a - specific interest in it. - - The client has no guarantee the server will provide all the fields - that it has expressed an interest in. - - SSH_FXP_FSTAT differs from the others in that it returns status - information for an open file (identified by the file handle). Its - format is as follows: - - uint32 id - string handle - uint32 flags - - where `id' is the request identifier and `handle' is a file handle - returned by SSH_FXP_OPEN. The server responds to this request with - SSH_FXP_ATTRS or SSH_FXP_STATUS. - -6.9 Setting File Attributes - - File attributes may be modified using the SSH_FXP_SETSTAT and - SSH_FXP_FSETSTAT requests. These requests are used for operations - such as changing the ownership, permissions or access times, as well - as for truncating a file. - - The SSH_FXP_SETSTAT request is of the following format: - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 23] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - uint32 id - string path [UTF-8] - ATTRS attrs - - where `id' is the request identifier, `path' specifies the file - system object (e.g. file or directory) whose attributes are to be - modified, and `attrs' specifies the modifications to be made to its - attributes. Attributes are discussed in more detail in Section - ``File Attributes''. - - An error will be returned if the specified file system object does - not exist or the user does not have sufficient rights to modify the - specified attributes. The server responds to this request with a - SSH_FXP_STATUS message. - - The SSH_FXP_FSETSTAT request modifies the attributes of a file which - is already open. It has the following format: - - uint32 id - string handle - ATTRS attrs - - where `id' is the request identifier, `handle' (MUST be returned by - SSH_FXP_OPEN) identifies the file whose attributes are to be - modified, and `attrs' specifies the modifications to be made to its - attributes. Attributes are discussed in more detail in Section - ``File Attributes''. The server will respond to this request with - SSH_FXP_STATUS. - -6.10 Dealing with Symbolic links - - The SSH_FXP_READLINK request may be used to read the target of a - symbolic link. It would have a data part as follows: - - uint32 id - string path [UTF-8] - - where `id' is the request identifier and `path' specifies the path - name of the symlink to be read. - - The server will respond with a SSH_FXP_NAME packet containing only - one name and a dummy attributes value. The name in the returned - packet contains the target of the link. If an error occurs, the - server may respond with SSH_FXP_STATUS. - - The SSH_FXP_SYMLINK request will create a symbolic link on the - server. It is of the following format - - - - -Galbraith, et al. Expires June 18, 2003 [Page 24] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - uint32 id - string linkpath [UTF-8] - string targetpath [UTF-8] - - where `id' is the request identifier, `linkpath' specifies the path - name of the symlink to be created and `targetpath' specifies the - target of the symlink. The server shall respond with a - SSH_FXP_STATUS indicating either success (SSH_FX_OK) or an error - condition. - -6.11 Canonicalizing the Server-Side Path Name - - The SSH_FXP_REALPATH request can be used to have the server - canonicalize any given path name to an absolute path. This is useful - for converting path names containing ".." components or relative - pathnames without a leading slash into absolute paths. The format of - the request is as follows: - - uint32 id - string path [UTF-8] - - where `id' is the request identifier and `path' specifies the path - name to be canonicalized. The server will respond with a - SSH_FXP_NAME packet containing the name in canonical form and a dummy - attributes value. If an error occurs, the server may also respond - with SSH_FXP_STATUS. - -6.11.1 Best practice for dealing with paths - - The client SHOULD treat the results of SSH_FXP_REALPATH as a - canonical absolute path, even if the path does not appear to be - absolute. A client that use REALPATH(".") and treats the result as - absolute, even if there is no leading slash, will continue to - function correctly, even when talking to a Windows NT or VMS style - system, where absolute paths may not begin with a slash. - - For example, if the client wishes to change directory up, and the - server has returned "c:/x/y/z" from REALPATH, the client SHOULD use - "c:/x/y/z/..". - - As a second example, if the client wishes to open the file "x.txt" in - the current directory, and server has returned "dka100:/x/y/z" as the - canonical path of the directory, the client SHOULD open "dka100:/x/y/ - z/x.txt" - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 25] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -7. Responses from the Server to the Client - - The server responds to the client using one of a few response - packets. All requests can return a SSH_FXP_STATUS response upon - failure. When the operation is successful, any of the responses may - be returned (depending on the operation). If no data needs to be - returned to the client, the SSH_FXP_STATUS response with SSH_FX_OK - status is appropriate. Otherwise, the SSH_FXP_HANDLE message is used - to return a file handle (for SSH_FXP_OPEN and SSH_FXP_OPENDIR - requests), SSH_FXP_DATA is used to return data from SSH_FXP_READ, - SSH_FXP_NAME is used to return one or more file names from a - SSH_FXP_READDIR or SSH_FXP_REALPATH request, and SSH_FXP_ATTRS is - used to return file attributes from SSH_FXP_STAT, SSH_FXP_LSTAT, and - SSH_FXP_FSTAT requests. - - Exactly one response will be returned for each request. Each - response packet contains a request identifier which can be used to - match each response with the corresponding request. Note that it is - legal to have several requests outstanding simultaneously, and the - server is allowed to send responses to them in a different order from - the order in which the requests were sent (the result of their - execution, however, is guaranteed to be as if they had been processed - one at a time in the order in which the requests were sent). - - Response packets are of the same general format as request packets. - Each response packet begins with the request identifier. - - The format of the data portion of the SSH_FXP_STATUS response is as - follows: - - uint32 id - uint32 error/status code - string error message (ISO-10646 UTF-8 [RFC-2279]) - string language tag (as defined in [RFC-1766]) - - where `id' is the request identifier, and `error/status code' - indicates the result of the requested operation. The value SSH_FX_OK - indicates success, and all other values indicate failure. - - Currently, the following values are defined (other values may be - defined by future versions of this protocol): - - - - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 26] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - #define SSH_FX_OK 0 - #define SSH_FX_EOF 1 - #define SSH_FX_NO_SUCH_FILE 2 - #define SSH_FX_PERMISSION_DENIED 3 - #define SSH_FX_FAILURE 4 - #define SSH_FX_BAD_MESSAGE 5 - #define SSH_FX_NO_CONNECTION 6 - #define SSH_FX_CONNECTION_LOST 7 - #define SSH_FX_OP_UNSUPPORTED 8 - #define SSH_FX_INVALID_HANDLE 9 - #define SSH_FX_NO_SUCH_PATH 10 - #define SSH_FX_FILE_ALREADY_EXISTS 11 - #define SSH_FX_WRITE_PROTECT 12 - #define SSH_FX_NO_MEDIA 13 - - SSH_FX_OK - Indicates successful completion of the operation. - - SSH_FX_EOF - indicates end-of-file condition; for SSH_FX_READ it means that no - more data is available in the file, and for SSH_FX_READDIR it - indicates that no more files are contained in the directory. - - SSH_FX_NO_SUCH_FILE - is returned when a reference is made to a file which does not - exist. - - SSH_FX_PERMISSION_DENIED - is returned when the authenticated user does not have sufficient - permissions to perform the operation. - - SSH_FX_FAILURE - is a generic catch-all error message; it should be returned if an - error occurs for which there is no more specific error code - defined. - - SSH_FX_BAD_MESSAGE - may be returned if a badly formatted packet or protocol - incompatibility is detected. - - SSH_FX_NO_CONNECTION - is a pseudo-error which indicates that the client has no - connection to the server (it can only be generated locally by the - client, and MUST NOT be returned by servers). - - SSH_FX_CONNECTION_LOST - is a pseudo-error which indicates that the connection to the - server has been lost (it can only be generated locally by the - - - -Galbraith, et al. Expires June 18, 2003 [Page 27] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - client, and MUST NOT be returned by servers). - - SSH_FX_OP_UNSUPPORTED - indicates that an attempt was made to perform an operation which - is not supported for the server (it may be generated locally by - the client if e.g. the version number exchange indicates that a - required feature is not supported by the server, or it may be - returned by the server if the server does not implement an - operation). - - SSH_FX_INVALID_HANDLE - The handle value was invalid. - - SSH_FX_NO_SUCH_PATH - The file path does not exist or is invalid. - - SSH_FX_FILE_ALREADY_EXISTS - The file already exists. - - SSH_FX_WRITE_PROTECT - The file is on read only media, or the media is write protected. - - SSH_FX_NO_MEDIA - The requested operation can not be completed because there is no - media available in the drive. - - The SSH_FXP_HANDLE response has the following format: - - uint32 id - string handle - - where `id' is the request identifier, and `handle' is an arbitrary - string that identifies an open file or directory on the server. The - handle is opaque to the client; the client MUST NOT attempt to - interpret or modify it in any way. The length of the handle string - MUST NOT exceed 256 data bytes. - - The SSH_FXP_DATA response has the following format: - - uint32 id - string data - - where `id' is the request identifier, and `data' is an arbitrary byte - string containing the requested data. The data string may be at most - the number of bytes requested in a SSH_FXP_READ request, but may also - be shorter if end of file is reached or if the read is from something - other than a regular file. - - - - -Galbraith, et al. Expires June 18, 2003 [Page 28] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - The SSH_FXP_NAME response has the following format: - - uint32 id - uint32 count - repeats count times: - string filename [UTF-8] - ATTRS attrs - - where `id' is the request identifier, `count' is the number of names - returned in this response, and the remaining fields repeat `count' - times (so that all three fields are first included for the first - file, then for the second file, etc). In the repeated part, - `filename' is a file name being returned (for SSH_FXP_READDIR, it - will be a relative name within the directory, without any path - components; for SSH_FXP_REALPATH it will be an absolute path name), - and `attrs' is the attributes of the file as described in Section - ``File Attributes''. - - The SSH_FXP_ATTRS response has the following format: - - uint32 id - ATTRS attrs - - where `id' is the request identifier, and `attrs' is the returned - file attributes as described in Section ``File Attributes''. - - - - - - - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 29] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -8. Vendor-Specific Extensions - - The SSH_FXP_EXTENDED request provides a generic extension mechanism - for adding vendor-specific commands. The request has the following - format: - - uint32 id - string extended-request - ... any request-specific data ... - - where `id' is the request identifier, and `extended-request' is a - string of the format "name@domain", where domain is an internet - domain name of the vendor defining the request. The rest of the - request is completely vendor-specific, and servers should only - attempt to interpret it if they recognize the `extended-request' - name. - - The server may respond to such requests using any of the response - packets defined in Section ``Responses from the Server to the - Client''. Additionally, the server may also respond with a - SSH_FXP_EXTENDED_REPLY packet, as defined below. If the server does - not recognize the `extended-request' name, then the server MUST - respond with SSH_FXP_STATUS with error/status set to - SSH_FX_OP_UNSUPPORTED. - - The SSH_FXP_EXTENDED_REPLY packet can be used to carry arbitrary - extension-specific data from the server to the client. It is of the - following format: - - uint32 id - ... any request-specific data ... - - There is a range of packet types reserved for use by extensions. In - order to avoid collision, extensions that turn on the use of - additional packet types should determine those numbers dynamically. - - The suggested way of doing this is have an extension request from the - client to the server that enables the extension; the extension - response from the server to the client would specify the actual type - values to use, in additional to any other data. - - Extension authors should be mindful of the limited range of packet - types available (there are only 45 values available) and avoid - requiring a new packet type where possible. - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 30] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -9. Security Considerations - - This protocol assumes that it is run over a secure channel and that - the endpoints of the channel have been authenticated. Thus, this - protocol assumes that it is externally protected from network-level - attacks. - - This protocol provides file system access to arbitrary files on the - server (only constrained by the server implementation). It is the - responsibility of the server implementation to enforce any access - controls that may be required to limit the access allowed for any - particular user (the user being authenticated externally to this - protocol, typically using the SSH User Authentication Protocol [8]. - - Care must be taken in the server implementation to check the validity - of received file handle strings. The server should not rely on them - directly; it MUST check the validity of each handle before relying on - it. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 31] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -10. Changes from previous protocol versions - - The SSH File Transfer Protocol has changed over time, before it's - standardization. The following is a description of the incompatible - changes between different versions. - -10.1 Changes between versions 4 and 3 - - Many of the changes between version 4 and version 3 are to the - attribute structure to make it more flexible for non-unix platforms. - - o Clarify the use of stderr by the server. - - o Clarify handling of very large read requests by the server. - - o Make all filenames UTF-8. - - o Added 'newline' extension. - - o Made time fields 64 bit, and optionally have nanosecond resultion. - - o Made file attribute owner and group strings so they can actually - be used on disparate systems. - - o Added createtime field, and added separate flags for atime, - createtime, and mtime so they can be set separately. - - o Split the file type out of the permissions field and into it's own - field (which is always present.) - - o Added acl attribute. - - o Added SSH_FXF_TEXT file open flag. - - o Added flags field to the get stat commands so that the client can - specifically request information the server might not normally - included for performance reasons. - - o Removed the long filename from the names structure-- it can now be - built from information available in the attrs structure. - - o Added reserved range of packet numbers for extensions. - - o Added several additional error codes. - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 32] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -10.2 Changes between versions 3 and 2 - - o The SSH_FXP_READLINK and SSH_FXP_SYMLINK messages were added. - - o The SSH_FXP_EXTENDED and SSH_FXP_EXTENDED_REPLY messages were - added. - - o The SSH_FXP_STATUS message was changed to include fields `error - message' and `language tag'. - - -10.3 Changes between versions 2 and 1 - - o The SSH_FXP_RENAME message was added. - - -10.4 Changes between versions 1 and 0 - - o Implementation changes, no actual protocol changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 33] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -11. Trademark Issues - - "ssh" is a registered trademark of SSH Communications Security Corp - in the United States and/or other countries. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 34] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -References - - [1] Dierks, T., Allen, C., Treese, W., Karlton, P., Freier, A. and - P. Kocher, "The TLS Protocol Version 1.0", RFC 2246, January - 1999. - - [2] Alvestrand, H., "IETF Policy on Character Sets and Languages", - BCP 18, RFC 2277, January 1998. - - [3] Shepler, S., Callaghan, B., Robinson, D., Thurlow, R., Beame, - C., Eisler, M. and D. Noveck, "NFS version 4 Protocol", RFC - 3010, December 2000. - - [4] Institute of Electrical and Electronics Engineers, "Information - Technology - Portable Operating System Interface (POSIX) - Part - 1: System Application Program Interface (API) [C Language]", - IEEE Standard 1003.2, 1996. - - [5] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. - Lehtinen, "SSH Protocol Architecture", - draft-ietf-secsh-architecture-13 (work in progress), September - 2002. - - [6] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. - Lehtinen, "SSH Protocol Transport Protocol", - draft-ietf-secsh-transport-15 (work in progress), September - 2002. - - [7] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. - Lehtinen, "SSH Connection Protocol", draft-ietf-secsh-connect-16 - (work in progress), September 2002. - - [8] Rinne, T., Ylonen, T., Kivinen, T., Saarinen, M. and S. - Lehtinen, "SSH Authentication Protocol", - draft-ietf-secsh-userauth-16 (work in progress), September 2002. - - -Authors' Addresses - - Joseph Galbraith - VanDyke Software - 4848 Tramway Ridge Blvd - Suite 101 - Albuquerque, NM 87111 - US - - Phone: +1 505 332 5700 - EMail: galb-list@vandyke.com - - - -Galbraith, et al. Expires June 18, 2003 [Page 35] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - Tatu Ylonen - SSH Communications Security Corp - Fredrikinkatu 42 - HELSINKI FIN-00100 - Finland - - EMail: ylo@ssh.com - - - Sami Lehtinen - SSH Communications Security Corp - Fredrikinkatu 42 - HELSINKI FIN-00100 - Finland - - EMail: sjl@ssh.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 36] - -Internet-Draft SSH File Transfer Protocol December 2002 - - -Intellectual Property Statement - - The IETF takes no position regarding the validity or scope of any - intellectual property or other rights that might be claimed to - pertain to the implementation or use of the technology described in - this document or the extent to which any license under such rights - might or might not be available; neither does it represent that it - has made any effort to identify any such rights. Information on the - IETF's procedures with respect to rights in standards-track and - standards-related documentation can be found in BCP-11. Copies of - claims of rights made available for publication and any assurances of - licenses to be made available, or the result of an attempt made to - obtain a general license or permission for the use of such - proprietary rights by implementors or users of this specification can - be obtained from the IETF Secretariat. - - The IETF invites any interested party to bring to its attention any - copyrights, patents or patent applications, or other proprietary - rights which may cover technology that may be required to practice - this standard. Please address the information to the IETF Executive - Director. - - -Full Copyright Statement - - Copyright (C) The Internet Society (2002). All Rights Reserved. - - This document and translations of it may be copied and furnished to - others, and derivative works that comment on or otherwise explain it - or assist in its implementation may be prepared, copied, published - and distributed, in whole or in part, without restriction of any - kind, provided that the above copyright notice and this paragraph are - included on all such copies and derivative works. However, this - document itself may not be modified in any way, such as by removing - the copyright notice or references to the Internet Society or other - Internet organizations, except as needed for the purpose of - developing Internet standards in which case the procedures for - copyrights defined in the Internet Standards process must be - followed, or as required to translate it into languages other than - English. - - The limited permissions granted above are perpetual and will not be - revoked by the Internet Society or its successors or assignees. - - This document and the information contained herein is provided on an - "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING - TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION - - - -Galbraith, et al. Expires June 18, 2003 [Page 37] - -Internet-Draft SSH File Transfer Protocol December 2002 - - - HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF - MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - -Acknowledgement - - Funding for the RFC Editor function is currently provided by the - Internet Society. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Galbraith, et al. Expires June 18, 2003 [Page 38] - - diff --git a/lib/ssh/doc/standard/draft-ietf-secsh-transport-17.2.ps b/lib/ssh/doc/standard/draft-ietf-secsh-transport-17.2.ps deleted file mode 100644 index d692285b4e..0000000000 --- a/lib/ssh/doc/standard/draft-ietf-secsh-transport-17.2.ps +++ /dev/null @@ -1,3205 +0,0 @@ -%!PS-Adobe-3.0 -%%BoundingBox: 75 0 595 747 -%%Title: Enscript Output -%%For: Magnus Thoang -%%Creator: GNU enscript 1.6.1 -%%CreationDate: Fri Oct 31 13:35:14 2003 -%%Orientation: Portrait -%%Pages: 15 0 -%%DocumentMedia: A4 595 842 0 () () -%%DocumentNeededResources: (atend) -%%EndComments -%%BeginProlog -%%BeginProcSet: PStoPS 1 15 -userdict begin -[/showpage/erasepage/copypage]{dup where{pop dup load - type/operatortype eq{1 array cvx dup 0 3 index cvx put - bind def}{pop}ifelse}{pop}ifelse}forall -[/letter/legal/executivepage/a4/a4small/b5/com10envelope - /monarchenvelope/c5envelope/dlenvelope/lettersmall/note - /folio/quarto/a5]{dup where{dup wcheck{exch{}put} - {pop{}def}ifelse}{pop}ifelse}forall -/setpagedevice {pop}bind 1 index where{dup wcheck{3 1 roll put} - {pop def}ifelse}{def}ifelse -/PStoPSmatrix matrix currentmatrix def -/PStoPSxform matrix def/PStoPSclip{clippath}def -/defaultmatrix{PStoPSmatrix exch PStoPSxform exch concatmatrix}bind def -/initmatrix{matrix defaultmatrix setmatrix}bind def -/initclip[{matrix currentmatrix PStoPSmatrix setmatrix - [{currentpoint}stopped{$error/newerror false put{newpath}} - {/newpath cvx 3 1 roll/moveto cvx 4 array astore cvx}ifelse] - {[/newpath cvx{/moveto cvx}{/lineto cvx} - {/curveto cvx}{/closepath cvx}pathforall]cvx exch pop} - stopped{$error/errorname get/invalidaccess eq{cleartomark - $error/newerror false put cvx exec}{stop}ifelse}if}bind aload pop - /initclip dup load dup type dup/operatortype eq{pop exch pop} - {dup/arraytype eq exch/packedarraytype eq or - {dup xcheck{exch pop aload pop}{pop cvx}ifelse} - {pop cvx}ifelse}ifelse - {newpath PStoPSclip clip newpath exec setmatrix} bind aload pop]cvx def -/initgraphics{initmatrix newpath initclip 1 setlinewidth - 0 setlinecap 0 setlinejoin []0 setdash 0 setgray - 10 setmiterlimit}bind def -end -%%EndProcSet -%%BeginResource: procset Enscript-Prolog 1.6 1 -% -% Procedures. -% - -/_S { % save current state - /_s save def -} def -/_R { % restore from saved state - _s restore -} def - -/S { % showpage protecting gstate - gsave - showpage - grestore -} bind def - -/MF { % fontname newfontname -> - make a new encoded font - /newfontname exch def - /fontname exch def - - /fontdict fontname findfont def - /newfont fontdict maxlength dict def - - fontdict { - exch - dup /FID eq { - % skip FID pair - pop pop - } { - % copy to the new font dictionary - exch newfont 3 1 roll put - } ifelse - } forall - - newfont /FontName newfontname put - - % insert only valid encoding vectors - encoding_vector length 256 eq { - newfont /Encoding encoding_vector put - } if - - newfontname newfont definefont pop -} def - -/SF { % fontname width height -> - set a new font - /height exch def - /width exch def - - findfont - [width 0 0 height 0 0] makefont setfont -} def - -/SUF { % fontname width height -> - set a new user font - /height exch def - /width exch def - - /F-gs-user-font MF - /F-gs-user-font width height SF -} def - -/M {moveto} bind def -/s {show} bind def - -/Box { % x y w h -> - define box path - /d_h exch def /d_w exch def /d_y exch def /d_x exch def - d_x d_y moveto - d_w 0 rlineto - 0 d_h rlineto - d_w neg 0 rlineto - closepath -} def - -/bgs { % x y height blskip gray str -> - show string with bg color - /str exch def - /gray exch def - /blskip exch def - /height exch def - /y exch def - /x exch def - - gsave - x y blskip sub str stringwidth pop height Box - gray setgray - fill - grestore - x y M str s -} def - -% Highlight bars. -/highlight_bars { % nlines lineheight output_y_margin gray -> - - gsave - setgray - /ymarg exch def - /lineheight exch def - /nlines exch def - - % This 2 is just a magic number to sync highlight lines to text. - 0 d_header_y ymarg sub 2 sub translate - - /cw d_output_w cols div def - /nrows d_output_h ymarg 2 mul sub lineheight div cvi def - - % for each column - 0 1 cols 1 sub { - cw mul /xp exch def - - % for each rows - 0 1 nrows 1 sub { - /rn exch def - rn lineheight mul neg /yp exch def - rn nlines idiv 2 mod 0 eq { - % Draw highlight bar. 4 is just a magic indentation. - xp 4 add yp cw 8 sub lineheight neg Box fill - } if - } for - } for - - grestore -} def - -% Line highlight bar. -/line_highlight { % x y width height gray -> - - gsave - /gray exch def - Box gray setgray fill - grestore -} def - -% Column separator lines. -/column_lines { - gsave - .1 setlinewidth - 0 d_footer_h translate - /cw d_output_w cols div def - 1 1 cols 1 sub { - cw mul 0 moveto - 0 d_output_h rlineto stroke - } for - grestore -} def - -% Column borders. -/column_borders { - gsave - .1 setlinewidth - 0 d_footer_h moveto - 0 d_output_h rlineto - d_output_w 0 rlineto - 0 d_output_h neg rlineto - closepath stroke - grestore -} def - -% Do the actual underlay drawing -/draw_underlay { - ul_style 0 eq { - ul_str true charpath stroke - } { - ul_str show - } ifelse -} def - -% Underlay -/underlay { % - -> - - gsave - 0 d_page_h translate - d_page_h neg d_page_w atan rotate - - ul_gray setgray - ul_font setfont - /dw d_page_h dup mul d_page_w dup mul add sqrt def - ul_str stringwidth pop dw exch sub 2 div ul_h_ptsize -2 div moveto - draw_underlay - grestore -} def - -/user_underlay { % - -> - - gsave - ul_x ul_y translate - ul_angle rotate - ul_gray setgray - ul_font setfont - 0 0 ul_h_ptsize 2 div sub moveto - draw_underlay - grestore -} def - -% Page prefeed -/page_prefeed { % bool -> - - statusdict /prefeed known { - statusdict exch /prefeed exch put - } { - pop - } ifelse -} def - -% Wrapped line markers -/wrapped_line_mark { % x y charwith charheight type -> - - /type exch def - /h exch def - /w exch def - /y exch def - /x exch def - - type 2 eq { - % Black boxes (like TeX does) - gsave - 0 setlinewidth - x w 4 div add y M - 0 h rlineto w 2 div 0 rlineto 0 h neg rlineto - closepath fill - grestore - } { - type 3 eq { - % Small arrows - gsave - .2 setlinewidth - x w 2 div add y h 2 div add M - w 4 div 0 rlineto - x w 4 div add y lineto stroke - - x w 4 div add w 8 div add y h 4 div add M - x w 4 div add y lineto - w 4 div h 8 div rlineto stroke - grestore - } { - % do nothing - } ifelse - } ifelse -} def - -% EPSF import. - -/BeginEPSF { - /b4_Inc_state save def % Save state for cleanup - /dict_count countdictstack def % Count objects on dict stack - /op_count count 1 sub def % Count objects on operand stack - userdict begin - /showpage { } def - 0 setgray 0 setlinecap - 1 setlinewidth 0 setlinejoin - 10 setmiterlimit [ ] 0 setdash newpath - /languagelevel where { - pop languagelevel - 1 ne { - false setstrokeadjust false setoverprint - } if - } if -} bind def - -/EndEPSF { - count op_count sub { pos } repeat % Clean up stacks - countdictstack dict_count sub { end } repeat - b4_Inc_state restore -} bind def - -% Check PostScript language level. -/languagelevel where { - pop /gs_languagelevel languagelevel def -} { - /gs_languagelevel 1 def -} ifelse -%%EndResource -%%BeginResource: procset Enscript-Encoding-88591 1.6 1 -/encoding_vector [ -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/space /exclam /quotedbl /numbersign -/dollar /percent /ampersand /quoteright -/parenleft /parenright /asterisk /plus -/comma /hyphen /period /slash -/zero /one /two /three -/four /five /six /seven -/eight /nine /colon /semicolon -/less /equal /greater /question -/at /A /B /C -/D /E /F /G -/H /I /J /K -/L /M /N /O -/P /Q /R /S -/T /U /V /W -/X /Y /Z /bracketleft -/backslash /bracketright /asciicircum /underscore -/quoteleft /a /b /c -/d /e /f /g -/h /i /j /k -/l /m /n /o -/p /q /r /s -/t /u /v /w -/x /y /z /braceleft -/bar /braceright /tilde /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/space /exclamdown /cent /sterling -/currency /yen /brokenbar /section -/dieresis /copyright /ordfeminine /guillemotleft -/logicalnot /hyphen /registered /macron -/degree /plusminus /twosuperior /threesuperior -/acute /mu /paragraph /bullet -/cedilla /onesuperior /ordmasculine /guillemotright -/onequarter /onehalf /threequarters /questiondown -/Agrave /Aacute /Acircumflex /Atilde -/Adieresis /Aring /AE /Ccedilla -/Egrave /Eacute /Ecircumflex /Edieresis -/Igrave /Iacute /Icircumflex /Idieresis -/Eth /Ntilde /Ograve /Oacute -/Ocircumflex /Otilde /Odieresis /multiply -/Oslash /Ugrave /Uacute /Ucircumflex -/Udieresis /Yacute /Thorn /germandbls -/agrave /aacute /acircumflex /atilde -/adieresis /aring /ae /ccedilla -/egrave /eacute /ecircumflex /edieresis -/igrave /iacute /icircumflex /idieresis -/eth /ntilde /ograve /oacute -/ocircumflex /otilde /odieresis /divide -/oslash /ugrave /uacute /ucircumflex -/udieresis /yacute /thorn /ydieresis -] def -%%EndResource -%%EndProlog -%%BeginSetup -%%IncludeResource: font Courier-Bold -%%IncludeResource: font Courier -/HFpt_w 10 def -/HFpt_h 10 def -/Courier-Bold /HF-gs-font MF -/HF /HF-gs-font findfont [HFpt_w 0 0 HFpt_h 0 0] makefont def -/Courier /F-gs-font MF -/F-gs-font 10 10 SF -/#copies 1 def -/d_page_w 520 def -/d_page_h 747 def -/d_header_x 0 def -/d_header_y 747 def -/d_header_w 520 def -/d_header_h 0 def -/d_footer_x 0 def -/d_footer_y 0 def -/d_footer_w 520 def -/d_footer_h 0 def -/d_output_w 520 def -/d_output_h 747 def -/cols 1 def -userdict/PStoPSxform PStoPSmatrix matrix currentmatrix - matrix invertmatrix matrix concatmatrix - matrix invertmatrix put -%%EndSetup -%%Page: (0,1) 1 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 1 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 701 M -(Network Working Group T. Ylonen) s -5 690 M -(Internet-Draft SSH Communications Security Corp) s -5 679 M -(Expires: March 31, 2004 D. Moffat, Editor, Ed.) s -5 668 M -( Sun Microsystems, Inc) s -5 657 M -( Oct 2003) s -5 624 M -( SSH Transport Layer Protocol) s -5 613 M -( draft-ietf-secsh-transport-17.txt) s -5 591 M -(Status of this Memo) s -5 569 M -( This document is an Internet-Draft and is in full conformance with) s -5 558 M -( all provisions of Section 10 of RFC2026.) s -5 536 M -( Internet-Drafts are working documents of the Internet Engineering) s -5 525 M -( Task Force \(IETF\), its areas, and its working groups. Note that other) s -5 514 M -( groups may also distribute working documents as Internet-Drafts.) s -5 492 M -( Internet-Drafts are draft documents valid for a maximum of six months) s -5 481 M -( and may be updated, replaced, or obsoleted by other documents at any) s -5 470 M -( time. It is inappropriate to use Internet-Drafts as reference) s -5 459 M -( material or to cite them other than as "work in progress.") s -5 437 M -( The list of current Internet-Drafts can be accessed at http://) s -5 426 M -( www.ietf.org/ietf/1id-abstracts.txt.) s -5 404 M -( The list of Internet-Draft Shadow Directories can be accessed at) s -5 393 M -( http://www.ietf.org/shadow.html.) s -5 371 M -( This Internet-Draft will expire on March 31, 2004.) s -5 349 M -(Copyright Notice) s -5 327 M -( Copyright \(C\) The Internet Society \(2003\). All Rights Reserved.) s -5 305 M -(Abstract) s -5 283 M -( SSH is a protocol for secure remote login and other secure network) s -5 272 M -( services over an insecure network.) s -5 250 M -( This document describes the SSH transport layer protocol which) s -5 239 M -( typically runs on top of TCP/IP. The protocol can be used as a basis) s -5 228 M -( for a number of secure network services. It provides strong) s -5 217 M -( encryption, server authentication, and integrity protection. It may) s -5 206 M -( also provide compression.) s -5 184 M -( Key exchange method, public key algorithm, symmetric encryption) s -5 173 M -( algorithm, message authentication algorithm, and hash algorithm are) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 1]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 2 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( all negotiated.) s -5 668 M -( This document also describes the Diffie-Hellman key exchange method) s -5 657 M -( and the minimal set of algorithms that are needed to implement the) s -5 646 M -( SSH transport layer protocol.) s -5 624 M -(Table of Contents) s -5 602 M -( 1. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 3) s -5 591 M -( 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3) s -5 580 M -( 3. Conventions Used in This Document . . . . . . . . . . . . . 3) s -5 569 M -( 4. Connection Setup . . . . . . . . . . . . . . . . . . . . . . 3) s -5 558 M -( 4.1 Use over TCP/IP . . . . . . . . . . . . . . . . . . . . . . 4) s -5 547 M -( 4.2 Protocol Version Exchange . . . . . . . . . . . . . . . . . 4) s -5 536 M -( 4.3 Compatibility With Old SSH Versions . . . . . . . . . . . . 4) s -5 525 M -( 4.3.1 Old Client, New Server . . . . . . . . . . . . . . . . . . . 5) s -5 514 M -( 4.3.2 New Client, Old Server . . . . . . . . . . . . . . . . . . . 5) s -5 503 M -( 5. Binary Packet Protocol . . . . . . . . . . . . . . . . . . . 5) s -5 492 M -( 5.1 Maximum Packet Length . . . . . . . . . . . . . . . . . . . 6) s -5 481 M -( 5.2 Compression . . . . . . . . . . . . . . . . . . . . . . . . 7) s -5 470 M -( 5.3 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . 7) s -5 459 M -( 5.4 Data Integrity . . . . . . . . . . . . . . . . . . . . . . . 9) s -5 448 M -( 5.5 Key Exchange Methods . . . . . . . . . . . . . . . . . . . . 10) s -5 437 M -( 5.6 Public Key Algorithms . . . . . . . . . . . . . . . . . . . 11) s -5 426 M -( 6. Key Exchange . . . . . . . . . . . . . . . . . . . . . . . . 13) s -5 415 M -( 6.1 Algorithm Negotiation . . . . . . . . . . . . . . . . . . . 13) s -5 404 M -( 6.2 Output from Key Exchange . . . . . . . . . . . . . . . . . . 16) s -5 393 M -( 6.3 Taking Keys Into Use . . . . . . . . . . . . . . . . . . . . 17) s -5 382 M -( 7. Diffie-Hellman Key Exchange . . . . . . . . . . . . . . . . 18) s -5 371 M -( 7.1 diffie-hellman-group1-sha1 . . . . . . . . . . . . . . . . . 19) s -5 360 M -( 8. Key Re-Exchange . . . . . . . . . . . . . . . . . . . . . . 20) s -5 349 M -( 9. Service Request . . . . . . . . . . . . . . . . . . . . . . 21) s -5 338 M -( 10. Additional Messages . . . . . . . . . . . . . . . . . . . . 21) s -5 327 M -( 10.1 Disconnection Message . . . . . . . . . . . . . . . . . . . 22) s -5 316 M -( 10.2 Ignored Data Message . . . . . . . . . . . . . . . . . . . . 22) s -5 305 M -( 10.3 Debug Message . . . . . . . . . . . . . . . . . . . . . . . 23) s -5 294 M -( 10.4 Reserved Messages . . . . . . . . . . . . . . . . . . . . . 23) s -5 283 M -( 11. Summary of Message Numbers . . . . . . . . . . . . . . . . . 23) s -5 272 M -( 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . 24) s -5 261 M -( 13. Security Considerations . . . . . . . . . . . . . . . . . . 24) s -5 250 M -( 14. Intellectual Property . . . . . . . . . . . . . . . . . . . 24) s -5 239 M -( 15. Additional Information . . . . . . . . . . . . . . . . . . . 24) s -5 228 M -( Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 26) s -5 217 M -( Normative . . . . . . . . . . . . . . . . . . . . . . . . . 25) s -5 206 M -( Informative . . . . . . . . . . . . . . . . . . . . . . . . 25) s -5 195 M -( A. Contibutors . . . . . . . . . . . . . . . . . . . . . . . . 27) s -5 184 M -( Intellectual Property and Copyright Statements . . . . . . . 28) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 2]) s -_R -S -PStoPSsaved restore -%%Page: (2,3) 2 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 3 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -(1. Contributors) s -5 668 M -( The major original contributors of this document were: Tatu Ylonen,) s -5 657 M -( Tero Kivinen, Timo J. Rinne, Sami Lehtinen \(all of SSH Communications) s -5 646 M -( Security Corp\), and Markku-Juhani O. Saarinen \(University of) s -5 635 M -( Jyvaskyla\)) s -5 613 M -( The document editor is: Darren.Moffat@Sun.COM. Comments on this) s -5 602 M -( internet draft should be sent to the IETF SECSH working group,) s -5 591 M -( details at: http://ietf.org/html.charters/secsh-charter.html) s -5 569 M -(2. Introduction) s -5 547 M -( The SSH transport layer is a secure low level transport protocol. It) s -5 536 M -( provides strong encryption, cryptographic host authentication, and) s -5 525 M -( integrity protection.) s -5 503 M -( Authentication in this protocol level is host-based; this protocol) s -5 492 M -( does not perform user authentication. A higher level protocol for) s -5 481 M -( user authentication can be designed on top of this protocol.) s -5 459 M -( The protocol has been designed to be simple, flexible, to allow) s -5 448 M -( parameter negotiation, and to minimize the number of round-trips.) s -5 437 M -( Key exchange method, public key algorithm, symmetric encryption) s -5 426 M -( algorithm, message authentication algorithm, and hash algorithm are) s -5 415 M -( all negotiated. It is expected that in most environments, only 2) s -5 404 M -( round-trips will be needed for full key exchange, server) s -5 393 M -( authentication, service request, and acceptance notification of) s -5 382 M -( service request. The worst case is 3 round-trips.) s -5 360 M -(3. Conventions Used in This Document) s -5 338 M -( The keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",) s -5 327 M -( and "MAY" that appear in this document are to be interpreted as) s -5 316 M -( described in [RFC2119].) s -5 294 M -( The used data types and terminology are specified in the architecture) s -5 283 M -( document [SSH-ARCH].) s -5 261 M -( The architecture document also discusses the algorithm naming) s -5 250 M -( conventions that MUST be used with the SSH protocols.) s -5 228 M -(4. Connection Setup) s -5 206 M -( SSH works over any 8-bit clean, binary-transparent transport. The) s -5 195 M -( underlying transport SHOULD protect against transmission errors as) s -5 184 M -( such errors cause the SSH connection to terminate.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 3]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 4 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( The client initiates the connection.) s -5 668 M -(4.1 Use over TCP/IP) s -5 646 M -( When used over TCP/IP, the server normally listens for connections on) s -5 635 M -( port 22. This port number has been registered with the IANA, and has) s -5 624 M -( been officially assigned for SSH.) s -5 602 M -(4.2 Protocol Version Exchange) s -5 580 M -( When the connection has been established, both sides MUST send an) s -5 569 M -( identification string of the form "SSH-protoversion-softwareversion) s -5 558 M -( comments", followed by carriage return and newline characters \(ASCII) s -5 547 M -( 13 and 10, respectively\). Both sides MUST be able to process) s -5 536 M -( identification strings without carriage return character. No null) s -5 525 M -( character is sent. The maximum length of the string is 255) s -5 514 M -( characters, including the carriage return and newline.) s -5 492 M -( The part of the identification string preceding carriage return and) s -5 481 M -( newline is used in the Diffie-Hellman key exchange \(see Section) s -5 470 M -( Section 7\).) s -5 448 M -( The server MAY send other lines of data before sending the version) s -5 437 M -( string. Each line SHOULD be terminated by a carriage return and) s -5 426 M -( newline. Such lines MUST NOT begin with "SSH-", and SHOULD be) s -5 415 M -( encoded in ISO-10646 UTF-8 [RFC2279] \(language is not specified\).) s -5 404 M -( Clients MUST be able to process such lines; they MAY be silently) s -5 393 M -( ignored, or MAY be displayed to the client user; if they are) s -5 382 M -( displayed, control character filtering discussed in [SSH-ARCH] SHOULD) s -5 371 M -( be used. The primary use of this feature is to allow TCP-wrappers to) s -5 360 M -( display an error message before disconnecting.) s -5 338 M -( Version strings MUST consist of printable US-ASCII characters, not) s -5 327 M -( including whitespaces or a minus sign \(-\). The version string is) s -5 316 M -( primarily used to trigger compatibility extensions and to indicate) s -5 305 M -( the capabilities of an implementation. The comment string should) s -5 294 M -( contain additional information that might be useful in solving user) s -5 283 M -( problems.) s -5 261 M -( The protocol version described in this document is 2.0.) s -5 239 M -( Key exchange will begin immediately after sending this identifier.) s -5 228 M -( All packets following the identification string SHALL use the binary) s -5 217 M -( packet protocol, to be described below.) s -5 195 M -(4.3 Compatibility With Old SSH Versions) s -5 173 M -( During the transition period, it is important to be able to work in a) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 4]) s -_R -S -PStoPSsaved restore -%%Page: (4,5) 3 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 5 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( way that is compatible with the installed SSH clients and servers) s -5 679 M -( that use an older version of the protocol. Information in this) s -5 668 M -( section is only relevant for implementations supporting compatibility) s -5 657 M -( with SSH versions 1.x. There is no standards track or informational) s -5 646 M -( draft available that defines the SSH 1.x protocol. The only known) s -5 635 M -( documentation of the 1.x protocol is contained in README files that) s -5 624 M -( are shipped along with the source code.) s -5 602 M -(4.3.1 Old Client, New Server) s -5 580 M -( Server implementations MAY support a configurable "compatibility") s -5 569 M -( flag that enables compatibility with old versions. When this flag is) s -5 558 M -( on, the server SHOULD identify its protocol version as "1.99".) s -5 547 M -( Clients using protocol 2.0 MUST be able to identify this as identical) s -5 536 M -( to "2.0". In this mode the server SHOULD NOT send the carriage) s -5 525 M -( return character \(ASCII 13\) after the version identification string.) s -5 503 M -( In the compatibility mode the server SHOULD NOT send any further data) s -5 492 M -( after its initialization string until it has received an) s -5 481 M -( identification string from the client. The server can then determine) s -5 470 M -( whether the client is using an old protocol, and can revert to the) s -5 459 M -( old protocol if required. In the compatibility mode, the server MUST) s -5 448 M -( NOT send additional data before the version string.) s -5 426 M -( When compatibility with old clients is not needed, the server MAY) s -5 415 M -( send its initial key exchange data immediately after the) s -5 404 M -( identification string.) s -5 382 M -(4.3.2 New Client, Old Server) s -5 360 M -( Since the new client MAY immediately send additional data after its) s -5 349 M -( identification string \(before receiving server's identification\), the) s -5 338 M -( old protocol may already have been corrupted when the client learns) s -5 327 M -( that the server is old. When this happens, the client SHOULD close) s -5 316 M -( the connection to the server, and reconnect using the old protocol.) s -5 294 M -(5. Binary Packet Protocol) s -5 272 M -( Each packet is in the following format:) s -5 250 M -( uint32 packet_length) s -5 239 M -( byte padding_length) s -5 228 M -( byte[n1] payload; n1 = packet_length - padding_length - 1) s -5 217 M -( byte[n2] random padding; n2 = padding_length) s -5 206 M -( byte[m] mac \(message authentication code\); m = mac_length) s -5 184 M -( packet_length) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 5]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 6 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( The length of the packet \(bytes\), not including MAC or the) s -5 679 M -( packet_length field itself.) s -5 657 M -( padding_length) s -5 646 M -( Length of padding \(bytes\).) s -5 624 M -( payload) s -5 613 M -( The useful contents of the packet. If compression has been) s -5 602 M -( negotiated, this field is compressed. Initially, compression) s -5 591 M -( MUST be "none".) s -5 569 M -( random padding) s -5 558 M -( Arbitrary-length padding, such that the total length of) s -5 547 M -( \(packet_length || padding_length || payload || padding\) is a) s -5 536 M -( multiple of the cipher block size or 8, whichever is larger.) s -5 525 M -( There MUST be at least four bytes of padding. The padding) s -5 514 M -( SHOULD consist of random bytes. The maximum amount of padding) s -5 503 M -( is 255 bytes.) s -5 481 M -( mac) s -5 470 M -( Message authentication code. If message authentication has) s -5 459 M -( been negotiated, this field contains the MAC bytes. Initially,) s -5 448 M -( the MAC algorithm MUST be "none".) s -5 415 M -( Note that length of the concatenation of packet length, padding) s -5 404 M -( length, payload, and padding MUST be a multiple of the cipher block) s -5 393 M -( size or 8, whichever is larger. This constraint MUST be enforced) s -5 382 M -( even when using stream ciphers. Note that the packet length field is) s -5 371 M -( also encrypted, and processing it requires special care when sending) s -5 360 M -( or receiving packets.) s -5 338 M -( The minimum size of a packet is 16 \(or the cipher block size,) s -5 327 M -( whichever is larger\) bytes \(plus MAC\); implementations SHOULD decrypt) s -5 316 M -( the length after receiving the first 8 \(or cipher block size,) s -5 305 M -( whichever is larger\) bytes of a packet.) s -5 283 M -(5.1 Maximum Packet Length) s -5 261 M -( All implementations MUST be able to process packets with uncompressed) s -5 250 M -( payload length of 32768 bytes or less and total packet size of 35000) s -5 239 M -( bytes or less \(including length, padding length, payload, padding,) s -5 228 M -( and MAC.\). The maximum of 35000 bytes is an arbitrary chosen value) s -5 217 M -( larger than uncompressed size. Implementations SHOULD support longer) s -5 206 M -( packets, where they might be needed, e.g. if an implementation wants) s -5 195 M -( to send a very large number of certificates. Such packets MAY be) s -5 184 M -( sent if the version string indicates that the other party is able to) s -5 173 M -( process them. However, implementations SHOULD check that the packet) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 6]) s -_R -S -PStoPSsaved restore -%%Page: (6,7) 4 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 7 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( length is reasonable for the implementation to avoid) s -5 679 M -( denial-of-service and/or buffer overflow attacks.) s -5 657 M -(5.2 Compression) s -5 635 M -( If compression has been negotiated, the payload field \(and only it\)) s -5 624 M -( will be compressed using the negotiated algorithm. The length field) s -5 613 M -( and MAC will be computed from the compressed payload. Encryption will) s -5 602 M -( be done after compression.) s -5 580 M -( Compression MAY be stateful, depending on the method. Compression) s -5 569 M -( MUST be independent for each direction, and implementations MUST) s -5 558 M -( allow independently choosing the algorithm for each direction.) s -5 536 M -( The following compression methods are currently defined:) s -5 514 M -( none REQUIRED no compression) s -5 503 M -( zlib OPTIONAL ZLIB \(LZ77\) compression) s -5 481 M -( The "zlib" compression is described in [RFC1950] and in [RFC1951].) s -5 470 M -( The compression context is initialized after each key exchange, and) s -5 459 M -( is passed from one packet to the next with only a partial flush being) s -5 448 M -( performed at the end of each packet. A partial flush means that the) s -5 437 M -( current compressed block is ended and all data will be output. If the) s -5 426 M -( current block is not a stored block, one or more empty blocks are) s -5 415 M -( added after the current block to ensure that there are at least 8) s -5 404 M -( bits counting from the start of the end-of-block code of the current) s -5 393 M -( block to the end of the packet payload.) s -5 371 M -( Additional methods may be defined as specified in [SSH-ARCH].) s -5 349 M -(5.3 Encryption) s -5 327 M -( An encryption algorithm and a key will be negotiated during the key) s -5 316 M -( exchange. When encryption is in effect, the packet length, padding) s -5 305 M -( length, payload and padding fields of each packet MUST be encrypted) s -5 294 M -( with the given algorithm.) s -5 272 M -( The encrypted data in all packets sent in one direction SHOULD be) s -5 261 M -( considered a single data stream. For example, initialization vectors) s -5 250 M -( SHOULD be passed from the end of one packet to the beginning of the) s -5 239 M -( next packet. All ciphers SHOULD use keys with an effective key length) s -5 228 M -( of 128 bits or more.) s -5 206 M -( The ciphers in each direction MUST run independently of each other,) s -5 195 M -( and implementations MUST allow independently choosing the algorithm) s -5 184 M -( for each direction \(if multiple algorithms are allowed by local) s -5 173 M -( policy\).) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 7]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 8 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( The following ciphers are currently defined:) s -5 668 M -( 3des-cbc REQUIRED three-key 3DES in CBC mode) s -5 657 M -( blowfish-cbc OPTIONALi Blowfish in CBC mode) s -5 646 M -( twofish256-cbc OPTIONAL Twofish in CBC mode,) s -5 635 M -( with 256-bit key) s -5 624 M -( twofish-cbc OPTIONAL alias for "twofish256-cbc" \(this) s -5 613 M -( is being retained for) s -5 602 M -( historical reasons\)) s -5 591 M -( twofish192-cbc OPTIONAL Twofish with 192-bit key) s -5 580 M -( twofish128-cbc OPTIONAL Twofish with 128-bit key) s -5 569 M -( aes256-cbc OPTIONAL AES \(Rijndael\) in CBC mode,) s -5 558 M -( with 256-bit key) s -5 547 M -( aes192-cbc OPTIONAL AES with 192-bit key) s -5 536 M -( aes128-cbc RECOMMENDED AES with 128-bit key) s -5 525 M -( serpent256-cbc OPTIONAL Serpent in CBC mode, with) s -5 514 M -( 256-bit key) s -5 503 M -( serpent192-cbc OPTIONAL Serpent with 192-bit key) s -5 492 M -( serpent128-cbc OPTIONAL Serpent with 128-bit key) s -5 481 M -( arcfour OPTIONAL the ARCFOUR stream cipher) s -5 470 M -( idea-cbc OPTIONAL IDEA in CBC mode) s -5 459 M -( cast128-cbc OPTIONAL CAST-128 in CBC mode) s -5 448 M -( none OPTIONAL no encryption; NOT RECOMMENDED) s -5 426 M -( The "3des-cbc" cipher is three-key triple-DES) s -5 415 M -( \(encrypt-decrypt-encrypt\), where the first 8 bytes of the key are) s -5 404 M -( used for the first encryption, the next 8 bytes for the decryption,) s -5 393 M -( and the following 8 bytes for the final encryption. This requires 24) s -5 382 M -( bytes of key data \(of which 168 bits are actually used\). To) s -5 371 M -( implement CBC mode, outer chaining MUST be used \(i.e., there is only) s -5 360 M -( one initialization vector\). This is a block cipher with 8 byte) s -5 349 M -( blocks. This algorithm is defined in [FIPS-46-3]) s -5 327 M -( The "blowfish-cbc" cipher is Blowfish in CBC mode, with 128 bit keys) s -5 316 M -( [SCHNEIER]. This is a block cipher with 8 byte blocks.) s -5 294 M -( The "twofish-cbc" or "twofish256-cbc" cipher is Twofish in CBC mode,) s -5 283 M -( with 256 bit keys as described [TWOFISH]. This is a block cipher with) s -5 272 M -( 16 byte blocks.) s -5 250 M -( The "twofish192-cbc" cipher. Same as above but with 192-bit key.) s -5 228 M -( The "twofish128-cbc" cipher. Same as above but with 128-bit key.) s -5 206 M -( The "aes256-cbc" cipher is AES \(Advanced Encryption Standard\)) s -5 195 M -( [FIPS-197], formerly Rijndael, in CBC mode. This version uses 256-bit) s -5 184 M -( key.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 8]) s -_R -S -PStoPSsaved restore -%%Page: (8,9) 5 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 9 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( The "aes192-cbc" cipher. Same as above but with 192-bit key.) s -5 668 M -( The "aes128-cbc" cipher. Same as above but with 128-bit key.) s -5 646 M -( The "serpent256-cbc" cipher in CBC mode, with 256-bit key as) s -5 635 M -( described in the Serpent AES submission.) s -5 613 M -( The "serpent192-cbc" cipher. Same as above but with 192-bit key.) s -5 591 M -( The "serpent128-cbc" cipher. Same as above but with 128-bit key.) s -5 569 M -( The "arcfour" is the Arcfour stream cipher with 128 bit keys. The) s -5 558 M -( Arcfour cipher is believed to be compatible with the RC4 cipher) s -5 547 M -( [SCHNEIER]. RC4 is a registered trademark of RSA Data Security Inc.) s -5 536 M -( Arcfour \(and RC4\) has problems with weak keys, and should be used) s -5 525 M -( with caution.) s -5 503 M -( The "idea-cbc" cipher is the IDEA cipher in CBC mode [SCHNEIER].) s -5 481 M -( The "cast128-cbc" cipher is the CAST-128 cipher in CBC mode) s -5 470 M -( [RFC2144].) s -5 448 M -( The "none" algorithm specifies that no encryption is to be done.) s -5 437 M -( Note that this method provides no confidentiality protection, and it) s -5 426 M -( is not recommended. Some functionality \(e.g. password) s -5 415 M -( authentication\) may be disabled for security reasons if this cipher) s -5 404 M -( is chosen.) s -5 382 M -( Additional methods may be defined as specified in [SSH-ARCH].) s -5 360 M -(5.4 Data Integrity) s -5 338 M -( Data integrity is protected by including with each packet a message) s -5 327 M -( authentication code \(MAC\) that is computed from a shared secret,) s -5 316 M -( packet sequence number, and the contents of the packet.) s -5 294 M -( The message authentication algorithm and key are negotiated during) s -5 283 M -( key exchange. Initially, no MAC will be in effect, and its length) s -5 272 M -( MUST be zero. After key exchange, the selected MAC will be computed) s -5 261 M -( before encryption from the concatenation of packet data:) s -5 239 M -( mac = MAC\(key, sequence_number || unencrypted_packet\)) s -5 217 M -( where unencrypted_packet is the entire packet without MAC \(the length) s -5 206 M -( fields, payload and padding\), and sequence_number is an implicit) s -5 195 M -( packet sequence number represented as uint32. The sequence number is) s -5 184 M -( initialized to zero for the first packet, and is incremented after) s -5 173 M -( every packet \(regardless of whether encryption or MAC is in use\). It) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 9]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 10 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( is never reset, even if keys/algorithms are renegotiated later. It) s -5 679 M -( wraps around to zero after every 2^32 packets. The packet sequence) s -5 668 M -( number itself is not included in the packet sent over the wire.) s -5 646 M -( The MAC algorithms for each direction MUST run independently, and) s -5 635 M -( implementations MUST allow choosing the algorithm independently for) s -5 624 M -( both directions.) s -5 602 M -( The MAC bytes resulting from the MAC algorithm MUST be transmitted) s -5 591 M -( without encryption as the last part of the packet. The number of MAC) s -5 580 M -( bytes depends on the algorithm chosen.) s -5 558 M -( The following MAC algorithms are currently defined:) s -5 536 M -( hmac-sha1 REQUIRED HMAC-SHA1 \(digest length = key) s -5 525 M -( length = 20\)) s -5 514 M -( hmac-sha1-96 RECOMMENDED first 96 bits of HMAC-SHA1 \(digest) s -5 503 M -( length = 12, key length = 20\)) s -5 492 M -( hmac-md5 OPTIONAL HMAC-MD5 \(digest length = key) s -5 481 M -( length = 16\)) s -5 470 M -( hmac-md5-96 OPTIONAL first 96 bits of HMAC-MD5 \(digest) s -5 459 M -( length = 12, key length = 16\)) s -5 448 M -( none OPTIONAL no MAC; NOT RECOMMENDED) s -5 426 M -( Figure 1) s -5 404 M -( The "hmac-*" algorithms are described in [RFC2104] The "*-n" MACs use) s -5 393 M -( only the first n bits of the resulting value.) s -5 371 M -( The hash algorithms are described in [SCHNEIER].) s -5 349 M -( Additional methods may be defined as specified in [SSH-ARCH].) s -5 327 M -(5.5 Key Exchange Methods) s -5 305 M -( The key exchange method specifies how one-time session keys are) s -5 294 M -( generated for encryption and for authentication, and how the server) s -5 283 M -( authentication is done.) s -5 261 M -( Only one REQUIRED key exchange method has been defined:) s -5 239 M -( diffie-hellman-group1-sha1 REQUIRED) s -5 217 M -( This method is described later in this document.) s -5 195 M -( Additional methods may be defined as specified in [SSH-ARCH].) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 10]) s -_R -S -PStoPSsaved restore -%%Page: (10,11) 6 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 11 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -(5.6 Public Key Algorithms) s -5 668 M -( This protocol has been designed to be able to operate with almost any) s -5 657 M -( public key format, encoding, and algorithm \(signature and/or) s -5 646 M -( encryption\).) s -5 624 M -( There are several aspects that define a public key type:) s -5 613 M -( o Key format: how is the key encoded and how are certificates) s -5 602 M -( represented. The key blobs in this protocol MAY contain) s -5 591 M -( certificates in addition to keys.) s -5 580 M -( o Signature and/or encryption algorithms. Some key types may not) s -5 569 M -( support both signing and encryption. Key usage may also be) s -5 558 M -( restricted by policy statements in e.g. certificates. In this) s -5 547 M -( case, different key types SHOULD be defined for the different) s -5 536 M -( policy alternatives.) s -5 525 M -( o Encoding of signatures and/or encrypted data. This includes but is) s -5 514 M -( not limited to padding, byte order, and data formats.) s -5 492 M -( The following public key and/or certificate formats are currently defined:) s -5 470 M -( ssh-dss REQUIRED sign Raw DSS Key) s -5 459 M -( ssh-rsa RECOMMENDED sign Raw RSA Key) s -5 448 M -( x509v3-sign-rsa OPTIONAL sign X.509 certificates \(RSA key\)) s -5 437 M -( x509v3-sign-dss OPTIONAL sign X.509 certificates \(DSS key\)) s -5 426 M -( spki-sign-rsa OPTIONAL sign SPKI certificates \(RSA key\)) s -5 415 M -( spki-sign-dss OPTIONAL sign SPKI certificates \(DSS key\)) s -5 404 M -( pgp-sign-rsa OPTIONAL sign OpenPGP certificates \(RSA key\)) s -5 393 M -( pgp-sign-dss OPTIONAL sign OpenPGP certificates \(DSS key\)) s -5 371 M -( Additional key types may be defined as specified in [SSH-ARCH].) s -5 349 M -( The key type MUST always be explicitly known \(from algorithm) s -5 338 M -( negotiation or some other source\). It is not normally included in) s -5 327 M -( the key blob.) s -5 305 M -( Certificates and public keys are encoded as follows:) s -5 283 M -( string certificate or public key format identifier) s -5 272 M -( byte[n] key/certificate data) s -5 250 M -( The certificate part may have be a zero length string, but a public) s -5 239 M -( key is required. This is the public key that will be used for) s -5 228 M -( authentication; the certificate sequence contained in the certificate) s -5 217 M -( blob can be used to provide authorization.) s -5 195 M -( Public key / certifcate formats that do not explicitly specify a) s -5 184 M -( signature format identifier MUST use the public key / certificate) s -5 173 M -( format identifier as the signature identifier.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 11]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 12 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( Signatures are encoded as follows:) s -5 679 M -( string signature format identifier \(as specified by the) s -5 668 M -( public key / cert format\)) s -5 657 M -( byte[n] signature blob in format specific encoding.) s -5 624 M -( The "ssh-dss" key format has the following specific encoding:) s -5 602 M -( string "ssh-dss") s -5 591 M -( mpint p) s -5 580 M -( mpint q) s -5 569 M -( mpint g) s -5 558 M -( mpint y) s -5 536 M -( Here the p, q, g, and y parameters form the signature key blob.) s -5 514 M -( Signing and verifying using this key format is done according to the) s -5 503 M -( Digital Signature Standard [FIPS-186] using the SHA-1 hash. A) s -5 492 M -( description can also be found in [SCHNEIER].) s -5 470 M -( The resulting signature is encoded as follows:) s -5 448 M -( string "ssh-dss") s -5 437 M -( string dss_signature_blob) s -5 415 M -( dss_signature_blob is encoded as a string containing r followed by s) s -5 404 M -( \(which are 160 bits long integers, without lengths or padding,) s -5 393 M -( unsigned and in network byte order\).) s -5 371 M -( The "ssh-rsa" key format has the following specific encoding:) s -5 349 M -( string "ssh-rsa") s -5 338 M -( mpint e) s -5 327 M -( mpint n) s -5 305 M -( Here the e and n parameters form the signature key blob.) s -5 283 M -( Signing and verifying using this key format is done according to) s -5 272 M -( [SCHNEIER] and [PKCS1] using the SHA-1 hash.) s -5 250 M -( The resulting signature is encoded as follows:) s -5 228 M -( string "ssh-rsa") s -5 217 M -( string rsa_signature_blob) s -5 195 M -( rsa_signature_blob is encoded as a string containing s \(which is an) s -5 184 M -( integer, without lengths or padding, unsigned and in network byte) s -5 173 M -( order\).) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 12]) s -_R -S -PStoPSsaved restore -%%Page: (12,13) 7 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 13 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( The "spki-sign-rsa" method indicates that the certificate blob) s -5 679 M -( contains a sequence of SPKI certificates. The format of SPKI) s -5 668 M -( certificates is described in [RFC2693]. This method indicates that) s -5 657 M -( the key \(or one of the keys in the certificate\) is an RSA-key.) s -5 635 M -( The "spki-sign-dss". As above, but indicates that the key \(or one of) s -5 624 M -( the keys in the certificate\) is a DSS-key.) s -5 602 M -( The "pgp-sign-rsa" method indicates the certificates, the public key,) s -5 591 M -( and the signature are in OpenPGP compatible binary format) s -5 580 M -( \([RFC2440]\). This method indicates that the key is an RSA-key.) s -5 558 M -( The "pgp-sign-dss". As above, but indicates that the key is a) s -5 547 M -( DSS-key.) s -5 525 M -(6. Key Exchange) s -5 503 M -( Key exchange begins by each side sending lists of supported) s -5 492 M -( algorithms. Each side has a preferred algorithm in each category, and) s -5 481 M -( it is assumed that most implementations at any given time will use) s -5 470 M -( the same preferred algorithm. Each side MAY guess which algorithm) s -5 459 M -( the other side is using, and MAY send an initial key exchange packet) s -5 448 M -( according to the algorithm if appropriate for the preferred method.) s -5 426 M -( Guess is considered wrong, if:) s -5 415 M -( o the kex algorithm and/or the host key algorithm is guessed wrong) s -5 404 M -( \(server and client have different preferred algorithm\), or) s -5 393 M -( o if any of the other algorithms cannot be agreed upon \(the) s -5 382 M -( procedure is defined below in Section Section 6.1\).) s -5 360 M -( Otherwise, the guess is considered to be right and the optimistically) s -5 349 M -( sent packet MUST be handled as the first key exchange packet.) s -5 327 M -( However, if the guess was wrong, and a packet was optimistically sent) s -5 316 M -( by one or both parties, such packets MUST be ignored \(even if the) s -5 305 M -( error in the guess would not affect the contents of the initial) s -5 294 M -( packet\(s\)\), and the appropriate side MUST send the correct initial) s -5 283 M -( packet.) s -5 261 M -( Server authentication in the key exchange MAY be implicit. After a) s -5 250 M -( key exchange with implicit server authentication, the client MUST) s -5 239 M -( wait for response to its service request message before sending any) s -5 228 M -( further data.) s -5 206 M -(6.1 Algorithm Negotiation) s -5 184 M -( Key exchange begins by each side sending the following packet:) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 13]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 14 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( byte SSH_MSG_KEXINIT) s -5 679 M -( byte[16] cookie \(random bytes\)) s -5 668 M -( string kex_algorithms) s -5 657 M -( string server_host_key_algorithms) s -5 646 M -( string encryption_algorithms_client_to_server) s -5 635 M -( string encryption_algorithms_server_to_client) s -5 624 M -( string mac_algorithms_client_to_server) s -5 613 M -( string mac_algorithms_server_to_client) s -5 602 M -( string compression_algorithms_client_to_server) s -5 591 M -( string compression_algorithms_server_to_client) s -5 580 M -( string languages_client_to_server) s -5 569 M -( string languages_server_to_client) s -5 558 M -( boolean first_kex_packet_follows) s -5 547 M -( uint32 0 \(reserved for future extension\)) s -5 525 M -( Each of the algorithm strings MUST be a comma-separated list of) s -5 514 M -( algorithm names \(see ''Algorithm Naming'' in [SSH-ARCH]\). Each) s -5 503 M -( supported \(allowed\) algorithm MUST be listed in order of preference.) s -5 481 M -( The first algorithm in each list MUST be the preferred \(guessed\)) s -5 470 M -( algorithm. Each string MUST contain at least one algorithm name.) s -5 437 M -( cookie) s -5 426 M -( The cookie MUST be a random value generated by the sender. Its) s -5 415 M -( purpose is to make it impossible for either side to fully) s -5 404 M -( determine the keys and the session identifier.) s -5 382 M -( kex_algorithms) s -5 371 M -( Key exchange algorithms were defined above. The first) s -5 360 M -( algorithm MUST be the preferred \(and guessed\) algorithm. If) s -5 349 M -( both sides make the same guess, that algorithm MUST be used.) s -5 338 M -( Otherwise, the following algorithm MUST be used to choose a key) s -5 327 M -( exchange method: iterate over client's kex algorithms, one at a) s -5 316 M -( time. Choose the first algorithm that satisfies the following) s -5 305 M -( conditions:) s -5 294 M -( + the server also supports the algorithm,) s -5 283 M -( + if the algorithm requires an encryption-capable host key,) s -5 272 M -( there is an encryption-capable algorithm on the server's) s -5 261 M -( server_host_key_algorithms that is also supported by the) s -5 250 M -( client, and) s -5 239 M -( + if the algorithm requires a signature-capable host key,) s -5 228 M -( there is a signature-capable algorithm on the server's) s -5 217 M -( server_host_key_algorithms that is also supported by the) s -5 206 M -( client.) s -5 195 M -( + If no algorithm satisfying all these conditions can be) s -5 184 M -( found, the connection fails, and both sides MUST disconnect.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 14]) s -_R -S -PStoPSsaved restore -%%Page: (14,15) 8 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 15 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( server_host_key_algorithms) s -5 679 M -( List of the algorithms supported for the server host key. The) s -5 668 M -( server lists the algorithms for which it has host keys; the) s -5 657 M -( client lists the algorithms that it is willing to accept.) s -5 646 M -( \(There MAY be multiple host keys for a host, possibly with) s -5 635 M -( different algorithms.\)) s -5 613 M -( Some host keys may not support both signatures and encryption) s -5 602 M -( \(this can be determined from the algorithm\), and thus not all) s -5 591 M -( host keys are valid for all key exchange methods.) s -5 569 M -( Algorithm selection depends on whether the chosen key exchange) s -5 558 M -( algorithm requires a signature or encryption capable host key.) s -5 547 M -( It MUST be possible to determine this from the public key) s -5 536 M -( algorithm name. The first algorithm on the client's list that) s -5 525 M -( satisfies the requirements and is also supported by the server) s -5 514 M -( MUST be chosen. If there is no such algorithm, both sides MUST) s -5 503 M -( disconnect.) s -5 481 M -( encryption_algorithms) s -5 470 M -( Lists the acceptable symmetric encryption algorithms in order) s -5 459 M -( of preference. The chosen encryption algorithm to each) s -5 448 M -( direction MUST be the first algorithm on the client's list) s -5 437 M -( that is also on the server's list. If there is no such) s -5 426 M -( algorithm, both sides MUST disconnect.) s -5 404 M -( Note that "none" must be explicitly listed if it is to be) s -5 393 M -( acceptable. The defined algorithm names are listed in Section) s -5 382 M -( Section 5.3.) s -5 360 M -( mac_algorithms) s -5 349 M -( Lists the acceptable MAC algorithms in order of preference.) s -5 338 M -( The chosen MAC algorithm MUST be the first algorithm on the) s -5 327 M -( client's list that is also on the server's list. If there is) s -5 316 M -( no such algorithm, both sides MUST disconnect.) s -5 294 M -( Note that "none" must be explicitly listed if it is to be) s -5 283 M -( acceptable. The MAC algorithm names are listed in Section) s -5 272 M -( Figure 1.) s -5 250 M -( compression_algorithms) s -5 239 M -( Lists the acceptable compression algorithms in order of) s -5 228 M -( preference. The chosen compression algorithm MUST be the first) s -5 217 M -( algorithm on the client's list that is also on the server's) s -5 206 M -( list. If there is no such algorithm, both sides MUST) s -5 195 M -( disconnect.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 15]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 16 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( Note that "none" must be explicitly listed if it is to be) s -5 679 M -( acceptable. The compression algorithm names are listed in) s -5 668 M -( Section Section 5.2.) s -5 646 M -( languages) s -5 635 M -( This is a comma-separated list of language tags in order of) s -5 624 M -( preference [RFC3066]. Both parties MAY ignore this list. If) s -5 613 M -( there are no language preferences, this list SHOULD be empty.) s -5 602 M -( Language tags SHOULD NOT be present unless they are known to be) s -5 591 M -( needed by the sending party.) s -5 569 M -( first_kex_packet_follows) s -5 558 M -( Indicates whether a guessed key exchange packet follows. If a) s -5 547 M -( guessed packet will be sent, this MUST be TRUE. If no guessed) s -5 536 M -( packet will be sent, this MUST be FALSE.) s -5 514 M -( After receiving the SSH_MSG_KEXINIT packet from the other side,) s -5 503 M -( each party will know whether their guess was right. If the) s -5 492 M -( other party's guess was wrong, and this field was TRUE, the) s -5 481 M -( next packet MUST be silently ignored, and both sides MUST then) s -5 470 M -( act as determined by the negotiated key exchange method. If) s -5 459 M -( the guess was right, key exchange MUST continue using the) s -5 448 M -( guessed packet.) s -5 426 M -( After the KEXINIT packet exchange, the key exchange algorithm is run.) s -5 415 M -( It may involve several packet exchanges, as specified by the key) s -5 404 M -( exchange method.) s -5 382 M -(6.2 Output from Key Exchange) s -5 360 M -( The key exchange produces two values: a shared secret K, and an) s -5 349 M -( exchange hash H. Encryption and authentication keys are derived from) s -5 338 M -( these. The exchange hash H from the first key exchange is) s -5 327 M -( additionally used as the session identifier, which is a unique) s -5 316 M -( identifier for this connection. It is used by authentication methods) s -5 305 M -( as a part of the data that is signed as a proof of possession of a) s -5 294 M -( private key. Once computed, the session identifier is not changed,) s -5 283 M -( even if keys are later re-exchanged.) s -5 250 M -( Each key exchange method specifies a hash function that is used in) s -5 239 M -( the key exchange. The same hash algorithm MUST be used in key) s -5 228 M -( derivation. Here, we'll call it HASH.) s -5 195 M -( Encryption keys MUST be computed as HASH of a known value and K as) s -5 184 M -( follows:) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 16]) s -_R -S -PStoPSsaved restore -%%Page: (16,17) 9 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 17 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( o Initial IV client to server: HASH\(K || H || "A" || session_id\)) s -5 679 M -( \(Here K is encoded as mpint and "A" as byte and session_id as raw) s -5 668 M -( data."A" means the single character A, ASCII 65\).) s -5 657 M -( o Initial IV server to client: HASH\(K || H || "B" || session_id\)) s -5 646 M -( o Encryption key client to server: HASH\(K || H || "C" || session_id\)) s -5 635 M -( o Encryption key server to client: HASH\(K || H || "D" || session_id\)) s -5 624 M -( o Integrity key client to server: HASH\(K || H || "E" || session_id\)) s -5 613 M -( o Integrity key server to client: HASH\(K || H || "F" || session_id\)) s -5 591 M -( Key data MUST be taken from the beginning of the hash output. 128) s -5 580 M -( bits \(16 bytes\) MUST be used for algorithms with variable-length) s -5 569 M -( keys. The only variable key length algorithm defined in this document) s -5 558 M -( is arcfour\). For other algorithms, as many bytes as are needed are) s -5 547 M -( taken from the beginning of the hash value. If the key length needed) s -5 536 M -( is longer than the output of the HASH, the key is extended by) s -5 525 M -( computing HASH of the concatenation of K and H and the entire key so) s -5 514 M -( far, and appending the resulting bytes \(as many as HASH generates\) to) s -5 503 M -( the key. This process is repeated until enough key material is) s -5 492 M -( available; the key is taken from the beginning of this value. In) s -5 481 M -( other words:) s -5 459 M -( K1 = HASH\(K || H || X || session_id\) \(X is e.g. "A"\)) s -5 448 M -( K2 = HASH\(K || H || K1\)) s -5 437 M -( K3 = HASH\(K || H || K1 || K2\)) s -5 426 M -( ...) s -5 415 M -( key = K1 || K2 || K3 || ...) s -5 393 M -( This process will lose entropy if the amount of entropy in K is) s -5 382 M -( larger than the internal state size of HASH.) s -5 360 M -(6.3 Taking Keys Into Use) s -5 338 M -( Key exchange ends by each side sending an SSH_MSG_NEWKEYS message.) s -5 327 M -( This message is sent with the old keys and algorithms. All messages) s -5 316 M -( sent after this message MUST use the new keys and algorithms.) s -5 283 M -( When this message is received, the new keys and algorithms MUST be) s -5 272 M -( taken into use for receiving.) s -5 239 M -( This message is the only valid message after key exchange, in) s -5 228 M -( addition to SSH_MSG_DEBUG, SSH_MSG_DISCONNECT and SSH_MSG_IGNORE) s -5 217 M -( messages. The purpose of this message is to ensure that a party is) s -5 206 M -( able to respond with a disconnect message that the other party can) s -5 195 M -( understand if something goes wrong with the key exchange.) s -5 184 M -( Implementations MUST NOT accept any other messages after key exchange) s -5 173 M -( before receiving SSH_MSG_NEWKEYS.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 17]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 18 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( byte SSH_MSG_NEWKEYS) s -5 657 M -(7. Diffie-Hellman Key Exchange) s -5 635 M -( The Diffie-Hellman key exchange provides a shared secret that can not) s -5 624 M -( be determined by either party alone. The key exchange is combined) s -5 613 M -( with a signature with the host key to provide host authentication.) s -5 580 M -( In the following description \(C is the client, S is the server; p is) s -5 569 M -( a large safe prime, g is a generator for a subgroup of GF\(p\), and q) s -5 558 M -( is the order of the subgroup; V_S is S's version string; V_C is C's) s -5 547 M -( version string; K_S is S's public host key; I_C is C's KEXINIT) s -5 536 M -( message and I_S S's KEXINIT message which have been exchanged before) s -5 525 M -( this part begins\):) s -5 492 M -( 1. C generates a random number x \(1 < x < q\) and computes e = g^x) s -5 481 M -( mod p. C sends "e" to S.) s -5 459 M -( 2. S generates a random number y \(0 < y < q\) and computes f = g^y) s -5 448 M -( mod p. S receives "e". It computes K = e^y mod p, H = hash\(V_C) s -5 437 M -( || V_S || I_C || I_S || K_S || e || f || K\) \(these elements are) s -5 426 M -( encoded according to their types; see below\), and signature s on) s -5 415 M -( H with its private host key. S sends "K_S || f || s" to C. The) s -5 404 M -( signing operation may involve a second hashing operation.) s -5 382 M -( 3. C verifies that K_S really is the host key for S \(e.g. using) s -5 371 M -( certificates or a local database\). C is also allowed to accept) s -5 360 M -( the key without verification; however, doing so will render the) s -5 349 M -( protocol insecure against active attacks \(but may be desirable) s -5 338 M -( for practical reasons in the short term in many environments\). C) s -5 327 M -( then computes K = f^x mod p, H = hash\(V_C || V_S || I_C || I_S ||) s -5 316 M -( K_S || e || f || K\), and verifies the signature s on H.) s -5 294 M -( Either side MUST NOT send or accept e or f values that are not in the) s -5 283 M -( range [1, p-1]. If this condition is violated, the key exchange) s -5 272 M -( fails.) s -5 239 M -( This is implemented with the following messages. The hash algorithm) s -5 228 M -( for computing the exchange hash is defined by the method name, and is) s -5 217 M -( called HASH. The public key algorithm for signing is negotiated with) s -5 206 M -( the KEXINIT messages.) s -5 184 M -( First, the client sends the following:) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 18]) s -_R -S -PStoPSsaved restore -%%Page: (18,19) 10 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 19 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( byte SSH_MSG_KEXDH_INIT) s -5 679 M -( mpint e) s -5 646 M -( The server responds with the following:) s -5 624 M -( byte SSH_MSG_KEXDH_REPLY) s -5 613 M -( string server public host key and certificates \(K_S\)) s -5 602 M -( mpint f) s -5 591 M -( string signature of H) s -5 569 M -( The hash H is computed as the HASH hash of the concatenation of the) s -5 558 M -( following:) s -5 536 M -( string V_C, the client's version string \(CR and NL excluded\)) s -5 525 M -( string V_S, the server's version string \(CR and NL excluded\)) s -5 514 M -( string I_C, the payload of the client's SSH_MSG_KEXINIT) s -5 503 M -( string I_S, the payload of the server's SSH_MSG_KEXINIT) s -5 492 M -( string K_S, the host key) s -5 481 M -( mpint e, exchange value sent by the client) s -5 470 M -( mpint f, exchange value sent by the server) s -5 459 M -( mpint K, the shared secret) s -5 437 M -( This value is called the exchange hash, and it is used to) s -5 426 M -( authenticate the key exchange. The exchange hash SHOULD be kept) s -5 415 M -( secret.) s -5 382 M -( The signature algorithm MUST be applied over H, not the original) s -5 371 M -( data. Most signature algorithms include hashing and additional) s -5 360 M -( padding. For example, "ssh-dss" specifies SHA-1 hashing; in that) s -5 349 M -( case, the data is first hashed with HASH to compute H, and H is then) s -5 338 M -( hashed with SHA-1 as part of the signing operation.) s -5 316 M -(7.1 diffie-hellman-group1-sha1) s -5 294 M -( The "diffie-hellman-group1-sha1" method specifies Diffie-Hellman key) s -5 283 M -( exchange with SHA-1 as HASH, and Oakley group 14 [RFC3526] \(2048-bit) s -5 272 M -( MODP Group\). It is included below in hexadecimal and decimal.) s -5 250 M -( The prime p is equal to 2^1024 - 2^960 - 1 + 2^64 * floor\( 2^894 Pi +) s -5 239 M -( 129093 \). Its hexadecimal value is:) s -5 217 M -( FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1) s -5 206 M -( 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD) s -5 195 M -( EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245) s -5 184 M -( E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED) s -5 173 M -( EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 19]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 20 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( FFFFFFFF FFFFFFFF.) s -5 668 M -( In decimal, this value is:) s -5 646 M -( 179769313486231590770839156793787453197860296048756011706444) s -5 635 M -( 423684197180216158519368947833795864925541502180565485980503) s -5 624 M -( 646440548199239100050792877003355816639229553136239076508735) s -5 613 M -( 759914822574862575007425302077447712589550957937778424442426) s -5 602 M -( 617334727629299387668709205606050270810842907692932019128194) s -5 591 M -( 467627007.) s -5 569 M -( The generator used with this prime is g = 2. The group order q is \(p) s -5 558 M -( - 1\) / 2.) s -5 536 M -(8. Key Re-Exchange) s -5 514 M -( Key re-exchange is started by sending an SSH_MSG_KEXINIT packet when) s -5 503 M -( not already doing a key exchange \(as described in Section Section) s -5 492 M -( 6.1\). When this message is received, a party MUST respond with its) s -5 481 M -( own SSH_MSG_KEXINIT message except when the received SSH_MSG_KEXINIT) s -5 470 M -( already was a reply. Either party MAY initiate the re-exchange, but) s -5 459 M -( roles MUST NOT be changed \(i.e., the server remains the server, and) s -5 448 M -( the client remains the client\).) s -5 415 M -( Key re-exchange is performed using whatever encryption was in effect) s -5 404 M -( when the exchange was started. Encryption, compression, and MAC) s -5 393 M -( methods are not changed before a new SSH_MSG_NEWKEYS is sent after) s -5 382 M -( the key exchange \(as in the initial key exchange\). Re-exchange is) s -5 371 M -( processed identically to the initial key exchange, except for the) s -5 360 M -( session identifier that will remain unchanged. It is permissible to) s -5 349 M -( change some or all of the algorithms during the re-exchange. Host) s -5 338 M -( keys can also change. All keys and initialization vectors are) s -5 327 M -( recomputed after the exchange. Compression and encryption contexts) s -5 316 M -( are reset.) s -5 283 M -( It is recommended that the keys are changed after each gigabyte of) s -5 272 M -( transmitted data or after each hour of connection time, whichever) s -5 261 M -( comes sooner. However, since the re-exchange is a public key) s -5 250 M -( operation, it requires a fair amount of processing power and should) s -5 239 M -( not be performed too often.) s -5 206 M -( More application data may be sent after the SSH_MSG_NEWKEYS packet) s -5 195 M -( has been sent; key exchange does not affect the protocols that lie) s -5 184 M -( above the SSH transport layer.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 20]) s -_R -S -PStoPSsaved restore -%%Page: (20,21) 11 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 21 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -(9. Service Request) s -5 668 M -( After the key exchange, the client requests a service. The service is) s -5 657 M -( identified by a name. The format of names and procedures for defining) s -5 646 M -( new names are defined in [SSH-ARCH].) s -5 613 M -( Currently, the following names have been reserved:) s -5 591 M -( ssh-userauth) s -5 580 M -( ssh-connection) s -5 558 M -( Similar local naming policy is applied to the service names, as is) s -5 547 M -( applied to the algorithm names; a local service should use the) s -5 536 M -( "servicename@domain" syntax.) s -5 514 M -( byte SSH_MSG_SERVICE_REQUEST) s -5 503 M -( string service name) s -5 481 M -( If the server rejects the service request, it SHOULD send an) s -5 470 M -( appropriate SSH_MSG_DISCONNECT message and MUST disconnect.) s -5 437 M -( When the service starts, it may have access to the session identifier) s -5 426 M -( generated during the key exchange.) s -5 393 M -( If the server supports the service \(and permits the client to use) s -5 382 M -( it\), it MUST respond with the following:) s -5 360 M -( byte SSH_MSG_SERVICE_ACCEPT) s -5 349 M -( string service name) s -5 327 M -( Message numbers used by services should be in the area reserved for) s -5 316 M -( them \(see Section 6 in [SSH-ARCH]\). The transport level will) s -5 305 M -( continue to process its own messages.) s -5 272 M -( Note that after a key exchange with implicit server authentication,) s -5 261 M -( the client MUST wait for response to its service request message) s -5 250 M -( before sending any further data.) s -5 228 M -(10. Additional Messages) s -5 206 M -( Either party may send any of the following messages at any time.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 21]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 22 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -(10.1 Disconnection Message) s -5 668 M -( byte SSH_MSG_DISCONNECT) s -5 657 M -( uint32 reason code) s -5 646 M -( string description [RFC2279]) s -5 635 M -( string language tag [RFC3066]) s -5 613 M -( This message causes immediate termination of the connection. All) s -5 602 M -( implementations MUST be able to process this message; they SHOULD be) s -5 591 M -( able to send this message.) s -5 569 M -( The sender MUST NOT send or receive any data after this message, and) s -5 558 M -( the recipient MUST NOT accept any data after receiving this message.) s -5 547 M -( The description field gives a more specific explanation in a) s -5 536 M -( human-readable form. The error code gives the reason in a more) s -5 525 M -( machine-readable format \(suitable for localization\), and can have the) s -5 514 M -( following values:) s -5 492 M -( #define SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1) s -5 481 M -( #define SSH_DISCONNECT_PROTOCOL_ERROR 2) s -5 470 M -( #define SSH_DISCONNECT_KEY_EXCHANGE_FAILED 3) s -5 459 M -( #define SSH_DISCONNECT_RESERVED 4) s -5 448 M -( #define SSH_DISCONNECT_MAC_ERROR 5) s -5 437 M -( #define SSH_DISCONNECT_COMPRESSION_ERROR 6) s -5 426 M -( #define SSH_DISCONNECT_SERVICE_NOT_AVAILABLE 7) s -5 415 M -( #define SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8) s -5 404 M -( #define SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9) s -5 393 M -( #define SSH_DISCONNECT_CONNECTION_LOST 10) s -5 382 M -( #define SSH_DISCONNECT_BY_APPLICATION 11) s -5 371 M -( #define SSH_DISCONNECT_TOO_MANY_CONNECTIONS 12) s -5 360 M -( #define SSH_DISCONNECT_AUTH_CANCELLED_BY_USER 13) s -5 349 M -( #define SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14) s -5 338 M -( #define SSH_DISCONNECT_ILLEGAL_USER_NAME 15) s -5 316 M -( If the description string is displayed, control character filtering) s -5 305 M -( discussed in [SSH-ARCH] should be used to avoid attacks by sending) s -5 294 M -( terminal control characters.) s -5 272 M -(10.2 Ignored Data Message) s -5 250 M -( byte SSH_MSG_IGNORE) s -5 239 M -( string data) s -5 217 M -( All implementations MUST understand \(and ignore\) this message at any) s -5 206 M -( time \(after receiving the protocol version\). No implementation is) s -5 195 M -( required to send them. This message can be used as an additional) s -5 184 M -( protection measure against advanced traffic analysis techniques.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 22]) s -_R -S -PStoPSsaved restore -%%Page: (22,23) 12 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 23 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -(10.3 Debug Message) s -5 668 M -( byte SSH_MSG_DEBUG) s -5 657 M -( boolean always_display) s -5 646 M -( string message [RFC2279]) s -5 635 M -( string language tag [RFC3066]) s -5 613 M -( All implementations MUST understand this message, but they are) s -5 602 M -( allowed to ignore it. This message is used to pass the other side) s -5 591 M -( information that may help debugging. If always_display is TRUE, the) s -5 580 M -( message SHOULD be displayed. Otherwise, it SHOULD NOT be displayed) s -5 569 M -( unless debugging information has been explicitly requested by the) s -5 558 M -( user.) s -5 525 M -( The message doesn't need to contain a newline. It is, however,) s -5 514 M -( allowed to consist of multiple lines separated by CRLF \(Carriage) s -5 503 M -( Return - Line Feed\) pairs.) s -5 470 M -( If the message string is displayed, terminal control character) s -5 459 M -( filtering discussed in [SSH-ARCH] should be used to avoid attacks by) s -5 448 M -( sending terminal control characters.) s -5 426 M -(10.4 Reserved Messages) s -5 404 M -( An implementation MUST respond to all unrecognized messages with an) s -5 393 M -( SSH_MSG_UNIMPLEMENTED message in the order in which the messages were) s -5 382 M -( received. Such messages MUST be otherwise ignored. Later protocol) s -5 371 M -( versions may define other meanings for these message types.) s -5 349 M -( byte SSH_MSG_UNIMPLEMENTED) s -5 338 M -( uint32 packet sequence number of rejected message) s -5 305 M -(11. Summary of Message Numbers) s -5 283 M -( The following message numbers have been defined in this protocol:) s -5 261 M -( #define SSH_MSG_DISCONNECT 1) s -5 250 M -( #define SSH_MSG_IGNORE 2) s -5 239 M -( #define SSH_MSG_UNIMPLEMENTED 3) s -5 228 M -( #define SSH_MSG_DEBUG 4) s -5 217 M -( #define SSH_MSG_SERVICE_REQUEST 5) s -5 206 M -( #define SSH_MSG_SERVICE_ACCEPT 6) s -5 184 M -( #define SSH_MSG_KEXINIT 20) s -5 173 M -( #define SSH_MSG_NEWKEYS 21) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 23]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 24 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( /* Numbers 30-49 used for kex packets.) s -5 679 M -( Different kex methods may reuse message numbers in) s -5 668 M -( this range. */) s -5 646 M -( #define SSH_MSG_KEXDH_INIT 30) s -5 635 M -( #define SSH_MSG_KEXDH_REPLY 31) s -5 602 M -(12. IANA Considerations) s -5 580 M -( This document is part of a set, the IANA considerations for the SSH) s -5 569 M -( protocol as defined in [SSH-ARCH], [SSH-TRANS], [SSH-USERAUTH],) s -5 558 M -( [SSH-CONNECT] are detailed in [SSH-NUMBERS].) s -5 536 M -(13. Security Considerations) s -5 514 M -( This protocol provides a secure encrypted channel over an insecure) s -5 503 M -( network. It performs server host authentication, key exchange,) s -5 492 M -( encryption, and integrity protection. It also derives a unique) s -5 481 M -( session id that may be used by higher-level protocols.) s -5 459 M -( Full security considerations for this protocol are provided in) s -5 448 M -( Section 8 of [SSH-ARCH]) s -5 426 M -(14. Intellectual Property) s -5 404 M -( The IETF takes no position regarding the validity or scope of any) s -5 393 M -( intellectual property or other rights that might be claimed to) s -5 382 M -( pertain to the implementation or use of the technology described in) s -5 371 M -( this document or the extent to which any license under such rights) s -5 360 M -( might or might not be available; neither does it represent that it) s -5 349 M -( has made any effort to identify any such rights. Information on the) s -5 338 M -( IETF's procedures with respect to rights in standards-track and) s -5 327 M -( standards-related documentation can be found in BCP-11. Copies of) s -5 316 M -( claims of rights made available for publication and any assurances of) s -5 305 M -( licenses to be made available, or the result of an attempt made to) s -5 294 M -( obtain a general license or permission for the use of such) s -5 283 M -( proprietary rights by implementers or users of this specification can) s -5 272 M -( be obtained from the IETF Secretariat.) s -5 250 M -( The IETF has been notified of intellectual property rights claimed in) s -5 239 M -( regard to some or all of the specification contained in this) s -5 228 M -( document. For more information consult the online list of claimed) s -5 217 M -( rights.) s -5 195 M -(15. Additional Information) s -5 173 M -( The current document editor is: Darren.Moffat@Sun.COM. Comments on) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 24]) s -_R -S -PStoPSsaved restore -%%Page: (24,25) 13 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 25 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( this internet draft should be sent to the IETF SECSH working group,) s -5 679 M -( details at: http://ietf.org/html.charters/secsh-charter.html) s -5 657 M -(Normative) s -5 635 M -( [SSH-ARCH]) s -5 624 M -( Ylonen, T., "SSH Protocol Architecture", I-D) s -5 613 M -( draft-ietf-architecture-15.txt, Oct 2003.) s -5 591 M -( [SSH-TRANS]) s -5 580 M -( Ylonen, T., "SSH Transport Layer Protocol", I-D) s -5 569 M -( draft-ietf-transport-17.txt, Oct 2003.) s -5 547 M -( [SSH-USERAUTH]) s -5 536 M -( Ylonen, T., "SSH Authentication Protocol", I-D) s -5 525 M -( draft-ietf-userauth-18.txt, Oct 2003.) s -5 503 M -( [SSH-CONNECT]) s -5 492 M -( Ylonen, T., "SSH Connection Protocol", I-D) s -5 481 M -( draft-ietf-connect-18.txt, Oct 2003.) s -5 459 M -( [SSH-NUMBERS]) s -5 448 M -( Lehtinen, S. and D. Moffat, "SSH Protocol Assigned) s -5 437 M -( Numbers", I-D draft-ietf-secsh-assignednumbers-05.txt, Oct) s -5 426 M -( 2003.) s -5 404 M -( [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate) s -5 393 M -( Requirement Levels", BCP 14, RFC 2119, March 1997.) s -5 371 M -(Informative) s -5 349 M -( [FIPS-186]) s -5 338 M -( Federal Information Processing Standards Publication,) s -5 327 M -( "FIPS PUB 186, Digital Signature Standard", May 1994.) s -5 305 M -( [FIPS-197]) s -5 294 M -( NIST, "FIPS PUB 197 Advanced Encryption Standard \(AES\)",) s -5 283 M -( November 2001.) s -5 261 M -( [FIPS-46-3]) s -5 250 M -( U.S. Dept. of Commerce, "FIPS PUB 46-3, Data Encryption) s -5 239 M -( Standard \(DES\)", October 1999.) s -5 217 M -( [RFC2459] Housley, R., Ford, W., Polk, T. and D. Solo, "Internet) s -5 206 M -( X.509 Public Key Infrastructure Certificate and CRL) s -5 195 M -( Profile", RFC 2459, January 1999.) s -5 173 M -( [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 25]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 26 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( STD 13, RFC 1034, November 1987.) s -5 668 M -( [RFC3066] Alvestrand, H., "Tags for the Identification of) s -5 657 M -( Languages", BCP 47, RFC 3066, January 2001.) s -5 635 M -( [RFC1950] Deutsch, L. and J-L. Gailly, "ZLIB Compressed Data Format) s -5 624 M -( Specification version 3.3", RFC 1950, May 1996.) s -5 602 M -( [RFC1951] Deutsch, P., "DEFLATE Compressed Data Format Specification) s -5 591 M -( version 1.3", RFC 1951, May 1996.) s -5 569 M -( [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO) s -5 558 M -( 10646", RFC 2279, January 1998.) s -5 536 M -( [RFC2104] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC:) s -5 525 M -( Keyed-Hashing for Message Authentication", RFC 2104,) s -5 514 M -( February 1997.) s -5 492 M -( [RFC2144] Adams, C., "The CAST-128 Encryption Algorithm", RFC 2144,) s -5 481 M -( May 1997.) s -5 459 M -( [RFC2440] Callas, J., Donnerhacke, L., Finney, H. and R. Thayer,) s -5 448 M -( "OpenPGP Message Format", RFC 2440, November 1998.) s -5 426 M -( [RFC2693] Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas,) s -5 415 M -( B. and T. Ylonen, "SPKI Certificate Theory", RFC 2693,) s -5 404 M -( September 1999.) s -5 382 M -( [RFC3526] Kivinen, T. and M. Kojo, "More Modular Exponential \(MODP\)) s -5 371 M -( Diffie-Hellman groups for Internet Key Exchange \(IKE\)",) s -5 360 M -( RFC 3526, May 2003.) s -5 338 M -( [SCHNEIER]) s -5 327 M -( Schneier, B., "Applied Cryptography Second Edition:) s -5 316 M -( protocols algorithms and source in code in C", 1996.) s -5 294 M -( [TWOFISH] Schneier, B., "The Twofish Encryptions Algorithm: A) s -5 283 M -( 128-Bit Block Cipher, 1st Edition", March 1999.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 26]) s -_R -S -PStoPSsaved restore -%%Page: (26,27) 14 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 27 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -(Authors' Addresses) s -5 668 M -( Tatu Ylonen) s -5 657 M -( SSH Communications Security Corp) s -5 646 M -( Fredrikinkatu 42) s -5 635 M -( HELSINKI FIN-00100) s -5 624 M -( Finland) s -5 602 M -( EMail: ylo@ssh.com) s -5 569 M -( Darren J. Moffat \(editor\)) s -5 558 M -( Sun Microsystems, Inc) s -5 547 M -( 17 Network Circle) s -5 536 M -( Menlo Park 95025) s -5 525 M -( USA) s -5 503 M -( EMail: Darren.Moffat@Sun.COM) s -5 481 M -(Appendix A. Contibutors) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 27]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 28 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -(Intellectual Property Statement) s -5 668 M -( The IETF takes no position regarding the validity or scope of any) s -5 657 M -( intellectual property or other rights that might be claimed to) s -5 646 M -( pertain to the implementation or use of the technology described in) s -5 635 M -( this document or the extent to which any license under such rights) s -5 624 M -( might or might not be available; neither does it represent that it) s -5 613 M -( has made any effort to identify any such rights. Information on the) s -5 602 M -( IETF's procedures with respect to rights in standards-track and) s -5 591 M -( standards-related documentation can be found in BCP-11. Copies of) s -5 580 M -( claims of rights made available for publication and any assurances of) s -5 569 M -( licenses to be made available, or the result of an attempt made to) s -5 558 M -( obtain a general license or permission for the use of such) s -5 547 M -( proprietary rights by implementors or users of this specification can) s -5 536 M -( be obtained from the IETF Secretariat.) s -5 514 M -( The IETF invites any interested party to bring to its attention any) s -5 503 M -( copyrights, patents or patent applications, or other proprietary) s -5 492 M -( rights which may cover technology that may be required to practice) s -5 481 M -( this standard. Please address the information to the IETF Executive) s -5 470 M -( Director.) s -5 448 M -( The IETF has been notified of intellectual property rights claimed in) s -5 437 M -( regard to some or all of the specification contained in this) s -5 426 M -( document. For more information consult the online list of claimed) s -5 415 M -( rights.) s -5 382 M -(Full Copyright Statement) s -5 360 M -( Copyright \(C\) The Internet Society \(2003\). All Rights Reserved.) s -5 338 M -( This document and translations of it may be copied and furnished to) s -5 327 M -( others, and derivative works that comment on or otherwise explain it) s -5 316 M -( or assist in its implementation may be prepared, copied, published) s -5 305 M -( and distributed, in whole or in part, without restriction of any) s -5 294 M -( kind, provided that the above copyright notice and this paragraph are) s -5 283 M -( included on all such copies and derivative works. However, this) s -5 272 M -( document itself may not be modified in any way, such as by removing) s -5 261 M -( the copyright notice or references to the Internet Society or other) s -5 250 M -( Internet organizations, except as needed for the purpose of) s -5 239 M -( developing Internet standards in which case the procedures for) s -5 228 M -( copyrights defined in the Internet Standards process must be) s -5 217 M -( followed, or as required to translate it into languages other than) s -5 206 M -( English.) s -5 184 M -( The limited permissions granted above are perpetual and will not be) s -5 173 M -( revoked by the Internet Society or its successors or assignees.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 28]) s -_R -S -PStoPSsaved restore -%%Page: (28,29) 15 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 29 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Transport Layer Protocol Oct 2003) s -5 690 M -( This document and the information contained herein is provided on an) s -5 679 M -( "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING) s -5 668 M -( TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING) s -5 657 M -( BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION) s -5 646 M -( HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF) s -5 635 M -( MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.) s -5 602 M -(Acknowledgment) s -5 580 M -( Funding for the RFC Editor function is currently provided by the) s -5 569 M -( Internet Society.) s -5 129 M -(Ylonen & Moffat, Editor Expires March 31, 2004 [Page 29]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -showpage -PStoPSsaved restore -%%Trailer -%%Pages: 29 -%%DocumentNeededResources: font Courier-Bold Courier -%%EOF diff --git a/lib/ssh/doc/standard/draft-ietf-secsh-transport-17.txt b/lib/ssh/doc/standard/draft-ietf-secsh-transport-17.txt deleted file mode 100644 index 9073ea52b2..0000000000 --- a/lib/ssh/doc/standard/draft-ietf-secsh-transport-17.txt +++ /dev/null @@ -1,1624 +0,0 @@ - - - -Network Working Group T. Ylonen -Internet-Draft SSH Communications Security Corp -Expires: March 31, 2004 D. Moffat, Editor, Ed. - Sun Microsystems, Inc - Oct 2003 - - - SSH Transport Layer Protocol - draft-ietf-secsh-transport-17.txt - -Status of this Memo - - This document is an Internet-Draft and is in full conformance with - all provisions of Section 10 of RFC2026. - - Internet-Drafts are working documents of the Internet Engineering - Task Force (IETF), its areas, and its working groups. Note that other - groups may also distribute working documents as Internet-Drafts. - - Internet-Drafts are draft documents valid for a maximum of six months - and may be updated, replaced, or obsoleted by other documents at any - time. It is inappropriate to use Internet-Drafts as reference - material or to cite them other than as "work in progress." - - The list of current Internet-Drafts can be accessed at http:// - www.ietf.org/ietf/1id-abstracts.txt. - - The list of Internet-Draft Shadow Directories can be accessed at - http://www.ietf.org/shadow.html. - - This Internet-Draft will expire on March 31, 2004. - -Copyright Notice - - Copyright (C) The Internet Society (2003). All Rights Reserved. - -Abstract - - SSH is a protocol for secure remote login and other secure network - services over an insecure network. - - This document describes the SSH transport layer protocol which - typically runs on top of TCP/IP. The protocol can be used as a basis - for a number of secure network services. It provides strong - encryption, server authentication, and integrity protection. It may - also provide compression. - - Key exchange method, public key algorithm, symmetric encryption - algorithm, message authentication algorithm, and hash algorithm are - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 1] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - all negotiated. - - This document also describes the Diffie-Hellman key exchange method - and the minimal set of algorithms that are needed to implement the - SSH transport layer protocol. - -Table of Contents - - 1. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 3 - 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 - 3. Conventions Used in This Document . . . . . . . . . . . . . 3 - 4. Connection Setup . . . . . . . . . . . . . . . . . . . . . . 3 - 4.1 Use over TCP/IP . . . . . . . . . . . . . . . . . . . . . . 4 - 4.2 Protocol Version Exchange . . . . . . . . . . . . . . . . . 4 - 4.3 Compatibility With Old SSH Versions . . . . . . . . . . . . 4 - 4.3.1 Old Client, New Server . . . . . . . . . . . . . . . . . . . 5 - 4.3.2 New Client, Old Server . . . . . . . . . . . . . . . . . . . 5 - 5. Binary Packet Protocol . . . . . . . . . . . . . . . . . . . 5 - 5.1 Maximum Packet Length . . . . . . . . . . . . . . . . . . . 6 - 5.2 Compression . . . . . . . . . . . . . . . . . . . . . . . . 7 - 5.3 Encryption . . . . . . . . . . . . . . . . . . . . . . . . . 7 - 5.4 Data Integrity . . . . . . . . . . . . . . . . . . . . . . . 9 - 5.5 Key Exchange Methods . . . . . . . . . . . . . . . . . . . . 10 - 5.6 Public Key Algorithms . . . . . . . . . . . . . . . . . . . 11 - 6. Key Exchange . . . . . . . . . . . . . . . . . . . . . . . . 13 - 6.1 Algorithm Negotiation . . . . . . . . . . . . . . . . . . . 13 - 6.2 Output from Key Exchange . . . . . . . . . . . . . . . . . . 16 - 6.3 Taking Keys Into Use . . . . . . . . . . . . . . . . . . . . 17 - 7. Diffie-Hellman Key Exchange . . . . . . . . . . . . . . . . 18 - 7.1 diffie-hellman-group1-sha1 . . . . . . . . . . . . . . . . . 19 - 8. Key Re-Exchange . . . . . . . . . . . . . . . . . . . . . . 20 - 9. Service Request . . . . . . . . . . . . . . . . . . . . . . 21 - 10. Additional Messages . . . . . . . . . . . . . . . . . . . . 21 - 10.1 Disconnection Message . . . . . . . . . . . . . . . . . . . 22 - 10.2 Ignored Data Message . . . . . . . . . . . . . . . . . . . . 22 - 10.3 Debug Message . . . . . . . . . . . . . . . . . . . . . . . 23 - 10.4 Reserved Messages . . . . . . . . . . . . . . . . . . . . . 23 - 11. Summary of Message Numbers . . . . . . . . . . . . . . . . . 23 - 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . 24 - 13. Security Considerations . . . . . . . . . . . . . . . . . . 24 - 14. Intellectual Property . . . . . . . . . . . . . . . . . . . 24 - 15. Additional Information . . . . . . . . . . . . . . . . . . . 24 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 26 - Normative . . . . . . . . . . . . . . . . . . . . . . . . . 25 - Informative . . . . . . . . . . . . . . . . . . . . . . . . 25 - A. Contibutors . . . . . . . . . . . . . . . . . . . . . . . . 27 - Intellectual Property and Copyright Statements . . . . . . . 28 - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 2] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - -1. Contributors - - The major original contributors of this document were: Tatu Ylonen, - Tero Kivinen, Timo J. Rinne, Sami Lehtinen (all of SSH Communications - Security Corp), and Markku-Juhani O. Saarinen (University of - Jyvaskyla) - - The document editor is: Darren.Moffat@Sun.COM. Comments on this - internet draft should be sent to the IETF SECSH working group, - details at: http://ietf.org/html.charters/secsh-charter.html - -2. Introduction - - The SSH transport layer is a secure low level transport protocol. It - provides strong encryption, cryptographic host authentication, and - integrity protection. - - Authentication in this protocol level is host-based; this protocol - does not perform user authentication. A higher level protocol for - user authentication can be designed on top of this protocol. - - The protocol has been designed to be simple, flexible, to allow - parameter negotiation, and to minimize the number of round-trips. - Key exchange method, public key algorithm, symmetric encryption - algorithm, message authentication algorithm, and hash algorithm are - all negotiated. It is expected that in most environments, only 2 - round-trips will be needed for full key exchange, server - authentication, service request, and acceptance notification of - service request. The worst case is 3 round-trips. - -3. Conventions Used in This Document - - The keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", - and "MAY" that appear in this document are to be interpreted as - described in [RFC2119]. - - The used data types and terminology are specified in the architecture - document [SSH-ARCH]. - - The architecture document also discusses the algorithm naming - conventions that MUST be used with the SSH protocols. - -4. Connection Setup - - SSH works over any 8-bit clean, binary-transparent transport. The - underlying transport SHOULD protect against transmission errors as - such errors cause the SSH connection to terminate. - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 3] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - The client initiates the connection. - -4.1 Use over TCP/IP - - When used over TCP/IP, the server normally listens for connections on - port 22. This port number has been registered with the IANA, and has - been officially assigned for SSH. - -4.2 Protocol Version Exchange - - When the connection has been established, both sides MUST send an - identification string of the form "SSH-protoversion-softwareversion - comments", followed by carriage return and newline characters (ASCII - 13 and 10, respectively). Both sides MUST be able to process - identification strings without carriage return character. No null - character is sent. The maximum length of the string is 255 - characters, including the carriage return and newline. - - The part of the identification string preceding carriage return and - newline is used in the Diffie-Hellman key exchange (see Section - Section 7). - - The server MAY send other lines of data before sending the version - string. Each line SHOULD be terminated by a carriage return and - newline. Such lines MUST NOT begin with "SSH-", and SHOULD be - encoded in ISO-10646 UTF-8 [RFC2279] (language is not specified). - Clients MUST be able to process such lines; they MAY be silently - ignored, or MAY be displayed to the client user; if they are - displayed, control character filtering discussed in [SSH-ARCH] SHOULD - be used. The primary use of this feature is to allow TCP-wrappers to - display an error message before disconnecting. - - Version strings MUST consist of printable US-ASCII characters, not - including whitespaces or a minus sign (-). The version string is - primarily used to trigger compatibility extensions and to indicate - the capabilities of an implementation. The comment string should - contain additional information that might be useful in solving user - problems. - - The protocol version described in this document is 2.0. - - Key exchange will begin immediately after sending this identifier. - All packets following the identification string SHALL use the binary - packet protocol, to be described below. - -4.3 Compatibility With Old SSH Versions - - During the transition period, it is important to be able to work in a - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 4] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - way that is compatible with the installed SSH clients and servers - that use an older version of the protocol. Information in this - section is only relevant for implementations supporting compatibility - with SSH versions 1.x. There is no standards track or informational - draft available that defines the SSH 1.x protocol. The only known - documentation of the 1.x protocol is contained in README files that - are shipped along with the source code. - -4.3.1 Old Client, New Server - - Server implementations MAY support a configurable "compatibility" - flag that enables compatibility with old versions. When this flag is - on, the server SHOULD identify its protocol version as "1.99". - Clients using protocol 2.0 MUST be able to identify this as identical - to "2.0". In this mode the server SHOULD NOT send the carriage - return character (ASCII 13) after the version identification string. - - In the compatibility mode the server SHOULD NOT send any further data - after its initialization string until it has received an - identification string from the client. The server can then determine - whether the client is using an old protocol, and can revert to the - old protocol if required. In the compatibility mode, the server MUST - NOT send additional data before the version string. - - When compatibility with old clients is not needed, the server MAY - send its initial key exchange data immediately after the - identification string. - -4.3.2 New Client, Old Server - - Since the new client MAY immediately send additional data after its - identification string (before receiving server's identification), the - old protocol may already have been corrupted when the client learns - that the server is old. When this happens, the client SHOULD close - the connection to the server, and reconnect using the old protocol. - -5. Binary Packet Protocol - - Each packet is in the following format: - - uint32 packet_length - byte padding_length - byte[n1] payload; n1 = packet_length - padding_length - 1 - byte[n2] random padding; n2 = padding_length - byte[m] mac (message authentication code); m = mac_length - - packet_length - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 5] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - The length of the packet (bytes), not including MAC or the - packet_length field itself. - - padding_length - Length of padding (bytes). - - payload - The useful contents of the packet. If compression has been - negotiated, this field is compressed. Initially, compression - MUST be "none". - - random padding - Arbitrary-length padding, such that the total length of - (packet_length || padding_length || payload || padding) is a - multiple of the cipher block size or 8, whichever is larger. - There MUST be at least four bytes of padding. The padding - SHOULD consist of random bytes. The maximum amount of padding - is 255 bytes. - - mac - Message authentication code. If message authentication has - been negotiated, this field contains the MAC bytes. Initially, - the MAC algorithm MUST be "none". - - - Note that length of the concatenation of packet length, padding - length, payload, and padding MUST be a multiple of the cipher block - size or 8, whichever is larger. This constraint MUST be enforced - even when using stream ciphers. Note that the packet length field is - also encrypted, and processing it requires special care when sending - or receiving packets. - - The minimum size of a packet is 16 (or the cipher block size, - whichever is larger) bytes (plus MAC); implementations SHOULD decrypt - the length after receiving the first 8 (or cipher block size, - whichever is larger) bytes of a packet. - -5.1 Maximum Packet Length - - All implementations MUST be able to process packets with uncompressed - payload length of 32768 bytes or less and total packet size of 35000 - bytes or less (including length, padding length, payload, padding, - and MAC.). The maximum of 35000 bytes is an arbitrary chosen value - larger than uncompressed size. Implementations SHOULD support longer - packets, where they might be needed, e.g. if an implementation wants - to send a very large number of certificates. Such packets MAY be - sent if the version string indicates that the other party is able to - process them. However, implementations SHOULD check that the packet - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 6] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - length is reasonable for the implementation to avoid - denial-of-service and/or buffer overflow attacks. - -5.2 Compression - - If compression has been negotiated, the payload field (and only it) - will be compressed using the negotiated algorithm. The length field - and MAC will be computed from the compressed payload. Encryption will - be done after compression. - - Compression MAY be stateful, depending on the method. Compression - MUST be independent for each direction, and implementations MUST - allow independently choosing the algorithm for each direction. - - The following compression methods are currently defined: - - none REQUIRED no compression - zlib OPTIONAL ZLIB (LZ77) compression - - The "zlib" compression is described in [RFC1950] and in [RFC1951]. - The compression context is initialized after each key exchange, and - is passed from one packet to the next with only a partial flush being - performed at the end of each packet. A partial flush means that the - current compressed block is ended and all data will be output. If the - current block is not a stored block, one or more empty blocks are - added after the current block to ensure that there are at least 8 - bits counting from the start of the end-of-block code of the current - block to the end of the packet payload. - - Additional methods may be defined as specified in [SSH-ARCH]. - -5.3 Encryption - - An encryption algorithm and a key will be negotiated during the key - exchange. When encryption is in effect, the packet length, padding - length, payload and padding fields of each packet MUST be encrypted - with the given algorithm. - - The encrypted data in all packets sent in one direction SHOULD be - considered a single data stream. For example, initialization vectors - SHOULD be passed from the end of one packet to the beginning of the - next packet. All ciphers SHOULD use keys with an effective key length - of 128 bits or more. - - The ciphers in each direction MUST run independently of each other, - and implementations MUST allow independently choosing the algorithm - for each direction (if multiple algorithms are allowed by local - policy). - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 7] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - The following ciphers are currently defined: - - 3des-cbc REQUIRED three-key 3DES in CBC mode - blowfish-cbc OPTIONALi Blowfish in CBC mode - twofish256-cbc OPTIONAL Twofish in CBC mode, - with 256-bit key - twofish-cbc OPTIONAL alias for "twofish256-cbc" (this - is being retained for - historical reasons) - twofish192-cbc OPTIONAL Twofish with 192-bit key - twofish128-cbc OPTIONAL Twofish with 128-bit key - aes256-cbc OPTIONAL AES (Rijndael) in CBC mode, - with 256-bit key - aes192-cbc OPTIONAL AES with 192-bit key - aes128-cbc RECOMMENDED AES with 128-bit key - serpent256-cbc OPTIONAL Serpent in CBC mode, with - 256-bit key - serpent192-cbc OPTIONAL Serpent with 192-bit key - serpent128-cbc OPTIONAL Serpent with 128-bit key - arcfour OPTIONAL the ARCFOUR stream cipher - idea-cbc OPTIONAL IDEA in CBC mode - cast128-cbc OPTIONAL CAST-128 in CBC mode - none OPTIONAL no encryption; NOT RECOMMENDED - - The "3des-cbc" cipher is three-key triple-DES - (encrypt-decrypt-encrypt), where the first 8 bytes of the key are - used for the first encryption, the next 8 bytes for the decryption, - and the following 8 bytes for the final encryption. This requires 24 - bytes of key data (of which 168 bits are actually used). To - implement CBC mode, outer chaining MUST be used (i.e., there is only - one initialization vector). This is a block cipher with 8 byte - blocks. This algorithm is defined in [FIPS-46-3] - - The "blowfish-cbc" cipher is Blowfish in CBC mode, with 128 bit keys - [SCHNEIER]. This is a block cipher with 8 byte blocks. - - The "twofish-cbc" or "twofish256-cbc" cipher is Twofish in CBC mode, - with 256 bit keys as described [TWOFISH]. This is a block cipher with - 16 byte blocks. - - The "twofish192-cbc" cipher. Same as above but with 192-bit key. - - The "twofish128-cbc" cipher. Same as above but with 128-bit key. - - The "aes256-cbc" cipher is AES (Advanced Encryption Standard) - [FIPS-197], formerly Rijndael, in CBC mode. This version uses 256-bit - key. - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 8] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - The "aes192-cbc" cipher. Same as above but with 192-bit key. - - The "aes128-cbc" cipher. Same as above but with 128-bit key. - - The "serpent256-cbc" cipher in CBC mode, with 256-bit key as - described in the Serpent AES submission. - - The "serpent192-cbc" cipher. Same as above but with 192-bit key. - - The "serpent128-cbc" cipher. Same as above but with 128-bit key. - - The "arcfour" is the Arcfour stream cipher with 128 bit keys. The - Arcfour cipher is believed to be compatible with the RC4 cipher - [SCHNEIER]. RC4 is a registered trademark of RSA Data Security Inc. - Arcfour (and RC4) has problems with weak keys, and should be used - with caution. - - The "idea-cbc" cipher is the IDEA cipher in CBC mode [SCHNEIER]. - - The "cast128-cbc" cipher is the CAST-128 cipher in CBC mode - [RFC2144]. - - The "none" algorithm specifies that no encryption is to be done. - Note that this method provides no confidentiality protection, and it - is not recommended. Some functionality (e.g. password - authentication) may be disabled for security reasons if this cipher - is chosen. - - Additional methods may be defined as specified in [SSH-ARCH]. - -5.4 Data Integrity - - Data integrity is protected by including with each packet a message - authentication code (MAC) that is computed from a shared secret, - packet sequence number, and the contents of the packet. - - The message authentication algorithm and key are negotiated during - key exchange. Initially, no MAC will be in effect, and its length - MUST be zero. After key exchange, the selected MAC will be computed - before encryption from the concatenation of packet data: - - mac = MAC(key, sequence_number || unencrypted_packet) - - where unencrypted_packet is the entire packet without MAC (the length - fields, payload and padding), and sequence_number is an implicit - packet sequence number represented as uint32. The sequence number is - initialized to zero for the first packet, and is incremented after - every packet (regardless of whether encryption or MAC is in use). It - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 9] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - is never reset, even if keys/algorithms are renegotiated later. It - wraps around to zero after every 2^32 packets. The packet sequence - number itself is not included in the packet sent over the wire. - - The MAC algorithms for each direction MUST run independently, and - implementations MUST allow choosing the algorithm independently for - both directions. - - The MAC bytes resulting from the MAC algorithm MUST be transmitted - without encryption as the last part of the packet. The number of MAC - bytes depends on the algorithm chosen. - - The following MAC algorithms are currently defined: - - hmac-sha1 REQUIRED HMAC-SHA1 (digest length = key - length = 20) - hmac-sha1-96 RECOMMENDED first 96 bits of HMAC-SHA1 (digest - length = 12, key length = 20) - hmac-md5 OPTIONAL HMAC-MD5 (digest length = key - length = 16) - hmac-md5-96 OPTIONAL first 96 bits of HMAC-MD5 (digest - length = 12, key length = 16) - none OPTIONAL no MAC; NOT RECOMMENDED - - Figure 1 - - The "hmac-*" algorithms are described in [RFC2104] The "*-n" MACs use - only the first n bits of the resulting value. - - The hash algorithms are described in [SCHNEIER]. - - Additional methods may be defined as specified in [SSH-ARCH]. - -5.5 Key Exchange Methods - - The key exchange method specifies how one-time session keys are - generated for encryption and for authentication, and how the server - authentication is done. - - Only one REQUIRED key exchange method has been defined: - - diffie-hellman-group1-sha1 REQUIRED - - This method is described later in this document. - - Additional methods may be defined as specified in [SSH-ARCH]. - - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 10] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - -5.6 Public Key Algorithms - - This protocol has been designed to be able to operate with almost any - public key format, encoding, and algorithm (signature and/or - encryption). - - There are several aspects that define a public key type: - o Key format: how is the key encoded and how are certificates - represented. The key blobs in this protocol MAY contain - certificates in addition to keys. - o Signature and/or encryption algorithms. Some key types may not - support both signing and encryption. Key usage may also be - restricted by policy statements in e.g. certificates. In this - case, different key types SHOULD be defined for the different - policy alternatives. - o Encoding of signatures and/or encrypted data. This includes but is - not limited to padding, byte order, and data formats. - - The following public key and/or certificate formats are currently defined: - - ssh-dss REQUIRED sign Raw DSS Key - ssh-rsa RECOMMENDED sign Raw RSA Key - x509v3-sign-rsa OPTIONAL sign X.509 certificates (RSA key) - x509v3-sign-dss OPTIONAL sign X.509 certificates (DSS key) - spki-sign-rsa OPTIONAL sign SPKI certificates (RSA key) - spki-sign-dss OPTIONAL sign SPKI certificates (DSS key) - pgp-sign-rsa OPTIONAL sign OpenPGP certificates (RSA key) - pgp-sign-dss OPTIONAL sign OpenPGP certificates (DSS key) - - Additional key types may be defined as specified in [SSH-ARCH]. - - The key type MUST always be explicitly known (from algorithm - negotiation or some other source). It is not normally included in - the key blob. - - Certificates and public keys are encoded as follows: - - string certificate or public key format identifier - byte[n] key/certificate data - - The certificate part may have be a zero length string, but a public - key is required. This is the public key that will be used for - authentication; the certificate sequence contained in the certificate - blob can be used to provide authorization. - - Public key / certifcate formats that do not explicitly specify a - signature format identifier MUST use the public key / certificate - format identifier as the signature identifier. - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 11] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - Signatures are encoded as follows: - string signature format identifier (as specified by the - public key / cert format) - byte[n] signature blob in format specific encoding. - - - The "ssh-dss" key format has the following specific encoding: - - string "ssh-dss" - mpint p - mpint q - mpint g - mpint y - - Here the p, q, g, and y parameters form the signature key blob. - - Signing and verifying using this key format is done according to the - Digital Signature Standard [FIPS-186] using the SHA-1 hash. A - description can also be found in [SCHNEIER]. - - The resulting signature is encoded as follows: - - string "ssh-dss" - string dss_signature_blob - - dss_signature_blob is encoded as a string containing r followed by s - (which are 160 bits long integers, without lengths or padding, - unsigned and in network byte order). - - The "ssh-rsa" key format has the following specific encoding: - - string "ssh-rsa" - mpint e - mpint n - - Here the e and n parameters form the signature key blob. - - Signing and verifying using this key format is done according to - [SCHNEIER] and [PKCS1] using the SHA-1 hash. - - The resulting signature is encoded as follows: - - string "ssh-rsa" - string rsa_signature_blob - - rsa_signature_blob is encoded as a string containing s (which is an - integer, without lengths or padding, unsigned and in network byte - order). - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 12] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - The "spki-sign-rsa" method indicates that the certificate blob - contains a sequence of SPKI certificates. The format of SPKI - certificates is described in [RFC2693]. This method indicates that - the key (or one of the keys in the certificate) is an RSA-key. - - The "spki-sign-dss". As above, but indicates that the key (or one of - the keys in the certificate) is a DSS-key. - - The "pgp-sign-rsa" method indicates the certificates, the public key, - and the signature are in OpenPGP compatible binary format - ([RFC2440]). This method indicates that the key is an RSA-key. - - The "pgp-sign-dss". As above, but indicates that the key is a - DSS-key. - -6. Key Exchange - - Key exchange begins by each side sending lists of supported - algorithms. Each side has a preferred algorithm in each category, and - it is assumed that most implementations at any given time will use - the same preferred algorithm. Each side MAY guess which algorithm - the other side is using, and MAY send an initial key exchange packet - according to the algorithm if appropriate for the preferred method. - - Guess is considered wrong, if: - o the kex algorithm and/or the host key algorithm is guessed wrong - (server and client have different preferred algorithm), or - o if any of the other algorithms cannot be agreed upon (the - procedure is defined below in Section Section 6.1). - - Otherwise, the guess is considered to be right and the optimistically - sent packet MUST be handled as the first key exchange packet. - - However, if the guess was wrong, and a packet was optimistically sent - by one or both parties, such packets MUST be ignored (even if the - error in the guess would not affect the contents of the initial - packet(s)), and the appropriate side MUST send the correct initial - packet. - - Server authentication in the key exchange MAY be implicit. After a - key exchange with implicit server authentication, the client MUST - wait for response to its service request message before sending any - further data. - -6.1 Algorithm Negotiation - - Key exchange begins by each side sending the following packet: - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 13] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - byte SSH_MSG_KEXINIT - byte[16] cookie (random bytes) - string kex_algorithms - string server_host_key_algorithms - string encryption_algorithms_client_to_server - string encryption_algorithms_server_to_client - string mac_algorithms_client_to_server - string mac_algorithms_server_to_client - string compression_algorithms_client_to_server - string compression_algorithms_server_to_client - string languages_client_to_server - string languages_server_to_client - boolean first_kex_packet_follows - uint32 0 (reserved for future extension) - - Each of the algorithm strings MUST be a comma-separated list of - algorithm names (see ''Algorithm Naming'' in [SSH-ARCH]). Each - supported (allowed) algorithm MUST be listed in order of preference. - - The first algorithm in each list MUST be the preferred (guessed) - algorithm. Each string MUST contain at least one algorithm name. - - - cookie - The cookie MUST be a random value generated by the sender. Its - purpose is to make it impossible for either side to fully - determine the keys and the session identifier. - - kex_algorithms - Key exchange algorithms were defined above. The first - algorithm MUST be the preferred (and guessed) algorithm. If - both sides make the same guess, that algorithm MUST be used. - Otherwise, the following algorithm MUST be used to choose a key - exchange method: iterate over client's kex algorithms, one at a - time. Choose the first algorithm that satisfies the following - conditions: - + the server also supports the algorithm, - + if the algorithm requires an encryption-capable host key, - there is an encryption-capable algorithm on the server's - server_host_key_algorithms that is also supported by the - client, and - + if the algorithm requires a signature-capable host key, - there is a signature-capable algorithm on the server's - server_host_key_algorithms that is also supported by the - client. - + If no algorithm satisfying all these conditions can be - found, the connection fails, and both sides MUST disconnect. - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 14] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - server_host_key_algorithms - List of the algorithms supported for the server host key. The - server lists the algorithms for which it has host keys; the - client lists the algorithms that it is willing to accept. - (There MAY be multiple host keys for a host, possibly with - different algorithms.) - - Some host keys may not support both signatures and encryption - (this can be determined from the algorithm), and thus not all - host keys are valid for all key exchange methods. - - Algorithm selection depends on whether the chosen key exchange - algorithm requires a signature or encryption capable host key. - It MUST be possible to determine this from the public key - algorithm name. The first algorithm on the client's list that - satisfies the requirements and is also supported by the server - MUST be chosen. If there is no such algorithm, both sides MUST - disconnect. - - encryption_algorithms - Lists the acceptable symmetric encryption algorithms in order - of preference. The chosen encryption algorithm to each - direction MUST be the first algorithm on the client's list - that is also on the server's list. If there is no such - algorithm, both sides MUST disconnect. - - Note that "none" must be explicitly listed if it is to be - acceptable. The defined algorithm names are listed in Section - Section 5.3. - - mac_algorithms - Lists the acceptable MAC algorithms in order of preference. - The chosen MAC algorithm MUST be the first algorithm on the - client's list that is also on the server's list. If there is - no such algorithm, both sides MUST disconnect. - - Note that "none" must be explicitly listed if it is to be - acceptable. The MAC algorithm names are listed in Section - Figure 1. - - compression_algorithms - Lists the acceptable compression algorithms in order of - preference. The chosen compression algorithm MUST be the first - algorithm on the client's list that is also on the server's - list. If there is no such algorithm, both sides MUST - disconnect. - - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 15] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - Note that "none" must be explicitly listed if it is to be - acceptable. The compression algorithm names are listed in - Section Section 5.2. - - languages - This is a comma-separated list of language tags in order of - preference [RFC3066]. Both parties MAY ignore this list. If - there are no language preferences, this list SHOULD be empty. - Language tags SHOULD NOT be present unless they are known to be - needed by the sending party. - - first_kex_packet_follows - Indicates whether a guessed key exchange packet follows. If a - guessed packet will be sent, this MUST be TRUE. If no guessed - packet will be sent, this MUST be FALSE. - - After receiving the SSH_MSG_KEXINIT packet from the other side, - each party will know whether their guess was right. If the - other party's guess was wrong, and this field was TRUE, the - next packet MUST be silently ignored, and both sides MUST then - act as determined by the negotiated key exchange method. If - the guess was right, key exchange MUST continue using the - guessed packet. - - After the KEXINIT packet exchange, the key exchange algorithm is run. - It may involve several packet exchanges, as specified by the key - exchange method. - -6.2 Output from Key Exchange - - The key exchange produces two values: a shared secret K, and an - exchange hash H. Encryption and authentication keys are derived from - these. The exchange hash H from the first key exchange is - additionally used as the session identifier, which is a unique - identifier for this connection. It is used by authentication methods - as a part of the data that is signed as a proof of possession of a - private key. Once computed, the session identifier is not changed, - even if keys are later re-exchanged. - - - Each key exchange method specifies a hash function that is used in - the key exchange. The same hash algorithm MUST be used in key - derivation. Here, we'll call it HASH. - - - Encryption keys MUST be computed as HASH of a known value and K as - follows: - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 16] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - o Initial IV client to server: HASH(K || H || "A" || session_id) - (Here K is encoded as mpint and "A" as byte and session_id as raw - data."A" means the single character A, ASCII 65). - o Initial IV server to client: HASH(K || H || "B" || session_id) - o Encryption key client to server: HASH(K || H || "C" || session_id) - o Encryption key server to client: HASH(K || H || "D" || session_id) - o Integrity key client to server: HASH(K || H || "E" || session_id) - o Integrity key server to client: HASH(K || H || "F" || session_id) - - Key data MUST be taken from the beginning of the hash output. 128 - bits (16 bytes) MUST be used for algorithms with variable-length - keys. The only variable key length algorithm defined in this document - is arcfour). For other algorithms, as many bytes as are needed are - taken from the beginning of the hash value. If the key length needed - is longer than the output of the HASH, the key is extended by - computing HASH of the concatenation of K and H and the entire key so - far, and appending the resulting bytes (as many as HASH generates) to - the key. This process is repeated until enough key material is - available; the key is taken from the beginning of this value. In - other words: - - K1 = HASH(K || H || X || session_id) (X is e.g. "A") - K2 = HASH(K || H || K1) - K3 = HASH(K || H || K1 || K2) - ... - key = K1 || K2 || K3 || ... - - This process will lose entropy if the amount of entropy in K is - larger than the internal state size of HASH. - -6.3 Taking Keys Into Use - - Key exchange ends by each side sending an SSH_MSG_NEWKEYS message. - This message is sent with the old keys and algorithms. All messages - sent after this message MUST use the new keys and algorithms. - - - When this message is received, the new keys and algorithms MUST be - taken into use for receiving. - - - This message is the only valid message after key exchange, in - addition to SSH_MSG_DEBUG, SSH_MSG_DISCONNECT and SSH_MSG_IGNORE - messages. The purpose of this message is to ensure that a party is - able to respond with a disconnect message that the other party can - understand if something goes wrong with the key exchange. - Implementations MUST NOT accept any other messages after key exchange - before receiving SSH_MSG_NEWKEYS. - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 17] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - byte SSH_MSG_NEWKEYS - - -7. Diffie-Hellman Key Exchange - - The Diffie-Hellman key exchange provides a shared secret that can not - be determined by either party alone. The key exchange is combined - with a signature with the host key to provide host authentication. - - - In the following description (C is the client, S is the server; p is - a large safe prime, g is a generator for a subgroup of GF(p), and q - is the order of the subgroup; V_S is S's version string; V_C is C's - version string; K_S is S's public host key; I_C is C's KEXINIT - message and I_S S's KEXINIT message which have been exchanged before - this part begins): - - - 1. C generates a random number x (1 < x < q) and computes e = g^x - mod p. C sends "e" to S. - - 2. S generates a random number y (0 < y < q) and computes f = g^y - mod p. S receives "e". It computes K = e^y mod p, H = hash(V_C - || V_S || I_C || I_S || K_S || e || f || K) (these elements are - encoded according to their types; see below), and signature s on - H with its private host key. S sends "K_S || f || s" to C. The - signing operation may involve a second hashing operation. - - 3. C verifies that K_S really is the host key for S (e.g. using - certificates or a local database). C is also allowed to accept - the key without verification; however, doing so will render the - protocol insecure against active attacks (but may be desirable - for practical reasons in the short term in many environments). C - then computes K = f^x mod p, H = hash(V_C || V_S || I_C || I_S || - K_S || e || f || K), and verifies the signature s on H. - - Either side MUST NOT send or accept e or f values that are not in the - range [1, p-1]. If this condition is violated, the key exchange - fails. - - - This is implemented with the following messages. The hash algorithm - for computing the exchange hash is defined by the method name, and is - called HASH. The public key algorithm for signing is negotiated with - the KEXINIT messages. - - First, the client sends the following: - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 18] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - byte SSH_MSG_KEXDH_INIT - mpint e - - - The server responds with the following: - - byte SSH_MSG_KEXDH_REPLY - string server public host key and certificates (K_S) - mpint f - string signature of H - - The hash H is computed as the HASH hash of the concatenation of the - following: - - string V_C, the client's version string (CR and NL excluded) - string V_S, the server's version string (CR and NL excluded) - string I_C, the payload of the client's SSH_MSG_KEXINIT - string I_S, the payload of the server's SSH_MSG_KEXINIT - string K_S, the host key - mpint e, exchange value sent by the client - mpint f, exchange value sent by the server - mpint K, the shared secret - - This value is called the exchange hash, and it is used to - authenticate the key exchange. The exchange hash SHOULD be kept - secret. - - - The signature algorithm MUST be applied over H, not the original - data. Most signature algorithms include hashing and additional - padding. For example, "ssh-dss" specifies SHA-1 hashing; in that - case, the data is first hashed with HASH to compute H, and H is then - hashed with SHA-1 as part of the signing operation. - -7.1 diffie-hellman-group1-sha1 - - The "diffie-hellman-group1-sha1" method specifies Diffie-Hellman key - exchange with SHA-1 as HASH, and Oakley group 14 [RFC3526] (2048-bit - MODP Group). It is included below in hexadecimal and decimal. - - The prime p is equal to 2^1024 - 2^960 - 1 + 2^64 * floor( 2^894 Pi + - 129093 ). Its hexadecimal value is: - - FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 - 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD - EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 - E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED - EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE65381 - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 19] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - FFFFFFFF FFFFFFFF. - - In decimal, this value is: - - 179769313486231590770839156793787453197860296048756011706444 - 423684197180216158519368947833795864925541502180565485980503 - 646440548199239100050792877003355816639229553136239076508735 - 759914822574862575007425302077447712589550957937778424442426 - 617334727629299387668709205606050270810842907692932019128194 - 467627007. - - The generator used with this prime is g = 2. The group order q is (p - - 1) / 2. - -8. Key Re-Exchange - - Key re-exchange is started by sending an SSH_MSG_KEXINIT packet when - not already doing a key exchange (as described in Section Section - 6.1). When this message is received, a party MUST respond with its - own SSH_MSG_KEXINIT message except when the received SSH_MSG_KEXINIT - already was a reply. Either party MAY initiate the re-exchange, but - roles MUST NOT be changed (i.e., the server remains the server, and - the client remains the client). - - - Key re-exchange is performed using whatever encryption was in effect - when the exchange was started. Encryption, compression, and MAC - methods are not changed before a new SSH_MSG_NEWKEYS is sent after - the key exchange (as in the initial key exchange). Re-exchange is - processed identically to the initial key exchange, except for the - session identifier that will remain unchanged. It is permissible to - change some or all of the algorithms during the re-exchange. Host - keys can also change. All keys and initialization vectors are - recomputed after the exchange. Compression and encryption contexts - are reset. - - - It is recommended that the keys are changed after each gigabyte of - transmitted data or after each hour of connection time, whichever - comes sooner. However, since the re-exchange is a public key - operation, it requires a fair amount of processing power and should - not be performed too often. - - - More application data may be sent after the SSH_MSG_NEWKEYS packet - has been sent; key exchange does not affect the protocols that lie - above the SSH transport layer. - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 20] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - -9. Service Request - - After the key exchange, the client requests a service. The service is - identified by a name. The format of names and procedures for defining - new names are defined in [SSH-ARCH]. - - - Currently, the following names have been reserved: - - ssh-userauth - ssh-connection - - Similar local naming policy is applied to the service names, as is - applied to the algorithm names; a local service should use the - "servicename@domain" syntax. - - byte SSH_MSG_SERVICE_REQUEST - string service name - - If the server rejects the service request, it SHOULD send an - appropriate SSH_MSG_DISCONNECT message and MUST disconnect. - - - When the service starts, it may have access to the session identifier - generated during the key exchange. - - - If the server supports the service (and permits the client to use - it), it MUST respond with the following: - - byte SSH_MSG_SERVICE_ACCEPT - string service name - - Message numbers used by services should be in the area reserved for - them (see Section 6 in [SSH-ARCH]). The transport level will - continue to process its own messages. - - - Note that after a key exchange with implicit server authentication, - the client MUST wait for response to its service request message - before sending any further data. - -10. Additional Messages - - Either party may send any of the following messages at any time. - - - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 21] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - -10.1 Disconnection Message - - byte SSH_MSG_DISCONNECT - uint32 reason code - string description [RFC2279] - string language tag [RFC3066] - - This message causes immediate termination of the connection. All - implementations MUST be able to process this message; they SHOULD be - able to send this message. - - The sender MUST NOT send or receive any data after this message, and - the recipient MUST NOT accept any data after receiving this message. - The description field gives a more specific explanation in a - human-readable form. The error code gives the reason in a more - machine-readable format (suitable for localization), and can have the - following values: - - #define SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 - #define SSH_DISCONNECT_PROTOCOL_ERROR 2 - #define SSH_DISCONNECT_KEY_EXCHANGE_FAILED 3 - #define SSH_DISCONNECT_RESERVED 4 - #define SSH_DISCONNECT_MAC_ERROR 5 - #define SSH_DISCONNECT_COMPRESSION_ERROR 6 - #define SSH_DISCONNECT_SERVICE_NOT_AVAILABLE 7 - #define SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 - #define SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 - #define SSH_DISCONNECT_CONNECTION_LOST 10 - #define SSH_DISCONNECT_BY_APPLICATION 11 - #define SSH_DISCONNECT_TOO_MANY_CONNECTIONS 12 - #define SSH_DISCONNECT_AUTH_CANCELLED_BY_USER 13 - #define SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 - #define SSH_DISCONNECT_ILLEGAL_USER_NAME 15 - - If the description string is displayed, control character filtering - discussed in [SSH-ARCH] should be used to avoid attacks by sending - terminal control characters. - -10.2 Ignored Data Message - - byte SSH_MSG_IGNORE - string data - - All implementations MUST understand (and ignore) this message at any - time (after receiving the protocol version). No implementation is - required to send them. This message can be used as an additional - protection measure against advanced traffic analysis techniques. - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 22] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - -10.3 Debug Message - - byte SSH_MSG_DEBUG - boolean always_display - string message [RFC2279] - string language tag [RFC3066] - - All implementations MUST understand this message, but they are - allowed to ignore it. This message is used to pass the other side - information that may help debugging. If always_display is TRUE, the - message SHOULD be displayed. Otherwise, it SHOULD NOT be displayed - unless debugging information has been explicitly requested by the - user. - - - The message doesn't need to contain a newline. It is, however, - allowed to consist of multiple lines separated by CRLF (Carriage - Return - Line Feed) pairs. - - - If the message string is displayed, terminal control character - filtering discussed in [SSH-ARCH] should be used to avoid attacks by - sending terminal control characters. - -10.4 Reserved Messages - - An implementation MUST respond to all unrecognized messages with an - SSH_MSG_UNIMPLEMENTED message in the order in which the messages were - received. Such messages MUST be otherwise ignored. Later protocol - versions may define other meanings for these message types. - - byte SSH_MSG_UNIMPLEMENTED - uint32 packet sequence number of rejected message - - -11. Summary of Message Numbers - - The following message numbers have been defined in this protocol: - - #define SSH_MSG_DISCONNECT 1 - #define SSH_MSG_IGNORE 2 - #define SSH_MSG_UNIMPLEMENTED 3 - #define SSH_MSG_DEBUG 4 - #define SSH_MSG_SERVICE_REQUEST 5 - #define SSH_MSG_SERVICE_ACCEPT 6 - - #define SSH_MSG_KEXINIT 20 - #define SSH_MSG_NEWKEYS 21 - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 23] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - /* Numbers 30-49 used for kex packets. - Different kex methods may reuse message numbers in - this range. */ - - #define SSH_MSG_KEXDH_INIT 30 - #define SSH_MSG_KEXDH_REPLY 31 - - -12. IANA Considerations - - This document is part of a set, the IANA considerations for the SSH - protocol as defined in [SSH-ARCH], [SSH-TRANS], [SSH-USERAUTH], - [SSH-CONNECT] are detailed in [SSH-NUMBERS]. - -13. Security Considerations - - This protocol provides a secure encrypted channel over an insecure - network. It performs server host authentication, key exchange, - encryption, and integrity protection. It also derives a unique - session id that may be used by higher-level protocols. - - Full security considerations for this protocol are provided in - Section 8 of [SSH-ARCH] - -14. Intellectual Property - - The IETF takes no position regarding the validity or scope of any - intellectual property or other rights that might be claimed to - pertain to the implementation or use of the technology described in - this document or the extent to which any license under such rights - might or might not be available; neither does it represent that it - has made any effort to identify any such rights. Information on the - IETF's procedures with respect to rights in standards-track and - standards-related documentation can be found in BCP-11. Copies of - claims of rights made available for publication and any assurances of - licenses to be made available, or the result of an attempt made to - obtain a general license or permission for the use of such - proprietary rights by implementers or users of this specification can - be obtained from the IETF Secretariat. - - The IETF has been notified of intellectual property rights claimed in - regard to some or all of the specification contained in this - document. For more information consult the online list of claimed - rights. - -15. Additional Information - - The current document editor is: Darren.Moffat@Sun.COM. Comments on - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 24] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - this internet draft should be sent to the IETF SECSH working group, - details at: http://ietf.org/html.charters/secsh-charter.html - -Normative - - [SSH-ARCH] - Ylonen, T., "SSH Protocol Architecture", I-D - draft-ietf-architecture-15.txt, Oct 2003. - - [SSH-TRANS] - Ylonen, T., "SSH Transport Layer Protocol", I-D - draft-ietf-transport-17.txt, Oct 2003. - - [SSH-USERAUTH] - Ylonen, T., "SSH Authentication Protocol", I-D - draft-ietf-userauth-18.txt, Oct 2003. - - [SSH-CONNECT] - Ylonen, T., "SSH Connection Protocol", I-D - draft-ietf-connect-18.txt, Oct 2003. - - [SSH-NUMBERS] - Lehtinen, S. and D. Moffat, "SSH Protocol Assigned - Numbers", I-D draft-ietf-secsh-assignednumbers-05.txt, Oct - 2003. - - [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate - Requirement Levels", BCP 14, RFC 2119, March 1997. - -Informative - - [FIPS-186] - Federal Information Processing Standards Publication, - "FIPS PUB 186, Digital Signature Standard", May 1994. - - [FIPS-197] - NIST, "FIPS PUB 197 Advanced Encryption Standard (AES)", - November 2001. - - [FIPS-46-3] - U.S. Dept. of Commerce, "FIPS PUB 46-3, Data Encryption - Standard (DES)", October 1999. - - [RFC2459] Housley, R., Ford, W., Polk, T. and D. Solo, "Internet - X.509 Public Key Infrastructure Certificate and CRL - Profile", RFC 2459, January 1999. - - [RFC1034] Mockapetris, P., "Domain names - concepts and facilities", - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 25] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - STD 13, RFC 1034, November 1987. - - [RFC3066] Alvestrand, H., "Tags for the Identification of - Languages", BCP 47, RFC 3066, January 2001. - - [RFC1950] Deutsch, L. and J-L. Gailly, "ZLIB Compressed Data Format - Specification version 3.3", RFC 1950, May 1996. - - [RFC1951] Deutsch, P., "DEFLATE Compressed Data Format Specification - version 1.3", RFC 1951, May 1996. - - [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO - 10646", RFC 2279, January 1998. - - [RFC2104] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: - Keyed-Hashing for Message Authentication", RFC 2104, - February 1997. - - [RFC2144] Adams, C., "The CAST-128 Encryption Algorithm", RFC 2144, - May 1997. - - [RFC2440] Callas, J., Donnerhacke, L., Finney, H. and R. Thayer, - "OpenPGP Message Format", RFC 2440, November 1998. - - [RFC2693] Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, - B. and T. Ylonen, "SPKI Certificate Theory", RFC 2693, - September 1999. - - [RFC3526] Kivinen, T. and M. Kojo, "More Modular Exponential (MODP) - Diffie-Hellman groups for Internet Key Exchange (IKE)", - RFC 3526, May 2003. - - [SCHNEIER] - Schneier, B., "Applied Cryptography Second Edition: - protocols algorithms and source in code in C", 1996. - - [TWOFISH] Schneier, B., "The Twofish Encryptions Algorithm: A - 128-Bit Block Cipher, 1st Edition", March 1999. - - - - - - - - - - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 26] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - -Authors' Addresses - - Tatu Ylonen - SSH Communications Security Corp - Fredrikinkatu 42 - HELSINKI FIN-00100 - Finland - - EMail: ylo@ssh.com - - - Darren J. Moffat (editor) - Sun Microsystems, Inc - 17 Network Circle - Menlo Park 95025 - USA - - EMail: Darren.Moffat@Sun.COM - -Appendix A. Contibutors - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 27] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - -Intellectual Property Statement - - The IETF takes no position regarding the validity or scope of any - intellectual property or other rights that might be claimed to - pertain to the implementation or use of the technology described in - this document or the extent to which any license under such rights - might or might not be available; neither does it represent that it - has made any effort to identify any such rights. Information on the - IETF's procedures with respect to rights in standards-track and - standards-related documentation can be found in BCP-11. Copies of - claims of rights made available for publication and any assurances of - licenses to be made available, or the result of an attempt made to - obtain a general license or permission for the use of such - proprietary rights by implementors or users of this specification can - be obtained from the IETF Secretariat. - - The IETF invites any interested party to bring to its attention any - copyrights, patents or patent applications, or other proprietary - rights which may cover technology that may be required to practice - this standard. Please address the information to the IETF Executive - Director. - - The IETF has been notified of intellectual property rights claimed in - regard to some or all of the specification contained in this - document. For more information consult the online list of claimed - rights. - - -Full Copyright Statement - - Copyright (C) The Internet Society (2003). All Rights Reserved. - - This document and translations of it may be copied and furnished to - others, and derivative works that comment on or otherwise explain it - or assist in its implementation may be prepared, copied, published - and distributed, in whole or in part, without restriction of any - kind, provided that the above copyright notice and this paragraph are - included on all such copies and derivative works. However, this - document itself may not be modified in any way, such as by removing - the copyright notice or references to the Internet Society or other - Internet organizations, except as needed for the purpose of - developing Internet standards in which case the procedures for - copyrights defined in the Internet Standards process must be - followed, or as required to translate it into languages other than - English. - - The limited permissions granted above are perpetual and will not be - revoked by the Internet Society or its successors or assignees. - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 28] - -Internet-Draft SSH Transport Layer Protocol Oct 2003 - - - This document and the information contained herein is provided on an - "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING - TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION - HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF - MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - -Acknowledgment - - Funding for the RFC Editor function is currently provided by the - Internet Society. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Ylonen & Moffat, Editor Expires March 31, 2004 [Page 29] \ No newline at end of file diff --git a/lib/ssh/doc/standard/draft-ietf-secsh-userauth-18.2.ps b/lib/ssh/doc/standard/draft-ietf-secsh-userauth-18.2.ps deleted file mode 100644 index be5799dbce..0000000000 --- a/lib/ssh/doc/standard/draft-ietf-secsh-userauth-18.2.ps +++ /dev/null @@ -1,1881 +0,0 @@ -%!PS-Adobe-3.0 -%%BoundingBox: 75 0 595 747 -%%Title: Enscript Output -%%For: Magnus Thoang -%%Creator: GNU enscript 1.6.1 -%%CreationDate: Fri Oct 31 13:35:32 2003 -%%Orientation: Portrait -%%Pages: 8 0 -%%DocumentMedia: A4 595 842 0 () () -%%DocumentNeededResources: (atend) -%%EndComments -%%BeginProlog -%%BeginProcSet: PStoPS 1 15 -userdict begin -[/showpage/erasepage/copypage]{dup where{pop dup load - type/operatortype eq{1 array cvx dup 0 3 index cvx put - bind def}{pop}ifelse}{pop}ifelse}forall -[/letter/legal/executivepage/a4/a4small/b5/com10envelope - /monarchenvelope/c5envelope/dlenvelope/lettersmall/note - /folio/quarto/a5]{dup where{dup wcheck{exch{}put} - {pop{}def}ifelse}{pop}ifelse}forall -/setpagedevice {pop}bind 1 index where{dup wcheck{3 1 roll put} - {pop def}ifelse}{def}ifelse -/PStoPSmatrix matrix currentmatrix def -/PStoPSxform matrix def/PStoPSclip{clippath}def -/defaultmatrix{PStoPSmatrix exch PStoPSxform exch concatmatrix}bind def -/initmatrix{matrix defaultmatrix setmatrix}bind def -/initclip[{matrix currentmatrix PStoPSmatrix setmatrix - [{currentpoint}stopped{$error/newerror false put{newpath}} - {/newpath cvx 3 1 roll/moveto cvx 4 array astore cvx}ifelse] - {[/newpath cvx{/moveto cvx}{/lineto cvx} - {/curveto cvx}{/closepath cvx}pathforall]cvx exch pop} - stopped{$error/errorname get/invalidaccess eq{cleartomark - $error/newerror false put cvx exec}{stop}ifelse}if}bind aload pop - /initclip dup load dup type dup/operatortype eq{pop exch pop} - {dup/arraytype eq exch/packedarraytype eq or - {dup xcheck{exch pop aload pop}{pop cvx}ifelse} - {pop cvx}ifelse}ifelse - {newpath PStoPSclip clip newpath exec setmatrix} bind aload pop]cvx def -/initgraphics{initmatrix newpath initclip 1 setlinewidth - 0 setlinecap 0 setlinejoin []0 setdash 0 setgray - 10 setmiterlimit}bind def -end -%%EndProcSet -%%BeginResource: procset Enscript-Prolog 1.6 1 -% -% Procedures. -% - -/_S { % save current state - /_s save def -} def -/_R { % restore from saved state - _s restore -} def - -/S { % showpage protecting gstate - gsave - showpage - grestore -} bind def - -/MF { % fontname newfontname -> - make a new encoded font - /newfontname exch def - /fontname exch def - - /fontdict fontname findfont def - /newfont fontdict maxlength dict def - - fontdict { - exch - dup /FID eq { - % skip FID pair - pop pop - } { - % copy to the new font dictionary - exch newfont 3 1 roll put - } ifelse - } forall - - newfont /FontName newfontname put - - % insert only valid encoding vectors - encoding_vector length 256 eq { - newfont /Encoding encoding_vector put - } if - - newfontname newfont definefont pop -} def - -/SF { % fontname width height -> - set a new font - /height exch def - /width exch def - - findfont - [width 0 0 height 0 0] makefont setfont -} def - -/SUF { % fontname width height -> - set a new user font - /height exch def - /width exch def - - /F-gs-user-font MF - /F-gs-user-font width height SF -} def - -/M {moveto} bind def -/s {show} bind def - -/Box { % x y w h -> - define box path - /d_h exch def /d_w exch def /d_y exch def /d_x exch def - d_x d_y moveto - d_w 0 rlineto - 0 d_h rlineto - d_w neg 0 rlineto - closepath -} def - -/bgs { % x y height blskip gray str -> - show string with bg color - /str exch def - /gray exch def - /blskip exch def - /height exch def - /y exch def - /x exch def - - gsave - x y blskip sub str stringwidth pop height Box - gray setgray - fill - grestore - x y M str s -} def - -% Highlight bars. -/highlight_bars { % nlines lineheight output_y_margin gray -> - - gsave - setgray - /ymarg exch def - /lineheight exch def - /nlines exch def - - % This 2 is just a magic number to sync highlight lines to text. - 0 d_header_y ymarg sub 2 sub translate - - /cw d_output_w cols div def - /nrows d_output_h ymarg 2 mul sub lineheight div cvi def - - % for each column - 0 1 cols 1 sub { - cw mul /xp exch def - - % for each rows - 0 1 nrows 1 sub { - /rn exch def - rn lineheight mul neg /yp exch def - rn nlines idiv 2 mod 0 eq { - % Draw highlight bar. 4 is just a magic indentation. - xp 4 add yp cw 8 sub lineheight neg Box fill - } if - } for - } for - - grestore -} def - -% Line highlight bar. -/line_highlight { % x y width height gray -> - - gsave - /gray exch def - Box gray setgray fill - grestore -} def - -% Column separator lines. -/column_lines { - gsave - .1 setlinewidth - 0 d_footer_h translate - /cw d_output_w cols div def - 1 1 cols 1 sub { - cw mul 0 moveto - 0 d_output_h rlineto stroke - } for - grestore -} def - -% Column borders. -/column_borders { - gsave - .1 setlinewidth - 0 d_footer_h moveto - 0 d_output_h rlineto - d_output_w 0 rlineto - 0 d_output_h neg rlineto - closepath stroke - grestore -} def - -% Do the actual underlay drawing -/draw_underlay { - ul_style 0 eq { - ul_str true charpath stroke - } { - ul_str show - } ifelse -} def - -% Underlay -/underlay { % - -> - - gsave - 0 d_page_h translate - d_page_h neg d_page_w atan rotate - - ul_gray setgray - ul_font setfont - /dw d_page_h dup mul d_page_w dup mul add sqrt def - ul_str stringwidth pop dw exch sub 2 div ul_h_ptsize -2 div moveto - draw_underlay - grestore -} def - -/user_underlay { % - -> - - gsave - ul_x ul_y translate - ul_angle rotate - ul_gray setgray - ul_font setfont - 0 0 ul_h_ptsize 2 div sub moveto - draw_underlay - grestore -} def - -% Page prefeed -/page_prefeed { % bool -> - - statusdict /prefeed known { - statusdict exch /prefeed exch put - } { - pop - } ifelse -} def - -% Wrapped line markers -/wrapped_line_mark { % x y charwith charheight type -> - - /type exch def - /h exch def - /w exch def - /y exch def - /x exch def - - type 2 eq { - % Black boxes (like TeX does) - gsave - 0 setlinewidth - x w 4 div add y M - 0 h rlineto w 2 div 0 rlineto 0 h neg rlineto - closepath fill - grestore - } { - type 3 eq { - % Small arrows - gsave - .2 setlinewidth - x w 2 div add y h 2 div add M - w 4 div 0 rlineto - x w 4 div add y lineto stroke - - x w 4 div add w 8 div add y h 4 div add M - x w 4 div add y lineto - w 4 div h 8 div rlineto stroke - grestore - } { - % do nothing - } ifelse - } ifelse -} def - -% EPSF import. - -/BeginEPSF { - /b4_Inc_state save def % Save state for cleanup - /dict_count countdictstack def % Count objects on dict stack - /op_count count 1 sub def % Count objects on operand stack - userdict begin - /showpage { } def - 0 setgray 0 setlinecap - 1 setlinewidth 0 setlinejoin - 10 setmiterlimit [ ] 0 setdash newpath - /languagelevel where { - pop languagelevel - 1 ne { - false setstrokeadjust false setoverprint - } if - } if -} bind def - -/EndEPSF { - count op_count sub { pos } repeat % Clean up stacks - countdictstack dict_count sub { end } repeat - b4_Inc_state restore -} bind def - -% Check PostScript language level. -/languagelevel where { - pop /gs_languagelevel languagelevel def -} { - /gs_languagelevel 1 def -} ifelse -%%EndResource -%%BeginResource: procset Enscript-Encoding-88591 1.6 1 -/encoding_vector [ -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/space /exclam /quotedbl /numbersign -/dollar /percent /ampersand /quoteright -/parenleft /parenright /asterisk /plus -/comma /hyphen /period /slash -/zero /one /two /three -/four /five /six /seven -/eight /nine /colon /semicolon -/less /equal /greater /question -/at /A /B /C -/D /E /F /G -/H /I /J /K -/L /M /N /O -/P /Q /R /S -/T /U /V /W -/X /Y /Z /bracketleft -/backslash /bracketright /asciicircum /underscore -/quoteleft /a /b /c -/d /e /f /g -/h /i /j /k -/l /m /n /o -/p /q /r /s -/t /u /v /w -/x /y /z /braceleft -/bar /braceright /tilde /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/.notdef /.notdef /.notdef /.notdef -/space /exclamdown /cent /sterling -/currency /yen /brokenbar /section -/dieresis /copyright /ordfeminine /guillemotleft -/logicalnot /hyphen /registered /macron -/degree /plusminus /twosuperior /threesuperior -/acute /mu /paragraph /bullet -/cedilla /onesuperior /ordmasculine /guillemotright -/onequarter /onehalf /threequarters /questiondown -/Agrave /Aacute /Acircumflex /Atilde -/Adieresis /Aring /AE /Ccedilla -/Egrave /Eacute /Ecircumflex /Edieresis -/Igrave /Iacute /Icircumflex /Idieresis -/Eth /Ntilde /Ograve /Oacute -/Ocircumflex /Otilde /Odieresis /multiply -/Oslash /Ugrave /Uacute /Ucircumflex -/Udieresis /Yacute /Thorn /germandbls -/agrave /aacute /acircumflex /atilde -/adieresis /aring /ae /ccedilla -/egrave /eacute /ecircumflex /edieresis -/igrave /iacute /icircumflex /idieresis -/eth /ntilde /ograve /oacute -/ocircumflex /otilde /odieresis /divide -/oslash /ugrave /uacute /ucircumflex -/udieresis /yacute /thorn /ydieresis -] def -%%EndResource -%%EndProlog -%%BeginSetup -%%IncludeResource: font Courier-Bold -%%IncludeResource: font Courier -/HFpt_w 10 def -/HFpt_h 10 def -/Courier-Bold /HF-gs-font MF -/HF /HF-gs-font findfont [HFpt_w 0 0 HFpt_h 0 0] makefont def -/Courier /F-gs-font MF -/F-gs-font 10 10 SF -/#copies 1 def -/d_page_w 520 def -/d_page_h 747 def -/d_header_x 0 def -/d_header_y 747 def -/d_header_w 520 def -/d_header_h 0 def -/d_footer_x 0 def -/d_footer_y 0 def -/d_footer_w 520 def -/d_footer_h 0 def -/d_output_w 520 def -/d_output_h 747 def -/cols 1 def -userdict/PStoPSxform PStoPSmatrix matrix currentmatrix - matrix invertmatrix matrix concatmatrix - matrix invertmatrix put -%%EndSetup -%%Page: (0,1) 1 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 1 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 701 M -(Network Working Group T. Ylonen) s -5 690 M -(Internet-Draft SSH Communications Security Corp) s -5 679 M -(Expires: March 2, 2003 D. Moffat, Ed.) s -5 668 M -( Sun Microsystems, Inc) s -5 657 M -( September 2002) s -5 624 M -( SSH Authentication Protocol) s -5 613 M -( draft-ietf-secsh-userauth-18.txt) s -5 591 M -(Status of this Memo) s -5 569 M -( This document is an Internet-Draft and is in full conformance with) s -5 558 M -( all provisions of Section 10 of RFC2026.) s -5 536 M -( Internet-Drafts are working documents of the Internet Engineering) s -5 525 M -( Task Force \(IETF\), its areas, and its working groups. Note that other) s -5 514 M -( groups may also distribute working documents as Internet-Drafts.) s -5 492 M -( Internet-Drafts are draft documents valid for a maximum of six months) s -5 481 M -( and may be updated, replaced, or obsoleted by other documents at any) s -5 470 M -( time. It is inappropriate to use Internet-Drafts as reference) s -5 459 M -( material or to cite them other than as "work in progress.") s -5 437 M -( The list of current Internet-Drafts can be accessed at http://) s -5 426 M -( www.ietf.org/ietf/1id-abstracts.txt.) s -5 404 M -( The list of Internet-Draft Shadow Directories can be accessed at) s -5 393 M -( http://www.ietf.org/shadow.html.) s -5 371 M -( This Internet-Draft will expire on March 2, 2003.) s -5 349 M -(Copyright Notice) s -5 327 M -( Copyright \(C\) The Internet Society \(2002\). All Rights Reserved.) s -5 305 M -(Abstract) s -5 283 M -( SSH is a protocol for secure remote login and other secure network) s -5 272 M -( services over an insecure network. This document describes the SSH) s -5 261 M -( authentication protocol framework and public key, password, and) s -5 250 M -( host-based client authentication methods. Additional authentication) s -5 239 M -( methods are described in separate documents. The SSH authentication) s -5 228 M -( protocol runs on top of the SSH transport layer protocol and provides) s -5 217 M -( a single authenticated tunnel for the SSH connection protocol.) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 1]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 2 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -(Table of Contents) s -5 668 M -( 1. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 3) s -5 657 M -( 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3) s -5 646 M -( 3. Conventions Used in This Document . . . . . . . . . . . . . 3) s -5 635 M -( 3.1 The Authentication Protocol Framework . . . . . . . . . . . 3) s -5 624 M -( 3.1.1 Authentication Requests . . . . . . . . . . . . . . . . . . 4) s -5 613 M -( 3.1.2 Responses to Authentication Requests . . . . . . . . . . . . 5) s -5 602 M -( 3.1.3 The "none" Authentication Request . . . . . . . . . . . . . 6) s -5 591 M -( 3.1.4 Completion of User Authentication . . . . . . . . . . . . . 6) s -5 580 M -( 3.1.5 Banner Message . . . . . . . . . . . . . . . . . . . . . . . 7) s -5 569 M -( 3.2 Authentication Protocol Message Numbers . . . . . . . . . . 7) s -5 558 M -( 3.3 Public Key Authentication Method: publickey . . . . . . . . 8) s -5 547 M -( 3.4 Password Authentication Method: password . . . . . . . . . . 10) s -5 536 M -( 3.5 Host-Based Authentication: hostbased . . . . . . . . . . . . 11) s -5 525 M -( 4. Security Considerations . . . . . . . . . . . . . . . . . . 12) s -5 514 M -( Normative . . . . . . . . . . . . . . . . . . . . . . . . . 13) s -5 503 M -( Informative . . . . . . . . . . . . . . . . . . . . . . . . 13) s -5 492 M -( Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 14) s -5 481 M -( Intellectual Property and Copyright Statements . . . . . . . 15) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 2]) s -_R -S -PStoPSsaved restore -%%Page: (2,3) 2 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 3 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -(1. Contributors) s -5 668 M -( The major original contributors of this document were: Tatu Ylonen,) s -5 657 M -( Tero Kivinen, Timo J. Rinne, Sami Lehtinen \(all of SSH Communications) s -5 646 M -( Security Corp\), and Markku-Juhani O. Saarinen \(University of) s -5 635 M -( Jyvaskyla\)) s -5 613 M -( The document editor is: Darren.Moffat@Sun.COM. Comments on this) s -5 602 M -( internet draft should be sent to the IETF SECSH working group,) s -5 591 M -( details at: http://ietf.org/html.charters/secsh-charter.html) s -5 569 M -(2. Introduction) s -5 547 M -( The SSH authentication protocol is a general-purpose user) s -5 536 M -( authentication protocol. It is intended to be run over the SSH) s -5 525 M -( transport layer protocol [SSH-TRANS]. This protocol assumes that the) s -5 514 M -( underlying protocols provide integrity and confidentiality) s -5 503 M -( protection.) s -5 481 M -( This document should be read only after reading the SSH architecture) s -5 470 M -( document [SSH-ARCH]. This document freely uses terminology and) s -5 459 M -( notation from the architecture document without reference or further) s -5 448 M -( explanation.) s -5 426 M -( The service name for this protocol is "ssh-userauth".) s -5 404 M -( When this protocol starts, it receives the session identifier from) s -5 393 M -( the lower-level protocol \(this is the exchange hash H from the first) s -5 382 M -( key exchange\). The session identifier uniquely identifies this) s -5 371 M -( session and is suitable for signing in order to prove ownership of a) s -5 360 M -( private key. This protocol also needs to know whether the lower-level) s -5 349 M -( protocol provides confidentiality protection.) s -5 327 M -(3. Conventions Used in This Document) s -5 305 M -( The keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",) s -5 294 M -( and "MAY" that appear in this document are to be interpreted as) s -5 283 M -( described in [RFC2119]) s -5 261 M -( The used data types and terminology are specified in the architecture) s -5 250 M -( document [SSH-ARCH]) s -5 228 M -( The architecture document also discusses the algorithm naming) s -5 217 M -( conventions that MUST be used with the SSH protocols.) s -5 195 M -(3.1 The Authentication Protocol Framework) s -5 173 M -( The server drives the authentication by telling the client which) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 3]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 4 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -( authentication methods can be used to continue the exchange at any) s -5 679 M -( given time. The client has the freedom to try the methods listed by) s -5 668 M -( the server in any order. This gives the server complete control over) s -5 657 M -( the authentication process if desired, but also gives enough) s -5 646 M -( flexibility for the client to use the methods it supports or that are) s -5 635 M -( most convenient for the user, when multiple methods are offered by) s -5 624 M -( the server.) s -5 602 M -( Authentication methods are identified by their name, as defined in) s -5 591 M -( [SSH-ARCH]. The "none" method is reserved, and MUST NOT be listed as) s -5 580 M -( supported. However, it MAY be sent by the client. The server MUST) s -5 569 M -( always reject this request, unless the client is to be allowed in) s -5 558 M -( without any authentication, in which case the server MUST accept this) s -5 547 M -( request. The main purpose of sending this request is to get the list) s -5 536 M -( of supported methods from the server.) s -5 514 M -( The server SHOULD have a timeout for authentication, and disconnect) s -5 503 M -( if the authentication has not been accepted within the timeout) s -5 492 M -( period. The RECOMMENDED timeout period is 10 minutes. Additionally,) s -5 481 M -( the implementation SHOULD limit the number of failed authentication) s -5 470 M -( attempts a client may perform in a single session \(the RECOMMENDED) s -5 459 M -( limit is 20 attempts\). If the threshold is exceeded, the server) s -5 448 M -( SHOULD disconnect.) s -5 426 M -(3.1.1 Authentication Requests) s -5 404 M -( All authentication requests MUST use the following message format.) s -5 393 M -( Only the first few fields are defined; the remaining fields depend on) s -5 382 M -( the authentication method.) s -5 360 M -( byte SSH_MSG_USERAUTH_REQUEST) s -5 349 M -( string user name \(in ISO-10646 UTF-8 encoding [RFC2279]\)) s -5 338 M -( string service name \(in US-ASCII\)) s -5 327 M -( string method name \(US-ASCII\)) s -5 316 M -( The rest of the packet is method-specific.) s -5 294 M -( The user name and service are repeated in every new authentication) s -5 283 M -( attempt, and MAY change. The server implementation MUST carefully) s -5 272 M -( check them in every message, and MUST flush any accumulated) s -5 261 M -( authentication states if they change. If it is unable to flush some) s -5 250 M -( authentication state, it MUST disconnect if the user or service name) s -5 239 M -( changes.) s -5 217 M -( The service name specifies the service to start after authentication.) s -5 206 M -( There may be several different authenticated services provided. If) s -5 195 M -( the requested service is not available, the server MAY disconnect) s -5 184 M -( immediately or at any later time. Sending a proper disconnect) s -5 173 M -( message is RECOMMENDED. In any case, if the service does not exist,) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 4]) s -_R -S -PStoPSsaved restore -%%Page: (4,5) 3 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 5 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -( authentication MUST NOT be accepted.) s -5 668 M -( If the requested user does not exist, the server MAY disconnect, or) s -5 657 M -( MAY send a bogus list of acceptable authentication methods, but never) s -5 646 M -( accept any. This makes it possible for the server to avoid) s -5 635 M -( disclosing information on which accounts exist. In any case, if the) s -5 624 M -( user does not exist, the authentication request MUST NOT be accepted.) s -5 602 M -( While there is usually little point for clients to send requests that) s -5 591 M -( the server does not list as acceptable, sending such requests is not) s -5 580 M -( an error, and the server SHOULD simply reject requests that it does) s -5 569 M -( not recognize.) s -5 547 M -( An authentication request MAY result in a further exchange of) s -5 536 M -( messages. All such messages depend on the authentication method) s -5 525 M -( used, and the client MAY at any time continue with a new) s -5 514 M -( SSH_MSG_USERAUTH_REQUEST message, in which case the server MUST) s -5 503 M -( abandon the previous authentication attempt and continue with the new) s -5 492 M -( one.) s -5 470 M -(3.1.2 Responses to Authentication Requests) s -5 448 M -( If the server rejects the authentication request, it MUST respond) s -5 437 M -( with the following:) s -5 415 M -( byte SSH_MSG_USERAUTH_FAILURE) s -5 404 M -( string authentications that can continue) s -5 393 M -( boolean partial success) s -5 371 M -( "Authentications that can continue" is a comma-separated list of) s -5 360 M -( authentication method names that may productively continue the) s -5 349 M -( authentication dialog.) s -5 327 M -( It is RECOMMENDED that servers only include those methods in the list) s -5 316 M -( that are actually useful. However, it is not illegal to include) s -5 305 M -( methods that cannot be used to authenticate the user.) s -5 283 M -( Already successfully completed authentications SHOULD NOT be included) s -5 272 M -( in the list, unless they really should be performed again for some) s -5 261 M -( reason.) s -5 239 M -( "Partial success" MUST be TRUE if the authentication request to which) s -5 228 M -( this is a response was successful. It MUST be FALSE if the request) s -5 217 M -( was not successfully processed.) s -5 195 M -( When the server accepts authentication, it MUST respond with the) s -5 184 M -( following:) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 5]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 6 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -( byte SSH_MSG_USERAUTH_SUCCESS) s -5 668 M -( Note that this is not sent after each step in a multi-method) s -5 657 M -( authentication sequence, but only when the authentication is) s -5 646 M -( complete.) s -5 624 M -( The client MAY send several authentication requests without waiting) s -5 613 M -( for responses from previous requests. The server MUST process each) s -5 602 M -( request completely and acknowledge any failed requests with a) s -5 591 M -( SSH_MSG_USERAUTH_FAILURE message before processing the next request.) s -5 569 M -( A request that results in further exchange of messages will be) s -5 558 M -( aborted by a second request. It is not possible to send a second) s -5 547 M -( request without waiting for a response from the server, if the first) s -5 536 M -( request will result in further exchange of messages. No) s -5 525 M -( SSH_MSG_USERAUTH_FAILURE message will be sent for the aborted method.) s -5 503 M -( SSH_MSG_USERAUTH_SUCCESS MUST be sent only once. When) s -5 492 M -( SSH_MSG_USERAUTH_SUCCESS has been sent, any further authentication) s -5 481 M -( requests received after that SHOULD be silently ignored.) s -5 459 M -( Any non-authentication messages sent by the client after the request) s -5 448 M -( that resulted in SSH_MSG_USERAUTH_SUCCESS being sent MUST be passed) s -5 437 M -( to the service being run on top of this protocol. Such messages can) s -5 426 M -( be identified by their message numbers \(see Section Message Numbers) s -5 415 M -( \(Section 3.2\)\).) s -5 393 M -(3.1.3 The "none" Authentication Request) s -5 371 M -( A client may request a list of authentication methods that may) s -5 360 M -( continue by using the "none" authentication method.) s -5 338 M -( If no authentication at all is needed for the user, the server MUST) s -5 327 M -( return SSH_MSG_USERAUTH_SUCCESS. Otherwise, the server MUST return) s -5 316 M -( SSH_MSG_USERAUTH_FAILURE and MAY return with it a list of) s -5 305 M -( authentication methods that can continue.) s -5 283 M -( This method MUST NOT be listed as supported by the server.) s -5 261 M -(3.1.4 Completion of User Authentication) s -5 239 M -( Authentication is complete when the server has responded with) s -5 228 M -( SSH_MSG_USERAUTH_SUCCESS; all authentication related messages) s -5 217 M -( received after sending this message SHOULD be silently ignored.) s -5 195 M -( After sending SSH_MSG_USERAUTH_SUCCESS, the server starts the) s -5 184 M -( requested service.) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 6]) s -_R -S -PStoPSsaved restore -%%Page: (6,7) 4 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 7 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -(3.1.5 Banner Message) s -5 668 M -( In some jurisdictions, sending a warning message before) s -5 657 M -( authentication may be relevant for getting legal protection. Many) s -5 646 M -( UNIX machines, for example, normally display text from `/etc/issue',) s -5 635 M -( or use "tcp wrappers" or similar software to display a banner before) s -5 624 M -( issuing a login prompt.) s -5 602 M -( The SSH server may send a SSH_MSG_USERAUTH_BANNER message at any time) s -5 591 M -( before authentication is successful. This message contains text to) s -5 580 M -( be displayed to the client user before authentication is attempted.) s -5 569 M -( The format is as follows:) s -5 547 M -( byte SSH_MSG_USERAUTH_BANNER) s -5 536 M -( string message \(ISO-10646 UTF-8\)) s -5 525 M -( string language tag \(as defined in [RFC3066]\)) s -5 503 M -( The client SHOULD by default display the message on the screen.) s -5 492 M -( However, since the message is likely to be sent for every login) s -5 481 M -( attempt, and since some client software will need to open a separate) s -5 470 M -( window for this warning, the client software may allow the user to) s -5 459 M -( explicitly disable the display of banners from the server. The) s -5 448 M -( message may consist of multiple lines.) s -5 426 M -( If the message string is displayed, control character filtering) s -5 415 M -( discussed in [SSH-ARCH] SHOULD be used to avoid attacks by sending) s -5 404 M -( terminal control characters.) s -5 382 M -(3.2 Authentication Protocol Message Numbers) s -5 360 M -( All message numbers used by this authentication protocol are in the) s -5 349 M -( range from 50 to 79, which is part of the range reserved for) s -5 338 M -( protocols running on top of the SSH transport layer protocol.) s -5 316 M -( Message numbers of 80 and higher are reserved for protocols running) s -5 305 M -( after this authentication protocol, so receiving one of them before) s -5 294 M -( authentication is complete is an error, to which the server MUST) s -5 283 M -( respond by disconnecting \(preferably with a proper disconnect message) s -5 272 M -( sent first to ease troubleshooting\).) s -5 250 M -( After successful authentication, such messages are passed to the) s -5 239 M -( higher-level service.) s -5 217 M -( These are the general authentication message codes:) s -5 195 M -( #define SSH_MSG_USERAUTH_REQUEST 50) s -5 184 M -( #define SSH_MSG_USERAUTH_FAILURE 51) s -5 173 M -( #define SSH_MSG_USERAUTH_SUCCESS 52) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 7]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 8 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -( #define SSH_MSG_USERAUTH_BANNER 53) s -5 668 M -( In addition to the above, there is a range of message numbers) s -5 657 M -( \(60..79\) reserved for method-specific messages. These messages are) s -5 646 M -( only sent by the server \(client sends only SSH_MSG_USERAUTH_REQUEST) s -5 635 M -( messages\). Different authentication methods reuse the same message) s -5 624 M -( numbers.) s -5 602 M -(3.3 Public Key Authentication Method: publickey) s -5 580 M -( The only REQUIRED authentication method is public key authentication.) s -5 569 M -( All implementations MUST support this method; however, not all users) s -5 558 M -( need to have public keys, and most local policies are not likely to) s -5 547 M -( require public key authentication for all users in the near future.) s -5 525 M -( With this method, the possession of a private key serves as) s -5 514 M -( authentication. This method works by sending a signature created) s -5 503 M -( with a private key of the user. The server MUST check that the key) s -5 492 M -( is a valid authenticator for the user, and MUST check that the) s -5 481 M -( signature is valid. If both hold, the authentication request MUST be) s -5 470 M -( accepted; otherwise it MUST be rejected. \(Note that the server MAY) s -5 459 M -( require additional authentications after successful authentication.\)) s -5 437 M -( Private keys are often stored in an encrypted form at the client) s -5 426 M -( host, and the user must supply a passphrase before the signature can) s -5 415 M -( be generated. Even if they are not, the signing operation involves) s -5 404 M -( some expensive computation. To avoid unnecessary processing and user) s -5 393 M -( interaction, the following message is provided for querying whether) s -5 382 M -( authentication using the key would be acceptable.) s -5 360 M -( byte SSH_MSG_USERAUTH_REQUEST) s -5 349 M -( string user name) s -5 338 M -( string service) s -5 327 M -( string "publickey") s -5 316 M -( boolean FALSE) s -5 305 M -( string public key algorithm name) s -5 294 M -( string public key blob) s -5 272 M -( Public key algorithms are defined in the transport layer) s -5 261 M -( specification [SSH-TRANS]. The public key blob may contain) s -5 250 M -( certificates.) s -5 228 M -( Any public key algorithm may be offered for use in authentication.) s -5 217 M -( In particular, the list is not constrained by what was negotiated) s -5 206 M -( during key exchange. If the server does not support some algorithm,) s -5 195 M -( it MUST simply reject the request.) s -5 173 M -( The server MUST respond to this message with either) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 8]) s -_R -S -PStoPSsaved restore -%%Page: (8,9) 5 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 9 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -( SSH_MSG_USERAUTH_FAILURE or with the following:) s -5 668 M -( byte SSH_MSG_USERAUTH_PK_OK) s -5 657 M -( string public key algorithm name from the request) s -5 646 M -( string public key blob from the request) s -5 624 M -( To perform actual authentication, the client MAY then send a) s -5 613 M -( signature generated using the private key. The client MAY send the) s -5 602 M -( signature directly without first verifying whether the key is) s -5 591 M -( acceptable. The signature is sent using the following packet:) s -5 569 M -( byte SSH_MSG_USERAUTH_REQUEST) s -5 558 M -( string user name) s -5 547 M -( string service) s -5 536 M -( string "publickey") s -5 525 M -( boolean TRUE) s -5 514 M -( string public key algorithm name) s -5 503 M -( string public key to be used for authentication) s -5 492 M -( string signature) s -5 470 M -( Signature is a signature by the corresponding private key over the) s -5 459 M -( following data, in the following order:) s -5 437 M -( string session identifier) s -5 426 M -( byte SSH_MSG_USERAUTH_REQUEST) s -5 415 M -( string user name) s -5 404 M -( string service) s -5 393 M -( string "publickey") s -5 382 M -( boolean TRUE) s -5 371 M -( string public key algorithm name) s -5 360 M -( string public key to be used for authentication) s -5 338 M -( When the server receives this message, it MUST check whether the) s -5 327 M -( supplied key is acceptable for authentication, and if so, it MUST) s -5 316 M -( check whether the signature is correct.) s -5 294 M -( If both checks succeed, this method is successful. Note that the) s -5 283 M -( server may require additional authentications. The server MUST) s -5 272 M -( respond with SSH_MSG_USERAUTH_SUCCESS \(if no more authentications are) s -5 261 M -( needed\), or SSH_MSG_USERAUTH_FAILURE \(if the request failed, or more) s -5 250 M -( authentications are needed\).) s -5 228 M -( The following method-specific message numbers are used by the) s -5 217 M -( publickey authentication method.) s -5 195 M -( /* Key-based */) s -5 184 M -( #define SSH_MSG_USERAUTH_PK_OK 60) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 9]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 10 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -(3.4 Password Authentication Method: password) s -5 668 M -( Password authentication uses the following packets. Note that a) s -5 657 M -( server MAY request the user to change the password. All) s -5 646 M -( implementations SHOULD support password authentication.) s -5 624 M -( byte SSH_MSG_USERAUTH_REQUEST) s -5 613 M -( string user name) s -5 602 M -( string service) s -5 591 M -( string "password") s -5 580 M -( boolean FALSE) s -5 569 M -( string plaintext password \(ISO-10646 UTF-8\)) s -5 547 M -( Note that the password is encoded in ISO-10646 UTF-8. It is up to) s -5 536 M -( the server how it interprets the password and validates it against) s -5 525 M -( the password database. However, if the client reads the password in) s -5 514 M -( some other encoding \(e.g., ISO 8859-1 \(ISO Latin1\)\), it MUST convert) s -5 503 M -( the password to ISO-10646 UTF-8 before transmitting, and the server) s -5 492 M -( MUST convert the password to the encoding used on that system for) s -5 481 M -( passwords.) s -5 459 M -( Note that even though the cleartext password is transmitted in the) s -5 448 M -( packet, the entire packet is encrypted by the transport layer. Both) s -5 437 M -( the server and the client should check whether the underlying) s -5 426 M -( transport layer provides confidentiality \(i.e., if encryption is) s -5 415 M -( being used\). If no confidentiality is provided \(none cipher\),) s -5 404 M -( password authentication SHOULD be disabled. If there is no) s -5 393 M -( confidentiality or no MAC, password change SHOULD be disabled.) s -5 371 M -( Normally, the server responds to this message with success or) s -5 360 M -( failure. However, if the password has expired the server SHOULD) s -5 349 M -( indicate this by responding with SSH_MSG_USERAUTH_PASSWD_CHANGEREQ.) s -5 338 M -( In anycase the server MUST NOT allow an expired password to be used) s -5 327 M -( for authentication.) s -5 305 M -( byte SSH_MSG_USERAUTH_PASSWD_CHANGEREQ) s -5 294 M -( string prompt \(ISO-10646 UTF-8\)) s -5 283 M -( string language tag \(as defined in [RFC3066]\)) s -5 261 M -( In this case, the client MAY continue with a different authentication) s -5 250 M -( method, or request a new password from the user and retry password) s -5 239 M -( authentication using the following message. The client MAY also send) s -5 228 M -( this message instead of the normal password authentication request) s -5 217 M -( without the server asking for it.) s -5 195 M -( byte SSH_MSG_USERAUTH_REQUEST) s -5 184 M -( string user name) s -5 173 M -( string service) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 10]) s -_R -S -PStoPSsaved restore -%%Page: (10,11) 6 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 11 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -( string "password") s -5 679 M -( boolean TRUE) s -5 668 M -( string plaintext old password \(ISO-10646 UTF-8\)) s -5 657 M -( string plaintext new password \(ISO-10646 UTF-8\)) s -5 635 M -( The server must reply to request message with) s -5 624 M -( SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, or another) s -5 613 M -( SSH_MSG_USERAUTH_PASSWD_CHANGEREQ. The meaning of these is as) s -5 602 M -( follows:) s -5 580 M -( SSH_MSG_USERAUTH_SUCCESS The password has been changed, and) s -5 569 M -( authentication has been successfully completed.) s -5 547 M -( SSH_MSG_USERAUTH_FAILURE with partial success The password has) s -5 536 M -( been changed, but more authentications are needed.) s -5 514 M -( SSH_MSG_USERAUTH_FAILURE without partial success The password has) s -5 503 M -( not been changed. Either password changing was not supported, or) s -5 492 M -( the old password was bad. Note that if the server has already) s -5 481 M -( sent SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, we know that it supports) s -5 470 M -( changing the password.) s -5 448 M -( SSH_MSG_USERAUTH_CHANGEREQ The password was not changed because) s -5 437 M -( the new password was not acceptable \(e.g. too easy to guess\).) s -5 415 M -( The following method-specific message numbers are used by the) s -5 404 M -( password authentication method.) s -5 382 M -( #define SSH_MSG_USERAUTH_PASSWD_CHANGEREQ 60) s -5 349 M -(3.5 Host-Based Authentication: hostbased) s -5 327 M -( Some sites wish to allow authentication based on the host where the) s -5 316 M -( user is coming from, and the user name on the remote host. While) s -5 305 M -( this form of authentication is not suitable for high-security sites,) s -5 294 M -( it can be very convenient in many environments. This form of) s -5 283 M -( authentication is OPTIONAL. When used, special care SHOULD be taken) s -5 272 M -( to prevent a regular user from obtaining the private host key.) s -5 250 M -( The client requests this form of authentication by sending the) s -5 239 M -( following message. It is similar to the UNIX "rhosts" and) s -5 228 M -( "hosts.equiv" styles of authentication, except that the identity of) s -5 217 M -( the client host is checked more rigorously.) s -5 195 M -( This method works by having the client send a signature created with) s -5 184 M -( the private key of the client host, which the server checks with that) s -5 173 M -( host's public key. Once the client host's identity is established,) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 11]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 12 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -( authorization \(but no further authentication\) is performed based on) s -5 679 M -( the user names on the server and the client, and the client host) s -5 668 M -( name.) s -5 646 M -( byte SSH_MSG_USERAUTH_REQUEST) s -5 635 M -( string user name) s -5 624 M -( string service) s -5 613 M -( string "hostbased") s -5 602 M -( string public key algorithm for host key) s -5 591 M -( string public host key and certificates for client host) s -5 580 M -( string client host name \(FQDN; US-ASCII\)) s -5 569 M -( string user name on the client host \(ISO-10646 UTF-8\)) s -5 558 M -( string signature) s -5 536 M -( Public key algorithm names for use in "public key algorithm for host) s -5 525 M -( key" are defined in the transport layer specification. The "public) s -5 514 M -( host key for client host" may include certificates.) s -5 492 M -( Signature is a signature with the private host key of the following) s -5 481 M -( data, in this order:) s -5 459 M -( string session identifier) s -5 448 M -( byte SSH_MSG_USERAUTH_REQUEST) s -5 437 M -( string user name) s -5 426 M -( string service) s -5 415 M -( string "hostbased") s -5 404 M -( string public key algorithm for host key) s -5 393 M -( string public host key and certificates for client host) s -5 382 M -( string client host name \(FQDN; US-ASCII\)) s -5 371 M -( string user name on the client host\(ISO-10646 UTF-8\)) s -5 349 M -( The server MUST verify that the host key actually belongs to the) s -5 338 M -( client host named in the message, that the given user on that host is) s -5 327 M -( allowed to log in, and that the signature is a valid signature on the) s -5 316 M -( appropriate value by the given host key. The server MAY ignore the) s -5 305 M -( client user name, if it wants to authenticate only the client host.) s -5 283 M -( It is RECOMMENDED that whenever possible, the server perform) s -5 272 M -( additional checks to verify that the network address obtained from) s -5 261 M -( the \(untrusted\) network matches the given client host name. This) s -5 250 M -( makes exploiting compromised host keys more difficult. Note that) s -5 239 M -( this may require special handling for connections coming through a) s -5 228 M -( firewall.) s -5 206 M -(4. Security Considerations) s -5 184 M -( The purpose of this protocol is to perform client user) s -5 173 M -( authentication. It assumed that this runs over a secure transport) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 12]) s -_R -S -PStoPSsaved restore -%%Page: (12,13) 7 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 13 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -( layer protocol, which has already authenticated the server machine,) s -5 679 M -( established an encrypted communications channel, and computed a) s -5 668 M -( unique session identifier for this session. The transport layer) s -5 657 M -( provides forward secrecy for password authentication and other) s -5 646 M -( methods that rely on secret data.) s -5 624 M -( Full security considerations for this protocol are provided in) s -5 613 M -( Section 8 of [SSH-ARCH]) s -5 591 M -(Normative) s -5 569 M -( [SSH-ARCH]) s -5 558 M -( Ylonen, T., "SSH Protocol Architecture", I-D) s -5 547 M -( draft-ietf-architecture-15.txt, Oct 2003.) s -5 525 M -( [SSH-TRANS]) s -5 514 M -( Ylonen, T., "SSH Transport Layer Protocol", I-D) s -5 503 M -( draft-ietf-transport-17.txt, Oct 2003.) s -5 481 M -( [SSH-USERAUTH]) s -5 470 M -( Ylonen, T., "SSH Authentication Protocol", I-D) s -5 459 M -( draft-ietf-userauth-18.txt, Oct 2003.) s -5 437 M -( [SSH-CONNECT]) s -5 426 M -( Ylonen, T., "SSH Connection Protocol", I-D) s -5 415 M -( draft-ietf-connect-18.txt, Oct 2003.) s -5 393 M -( [SSH-NUMBERS]) s -5 382 M -( Lehtinen, S. and D. Moffat, "SSH Protocol Assigned) s -5 371 M -( Numbers", I-D draft-ietf-secsh-assignednumbers-05.txt, Oct) s -5 360 M -( 2003.) s -5 338 M -( [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate) s -5 327 M -( Requirement Levels", BCP 14, RFC 2119, March 1997.) s -5 305 M -(Informative) s -5 283 M -( [RFC3066] Alvestrand, H., "Tags for the Identification of) s -5 272 M -( Languages", BCP 47, RFC 3066, January 2001.) s -5 250 M -( [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO) s -5 239 M -( 10646", RFC 2279, January 1998.) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 13]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 14 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -(Authors' Addresses) s -5 668 M -( Tatu Ylonen) s -5 657 M -( SSH Communications Security Corp) s -5 646 M -( Fredrikinkatu 42) s -5 635 M -( HELSINKI FIN-00100) s -5 624 M -( Finland) s -5 602 M -( EMail: ylo@ssh.com) s -5 569 M -( Darren J. Moffat \(editor\)) s -5 558 M -( Sun Microsystems, Inc) s -5 547 M -( 17 Network Circle) s -5 536 M -( Menlo Park 95025) s -5 525 M -( USA) s -5 503 M -( EMail: Darren.Moffat@Sun.COM) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 14]) s -_R -S -PStoPSsaved restore -%%Page: (14,15) 8 -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 0.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -/showpage{}def/copypage{}def/erasepage{}def -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 15 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -(Intellectual Property Statement) s -5 668 M -( The IETF takes no position regarding the validity or scope of any) s -5 657 M -( intellectual property or other rights that might be claimed to) s -5 646 M -( pertain to the implementation or use of the technology described in) s -5 635 M -( this document or the extent to which any license under such rights) s -5 624 M -( might or might not be available; neither does it represent that it) s -5 613 M -( has made any effort to identify any such rights. Information on the) s -5 602 M -( IETF's procedures with respect to rights in standards-track and) s -5 591 M -( standards-related documentation can be found in BCP-11. Copies of) s -5 580 M -( claims of rights made available for publication and any assurances of) s -5 569 M -( licenses to be made available, or the result of an attempt made to) s -5 558 M -( obtain a general license or permission for the use of such) s -5 547 M -( proprietary rights by implementors or users of this specification can) s -5 536 M -( be obtained from the IETF Secretariat.) s -5 514 M -( The IETF invites any interested party to bring to its attention any) s -5 503 M -( copyrights, patents or patent applications, or other proprietary) s -5 492 M -( rights which may cover technology that may be required to practice) s -5 481 M -( this standard. Please address the information to the IETF Executive) s -5 470 M -( Director.) s -5 448 M -( The IETF has been notified of intellectual property rights claimed in) s -5 437 M -( regard to some or all of the specification contained in this) s -5 426 M -( document. For more information consult the online list of claimed) s -5 415 M -( rights.) s -5 382 M -(Full Copyright Statement) s -5 360 M -( Copyright \(C\) The Internet Society \(2002\). All Rights Reserved.) s -5 338 M -( This document and translations of it may be copied and furnished to) s -5 327 M -( others, and derivative works that comment on or otherwise explain it) s -5 316 M -( or assist in its implementation may be prepared, copied, published) s -5 305 M -( and distributed, in whole or in part, without restriction of any) s -5 294 M -( kind, provided that the above copyright notice and this paragraph are) s -5 283 M -( included on all such copies and derivative works. However, this) s -5 272 M -( document itself may not be modified in any way, such as by removing) s -5 261 M -( the copyright notice or references to the Internet Society or other) s -5 250 M -( Internet organizations, except as needed for the purpose of) s -5 239 M -( developing Internet standards in which case the procedures for) s -5 228 M -( copyrights defined in the Internet Standards process must be) s -5 217 M -( followed, or as required to translate it into languages other than) s -5 206 M -( English.) s -5 184 M -( The limited permissions granted above are perpetual and will not be) s -5 173 M -( revoked by the Internet Society or its successors or assignees.) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 15]) s -_R -S -PStoPSsaved restore -userdict/PStoPSsaved save put -PStoPSmatrix setmatrix -595.000000 421.271378 translate -90 rotate -0.706651 dup scale -userdict/PStoPSmatrix matrix currentmatrix put -userdict/PStoPSclip{0 0 moveto - 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto - closepath}put initclip -PStoPSxform concat -%%BeginPageSetup -_S -75 0 translate -/pagenum 16 def -/fname () def -/fdir () def -/ftail () def -/user_header_p false def -%%EndPageSetup -5 723 M -(Internet-Draft SSH Authentication Protocol September 2002) s -5 690 M -( This document and the information contained herein is provided on an) s -5 679 M -( "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING) s -5 668 M -( TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING) s -5 657 M -( BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION) s -5 646 M -( HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF) s -5 635 M -( MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.) s -5 602 M -(Acknowledgment) s -5 580 M -( Funding for the RFC Editor function is currently provided by the) s -5 569 M -( Internet Society.) s -5 129 M -(Ylonen & Moffat Expires March 2, 2003 [Page 16]) s -_R -S -PStoPSsaved restore -%%Trailer -%%Pages: 16 -%%DocumentNeededResources: font Courier-Bold Courier -%%EOF diff --git a/lib/ssh/doc/standard/draft-ietf-secsh-userauth-18.txt b/lib/ssh/doc/standard/draft-ietf-secsh-userauth-18.txt deleted file mode 100644 index 9dae578a35..0000000000 --- a/lib/ssh/doc/standard/draft-ietf-secsh-userauth-18.txt +++ /dev/null @@ -1,896 +0,0 @@ - - - -Network Working Group T. Ylonen -Internet-Draft SSH Communications Security Corp -Expires: March 2, 2003 D. Moffat, Ed. - Sun Microsystems, Inc - September 2002 - - - SSH Authentication Protocol - draft-ietf-secsh-userauth-18.txt - -Status of this Memo - - This document is an Internet-Draft and is in full conformance with - all provisions of Section 10 of RFC2026. - - Internet-Drafts are working documents of the Internet Engineering - Task Force (IETF), its areas, and its working groups. Note that other - groups may also distribute working documents as Internet-Drafts. - - Internet-Drafts are draft documents valid for a maximum of six months - and may be updated, replaced, or obsoleted by other documents at any - time. It is inappropriate to use Internet-Drafts as reference - material or to cite them other than as "work in progress." - - The list of current Internet-Drafts can be accessed at http:// - www.ietf.org/ietf/1id-abstracts.txt. - - The list of Internet-Draft Shadow Directories can be accessed at - http://www.ietf.org/shadow.html. - - This Internet-Draft will expire on March 2, 2003. - -Copyright Notice - - Copyright (C) The Internet Society (2002). All Rights Reserved. - -Abstract - - SSH is a protocol for secure remote login and other secure network - services over an insecure network. This document describes the SSH - authentication protocol framework and public key, password, and - host-based client authentication methods. Additional authentication - methods are described in separate documents. The SSH authentication - protocol runs on top of the SSH transport layer protocol and provides - a single authenticated tunnel for the SSH connection protocol. - - - - - - - -Ylonen & Moffat Expires March 2, 2003 [Page 1] - -Internet-Draft SSH Authentication Protocol September 2002 - - -Table of Contents - - 1. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 3 - 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 - 3. Conventions Used in This Document . . . . . . . . . . . . . 3 - 3.1 The Authentication Protocol Framework . . . . . . . . . . . 3 - 3.1.1 Authentication Requests . . . . . . . . . . . . . . . . . . 4 - 3.1.2 Responses to Authentication Requests . . . . . . . . . . . . 5 - 3.1.3 The "none" Authentication Request . . . . . . . . . . . . . 6 - 3.1.4 Completion of User Authentication . . . . . . . . . . . . . 6 - 3.1.5 Banner Message . . . . . . . . . . . . . . . . . . . . . . . 7 - 3.2 Authentication Protocol Message Numbers . . . . . . . . . . 7 - 3.3 Public Key Authentication Method: publickey . . . . . . . . 8 - 3.4 Password Authentication Method: password . . . . . . . . . . 10 - 3.5 Host-Based Authentication: hostbased . . . . . . . . . . . . 11 - 4. Security Considerations . . . . . . . . . . . . . . . . . . 12 - Normative . . . . . . . . . . . . . . . . . . . . . . . . . 13 - Informative . . . . . . . . . . . . . . . . . . . . . . . . 13 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 14 - Intellectual Property and Copyright Statements . . . . . . . 15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Ylonen & Moffat Expires March 2, 2003 [Page 2] - -Internet-Draft SSH Authentication Protocol September 2002 - - -1. Contributors - - The major original contributors of this document were: Tatu Ylonen, - Tero Kivinen, Timo J. Rinne, Sami Lehtinen (all of SSH Communications - Security Corp), and Markku-Juhani O. Saarinen (University of - Jyvaskyla) - - The document editor is: Darren.Moffat@Sun.COM. Comments on this - internet draft should be sent to the IETF SECSH working group, - details at: http://ietf.org/html.charters/secsh-charter.html - -2. Introduction - - The SSH authentication protocol is a general-purpose user - authentication protocol. It is intended to be run over the SSH - transport layer protocol [SSH-TRANS]. This protocol assumes that the - underlying protocols provide integrity and confidentiality - protection. - - This document should be read only after reading the SSH architecture - document [SSH-ARCH]. This document freely uses terminology and - notation from the architecture document without reference or further - explanation. - - The service name for this protocol is "ssh-userauth". - - When this protocol starts, it receives the session identifier from - the lower-level protocol (this is the exchange hash H from the first - key exchange). The session identifier uniquely identifies this - session and is suitable for signing in order to prove ownership of a - private key. This protocol also needs to know whether the lower-level - protocol provides confidentiality protection. - -3. Conventions Used in This Document - - The keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", - and "MAY" that appear in this document are to be interpreted as - described in [RFC2119] - - The used data types and terminology are specified in the architecture - document [SSH-ARCH] - - The architecture document also discusses the algorithm naming - conventions that MUST be used with the SSH protocols. - -3.1 The Authentication Protocol Framework - - The server drives the authentication by telling the client which - - - -Ylonen & Moffat Expires March 2, 2003 [Page 3] - -Internet-Draft SSH Authentication Protocol September 2002 - - - authentication methods can be used to continue the exchange at any - given time. The client has the freedom to try the methods listed by - the server in any order. This gives the server complete control over - the authentication process if desired, but also gives enough - flexibility for the client to use the methods it supports or that are - most convenient for the user, when multiple methods are offered by - the server. - - Authentication methods are identified by their name, as defined in - [SSH-ARCH]. The "none" method is reserved, and MUST NOT be listed as - supported. However, it MAY be sent by the client. The server MUST - always reject this request, unless the client is to be allowed in - without any authentication, in which case the server MUST accept this - request. The main purpose of sending this request is to get the list - of supported methods from the server. - - The server SHOULD have a timeout for authentication, and disconnect - if the authentication has not been accepted within the timeout - period. The RECOMMENDED timeout period is 10 minutes. Additionally, - the implementation SHOULD limit the number of failed authentication - attempts a client may perform in a single session (the RECOMMENDED - limit is 20 attempts). If the threshold is exceeded, the server - SHOULD disconnect. - -3.1.1 Authentication Requests - - All authentication requests MUST use the following message format. - Only the first few fields are defined; the remaining fields depend on - the authentication method. - - byte SSH_MSG_USERAUTH_REQUEST - string user name (in ISO-10646 UTF-8 encoding [RFC2279]) - string service name (in US-ASCII) - string method name (US-ASCII) - The rest of the packet is method-specific. - - The user name and service are repeated in every new authentication - attempt, and MAY change. The server implementation MUST carefully - check them in every message, and MUST flush any accumulated - authentication states if they change. If it is unable to flush some - authentication state, it MUST disconnect if the user or service name - changes. - - The service name specifies the service to start after authentication. - There may be several different authenticated services provided. If - the requested service is not available, the server MAY disconnect - immediately or at any later time. Sending a proper disconnect - message is RECOMMENDED. In any case, if the service does not exist, - - - -Ylonen & Moffat Expires March 2, 2003 [Page 4] - -Internet-Draft SSH Authentication Protocol September 2002 - - - authentication MUST NOT be accepted. - - If the requested user does not exist, the server MAY disconnect, or - MAY send a bogus list of acceptable authentication methods, but never - accept any. This makes it possible for the server to avoid - disclosing information on which accounts exist. In any case, if the - user does not exist, the authentication request MUST NOT be accepted. - - While there is usually little point for clients to send requests that - the server does not list as acceptable, sending such requests is not - an error, and the server SHOULD simply reject requests that it does - not recognize. - - An authentication request MAY result in a further exchange of - messages. All such messages depend on the authentication method - used, and the client MAY at any time continue with a new - SSH_MSG_USERAUTH_REQUEST message, in which case the server MUST - abandon the previous authentication attempt and continue with the new - one. - -3.1.2 Responses to Authentication Requests - - If the server rejects the authentication request, it MUST respond - with the following: - - byte SSH_MSG_USERAUTH_FAILURE - string authentications that can continue - boolean partial success - - "Authentications that can continue" is a comma-separated list of - authentication method names that may productively continue the - authentication dialog. - - It is RECOMMENDED that servers only include those methods in the list - that are actually useful. However, it is not illegal to include - methods that cannot be used to authenticate the user. - - Already successfully completed authentications SHOULD NOT be included - in the list, unless they really should be performed again for some - reason. - - "Partial success" MUST be TRUE if the authentication request to which - this is a response was successful. It MUST be FALSE if the request - was not successfully processed. - - When the server accepts authentication, it MUST respond with the - following: - - - - -Ylonen & Moffat Expires March 2, 2003 [Page 5] - -Internet-Draft SSH Authentication Protocol September 2002 - - - byte SSH_MSG_USERAUTH_SUCCESS - - Note that this is not sent after each step in a multi-method - authentication sequence, but only when the authentication is - complete. - - The client MAY send several authentication requests without waiting - for responses from previous requests. The server MUST process each - request completely and acknowledge any failed requests with a - SSH_MSG_USERAUTH_FAILURE message before processing the next request. - - A request that results in further exchange of messages will be - aborted by a second request. It is not possible to send a second - request without waiting for a response from the server, if the first - request will result in further exchange of messages. No - SSH_MSG_USERAUTH_FAILURE message will be sent for the aborted method. - - SSH_MSG_USERAUTH_SUCCESS MUST be sent only once. When - SSH_MSG_USERAUTH_SUCCESS has been sent, any further authentication - requests received after that SHOULD be silently ignored. - - Any non-authentication messages sent by the client after the request - that resulted in SSH_MSG_USERAUTH_SUCCESS being sent MUST be passed - to the service being run on top of this protocol. Such messages can - be identified by their message numbers (see Section Message Numbers - (Section 3.2)). - -3.1.3 The "none" Authentication Request - - A client may request a list of authentication methods that may - continue by using the "none" authentication method. - - If no authentication at all is needed for the user, the server MUST - return SSH_MSG_USERAUTH_SUCCESS. Otherwise, the server MUST return - SSH_MSG_USERAUTH_FAILURE and MAY return with it a list of - authentication methods that can continue. - - This method MUST NOT be listed as supported by the server. - -3.1.4 Completion of User Authentication - - Authentication is complete when the server has responded with - SSH_MSG_USERAUTH_SUCCESS; all authentication related messages - received after sending this message SHOULD be silently ignored. - - After sending SSH_MSG_USERAUTH_SUCCESS, the server starts the - requested service. - - - - -Ylonen & Moffat Expires March 2, 2003 [Page 6] - -Internet-Draft SSH Authentication Protocol September 2002 - - -3.1.5 Banner Message - - In some jurisdictions, sending a warning message before - authentication may be relevant for getting legal protection. Many - UNIX machines, for example, normally display text from `/etc/issue', - or use "tcp wrappers" or similar software to display a banner before - issuing a login prompt. - - The SSH server may send a SSH_MSG_USERAUTH_BANNER message at any time - before authentication is successful. This message contains text to - be displayed to the client user before authentication is attempted. - The format is as follows: - - byte SSH_MSG_USERAUTH_BANNER - string message (ISO-10646 UTF-8) - string language tag (as defined in [RFC3066]) - - The client SHOULD by default display the message on the screen. - However, since the message is likely to be sent for every login - attempt, and since some client software will need to open a separate - window for this warning, the client software may allow the user to - explicitly disable the display of banners from the server. The - message may consist of multiple lines. - - If the message string is displayed, control character filtering - discussed in [SSH-ARCH] SHOULD be used to avoid attacks by sending - terminal control characters. - -3.2 Authentication Protocol Message Numbers - - All message numbers used by this authentication protocol are in the - range from 50 to 79, which is part of the range reserved for - protocols running on top of the SSH transport layer protocol. - - Message numbers of 80 and higher are reserved for protocols running - after this authentication protocol, so receiving one of them before - authentication is complete is an error, to which the server MUST - respond by disconnecting (preferably with a proper disconnect message - sent first to ease troubleshooting). - - After successful authentication, such messages are passed to the - higher-level service. - - These are the general authentication message codes: - - #define SSH_MSG_USERAUTH_REQUEST 50 - #define SSH_MSG_USERAUTH_FAILURE 51 - #define SSH_MSG_USERAUTH_SUCCESS 52 - - - -Ylonen & Moffat Expires March 2, 2003 [Page 7] - -Internet-Draft SSH Authentication Protocol September 2002 - - - #define SSH_MSG_USERAUTH_BANNER 53 - - In addition to the above, there is a range of message numbers - (60..79) reserved for method-specific messages. These messages are - only sent by the server (client sends only SSH_MSG_USERAUTH_REQUEST - messages). Different authentication methods reuse the same message - numbers. - -3.3 Public Key Authentication Method: publickey - - The only REQUIRED authentication method is public key authentication. - All implementations MUST support this method; however, not all users - need to have public keys, and most local policies are not likely to - require public key authentication for all users in the near future. - - With this method, the possession of a private key serves as - authentication. This method works by sending a signature created - with a private key of the user. The server MUST check that the key - is a valid authenticator for the user, and MUST check that the - signature is valid. If both hold, the authentication request MUST be - accepted; otherwise it MUST be rejected. (Note that the server MAY - require additional authentications after successful authentication.) - - Private keys are often stored in an encrypted form at the client - host, and the user must supply a passphrase before the signature can - be generated. Even if they are not, the signing operation involves - some expensive computation. To avoid unnecessary processing and user - interaction, the following message is provided for querying whether - authentication using the key would be acceptable. - - byte SSH_MSG_USERAUTH_REQUEST - string user name - string service - string "publickey" - boolean FALSE - string public key algorithm name - string public key blob - - Public key algorithms are defined in the transport layer - specification [SSH-TRANS]. The public key blob may contain - certificates. - - Any public key algorithm may be offered for use in authentication. - In particular, the list is not constrained by what was negotiated - during key exchange. If the server does not support some algorithm, - it MUST simply reject the request. - - The server MUST respond to this message with either - - - -Ylonen & Moffat Expires March 2, 2003 [Page 8] - -Internet-Draft SSH Authentication Protocol September 2002 - - - SSH_MSG_USERAUTH_FAILURE or with the following: - - byte SSH_MSG_USERAUTH_PK_OK - string public key algorithm name from the request - string public key blob from the request - - To perform actual authentication, the client MAY then send a - signature generated using the private key. The client MAY send the - signature directly without first verifying whether the key is - acceptable. The signature is sent using the following packet: - - byte SSH_MSG_USERAUTH_REQUEST - string user name - string service - string "publickey" - boolean TRUE - string public key algorithm name - string public key to be used for authentication - string signature - - Signature is a signature by the corresponding private key over the - following data, in the following order: - - string session identifier - byte SSH_MSG_USERAUTH_REQUEST - string user name - string service - string "publickey" - boolean TRUE - string public key algorithm name - string public key to be used for authentication - - When the server receives this message, it MUST check whether the - supplied key is acceptable for authentication, and if so, it MUST - check whether the signature is correct. - - If both checks succeed, this method is successful. Note that the - server may require additional authentications. The server MUST - respond with SSH_MSG_USERAUTH_SUCCESS (if no more authentications are - needed), or SSH_MSG_USERAUTH_FAILURE (if the request failed, or more - authentications are needed). - - The following method-specific message numbers are used by the - publickey authentication method. - - /* Key-based */ - #define SSH_MSG_USERAUTH_PK_OK 60 - - - - -Ylonen & Moffat Expires March 2, 2003 [Page 9] - -Internet-Draft SSH Authentication Protocol September 2002 - - -3.4 Password Authentication Method: password - - Password authentication uses the following packets. Note that a - server MAY request the user to change the password. All - implementations SHOULD support password authentication. - - byte SSH_MSG_USERAUTH_REQUEST - string user name - string service - string "password" - boolean FALSE - string plaintext password (ISO-10646 UTF-8) - - Note that the password is encoded in ISO-10646 UTF-8. It is up to - the server how it interprets the password and validates it against - the password database. However, if the client reads the password in - some other encoding (e.g., ISO 8859-1 (ISO Latin1)), it MUST convert - the password to ISO-10646 UTF-8 before transmitting, and the server - MUST convert the password to the encoding used on that system for - passwords. - - Note that even though the cleartext password is transmitted in the - packet, the entire packet is encrypted by the transport layer. Both - the server and the client should check whether the underlying - transport layer provides confidentiality (i.e., if encryption is - being used). If no confidentiality is provided (none cipher), - password authentication SHOULD be disabled. If there is no - confidentiality or no MAC, password change SHOULD be disabled. - - Normally, the server responds to this message with success or - failure. However, if the password has expired the server SHOULD - indicate this by responding with SSH_MSG_USERAUTH_PASSWD_CHANGEREQ. - In anycase the server MUST NOT allow an expired password to be used - for authentication. - - byte SSH_MSG_USERAUTH_PASSWD_CHANGEREQ - string prompt (ISO-10646 UTF-8) - string language tag (as defined in [RFC3066]) - - In this case, the client MAY continue with a different authentication - method, or request a new password from the user and retry password - authentication using the following message. The client MAY also send - this message instead of the normal password authentication request - without the server asking for it. - - byte SSH_MSG_USERAUTH_REQUEST - string user name - string service - - - -Ylonen & Moffat Expires March 2, 2003 [Page 10] - -Internet-Draft SSH Authentication Protocol September 2002 - - - string "password" - boolean TRUE - string plaintext old password (ISO-10646 UTF-8) - string plaintext new password (ISO-10646 UTF-8) - - The server must reply to request message with - SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, or another - SSH_MSG_USERAUTH_PASSWD_CHANGEREQ. The meaning of these is as - follows: - - SSH_MSG_USERAUTH_SUCCESS The password has been changed, and - authentication has been successfully completed. - - SSH_MSG_USERAUTH_FAILURE with partial success The password has - been changed, but more authentications are needed. - - SSH_MSG_USERAUTH_FAILURE without partial success The password has - not been changed. Either password changing was not supported, or - the old password was bad. Note that if the server has already - sent SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, we know that it supports - changing the password. - - SSH_MSG_USERAUTH_CHANGEREQ The password was not changed because - the new password was not acceptable (e.g. too easy to guess). - - The following method-specific message numbers are used by the - password authentication method. - - #define SSH_MSG_USERAUTH_PASSWD_CHANGEREQ 60 - - -3.5 Host-Based Authentication: hostbased - - Some sites wish to allow authentication based on the host where the - user is coming from, and the user name on the remote host. While - this form of authentication is not suitable for high-security sites, - it can be very convenient in many environments. This form of - authentication is OPTIONAL. When used, special care SHOULD be taken - to prevent a regular user from obtaining the private host key. - - The client requests this form of authentication by sending the - following message. It is similar to the UNIX "rhosts" and - "hosts.equiv" styles of authentication, except that the identity of - the client host is checked more rigorously. - - This method works by having the client send a signature created with - the private key of the client host, which the server checks with that - host's public key. Once the client host's identity is established, - - - -Ylonen & Moffat Expires March 2, 2003 [Page 11] - -Internet-Draft SSH Authentication Protocol September 2002 - - - authorization (but no further authentication) is performed based on - the user names on the server and the client, and the client host - name. - - byte SSH_MSG_USERAUTH_REQUEST - string user name - string service - string "hostbased" - string public key algorithm for host key - string public host key and certificates for client host - string client host name (FQDN; US-ASCII) - string user name on the client host (ISO-10646 UTF-8) - string signature - - Public key algorithm names for use in "public key algorithm for host - key" are defined in the transport layer specification. The "public - host key for client host" may include certificates. - - Signature is a signature with the private host key of the following - data, in this order: - - string session identifier - byte SSH_MSG_USERAUTH_REQUEST - string user name - string service - string "hostbased" - string public key algorithm for host key - string public host key and certificates for client host - string client host name (FQDN; US-ASCII) - string user name on the client host(ISO-10646 UTF-8) - - The server MUST verify that the host key actually belongs to the - client host named in the message, that the given user on that host is - allowed to log in, and that the signature is a valid signature on the - appropriate value by the given host key. The server MAY ignore the - client user name, if it wants to authenticate only the client host. - - It is RECOMMENDED that whenever possible, the server perform - additional checks to verify that the network address obtained from - the (untrusted) network matches the given client host name. This - makes exploiting compromised host keys more difficult. Note that - this may require special handling for connections coming through a - firewall. - -4. Security Considerations - - The purpose of this protocol is to perform client user - authentication. It assumed that this runs over a secure transport - - - -Ylonen & Moffat Expires March 2, 2003 [Page 12] - -Internet-Draft SSH Authentication Protocol September 2002 - - - layer protocol, which has already authenticated the server machine, - established an encrypted communications channel, and computed a - unique session identifier for this session. The transport layer - provides forward secrecy for password authentication and other - methods that rely on secret data. - - Full security considerations for this protocol are provided in - Section 8 of [SSH-ARCH] - -Normative - - [SSH-ARCH] - Ylonen, T., "SSH Protocol Architecture", I-D - draft-ietf-architecture-15.txt, Oct 2003. - - [SSH-TRANS] - Ylonen, T., "SSH Transport Layer Protocol", I-D - draft-ietf-transport-17.txt, Oct 2003. - - [SSH-USERAUTH] - Ylonen, T., "SSH Authentication Protocol", I-D - draft-ietf-userauth-18.txt, Oct 2003. - - [SSH-CONNECT] - Ylonen, T., "SSH Connection Protocol", I-D - draft-ietf-connect-18.txt, Oct 2003. - - [SSH-NUMBERS] - Lehtinen, S. and D. Moffat, "SSH Protocol Assigned - Numbers", I-D draft-ietf-secsh-assignednumbers-05.txt, Oct - 2003. - - [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate - Requirement Levels", BCP 14, RFC 2119, March 1997. - -Informative - - [RFC3066] Alvestrand, H., "Tags for the Identification of - Languages", BCP 47, RFC 3066, January 2001. - - [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO - 10646", RFC 2279, January 1998. - - - - - - - - - -Ylonen & Moffat Expires March 2, 2003 [Page 13] - -Internet-Draft SSH Authentication Protocol September 2002 - - -Authors' Addresses - - Tatu Ylonen - SSH Communications Security Corp - Fredrikinkatu 42 - HELSINKI FIN-00100 - Finland - - EMail: ylo@ssh.com - - - Darren J. Moffat (editor) - Sun Microsystems, Inc - 17 Network Circle - Menlo Park 95025 - USA - - EMail: Darren.Moffat@Sun.COM - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Ylonen & Moffat Expires March 2, 2003 [Page 14] - -Internet-Draft SSH Authentication Protocol September 2002 - - -Intellectual Property Statement - - The IETF takes no position regarding the validity or scope of any - intellectual property or other rights that might be claimed to - pertain to the implementation or use of the technology described in - this document or the extent to which any license under such rights - might or might not be available; neither does it represent that it - has made any effort to identify any such rights. Information on the - IETF's procedures with respect to rights in standards-track and - standards-related documentation can be found in BCP-11. Copies of - claims of rights made available for publication and any assurances of - licenses to be made available, or the result of an attempt made to - obtain a general license or permission for the use of such - proprietary rights by implementors or users of this specification can - be obtained from the IETF Secretariat. - - The IETF invites any interested party to bring to its attention any - copyrights, patents or patent applications, or other proprietary - rights which may cover technology that may be required to practice - this standard. Please address the information to the IETF Executive - Director. - - The IETF has been notified of intellectual property rights claimed in - regard to some or all of the specification contained in this - document. For more information consult the online list of claimed - rights. - - -Full Copyright Statement - - Copyright (C) The Internet Society (2002). All Rights Reserved. - - This document and translations of it may be copied and furnished to - others, and derivative works that comment on or otherwise explain it - or assist in its implementation may be prepared, copied, published - and distributed, in whole or in part, without restriction of any - kind, provided that the above copyright notice and this paragraph are - included on all such copies and derivative works. However, this - document itself may not be modified in any way, such as by removing - the copyright notice or references to the Internet Society or other - Internet organizations, except as needed for the purpose of - developing Internet standards in which case the procedures for - copyrights defined in the Internet Standards process must be - followed, or as required to translate it into languages other than - English. - - The limited permissions granted above are perpetual and will not be - revoked by the Internet Society or its successors or assignees. - - - -Ylonen & Moffat Expires March 2, 2003 [Page 15] - -Internet-Draft SSH Authentication Protocol September 2002 - - - This document and the information contained herein is provided on an - "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING - TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING - BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION - HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF - MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. - - -Acknowledgment - - Funding for the RFC Editor function is currently provided by the - Internet Society. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Ylonen & Moffat Expires March 2, 2003 [Page 16] \ No newline at end of file -- cgit v1.2.3 From 6a885ee06515c2a8dfa3e0594123ef76cda9672a Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 10 Nov 2015 12:35:31 +0100 Subject: ssh: updated ssh_app.xml with ecdsa info --- lib/ssh/doc/src/ssh_app.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 4c85585820..0baa44a6a7 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -62,10 +62,13 @@ authorized_keys2 id_dsa id_rsa + id_ecdsa ssh_host_dsa_key ssh_host_rsa_key + ssh_host_ecdsa_key

By default, ssh looks for id_dsa, id_rsa, + id_ecdsa_key, known_hosts, and authorized_keys in ~/.ssh, and for the host key files in /etc/ssh. These locations can be changed by the options user_dir and system_dir. @@ -79,7 +82,7 @@

Public Keys -

id_dsa and id_rsa are the users private key files. +

id_dsa, id_rsa and id_ecdsa are the users private key files. Notice that the public key is part of the private key so the ssh application does not use the id_<*>.pub files. These are for the user's convenience when it is needed to convey the user's @@ -104,8 +107,8 @@

Host Keys

RSA and DSA host keys are supported and are - expected to be found in files named ssh_host_rsa_key and - ssh_host_dsa_key. + expected to be found in files named ssh_host_rsa_key, + ssh_host_dsa_key and ssh_host_ecdsa_key.

-- cgit v1.2.3 From 05f4a611d3269b12edd709a988fa1da4c4690a82 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 10 Nov 2015 13:01:38 +0100 Subject: ssh: links to crypto and public_key in the ssh app ref --- lib/ssh/doc/src/ssh_app.xml | 9 ++++++--- lib/ssh/doc/src/ssh_connection.xml | 4 ++-- 2 files changed, 8 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 0baa44a6a7..1ae1558607 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -41,11 +41,14 @@
DEPENDENCIES -

The ssh application uses the applications public_key and - crypto to handle public keys and encryption. Hence, these +

The ssh application uses the applications + public_key and + crypto + to handle public keys and encryption. Hence, these applications must be loaded for the ssh application to work. In an embedded environment this means that they must be started with - application:start/[1,2] before the ssh application is started. + application:start/1,2 before the + ssh application is started.

diff --git a/lib/ssh/doc/src/ssh_connection.xml b/lib/ssh/doc/src/ssh_connection.xml index 7e7cfad90d..064a623eb6 100644 --- a/lib/ssh/doc/src/ssh_connection.xml +++ b/lib/ssh/doc/src/ssh_connection.xml @@ -373,7 +373,7 @@

Is to be called by client- and server-channel processes to send data to each other.

-

The function subsystem/4 and subsequent +

The function subsystem/4 and subsequent calls of send/3,4,5 must be executed in the same process.

@@ -458,7 +458,7 @@ subsystem on the server.

The function subsystem/4 and subsequent calls of - send/3,4,5 must be executed in the same process. + send/3,4,5 must be executed in the same process.

-- cgit v1.2.3 From 7448114c9bc35815051fbaf6f4b1ed7846d97b69 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 11 Nov 2015 16:05:53 +0100 Subject: ssh: moved "supported" section from ssh module man page to SSH_app man page --- lib/ssh/doc/src/ssh.xml | 28 ++-------------- lib/ssh/doc/src/ssh_app.xml | 82 ++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 83 insertions(+), 27 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 0e5a0706f5..1e9acf4a99 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -32,34 +32,10 @@ Main API of the ssh application

Interface module for the ssh application.

+

See ssh(6) for details of supported version, + algorithms and unicode support.

 -
- SSH - - - For application dependencies see ssh(6) - Supported SSH version is 2.0. - Supported public key algorithms: ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa and ssh-dss. - Supported MAC algorithms: hmac-sha2-256, hmac-sha2-512 and hmac-sha1. - Supported encryption algorithms: aes256-ctr, aes192-ctr, aes128-ctr, aes128-cb and 3des-cbc. - Supported key exchange algorithms: ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1, diffie-hellman-group-exchange-sha256 and diffie-hellman-group1-sha1 - Supported compression algorithms: none, zlib@openssh.com and zlib - Supports unicode filenames if the emulator and the underlaying OS support it. - See section DESCRIPTION in the - file manual page in kernel - for information about this subject. - Supports unicode in shell and CLI. - -

The actual set of algorithms can vary depending on which OpenSSL crypto library that is installed on the machine. - For the list on a particular installation, use the command default_algorithms/0. - The user may override the default algorithm configuration both on the server side and the client side. - See the option preferred_algorithms in the daemon and - connect functions. -

- -
-
OPTIONS

The exact behaviour of some functions can be adjusted with the use of options which are documented together diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 1ae1558607..f461f87d1b 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -52,7 +52,7 @@

-
+
CONFIGURATION

The ssh application does not have an application- @@ -119,6 +119,86 @@

The ssh application uses the default OTP error logger to log unexpected errors or print information about special events.

+
+ + SUPPORTED +

The supported SSH version is 2.0.

+ + Algorithms +

The actual set of algorithms may vary depending on which OpenSSL crypto library that is installed on the machine. + For the list on a particular installation, use the command + ssh:default_algorithms/0. + The user may override the default algorithm configuration both on the server side and the client side. + See the option preferred_algorithms in the ssh:daemon/1,2,3 and + ssh:connect/3,4 functions. +

+ +

Supported algorithms are:

+ + + Public key algorithms + + + ecdsa-sha2-nistp256 + ecdsa-sha2-nistp384 + ecdsa-sha2-nistp521 + ssh-rsa + ssh-dss + + + + MAC algorithms + + + hmac-sha2-256 + hmac-sha2-512 + hmac-sha1 + + + + Encryption algorithms + + + aes128-ctr + aes192-ctr + aes256-ctr + aes128-cbc + 3des-cbc + + + + Key exchange algorithms + + + ecdh-sha2-nistp256 + ecdh-sha2-nistp384 + ecdh-sha2-nistp521 + diffie-hellman-group-exchange-sha1 + diffie-hellman-group-exchange-sha256 + diffie-hellman-group14-sha1 + diffie-hellman-group1-sha1 + + + + Compression algorithms + + + none + zlib@openssh.com + zlib + + + + + Unicode support +

Unicode filenames are supported if the emulator and the underlaying OS support it. See section DESCRIPTION in the + file manual page in kernel for information about this subject. +

+

The shell and the cli support unicode. +

+ +
+
SEE ALSO

application(3)

-- cgit v1.2.3 From 65ac12ef11a869fa45f63dd64e905e55b1c7cdd5 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 11 Nov 2015 16:54:37 +0100 Subject: ssh: list supported rfcs --- lib/ssh/doc/src/ssh_app.xml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index f461f87d1b..f91285d8b8 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -202,6 +202,36 @@
SEE ALSO

application(3)

+

The following rfc:s are supported:

+ + RFC 4251, The Secure Shell (SSH) Protocol Architecture. + (Except 9.4.6, 9.5.2, 9.5.3) + + RFC 4252, The Secure Shell (SSH) Authentication Protocol. + (Except 9. Host-Based Authentication: "hostbased") + + RFC 4253, The Secure Shell (SSH) Transport Layer Protocol. + + RFC 4254, The Secure Shell (SSH) Connection Protocol. + (Except 6.3. X11 Forwarding, 7. TCP/IP Port Forwarding) + + RFC 4256, Generic Message Exchange Authentication for + the Secure Shell Protocol (SSH). + (Except num-prompts > 1, password changing, other identification methods than userid-password) + + RFC 4419, Diffie-Hellman Group Exchange for + the Secure Shell (SSH) Transport Layer Protocol. + + RFC 4716, The Secure Shell (SSH) Public Key File Format. + + RFC 5656, Elliptic Curve Algorithm Integration in + the Secure Shell Transport Layer. + (Except 5. ECMQV Key Exchange, 6.4. ECMQV Key Exchange and Verification Method Name, + 7.2. ECMQV Message Numbers, 10.2. Recommended Curves) + + + +
-- cgit v1.2.3 From 777c373cee742f2ba14246a437a4a12e68f93b5b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 13 Nov 2015 12:21:15 +0100 Subject: ssh: alternative look --- lib/ssh/doc/src/ssh_app.xml | 71 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 56 insertions(+), 15 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index f91285d8b8..29cbbd79a2 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -121,9 +121,10 @@
- SUPPORTED + SUPPORTED SPECIFICATIONS AND STANDARDS

The supported SSH version is 2.0.

- +
+
Algorithms

The actual set of algorithms may vary depending on which OpenSSL crypto library that is installed on the machine. For the list on a particular installation, use the command @@ -189,49 +190,89 @@ - +

+
Unicode support

Unicode filenames are supported if the emulator and the underlaying OS support it. See section DESCRIPTION in the file manual page in kernel for information about this subject.

-

The shell and the cli support unicode. +

The shell and the cli both support unicode.

-
- SEE ALSO -

application(3)

+ Rfcs

The following rfc:s are supported:

RFC 4251, The Secure Shell (SSH) Protocol Architecture. - (Except 9.4.6, 9.5.2, 9.5.3) +

Except + + 9.4.6 Host-Based Authentication + 9.5.2 Proxy Forwarding + 9.5.3 X11 Forwarding + +

+ RFC 4252, The Secure Shell (SSH) Authentication Protocol. - (Except 9. Host-Based Authentication: "hostbased") +

Except + + 9. Host-Based Authentication: "hostbased" + +

+ RFC 4253, The Secure Shell (SSH) Transport Layer Protocol. +

+ RFC 4254, The Secure Shell (SSH) Connection Protocol. - (Except 6.3. X11 Forwarding, 7. TCP/IP Port Forwarding) +

Except + + 6.3. X11 Forwarding + 7. TCP/IP Port Forwarding + +

+ RFC 4256, Generic Message Exchange Authentication for the Secure Shell Protocol (SSH). - (Except num-prompts > 1, password changing, other identification methods than userid-password) +

Except + + num-prompts > 1 + password changing + other identification methods than userid-password + +

+ RFC 4419, Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol. +

+ RFC 4716, The Secure Shell (SSH) Public Key File Format. +

+ RFC 5656, Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer. - (Except 5. ECMQV Key Exchange, 6.4. ECMQV Key Exchange and Verification Method Name, - 7.2. ECMQV Message Numbers, 10.2. Recommended Curves) +

Except + + 5. ECMQV Key Exchange + 6.4. ECMQV Key Exchange and Verification Method Name + 7.2. ECMQV Message Numbers + 10.2. Recommended Curves + +

- - + +
+ +
+ SEE ALSO +

application(3)

-- cgit v1.2.3 From b638b3e8c3be7599724fc086e0dfd652b89b72c2 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 5 Nov 2015 11:42:53 +0100 Subject: ssh: more public keys added to test suite --- lib/ssh/test/ssh_algorithms_SUITE.erl | 4 +++- lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa | 5 +++++ lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa.pub | 1 + lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa256 | 5 +++++ lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa256.pub | 1 + lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_ecdsa_key256 | 5 +++++ lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_ecdsa_key256.pub | 1 + 7 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa create mode 100644 lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa.pub create mode 100644 lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa256 create mode 100644 lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa256.pub create mode 100644 lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_ecdsa_key256 create mode 100644 lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_ecdsa_key256.pub (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 85415a17de..fbfca324b2 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -358,7 +358,9 @@ start_pubkey_daemon(Opts, Config) -> setup_pubkey(Config) -> DataDir = ?config(data_dir, Config), UserDir = ?config(priv_dir, Config), - ssh_test_lib:setup_dsa_known_host(DataDir, UserDir), + ssh_test_lib:setup_dsa(DataDir, UserDir), + ssh_test_lib:setup_rsa(DataDir, UserDir), + ssh_test_lib:setup_ecdsa("256", DataDir, UserDir), Config. diff --git a/lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa b/lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa new file mode 100644 index 0000000000..4b1eb12eaa --- /dev/null +++ b/lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIJfCaBKIIKhjbJl5F8BedqlXOQYDX5ba9Skypllmx/w+oAoGCCqGSM49 +AwEHoUQDQgAE49RbK2xQ/19ji3uDPM7uT4692LbwWF1TiaA9vUuebMGazoW/98br +N9xZu0L1AWwtEjs3kmJDTB7eJEGXnjUAcQ== +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa.pub b/lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa.pub new file mode 100644 index 0000000000..a0147e60fa --- /dev/null +++ b/lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOPUWytsUP9fY4t7gzzO7k+Ovdi28FhdU4mgPb1LnmzBms6Fv/fG6zfcWbtC9QFsLRI7N5JiQ0we3iRBl541AHE= uabhnil@elxadlj3q32 diff --git a/lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa256 b/lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa256 new file mode 100644 index 0000000000..4b1eb12eaa --- /dev/null +++ b/lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa256 @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIJfCaBKIIKhjbJl5F8BedqlXOQYDX5ba9Skypllmx/w+oAoGCCqGSM49 +AwEHoUQDQgAE49RbK2xQ/19ji3uDPM7uT4692LbwWF1TiaA9vUuebMGazoW/98br +N9xZu0L1AWwtEjs3kmJDTB7eJEGXnjUAcQ== +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa256.pub b/lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa256.pub new file mode 100644 index 0000000000..a0147e60fa --- /dev/null +++ b/lib/ssh/test/ssh_algorithms_SUITE_data/id_ecdsa256.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOPUWytsUP9fY4t7gzzO7k+Ovdi28FhdU4mgPb1LnmzBms6Fv/fG6zfcWbtC9QFsLRI7N5JiQ0we3iRBl541AHE= uabhnil@elxadlj3q32 diff --git a/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_ecdsa_key256 b/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_ecdsa_key256 new file mode 100644 index 0000000000..2979ea88ed --- /dev/null +++ b/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_ecdsa_key256 @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIMe4MDoit0t8RzSVPwkCBemQ9fhXL+xnTSAWISw8HNCioAoGCCqGSM49 +AwEHoUQDQgAEo2q7U3P6r0W5WGOLtM78UQtofM9UalEhiZeDdiyylsR/RR17Op0s +VPGSADLmzzgcucLEKy17j2S+oz42VUJy5A== +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_ecdsa_key256.pub b/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_ecdsa_key256.pub new file mode 100644 index 0000000000..85dc419345 --- /dev/null +++ b/lib/ssh/test/ssh_algorithms_SUITE_data/ssh_host_ecdsa_key256.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKNqu1Nz+q9FuVhji7TO/FELaHzPVGpRIYmXg3YsspbEf0UdezqdLFTxkgAy5s84HLnCxCste49kvqM+NlVCcuQ= uabhnil@elxadlj3q32 -- cgit v1.2.3 From 9cce80c63af4e1bfbbddb2c2f32a17760d5e6b7d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 12 Nov 2015 10:09:44 +0100 Subject: ssh: Add env var info printout to ssh_algorithms_SUTE:init_per_suite --- lib/ssh/test/ssh_algorithms_SUITE.erl | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index fbfca324b2..f0ac92fef6 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -69,6 +69,9 @@ two_way_tags() -> [cipher,mac,compression]. %%-------------------------------------------------------------------- init_per_suite(Config) -> + ct:log("os:getenv(\"HOME\") = ~p~n" + "init:get_argument(home) = ~p", + [os:getenv("HOME"), init:get_argument(home)]), ct:log("~n~n" "OS ssh:~n=======~n~p~n~n~n" "Erl ssh:~n========~n~p~n~n~n" -- cgit v1.2.3 From ae6cec13757195406c65c598ddd9b979a2c4f517 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 6 Nov 2015 13:23:13 +0100 Subject: ssh: ssh_file:default_user_dir/0 - try HOME env var first --- lib/ssh/src/ssh_file.erl | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl index 2f16a31cba..3e066c453d 100644 --- a/lib/ssh/src/ssh_file.erl +++ b/lib/ssh/src/ssh_file.erl @@ -336,8 +336,18 @@ is_auth_key(Key, Key) -> is_auth_key(_,_) -> false. -default_user_dir()-> - {ok,[[Home|_]]} = init:get_argument(home), + +default_user_dir() -> + try + default_user_dir(os:getenv("HOME")) + catch + _:_ -> + default_user_dir(init:get_argument(home)) + end. + +default_user_dir({ok,[[Home|_]]}) -> + default_user_dir(Home); +default_user_dir(Home) when is_list(Home) -> UserDir = filename:join(Home, ".ssh"), ok = filelib:ensure_dir(filename:join(UserDir, "dummy")), {ok,Info} = file:read_file_info(UserDir), -- cgit v1.2.3 From f5427a21fdcaebe6144e02c1771609595fa07e7a Mon Sep 17 00:00:00 2001 From: Hans Bolinder Date: Tue, 13 Oct 2015 14:02:17 +0200 Subject: [ssh] Correct documentation Fix mistakes found by 'xmllint'. --- lib/ssh/doc/src/notes.xml | 10 +++++----- lib/ssh/doc/src/using_ssh.xml | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index bb111c8e0e..012d7051eb 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -4,7 +4,7 @@
- 20042014 + 20042015 Ericsson AB. All Rights Reserved. @@ -216,9 +216,9 @@

Thanks to Simon Cornish

- Own Id: OTP-12760 Aux Id: pull req - 715

+ 715

@@ -384,13 +384,13 @@

- Made Codenomicon Defensics test suite pass: + Made Codenomicon Defensics test suite pass:

limit number of algorithms in kexinit message check 'e' and 'f' parameters in kexdh implement 'keyboard-interactive' user authentication on server side return plain text message to bad version exchange message -

+

Own Id: OTP-12784

 diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index 91185a0f6e..2d045fdb60 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -234,7 +234,7 @@ SFTP Client with TAR Compression and Encryption

Example of writing and then reading a tar file follows:

- + {ok,HandleWrite} = ssh_sftp:open_tar(ChannelPid, ?tar_file_name, [write]), ok = erl_tar:add(HandleWrite, .... ), ok = erl_tar:add(HandleWrite, .... ), @@ -249,7 +249,7 @@

The previous write and read example can be extended with encryption and decryption as follows:

- + %% First three parameters depending on which crypto type we select: Key = <<"This is a 256 bit key. abcdefghi">>, Ivec0 = crypto:rand_bytes(16), -- cgit v1.2.3 From 98ebbee6fa562d6812c1f132205e122b4ff4db3d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 18 Nov 2015 17:35:59 +0100 Subject: ssh: Make it possible for more than one daemon started with option fd --- lib/ssh/src/ssh.erl | 37 +++++++++++++++++++++++++++++++++++-- lib/ssh/src/ssh_acceptor.erl | 7 ++++++- 2 files changed, 41 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 5bde184070..bb50e436a3 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -235,10 +235,27 @@ start_daemon(Host, Port, Options, Inet) -> {error, _Reason} = Error -> Error; {SocketOptions, SshOptions}-> - do_start_daemon(Host, Port,[{role, server} |SshOptions] , [Inet | SocketOptions]) + try + do_start_daemon(Host, Port,[{role, server} |SshOptions] , [Inet | SocketOptions]) + catch + throw:bad_fd -> {error,bad_fd}; + _C:_E -> {error,{cannot_start_daemon,_C,_E}} + end end. -do_start_daemon(Host, Port, Options, SocketOptions) -> +do_start_daemon(Host0, Port0, Options, SocketOptions) -> + {Host,Port} = try + case proplists:get_value(fd, SocketOptions) of + undefined -> + {Host0,Port0}; + Fd when Port0==0 -> + find_hostport(Fd); + _ -> + {Host0,Port0} + end + catch + _:_ -> throw(bad_fd) + end, Profile = proplists:get_value(profile, Options, ?DEFAULT_PROFILE), case ssh_system_sup:system_supervisor(Host, Port, Profile) of undefined -> @@ -272,6 +289,22 @@ do_start_daemon(Host, Port, Options, SocketOptions) -> end end. +find_hostport(Fd) -> + %% Using internal functions inet:open/8 and inet:close/0. + %% Don't try this at home unless you know what you are doing! + {ok,S} = inet:open(Fd, {0,0,0,0}, 0, [], tcp, inet, stream, inet_tcp), + {ok, HostPort} = inet:sockname(S), + ok = inet:close(S), + HostPort. + +%% find_port(Fd) -> +%% %% Hack.... +%% {ok,TmpSock} = gen_tcp:listen(0,[{fd,Fd}]), +%% {ok, {_,ThePort}} = inet:sockname(TmpSock), +%% gen_tcp:close(TmpSock), +%% ThePort. + + handle_options(Opts) -> try handle_option(algs_compatibility(proplists:unfold(Opts)), [], []) of {Inet, Ssh} -> diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index c5ad1d7b6c..d94dedf1bf 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -56,7 +56,12 @@ acceptor_init(Parent, Port, Address, SockOpts, Opts, AcceptTimeout) -> error end. -do_socket_listen(Callback, Port, Opts) -> +do_socket_listen(Callback, Port0, Opts) -> + Port = + case proplists:get_value(fd, Opts) of + undefined -> Port0; + _ -> 0 + end, case Callback:listen(Port, Opts) of {error, nxdomain} -> Callback:listen(Port, lists:delete(inet6, Opts)); -- cgit v1.2.3 From e6d99a21e905f234d579bd2e64a275fc4fdd5ed9 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 19 Nov 2015 11:54:51 +0100 Subject: ssh: testcases for starting daemon with given fd --- lib/ssh/test/ssh_basic_SUITE.erl | 66 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 400edb4d2c..0a5964c560 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -36,6 +36,8 @@ cli/1, close/1, daemon_already_started/1, + daemon_opt_fd/1, + multi_daemon_opt_fd/1, double_close/1, exec/1, exec_compressed/1, @@ -85,6 +87,8 @@ all() -> {group, internal_error}, daemon_already_started, double_close, + daemon_opt_fd, + multi_daemon_opt_fd, packet_size_zero, ssh_info_print ]. @@ -704,6 +708,68 @@ double_close(Config) when is_list(Config) -> exit(CM, {shutdown, normal}), ok = ssh:close(CM). +%%-------------------------------------------------------------------- +daemon_opt_fd(Config) -> + SystemDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + + {ok,S1} = gen_tcp:listen(0,[]), + {ok,Fd1} = prim_inet:getfd(S1), + + {ok,Pid1} = ssh:daemon(0, [{system_dir, SystemDir}, + {fd,Fd1}, + {user_dir, UserDir}, + {user_passwords, [{"vego", "morot"}]}, + {failfun, fun ssh_test_lib:failfun/2}]), + + {ok,{_Host1,Port1}} = inet:sockname(S1), + {ok, C1} = ssh:connect("localhost", Port1, [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user, "vego"}, + {password, "morot"}, + {user_interaction, false}]), + exit(C1, {shutdown, normal}), + ssh:stop_daemon(Pid1), + gen_tcp:close(S1). + + +%%-------------------------------------------------------------------- +multi_daemon_opt_fd(Config) -> + SystemDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + + Test = + fun() -> + {ok,S} = gen_tcp:listen(0,[]), + {ok,Fd} = prim_inet:getfd(S), + + {ok,Pid} = ssh:daemon(0, [{system_dir, SystemDir}, + {fd,Fd}, + {user_dir, UserDir}, + {user_passwords, [{"vego", "morot"}]}, + {failfun, fun ssh_test_lib:failfun/2}]), + + {ok,{_Host,Port}} = inet:sockname(S), + {ok, C} = ssh:connect("localhost", Port, [{silently_accept_hosts, true}, + {user_dir, UserDir}, + {user, "vego"}, + {password, "morot"}, + {user_interaction, false}]), + {S,Pid,C} + end, + + Tests = [Test(),Test(),Test(),Test(),Test(),Test()], + + [begin + gen_tcp:close(S), + ssh:stop_daemon(Pid), + exit(C, {shutdown, normal}) + end || {S,Pid,C} <- Tests]. + %%-------------------------------------------------------------------- packet_size_zero(Config) -> SystemDir = ?config(data_dir, Config), -- cgit v1.2.3 From 226e77ef7162b0fc043d99a5f68f5dcc891fb093 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 19 Nov 2015 17:16:05 +0100 Subject: ssh: refactor packet reception There was an assymetric relationship between receiving a ssh-packet (decrypting-mac-decompress) and sending one. When sending, most of the work was defined in the ssh_transport module, while at reception the ssh_connection_handler was the one knowing what to do. This commit moves the reception down to the ssh_transport module where it belongs. --- lib/ssh/src/ssh_connection_handler.erl | 129 ++++++++------------------------- lib/ssh/src/ssh_transport.erl | 94 ++++++++++++++++-------- 2 files changed, 94 insertions(+), 129 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 8448218d91..505c6eb181 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -970,57 +970,39 @@ handle_info({Protocol, Socket, Info}, hello, transport_protocol = Protocol} = State) -> event({info_line, Info}, hello, State); -handle_info({Protocol, Socket, Data}, Statename, +handle_info({Protocol, Socket, Data}, StateName, #state{socket = Socket, transport_protocol = Protocol, - ssh_params = #ssh{decrypt_block_size = BlockSize, - recv_mac_size = MacSize} = Ssh0, - decoded_data_buffer = <<>>, - encoded_data_buffer = EncData0} = State0) -> - - %% Implementations SHOULD decrypt the length after receiving the - %% first 8 (or cipher block size, whichever is larger) bytes of a - %% packet. (RFC 4253: Section 6 - Binary Packet Protocol) - case size(EncData0) + size(Data) >= erlang:max(8, BlockSize) of - true -> - {Ssh, SshPacketLen, DecData, EncData} = - - ssh_transport:decrypt_first_block(<>, Ssh0), - case SshPacketLen > ?SSH_MAX_PACKET_SIZE of - true -> - DisconnectMsg = - #ssh_msg_disconnect{code = - ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad packet length " - ++ integer_to_list(SshPacketLen), - language = "en"}, - handle_disconnect(DisconnectMsg, State0); - false -> - RemainingSshPacketLen = - (SshPacketLen + ?SSH_LENGHT_INDICATOR_SIZE) - - BlockSize + MacSize, - State = State0#state{ssh_params = Ssh}, - handle_ssh_packet_data(RemainingSshPacketLen, - DecData, EncData, Statename, - State) - end; - false -> - {next_state, Statename, - next_packet(State0#state{encoded_data_buffer = - <>})} + ssh_params = Ssh0, + decoded_data_buffer = DecData0, + encoded_data_buffer = EncData0, + undecoded_packet_length = RemainingSshPacketLen0} = State0) -> + Encoded = <>, + case ssh_transport:handle_packet_part(DecData0, Encoded, RemainingSshPacketLen0, Ssh0) of + {get_more, DecBytes, EncDataRest, RemainingSshPacketLen, Ssh1} -> + {next_state, StateName, + next_packet(State0#state{encoded_data_buffer = EncDataRest, + decoded_data_buffer = DecBytes, + undecoded_packet_length = RemainingSshPacketLen, + ssh_params = Ssh1})}; + {decoded, MsgBytes, EncDataRest, Ssh1} -> + generate_event(MsgBytes, StateName, + State0#state{ssh_params = Ssh1, + %% Important to be set for + %% next_packet +%%% FIXME: the following three seem to always be set in generate_event! + decoded_data_buffer = <<>>, + undecoded_packet_length = undefined, + encoded_data_buffer = EncDataRest}, + EncDataRest); + {bad_mac, Ssh1} -> + DisconnectMsg = + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Bad mac", + language = ""}, + handle_disconnect(DisconnectMsg, State0#state{ssh_params=Ssh1}) end; - -handle_info({Protocol, Socket, Data}, Statename, - #state{socket = Socket, - transport_protocol = Protocol, - decoded_data_buffer = DecData, - encoded_data_buffer = EncData, - undecoded_packet_length = Len} = - State) when is_integer(Len) -> - handle_ssh_packet_data(Len, DecData, <>, - Statename, State); - + handle_info({CloseTag, _Socket}, _StateName, #state{transport_close_tag = CloseTag, ssh_params = #ssh{role = _Role, opts = _Opts}} = State) -> @@ -1631,57 +1613,6 @@ after_new_keys_events({connection_reply, _Data} = Reply, {StateName, State}) -> NewState = send_replies([Reply], State), {next_state, StateName, NewState}. -handle_ssh_packet_data(RemainingSshPacketLen, DecData, EncData, StateName, - State) -> - EncSize = size(EncData), - case RemainingSshPacketLen > EncSize of - true -> - {next_state, StateName, - next_packet(State#state{decoded_data_buffer = DecData, - encoded_data_buffer = EncData, - undecoded_packet_length = - RemainingSshPacketLen})}; - false -> - handle_ssh_packet(RemainingSshPacketLen, StateName, - State#state{decoded_data_buffer = DecData, - encoded_data_buffer = EncData}) - - end. - -handle_ssh_packet(Length, StateName, #state{decoded_data_buffer = DecData0, - encoded_data_buffer = EncData0, - ssh_params = Ssh0, - transport_protocol = _Protocol, - socket = _Socket} = State0) -> - try - {Ssh1, DecData, EncData, Mac} = - ssh_transport:unpack(EncData0, Length, Ssh0), - SshPacket = <>, - case ssh_transport:is_valid_mac(Mac, SshPacket, Ssh1) of - true -> - PacketData = ssh_transport:msg_data(SshPacket), - {Ssh1, Msg} = ssh_transport:decompress(Ssh1, PacketData), - generate_event(Msg, StateName, - State0#state{ssh_params = Ssh1, - %% Important to be set for - %% next_packet - decoded_data_buffer = <<>>}, - EncData); - false -> - DisconnectMsg = - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad mac", - language = "en"}, - handle_disconnect(DisconnectMsg, State0) - end - catch _:_ -> - Disconnect = - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad input", - language = "en"}, - handle_disconnect(Disconnect, State0) - end. - handle_disconnect(DisconnectMsg, State) -> handle_disconnect(own, DisconnectMsg, State). diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 0c999b96cc..f18e4b4d01 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -31,10 +31,10 @@ -include("ssh.hrl"). -export([versions/2, hello_version_msg/1]). --export([next_seqnum/1, decrypt_first_block/2, decrypt_blocks/3, +-export([next_seqnum/1, supported_algorithms/0, supported_algorithms/1, default_algorithms/0, default_algorithms/1, - is_valid_mac/3, + handle_packet_part/4, handle_hello_version/1, key_exchange_init_msg/1, key_init/3, new_keys_message/1, @@ -45,9 +45,13 @@ handle_kex_ecdh_init/2, handle_kex_ecdh_reply/2, extract_public_key/1, - unpack/3, decompress/2, ssh_packet/2, pack/2, pack/3, msg_data/1, + ssh_packet/2, pack/2, sign/3, verify/4]). +%%% For test suites +-export([pack/3]). +-export([decompress/2, decrypt_blocks/3, is_valid_mac/3 ]). % FIXME: remove + %%%---------------------------------------------------------------------------- %%% %%% There is a difference between supported and default algorithms. The @@ -196,12 +200,6 @@ hello_version_msg(Data) -> next_seqnum(SeqNum) -> (SeqNum + 1) band 16#ffffffff. -decrypt_first_block(Bin, #ssh{decrypt_block_size = BlockSize} = Ssh0) -> - <> = Bin, - {Ssh, <> = DecData} = - decrypt(Ssh0, EncBlock), - {Ssh, PacketLen, DecData, EncData}. - decrypt_blocks(Bin, Length, Ssh0) -> <> = Bin, {Ssh, DecData} = decrypt(Ssh0, EncBlocks), @@ -938,27 +936,61 @@ pack(Data0, #ssh{encrypt_block_size = BlockSize, Ssh = Ssh2#ssh{send_sequence = (SeqNum+1) band 16#ffffffff}, {Packet, Ssh}. -unpack(EncodedSoFar, ReminingLenght, #ssh{recv_mac_size = MacSize} = Ssh0) -> - SshLength = ReminingLenght - MacSize, - {NoMac, Mac, Rest} = case MacSize of - 0 -> - <> = EncodedSoFar, - {NoMac0, <<>>, Rest0}; - _ -> - <> = EncodedSoFar, - {NoMac0, Mac0, Rest0} - end, - {Ssh1, DecData, <<>>} = - case SshLength of - 0 -> - {Ssh0, <<>>, <<>>}; - _ -> - decrypt_blocks(NoMac, SshLength, Ssh0) - end, - {Ssh1, DecData, Rest, Mac}. + +handle_packet_part(<<>>, Encoded0, undefined, Ssh0) -> + %% New ssh packet + case get_length(Encoded0, Ssh0) of + get_more -> + %% too short to get the length + {get_more, <<>>, Encoded0, undefined, Ssh0}; + + {ok, PacketLen, _DecData, _Encoded1, _Ssh1} when PacketLen > ?SSH_MAX_PACKET_SIZE -> + %% far too long message than expected + throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Bad packet length " + ++ integer_to_list(PacketLen), + language = ""}); + + {ok, PacketLen, DecData, Encoded1, + #ssh{decrypt_block_size = BlockSize, + recv_mac_size = MacSize} = Ssh1} -> + %% enough bytes so we got the length and can calculate how many + %% more bytes to expect for a full packet + Remaining = (PacketLen + ?SSH_LENGHT_INDICATOR_SIZE) - BlockSize + MacSize, + handle_packet_part(DecData, Encoded1, Remaining, Ssh1) + end; +handle_packet_part(Decoded0, Encoded0, Remaining, Ssh0) + when size(Encoded0) < Remaining -> + %% need more bytes to finalize the packet + {get_more, Decoded0, Encoded0, Remaining, Ssh0}; +handle_packet_part(Decoded0, Encoded0, Remaining, + #ssh{recv_mac_size = MacSize} = Ssh0) -> + %% enough bytes to decode the packet. + SshLengthNotDecoded = Remaining - MacSize, + <> = Encoded0, + {Ssh1, DecData} = decrypt(Ssh0, PktT), + MsgBytes = <>, + case is_valid_mac(Mac, MsgBytes, Ssh1) of + false -> + {bad_mac, Ssh1}; + true -> + {Ssh, DecompressedMsgBytes} = decompress(Ssh1, msg_data(MsgBytes)), + {decoded, DecompressedMsgBytes, EncRest0, Ssh} + end. + + +get_length(Encoded0, #ssh{decrypt_block_size = BlockSize} = Ssh0) -> + case size(Encoded0) >= erlang:max(8, BlockSize) of + true -> + <> = Encoded0, + {Ssh, Decoded} = decrypt(Ssh0, EncBlock), + <> = Decoded, + {ok, PacketLen, Decoded, EncodedRest, Ssh}; + false -> + get_more + end. + + msg_data(PacketData) -> <> = PacketData, @@ -1181,6 +1213,8 @@ decrypt_final(Ssh) -> decrypt_ctx = undefined, decrypt_block_size = 8}}. +decrypt(Ssh, <<>>) -> + {Ssh, <<>>}; decrypt(#ssh{decrypt = none} = Ssh, Data) -> {Ssh, Data}; decrypt(#ssh{decrypt = '3des-cbc', decrypt_keys = Keys, -- cgit v1.2.3 From a895fc7303497f1795cf49360980abeb68be2223 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 18 Nov 2015 20:26:12 +0100 Subject: ssh: AEAD_AES_(128|256)_GCM and aes(128|256)-gcm@openssh.com crypto Note that the rfc5647 is ambigous so this implementation of AEAD_AES_(128|256)_GCM may or may not be compatible with others. They are note enabled by default but may be enabled by the user. See the Reference Manual, Application SSH for details of how we interpret the rfc. To be safe, use aes128-gcm@openssh.com or aes256-gcm@openssh.com instead. --- lib/ssh/src/ssh.hrl | 1 - lib/ssh/src/ssh_transport.erl | 464 ++++++++++++++++++++++++++++++------------ 2 files changed, 333 insertions(+), 132 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index 4ad936f742..8efc743b67 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -29,7 +29,6 @@ -define(SSH_DEFAULT_PORT, 22). -define(SSH_MAX_PACKET_SIZE, (256*1024)). --define(SSH_LENGHT_INDICATOR_SIZE, 4). -define(REKEY_TIMOUT, 3600000). -define(REKEY_DATA_TIMOUT, 60000). -define(DEFAULT_PROFILE, default). diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index f18e4b4d01..e2d19b9cef 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -70,10 +70,15 @@ default_algorithms() -> [{K,default_algorithms(K)} || K <- algo_classes()]. algo_classes() -> [kex, public_key, cipher, mac, compression]. -%% default_algorithms(kex) -> % Example of how to disable an algorithm -%% supported_algorithms(kex, ['ecdh-sha2-nistp521']); + +default_algorithms(cipher) -> + supported_algorithms(cipher, same(['AEAD_AES_128_GCM', + 'AEAD_AES_256_GCM'])); +default_algorithms(mac) -> + supported_algorithms(mac, same(['AEAD_AES_128_GCM', + 'AEAD_AES_256_GCM'])); default_algorithms(Alg) -> - supported_algorithms(Alg). + supported_algorithms(Alg, []). supported_algorithms() -> [{K,supported_algorithms(K)} || K <- algo_classes()]. @@ -101,19 +106,25 @@ supported_algorithms(public_key) -> supported_algorithms(cipher) -> same( select_crypto_supported( - [{'aes256-ctr', [{ciphers,{aes_ctr,256}}]}, - {'aes192-ctr', [{ciphers,{aes_ctr,192}}]}, - {'aes128-ctr', [{ciphers,{aes_ctr,128}}]}, - {'aes128-cbc', [{ciphers,aes_cbc128}]}, - {'3des-cbc', [{ciphers,des3_cbc}]} + [{'aes256-ctr', [{ciphers,{aes_ctr,256}}]}, + {'aes192-ctr', [{ciphers,{aes_ctr,192}}]}, + {'aes128-ctr', [{ciphers,{aes_ctr,128}}]}, + {'aes128-cbc', [{ciphers,aes_cbc128}]}, + {'aes128-gcm@openssh.com', [{ciphers,{aes_gcm,128}}]}, + {'aes256-gcm@openssh.com', [{ciphers,{aes_gcm,256}}]}, + {'AEAD_AES_128_GCM', [{ciphers,{aes_gcm,128}}]}, + {'AEAD_AES_256_GCM', [{ciphers,{aes_gcm,256}}]}, + {'3des-cbc', [{ciphers,des3_cbc}]} ] )); supported_algorithms(mac) -> same( select_crypto_supported( - [{'hmac-sha2-256', [{hashs,sha256}]}, - {'hmac-sha2-512', [{hashs,sha512}]}, - {'hmac-sha1', [{hashs,sha}]} + [{'hmac-sha2-256', [{hashs,sha256}]}, + {'hmac-sha2-512', [{hashs,sha512}]}, + {'hmac-sha1', [{hashs,sha}]}, + {'AEAD_AES_128_GCM', [{ciphers,{aes_gcm,128}}]}, + {'AEAD_AES_256_GCM', [{ciphers,{aes_gcm,256}}]} ] )); supported_algorithms(compression) -> @@ -122,46 +133,6 @@ supported_algorithms(compression) -> 'zlib' ]). -%% Dialyzer complains when not called...supported_algorithms(Key, [{client2server,BL1},{server2client,BL2}]) -> -%% Dialyzer complains when not called... [{client2server,As1},{server2client,As2}] = supported_algorithms(Key), -%% Dialyzer complains when not called... [{client2server,As1--BL1},{server2client,As2--BL2}]; -%% Dialyzer complains when not called...supported_algorithms(Key, BlackList) -> -%% Dialyzer complains when not called... supported_algorithms(Key) -- BlackList. - -select_crypto_supported(L) -> - Sup = [{ec_curve,crypto_supported_curves()} | crypto:supports()], - [Name || {Name,CryptoRequires} <- L, - crypto_supported(CryptoRequires, Sup)]. - -crypto_supported_curves() -> - try crypto:ec_curves() - catch _:_ -> [] - end. - -crypto_supported(Conditions, Supported) -> - lists:all( fun({Tag,CryptoName}) when is_atom(CryptoName) -> - crypto_name_supported(Tag,CryptoName,Supported); - ({Tag,{Name=aes_ctr,Len}}) when is_integer(Len) -> - crypto_name_supported(Tag,Name,Supported) andalso - ctr_len_supported(Name,Len) - end, Conditions). - -crypto_name_supported(Tag, CryptoName, Supported) -> - lists:member(CryptoName, proplists:get_value(Tag,Supported,[])). - -ctr_len_supported(Name, Len) -> - try - crypto:stream_encrypt(crypto:stream_init(Name, <<0:Len>>, <<0:128>>), <<"">>) - of - {_,X} -> is_binary(X) - catch - _:_ -> false - end. - - -same(Algs) -> [{client2server,Algs}, {server2client,Algs}]. - - %%%---------------------------------------------------------------------------- versions(client, Options)-> Vsn = proplists:get_value(vsn, Options, ?DEFAULT_CLIENT_VERSION), @@ -755,8 +726,12 @@ known_host_key(#ssh{opts = Opts, key_cb = Mod, peer = Peer} = Ssh, %% The first algorithm in each list MUST be the preferred (guessed) %% algorithm. Each string MUST contain at least one algorithm name. select_algorithm(Role, Client, Server) -> - {Encrypt, Decrypt} = select_encrypt_decrypt(Role, Client, Server), - {SendMac, RecvMac} = select_send_recv_mac(Role, Client, Server), + {Encrypt0, Decrypt0} = select_encrypt_decrypt(Role, Client, Server), + {SendMac0, RecvMac0} = select_send_recv_mac(Role, Client, Server), + + {Encrypt, SendMac} = aead_gcm_simultan(Encrypt0, SendMac0), + {Decrypt, RecvMac} = aead_gcm_simultan(Decrypt0, RecvMac0), + {Compression, Decompression} = select_compression_decompression(Role, Client, Server), @@ -787,6 +762,38 @@ select_algorithm(Role, Client, Server) -> s_lng = S_Lng}, {ok, Alg}. + +%%% It is an agreed problem with RFC 5674 that if the selection is +%%% Cipher = AEAD_AES_x_GCM and +%%% Mac = AEAD_AES_y_GCM (where x =/= y) +%%% then it is undefined what length should be selected. +%%% +%%% If only one of the two lengths (128,256) is available, I claim that +%%% there is no such ambiguity. + +%%% From https://anongit.mindrot.org/openssh.git/plain/PROTOCOL +%%% (read Nov 20, 2015) +%%% 1.6 transport: AES-GCM +%%% +%%% OpenSSH supports the AES-GCM algorithm as specified in RFC 5647. +%%% Because of problems with the specification of the key exchange +%%% the behaviour of OpenSSH differs from the RFC as follows: +%%% +%%% AES-GCM is only negotiated as the cipher algorithms +%%% "aes128-gcm@openssh.com" or "aes256-gcm@openssh.com" and never as +%%% an MAC algorithm. Additionally, if AES-GCM is selected as the cipher +%%% the exchanged MAC algorithms are ignored and there doesn't have to be +%%% a matching MAC. + +aead_gcm_simultan('aes128-gcm@openssh.com', _) -> {'AEAD_AES_128_GCM', 'AEAD_AES_128_GCM'}; +aead_gcm_simultan('aes256-gcm@openssh.com', _) -> {'AEAD_AES_256_GCM', 'AEAD_AES_256_GCM'}; +aead_gcm_simultan('AEAD_AES_128_GCM', _) -> {'AEAD_AES_128_GCM', 'AEAD_AES_128_GCM'}; +aead_gcm_simultan('AEAD_AES_256_GCM', _) -> {'AEAD_AES_256_GCM', 'AEAD_AES_256_GCM'}; +aead_gcm_simultan(_, 'AEAD_AES_128_GCM') -> {'AEAD_AES_128_GCM', 'AEAD_AES_128_GCM'}; +aead_gcm_simultan(_, 'AEAD_AES_256_GCM') -> {'AEAD_AES_256_GCM', 'AEAD_AES_256_GCM'}; +aead_gcm_simultan(Cipher, Mac) -> {Cipher,Mac}. + + select_encrypt_decrypt(client, Client, Server) -> Encrypt = select(Client#ssh_msg_kexinit.encryption_algorithms_client_to_server, @@ -821,18 +828,18 @@ select_compression_decompression(client, Client, Server) -> Compression = select(Client#ssh_msg_kexinit.compression_algorithms_client_to_server, Server#ssh_msg_kexinit.compression_algorithms_client_to_server), - Decomprssion = + Decompression = select(Client#ssh_msg_kexinit.compression_algorithms_server_to_client, Server#ssh_msg_kexinit.compression_algorithms_server_to_client), - {Compression, Decomprssion}; + {Compression, Decompression}; select_compression_decompression(server, Client, Server) -> - Decomprssion = + Decompression = select(Client#ssh_msg_kexinit.compression_algorithms_client_to_server, Server#ssh_msg_kexinit.compression_algorithms_client_to_server), Compression = select(Client#ssh_msg_kexinit.compression_algorithms_server_to_client, Server#ssh_msg_kexinit.compression_algorithms_server_to_client), - {Compression, Decomprssion}. + {Compression, Decompression}. install_alg(SSH) -> SSH1 = alg_final(SSH), @@ -909,14 +916,39 @@ pack(Data, Ssh=#ssh{}) -> %%% Note: pack/3 is only to be called from tests that wants %%% to deliberetly send packets with wrong PacketLength! %%% Use pack/2 for all other purposes! -pack(Data0, #ssh{encrypt_block_size = BlockSize, - send_sequence = SeqNum, send_mac = MacAlg, - send_mac_key = MacKey, - random_length_padding = RandomLengthPadding} - = Ssh0, - PacketLenDeviationForTests) when is_binary(Data0) -> - {Ssh1, Data} = compress(Ssh0, Data0), - PL = (BlockSize - ((4 + 1 + size(Data)) rem BlockSize)) rem BlockSize, +pack(PlainText, + #ssh{send_sequence = SeqNum, + send_mac = MacAlg, + send_mac_key = MacKey, + encrypt = CryptoAlg} = Ssh0, PacketLenDeviationForTests) when is_binary(PlainText) -> + + {Ssh1, CompressedPlainText} = compress(Ssh0, PlainText), + {EcryptedPacket, MAC, Ssh3} = + case pkt_type(CryptoAlg) of + common -> + PaddingLen = padding_length(4+1+size(CompressedPlainText), Ssh0), + Padding = ssh_bits:random(PaddingLen), + PlainPacketLen = 1 + PaddingLen + size(CompressedPlainText) + PacketLenDeviationForTests, + PlainPacketData = <>, + {Ssh2, EcryptedPacket0} = encrypt(Ssh1, PlainPacketData), + MAC0 = mac(MacAlg, MacKey, SeqNum, PlainPacketData), + {EcryptedPacket0, MAC0, Ssh2}; + aead -> + PaddingLen = padding_length(1+size(CompressedPlainText), Ssh0), + Padding = ssh_bits:random(PaddingLen), + PlainPacketLen = 1 + PaddingLen + size(CompressedPlainText) + PacketLenDeviationForTests, + PlainPacketData = <>, + {Ssh2, {EcryptedPacket0,MAC0}} = encrypt(Ssh1, {<>,PlainPacketData}), + {<>, MAC0, Ssh2} + end, + FinalPacket = [EcryptedPacket, MAC], + Ssh = Ssh3#ssh{send_sequence = (SeqNum+1) band 16#ffffffff}, + {FinalPacket, Ssh}. + + +padding_length(Size, #ssh{encrypt_block_size = BlockSize, + random_length_padding = RandomLengthPadding}) -> + PL = (BlockSize - (Size rem BlockSize)) rem BlockSize, MinPaddingLen = if PL < 4 -> PL + BlockSize; true -> PL end, @@ -925,79 +957,94 @@ pack(Data0, #ssh{encrypt_block_size = BlockSize, ExtraPaddingLen = try crypto:rand_uniform(0,MaxExtraBlocks)*PadBlockSize catch _:_ -> 0 end, - PaddingLen = MinPaddingLen + ExtraPaddingLen, - Padding = ssh_bits:random(PaddingLen), - PacketLen = 1 + PaddingLen + size(Data) + PacketLenDeviationForTests, - PacketData = <>, - {Ssh2, EncPacket} = encrypt(Ssh1, PacketData), - MAC = mac(MacAlg, MacKey, SeqNum, PacketData), - Packet = [EncPacket, MAC], - Ssh = Ssh2#ssh{send_sequence = (SeqNum+1) band 16#ffffffff}, - {Packet, Ssh}. - - -handle_packet_part(<<>>, Encoded0, undefined, Ssh0) -> + MinPaddingLen + ExtraPaddingLen. + + + +handle_packet_part(<<>>, Encrypted0, undefined, #ssh{decrypt = CryptoAlg} = Ssh0) -> %% New ssh packet - case get_length(Encoded0, Ssh0) of + case get_length(pkt_type(CryptoAlg), Encrypted0, Ssh0) of get_more -> %% too short to get the length - {get_more, <<>>, Encoded0, undefined, Ssh0}; + {get_more, <<>>, Encrypted0, undefined, Ssh0}; - {ok, PacketLen, _DecData, _Encoded1, _Ssh1} when PacketLen > ?SSH_MAX_PACKET_SIZE -> + {ok, PacketLen, _, _, _} when PacketLen > ?SSH_MAX_PACKET_SIZE -> %% far too long message than expected throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, description = "Bad packet length " ++ integer_to_list(PacketLen), language = ""}); - {ok, PacketLen, DecData, Encoded1, - #ssh{decrypt_block_size = BlockSize, - recv_mac_size = MacSize} = Ssh1} -> + {ok, PacketLen, Decrypted, Encrypted1, + #ssh{recv_mac_size = MacSize} = Ssh1} -> %% enough bytes so we got the length and can calculate how many %% more bytes to expect for a full packet - Remaining = (PacketLen + ?SSH_LENGHT_INDICATOR_SIZE) - BlockSize + MacSize, - handle_packet_part(DecData, Encoded1, Remaining, Ssh1) + TotalNeeded = (4 + PacketLen + MacSize), + handle_packet_part(Decrypted, Encrypted1, TotalNeeded, Ssh1) end; -handle_packet_part(Decoded0, Encoded0, Remaining, Ssh0) - when size(Encoded0) < Remaining -> + +handle_packet_part(DecryptedPfx, EncryptedBuffer, TotalNeeded, Ssh0) + when (size(DecryptedPfx)+size(EncryptedBuffer)) < TotalNeeded -> %% need more bytes to finalize the packet - {get_more, Decoded0, Encoded0, Remaining, Ssh0}; -handle_packet_part(Decoded0, Encoded0, Remaining, - #ssh{recv_mac_size = MacSize} = Ssh0) -> + {get_more, DecryptedPfx, EncryptedBuffer, TotalNeeded, Ssh0}; + +handle_packet_part(DecryptedPfx, EncryptedBuffer, TotalNeeded, + #ssh{recv_mac_size = MacSize, + decrypt = CryptoAlg} = Ssh0) -> %% enough bytes to decode the packet. - SshLengthNotDecoded = Remaining - MacSize, - <> = Encoded0, - {Ssh1, DecData} = decrypt(Ssh0, PktT), - MsgBytes = <>, - case is_valid_mac(Mac, MsgBytes, Ssh1) of - false -> - {bad_mac, Ssh1}; - true -> - {Ssh, DecompressedMsgBytes} = decompress(Ssh1, msg_data(MsgBytes)), - {decoded, DecompressedMsgBytes, EncRest0, Ssh} + DecryptLen = TotalNeeded - size(DecryptedPfx) - MacSize, + <> = EncryptedBuffer, + case pkt_type(CryptoAlg) of + common -> + {Ssh1, DecryptedSfx} = decrypt(Ssh0, EncryptedSfx), + DecryptedPacket = <>, + case is_valid_mac(Mac, DecryptedPacket, Ssh1) of + false -> + {bad_mac, Ssh1}; + true -> + {Ssh, DecompressedPayload} = decompress(Ssh1, payload(DecryptedPacket)), + {decoded, DecompressedPayload, NextPacketBytes, Ssh} + end; + aead -> + PacketLenBin = DecryptedPfx, + case decrypt(Ssh0, {PacketLenBin,EncryptedSfx,Mac}) of + {Ssh1, error} -> + {bad_mac, Ssh1}; + {Ssh1, DecryptedSfx} -> + DecryptedPacket = <>, + {Ssh, DecompressedPayload} = decompress(Ssh1, payload(DecryptedPacket)), + {decoded, DecompressedPayload, NextPacketBytes, Ssh} + end end. -get_length(Encoded0, #ssh{decrypt_block_size = BlockSize} = Ssh0) -> - case size(Encoded0) >= erlang:max(8, BlockSize) of +get_length(common, EncryptedBuffer, #ssh{decrypt_block_size = BlockSize} = Ssh0) -> + case size(EncryptedBuffer) >= erlang:max(8, BlockSize) of true -> - <> = Encoded0, - {Ssh, Decoded} = decrypt(Ssh0, EncBlock), - <> = Decoded, - {ok, PacketLen, Decoded, EncodedRest, Ssh}; + <> = EncryptedBuffer, + {Ssh, + <> = Decrypted} = decrypt(Ssh0, EncBlock), + {ok, PacketLen, Decrypted, EncryptedRest, Ssh}; + false -> + get_more + end; +get_length(aead, EncryptedBuffer, Ssh) -> + case size(EncryptedBuffer) >= 4 of + true -> + <> = EncryptedBuffer, + {ok, PacketLen, <>, EncryptedRest, Ssh}; false -> get_more end. +pkt_type('AEAD_AES_128_GCM') -> aead; +pkt_type('AEAD_AES_256_GCM') -> aead; +pkt_type(_) -> common. - -msg_data(PacketData) -> - <> = PacketData, - DataLen = Len - PaddingLen - 1, - <<_:32, _:8, Data:DataLen/binary, - _:PaddingLen/binary>> = PacketData, - Data. +payload(<>) -> + PayloadLen = PacketLen - PaddingLen - 1, + <> = PayloadAndPadding, + Payload. sign(SigData, Hash, #'DSAPrivateKey'{} = Key) -> DerSignature = public_key:sign(SigData, Hash, Key), @@ -1023,6 +1070,7 @@ verify(PlainText, Hash, Sig, {#'ECPoint'{},_} = Key) -> verify(PlainText, Hash, Sig, Key) -> public_key:verify(PlainText, Hash, Sig, Key). + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% %% Encryption @@ -1031,6 +1079,30 @@ verify(PlainText, Hash, Sig, Key) -> encrypt_init(#ssh{encrypt = none} = Ssh) -> {ok, Ssh}; +encrypt_init(#ssh{encrypt = 'AEAD_AES_128_GCM', role = client} = Ssh) -> + IV = hash(Ssh, "A", 12*8), + <> = hash(Ssh, "C", 128), + {ok, Ssh#ssh{encrypt_keys = K, + encrypt_block_size = 16, + encrypt_ctx = IV}}; +encrypt_init(#ssh{encrypt = 'AEAD_AES_128_GCM', role = server} = Ssh) -> + IV = hash(Ssh, "B", 12*8), + <> = hash(Ssh, "D", 128), + {ok, Ssh#ssh{encrypt_keys = K, + encrypt_block_size = 16, + encrypt_ctx = IV}}; +encrypt_init(#ssh{encrypt = 'AEAD_AES_256_GCM', role = client} = Ssh) -> + IV = hash(Ssh, "A", 12*8), + <> = hash(Ssh, "C", 256), + {ok, Ssh#ssh{encrypt_keys = K, + encrypt_block_size = 16, + encrypt_ctx = IV}}; +encrypt_init(#ssh{encrypt = 'AEAD_AES_256_GCM', role = server} = Ssh) -> + IV = hash(Ssh, "B", 12*8), + <> = hash(Ssh, "D", 256), + {ok, Ssh#ssh{encrypt_keys = K, + encrypt_block_size = 16, + encrypt_ctx = IV}}; encrypt_init(#ssh{encrypt = '3des-cbc', role = client} = Ssh) -> IV = hash(Ssh, "A", 64), <> = hash(Ssh, "C", 192), @@ -1107,6 +1179,18 @@ encrypt_final(Ssh) -> encrypt(#ssh{encrypt = none} = Ssh, Data) -> {Ssh, Data}; +encrypt(#ssh{encrypt = 'AEAD_AES_128_GCM', + encrypt_keys = K, + encrypt_ctx = IV0} = Ssh, Data={_AAD,_Ptext}) -> + Enc = {_Ctext,_Ctag} = crypto:block_encrypt(aes_gcm, K, IV0, Data), + IV = next_gcm_iv(IV0), + {Ssh#ssh{encrypt_ctx = IV}, Enc}; +encrypt(#ssh{encrypt = 'AEAD_AES_256_GCM', + encrypt_keys = K, + encrypt_ctx = IV0} = Ssh, Data={_AAD,_Ptext}) -> + Enc = {_Ctext,_Ctag} = crypto:block_encrypt(aes_gcm, K, IV0, Data), + IV = next_gcm_iv(IV0), + {Ssh#ssh{encrypt_ctx = IV}, Enc}; encrypt(#ssh{encrypt = '3des-cbc', encrypt_keys = {K1,K2,K3}, encrypt_ctx = IV0} = Ssh, Data) -> @@ -1139,6 +1223,30 @@ encrypt(#ssh{encrypt = 'aes256-ctr', decrypt_init(#ssh{decrypt = none} = Ssh) -> {ok, Ssh}; +decrypt_init(#ssh{decrypt = 'AEAD_AES_128_GCM', role = client} = Ssh) -> + IV = hash(Ssh, "B", 12*8), + <> = hash(Ssh, "D", 128), + {ok, Ssh#ssh{decrypt_keys = K, + decrypt_block_size = 16, + decrypt_ctx = IV}}; +decrypt_init(#ssh{decrypt = 'AEAD_AES_128_GCM', role = server} = Ssh) -> + IV = hash(Ssh, "A", 12*8), + <> = hash(Ssh, "C", 128), + {ok, Ssh#ssh{decrypt_keys = K, + decrypt_block_size = 16, + decrypt_ctx = IV}}; +decrypt_init(#ssh{decrypt = 'AEAD_AES_256_GCM', role = client} = Ssh) -> + IV = hash(Ssh, "B", 12*8), + <> = hash(Ssh, "D", 256), + {ok, Ssh#ssh{decrypt_keys = K, + decrypt_block_size = 16, + decrypt_ctx = IV}}; +decrypt_init(#ssh{decrypt = 'AEAD_AES_256_GCM', role = server} = Ssh) -> + IV = hash(Ssh, "A", 12*8), + <> = hash(Ssh, "C", 256), + {ok, Ssh#ssh{decrypt_keys = K, + decrypt_block_size = 16, + decrypt_ctx = IV}}; decrypt_init(#ssh{decrypt = '3des-cbc', role = client} = Ssh) -> {IV, KD} = {hash(Ssh, "B", 64), hash(Ssh, "D", 192)}, @@ -1217,6 +1325,18 @@ decrypt(Ssh, <<>>) -> {Ssh, <<>>}; decrypt(#ssh{decrypt = none} = Ssh, Data) -> {Ssh, Data}; +decrypt(#ssh{decrypt = 'AEAD_AES_128_GCM', + decrypt_keys = K, + decrypt_ctx = IV0} = Ssh, Data = {_AAD,_Ctext,_Ctag}) -> + Dec = crypto:block_decrypt(aes_gcm, K, IV0, Data), % Dec = PlainText | error + IV = next_gcm_iv(IV0), + {Ssh#ssh{decrypt_ctx = IV}, Dec}; +decrypt(#ssh{decrypt = 'AEAD_AES_256_GCM', + decrypt_keys = K, + decrypt_ctx = IV0} = Ssh, Data = {_AAD,_Ctext,_Ctag}) -> + Dec = crypto:block_decrypt(aes_gcm, K, IV0, Data), % Dec = PlainText | error + IV = next_gcm_iv(IV0), + {Ssh#ssh{decrypt_ctx = IV}, Dec}; decrypt(#ssh{decrypt = '3des-cbc', decrypt_keys = Keys, decrypt_ctx = IV0} = Ssh, Data) -> {K1, K2, K3} = Keys, @@ -1241,6 +1361,10 @@ decrypt(#ssh{decrypt = 'aes256-ctr', {State, Enc} = crypto:stream_decrypt(State0,Data), {Ssh#ssh{decrypt_ctx = State}, Enc}. + +next_gcm_iv(<>) -> <>. + + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% Compression %% @@ -1329,28 +1453,42 @@ decompress(#ssh{decompress = 'zlib@openssh.com', decompress_ctx = Context, authe %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% send_mac_init(SSH) -> - case SSH#ssh.role of - client -> - KeySize =mac_key_size(SSH#ssh.send_mac), - Key = hash(SSH, "E", KeySize), - {ok, SSH#ssh { send_mac_key = Key }}; - server -> - KeySize = mac_key_size(SSH#ssh.send_mac), - Key = hash(SSH, "F", KeySize), - {ok, SSH#ssh { send_mac_key = Key }} + case pkt_type(SSH#ssh.send_mac) of + common -> + case SSH#ssh.role of + client -> + KeySize = mac_key_size(SSH#ssh.send_mac), + Key = hash(SSH, "E", KeySize), + {ok, SSH#ssh { send_mac_key = Key }}; + server -> + KeySize = mac_key_size(SSH#ssh.send_mac), + Key = hash(SSH, "F", KeySize), + {ok, SSH#ssh { send_mac_key = Key }} + end; + aead -> + %% Not applicable + {ok, SSH} end. send_mac_final(SSH) -> - {ok, SSH#ssh { send_mac = none, send_mac_key = undefined }}. + {ok, SSH#ssh {send_mac = none, + send_mac_key = undefined }}. + recv_mac_init(SSH) -> - case SSH#ssh.role of - client -> - Key = hash(SSH, "F", mac_key_size(SSH#ssh.recv_mac)), - {ok, SSH#ssh { recv_mac_key = Key }}; - server -> - Key = hash(SSH, "E", mac_key_size(SSH#ssh.recv_mac)), - {ok, SSH#ssh { recv_mac_key = Key }} + case pkt_type(SSH#ssh.recv_mac) of + common -> + case SSH#ssh.role of + client -> + Key = hash(SSH, "F", mac_key_size(SSH#ssh.recv_mac)), + {ok, SSH#ssh { recv_mac_key = Key }}; + server -> + Key = hash(SSH, "E", mac_key_size(SSH#ssh.recv_mac)), + {ok, SSH#ssh { recv_mac_key = Key }} + end; + aead -> + %% Not applicable + {ok, SSH} end. recv_mac_final(SSH) -> @@ -1481,6 +1619,8 @@ mac_digest_size('hmac-md5') -> 20; mac_digest_size('hmac-md5-96') -> 12; mac_digest_size('hmac-sha2-256') -> 32; mac_digest_size('hmac-sha2-512') -> 64; +mac_digest_size('AEAD_AES_128_GCM') -> 16; +mac_digest_size('AEAD_AES_256_GCM') -> 16; mac_digest_size(none) -> 0. peer_name({Host, _}) -> @@ -1510,6 +1650,68 @@ ecdh_curve('ecdh-sha2-nistp256') -> secp256r1; ecdh_curve('ecdh-sha2-nistp384') -> secp384r1; ecdh_curve('ecdh-sha2-nistp521') -> secp521r1. + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +%% +%% Utils for default_algorithms/1 and supported_algorithms/1 +%% +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +supported_algorithms(Key, [{client2server,BL1},{server2client,BL2}]) -> + [{client2server,As1},{server2client,As2}] = supported_algorithms(Key), + [{client2server,As1--BL1},{server2client,As2--BL2}]; +supported_algorithms(Key, BlackList) -> + supported_algorithms(Key) -- BlackList. + + +select_crypto_supported(L) -> + Sup = [{ec_curve,crypto_supported_curves()} | crypto:supports()], + [Name || {Name,CryptoRequires} <- L, + crypto_supported(CryptoRequires, Sup)]. + +crypto_supported_curves() -> + try crypto:ec_curves() + catch _:_ -> [] + end. + +crypto_supported(Conditions, Supported) -> + lists:all( fun({Tag,CryptoName}) when is_atom(CryptoName) -> + crypto_name_supported(Tag,CryptoName,Supported); + ({Tag,{Name,Len}}) when is_integer(Len) -> + crypto_name_supported(Tag,Name,Supported) andalso + len_supported(Name,Len) + end, Conditions). + +crypto_name_supported(Tag, CryptoName, Supported) -> + lists:member(CryptoName, proplists:get_value(Tag,Supported,[])). + +len_supported(Name, Len) -> + try + case Name of + aes_ctr -> + {_, <<_/binary>>} = + %% Test encryption + crypto:stream_encrypt(crypto:stream_init(Name, <<0:Len>>, <<0:128>>), <<"">>); + aes_gcm -> + {<<_/binary>>, <<_/binary>>} = + crypto:block_encrypt(Name, + _Key = <<0:Len>>, + _IV = <<0:12/unsigned-unit:8>>, + {"AAD","PT"}) + end + of + _ -> true + catch + _:_ -> false + end. + + +same(Algs) -> [{client2server,Algs}, {server2client,Algs}]. + + +%% default_algorithms(kex) -> % Example of how to disable an algorithm +%% supported_algorithms(kex, ['ecdh-sha2-nistp521']); + %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% %% Other utils -- cgit v1.2.3 From 3dd45583508269dc0189277002e140dd0a1369ba Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 20 Nov 2015 21:03:37 +0100 Subject: ssh: documentation updates --- lib/ssh/doc/src/ssh_app.xml | 70 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 55 insertions(+), 15 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 29cbbd79a2..79dd1e210e 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -137,6 +137,19 @@

Supported algorithms are:

+ Key exchange algorithms + + + ecdh-sha2-nistp256 + ecdh-sha2-nistp384 + ecdh-sha2-nistp521 + diffie-hellman-group-exchange-sha1 + diffie-hellman-group-exchange-sha256 + diffie-hellman-group14-sha1 + diffie-hellman-group1-sha1 + + + Public key algorithms @@ -157,30 +170,26 @@ - Encryption algorithms + Encryption algorithms (ciphers) + aes128-gcm@openssh.com (AEAD_AES_128_GCM) + aes256-gcm@openssh.com (AEAD_AES_256_GCM) aes128-ctr aes192-ctr aes256-ctr aes128-cbc 3des-cbc +

Following the internet de-facto standard, the cipher and mac algorithm AEAD_AES_128_GCM is selected when the + cipher aes128-gcm@openssh.com is negotiated. The cipher and mac algorithm AEAD_AES_256_GCM is selected when the + cipher aes256-gcm@openssh.com is negotiated. +

+

See the text at the description of the rfc 5647 further down + for more information. +

- - Key exchange algorithms - - - ecdh-sha2-nistp256 - ecdh-sha2-nistp384 - ecdh-sha2-nistp521 - diffie-hellman-group-exchange-sha1 - diffie-hellman-group-exchange-sha256 - diffie-hellman-group14-sha1 - diffie-hellman-group1-sha1 - - - + Compression algorithms @@ -255,6 +264,30 @@

+ RFC 5647, AES Galois Counter Mode for + the Secure Shell Transport Layer Protocol. +

There is an ambiguity in the synchronized selection of cipher and mac algorithm. + This is resolved by OpenSSH in the ciphers aes128-gcm@openssh.com and aes256-gcm@openssh.com which are implemented. + If the explicit ciphers and macs AEAD_AES_128_GCM or AEAD_AES_256_GCM are needed, + they could be enabled with the option preferred_algorithms. + + If the client or the server is not Erlang/OTP, it is the users responsibility to check that + other implementation has the same interpretation of AEAD_AES_*_GCM as the Erlang/OTP SSH before + enabling them. The aes*-gcm@openssh.com variants are always safe to use since they lack the + ambiguity. + +

+

The second paragraph in section 5.1 is resolved as: + + If the negotiated cipher is AEAD_AES_128_GCM, the mac algorithm is set to AEAD_AES_128_GCM. + If the negotiated cipher is AEAD_AES_256_GCM, the mac algorithm is set to AEAD_AES_256_GCM. + If the mac algorithm is AEAD_AES_128_GCM, the cipher is set to AEAD_AES_128_GCM. + If the mac algorithm is AEAD_AES_256_GCM, the cipher is set to AEAD_AES_256_GCM. + + The first rule that matches when read in order from the top is applied +

+ + RFC 5656, Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer.

Except @@ -266,6 +299,13 @@

+ + RFC 6668, SHA-2 Data Integrity Verification for + the Secure Shell (SSH) Transport Layer Protocol +

Comment: Defines hmac-sha2-256 and hmac-sha2-512 +

+ +
-- cgit v1.2.3 From b5df882f98c13ac52535f70e50473b9d6c1fb929 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 23 Nov 2015 10:49:16 +0100 Subject: ssh: renegotiate test group for AES_GCM --- lib/ssh/test/ssh_renegotiate_SUITE.erl | 22 ++++++++++++++++++++-- lib/ssh/test/ssh_test_lib.erl | 10 +++++----- 2 files changed, 25 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_renegotiate_SUITE.erl b/lib/ssh/test/ssh_renegotiate_SUITE.erl index ef631d54bd..227dfcddcd 100644 --- a/lib/ssh/test/ssh_renegotiate_SUITE.erl +++ b/lib/ssh/test/ssh_renegotiate_SUITE.erl @@ -32,9 +32,15 @@ suite() -> [{ct_hooks,[ts_install_cth]}]. -all() -> [rekey, rekey_limit, renegotiate1, renegotiate2]. +all() -> [{group,default_algs}, + {group,aes_gcm} + ]. -groups() -> []. +groups() -> [{default_algs, [], tests()}, + {aes_gcm, [], tests()} + ]. + +tests() -> [rekey, rekey_limit, renegotiate1, renegotiate2]. %%-------------------------------------------------------------------- init_per_suite(Config) -> @@ -49,6 +55,18 @@ end_per_suite(_Config) -> ssh:stop(), crypto:stop(). +%%-------------------------------------------------------------------- +init_per_group(aes_gcm, Config) -> + [{preferred_algorithms, [{cipher,[{client2server,['aes128-gcm@openssh.com']}, + {server2client,['aes128-gcm@openssh.com']}]}]} + | Config]; +init_per_group(_, Config) -> + [{preferred_algorithms, ssh:default_algorithms()} | Config]. + + +end_per_group(_, Config) -> + Config. + %%-------------------------------------------------------------------- init_per_testcase(_TestCase, Config) -> ssh:start(), diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 5816b708f2..424afc76fe 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -296,7 +296,7 @@ setup_dsa(DataDir, UserDir) -> file:make_dir(System), file:copy(filename:join(DataDir, "ssh_host_dsa_key"), filename:join(System, "ssh_host_dsa_key")), file:copy(filename:join(DataDir, "ssh_host_dsa_key.pub"), filename:join(System, "ssh_host_dsa_key.pub")), -ct:pal("DataDir ~p:~n ~p~n~nSystDir ~p:~n ~p~n~nUserDir ~p:~n ~p",[DataDir, file:list_dir(DataDir), System, file:list_dir(System), UserDir, file:list_dir(UserDir)]), +ct:log("DataDir ~p:~n ~p~n~nSystDir ~p:~n ~p~n~nUserDir ~p:~n ~p",[DataDir, file:list_dir(DataDir), System, file:list_dir(System), UserDir, file:list_dir(UserDir)]), setup_dsa_known_host(DataDir, UserDir), setup_dsa_auth_keys(DataDir, UserDir). @@ -306,7 +306,7 @@ setup_rsa(DataDir, UserDir) -> file:make_dir(System), file:copy(filename:join(DataDir, "ssh_host_rsa_key"), filename:join(System, "ssh_host_rsa_key")), file:copy(filename:join(DataDir, "ssh_host_rsa_key.pub"), filename:join(System, "ssh_host_rsa_key.pub")), -ct:pal("DataDir ~p:~n ~p~n~nSystDir ~p:~n ~p~n~nUserDir ~p:~n ~p",[DataDir, file:list_dir(DataDir), System, file:list_dir(System), UserDir, file:list_dir(UserDir)]), +ct:log("DataDir ~p:~n ~p~n~nSystDir ~p:~n ~p~n~nUserDir ~p:~n ~p",[DataDir, file:list_dir(DataDir), System, file:list_dir(System), UserDir, file:list_dir(UserDir)]), setup_rsa_known_host(DataDir, UserDir), setup_rsa_auth_keys(DataDir, UserDir). @@ -316,7 +316,7 @@ setup_ecdsa(Size, DataDir, UserDir) -> file:make_dir(System), file:copy(filename:join(DataDir, "ssh_host_ecdsa_key"++Size), filename:join(System, "ssh_host_ecdsa_key")), file:copy(filename:join(DataDir, "ssh_host_ecdsa_key"++Size++".pub"), filename:join(System, "ssh_host_ecdsa_key.pub")), -ct:pal("DataDir ~p:~n ~p~n~nSystDir ~p:~n ~p~n~nUserDir ~p:~n ~p",[DataDir, file:list_dir(DataDir), System, file:list_dir(System), UserDir, file:list_dir(UserDir)]), +ct:log("DataDir ~p:~n ~p~n~nSystDir ~p:~n ~p~n~nUserDir ~p:~n ~p",[DataDir, file:list_dir(DataDir), System, file:list_dir(System), UserDir, file:list_dir(UserDir)]), setup_ecdsa_known_host(Size, System, UserDir), setup_ecdsa_auth_keys(Size, UserDir, UserDir). @@ -502,7 +502,7 @@ default_algorithms(sshd, Host, Port) -> {user_interaction, false}]}])) catch _C:_E -> - ct:pal("***~p:~p: ~p:~p",[?MODULE,?LINE,_C,_E]), + ct:log("***~p:~p: ~p:~p",[?MODULE,?LINE,_C,_E]), [] end. @@ -522,7 +522,7 @@ default_algorithms(sshc, DaemonOptions) -> InitialState)) catch _C:_E -> - ct:pal("***~p:~p: ~p:~p",[?MODULE,?LINE,_C,_E]), + ct:log("***~p:~p: ~p:~p",[?MODULE,?LINE,_C,_E]), [] end} end), -- cgit v1.2.3 From 3c68f93ff05bad90550407dc1eb316547227bfa7 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 23 Nov 2015 14:56:32 +0100 Subject: ssh: fix dialyzer reported error --- lib/ssh/src/ssh_transport.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index e2d19b9cef..041e86bae1 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -1697,7 +1697,7 @@ len_supported(Name, Len) -> crypto:block_encrypt(Name, _Key = <<0:Len>>, _IV = <<0:12/unsigned-unit:8>>, - {"AAD","PT"}) + {<<"AAD">>,"PT"}) end of _ -> true -- cgit v1.2.3 From 08585ec49568f6273f51526e40c108abb7480e4d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 25 Nov 2015 15:55:13 +0100 Subject: ssh: added 'pending' in recv_window handling and limit sending --- lib/ssh/src/ssh_connect.hrl | 3 +++ lib/ssh/src/ssh_connection_handler.erl | 27 +++++++++++++++++++++------ 2 files changed, 24 insertions(+), 6 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connect.hrl b/lib/ssh/src/ssh_connect.hrl index 6db89c5d80..9f9f3de8fa 100644 --- a/lib/ssh/src/ssh_connect.hrl +++ b/lib/ssh/src/ssh_connect.hrl @@ -248,6 +248,9 @@ local_id, %% local channel id recv_window_size, + recv_window_pending = 0, %% Sum of window size updates that has not + %% yet been sent. This limits the number + %% of sent update msgs. recv_packet_size, recv_close = false, diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 505c6eb181..68062209fc 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -731,13 +731,28 @@ handle_event({adjust_window, ChannelId, Bytes}, StateName, #connection{channel_cache = Cache}} = State0) -> State = case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{recv_window_size = WinSize, remote_id = Id} = Channel -> - ssh_channel:cache_update(Cache, Channel#channel{recv_window_size = - WinSize + Bytes}), - Msg = ssh_connection:channel_adjust_window_msg(Id, Bytes), + #channel{recv_window_size = WinSize, + recv_window_pending = Pending, + recv_packet_size = PktSize} = Channel + when (WinSize-Bytes) >= 2*PktSize -> + %% The peer can send at least two more *full* packet, no hurry. + ssh_channel:cache_update(Cache, + Channel#channel{recv_window_pending = Pending + Bytes}), + State0; + + #channel{recv_window_size = WinSize, + recv_window_pending = Pending, + remote_id = Id} = Channel -> + %% Now we have to update the window - we can't receive so many more pkts + ssh_channel:cache_update(Cache, + Channel#channel{recv_window_size = + WinSize + Bytes + Pending, + recv_window_pending = 0}), + Msg = ssh_connection:channel_adjust_window_msg(Id, Bytes + Pending), send_replies([{connection_reply, Msg}], State0); - undefined -> - State0 + + undefined -> + State0 end, {next_state, StateName, next_packet(State)}; -- cgit v1.2.3 From 9865cacba44c862af36a5a8d758157bbe5c499e7 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 25 Nov 2015 16:17:24 +0100 Subject: ssh: sftpd callback takes new option 'recv_window_size', defaults to 1000000 --- lib/ssh/src/ssh_sftpd.erl | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl index a6549f1c73..819cba697e 100644 --- a/lib/ssh/src/ssh_sftpd.erl +++ b/lib/ssh/src/ssh_sftpd.erl @@ -30,6 +30,7 @@ -include("ssh.hrl"). -include("ssh_xfer.hrl"). +-include("ssh_connect.hrl"). %% For ?DEFAULT_PACKET_SIZE and ?DEFAULT_WINDOW_SIZE %%-------------------------------------------------------------------- %% External exports @@ -47,6 +48,7 @@ file_handler, % atom() - callback module file_state, % state for the file callback module max_files, % integer >= 0 max no files sent during READDIR + options, % from the subsystem declaration handles % list of open handles %% handle is either {, directory, {Path, unread|eof}} or %% {, file, {Path, IoDevice}} @@ -121,6 +123,7 @@ init(Options) -> MaxLength = proplists:get_value(max_files, Options, 0), Vsn = proplists:get_value(sftpd_vsn, Options, 5), {ok, State#state{cwd = CWD, root = Root, max_files = MaxLength, + options = Options, handles = [], pending = <<>>, xf = #ssh_xfer{vsn = Vsn, ext = []}}}. @@ -164,7 +167,9 @@ handle_ssh_msg({ssh_cm, _, {exit_status, ChannelId, Status}}, State) -> %% Description: Handles other messages %%-------------------------------------------------------------------- handle_msg({ssh_channel_up, ChannelId, ConnectionManager}, - #state{xf =Xf} = State) -> + #state{xf = Xf, + options = Options} = State) -> + maybe_increase_recv_window(ConnectionManager, ChannelId, Options), {ok, State#state{xf = Xf#ssh_xfer{cm = ConnectionManager, channel = ChannelId}}}. @@ -934,3 +939,18 @@ rename(Path, Path2, ReqId, State0) -> {Status, FS1} = FileMod:rename(Path, Path2, FS0), State1 = State0#state{file_state = FS1}, send_status(Status, ReqId, State1). + + +maybe_increase_recv_window(ConnectionManager, ChannelId, Options) -> + WantedRecvWindowSize = + proplists:get_value(recv_window_size, Options, 1000000), + NumPkts = WantedRecvWindowSize div ?DEFAULT_PACKET_SIZE, + Increment = NumPkts*?DEFAULT_PACKET_SIZE - ?DEFAULT_WINDOW_SIZE, + + if + Increment > 0 -> + ssh_connection:adjust_window(ConnectionManager, ChannelId, + Increment); + Increment =< 0 -> + do_nothing + end. -- cgit v1.2.3 From 9b9d1cfa157134d8b14aaa2de5b36db28cb8b17a Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 25 Nov 2015 20:02:36 +0100 Subject: ssh: implemented server side SSH_MSG_KEX_DH_GEX_REQUEST_OLD for putty client --- lib/ssh/src/ssh_connection_handler.erl | 6 ++++++ lib/ssh/src/ssh_transport.erl | 29 +++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index fcd66b80c0..5b4f6081c1 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -425,6 +425,12 @@ key_exchange(#ssh_msg_kex_dh_gex_request{} = Msg, send_msg(GexGroup, State), {next_state, key_exchange_dh_gex_init, next_packet(State#state{ssh_params = Ssh})}; +key_exchange(#ssh_msg_kex_dh_gex_request_old{} = Msg, + #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> + {ok, GexGroup, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0), + send_msg(GexGroup, State), + {next_state, key_exchange_dh_gex_init, next_packet(State#state{ssh_params = Ssh})}; + key_exchange(#ssh_msg_kex_dh_gex_group{} = Msg, #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> {ok, KexGexInit, Ssh} = ssh_transport:handle_kex_dh_gex_group(Msg, Ssh0), diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 2b6f0a3cdc..1fbe50e758 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -427,6 +427,32 @@ handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request{min = Min, Ssh#ssh{keyex_key = {{Private, Public}, {G, P}}, keyex_info = {Min, Max, NBits} }}; + +handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request_old{n = NBits}, + Ssh0=#ssh{opts=Opts}) -> + %% server + %% + %% This message was in the draft-00 of rfc4419 + %% (https://tools.ietf.org/html/draft-ietf-secsh-dh-group-exchange-00) + %% In later drafts and the rfc is "is used for backward compatibility". + %% Unfortunatly the rfc does not specify how to treat the parameter n + %% if there is no group of that modulus length :( + %% The draft-00 however specifies that n is the "... number of bits + %% the subgroup should have at least". + %% Further, it says that "Servers and clients SHOULD support groups + %% with a modulus length of k bits, where 1024 <= k <= 8192." + %% + Min = NBits, + Max = 8192, + {G, P} = dh_gex_group(Min, NBits, Max, proplists:get_value(dh_gex_groups,Opts)), + {Public, Private} = generate_key(dh, [P,G]), + {SshPacket, Ssh} = + ssh_packet(#ssh_msg_kex_dh_gex_group{p = P, g = G}, Ssh0), + {ok, SshPacket, + Ssh#ssh{keyex_key = {{Private, Public}, {G, P}}, + keyex_info = {-1, -1, NBits} % flag for kex_h hash calc + }}; + handle_kex_dh_gex_request(_, _) -> throw({{error,bad_ssh_msg_kex_dh_gex_request}, #ssh_msg_disconnect{ @@ -1286,6 +1312,9 @@ kex_h(SSH, Curve, Key, Q_c, Q_s, K) -> kex_h(SSH, Key, Min, NBits, Max, Prime, Gen, E, F, K) -> L = if Min==-1; Max==-1 -> + %% flag from 'ssh_msg_kex_dh_gex_request_old' + %% It was like this before that message was supported, + %% why? Ts = [string,string,binary,binary,binary, uint32, mpint,mpint,mpint,mpint,mpint], -- cgit v1.2.3 From ecf301d7dbd173cc18f86026ecf88597b15a7c69 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 26 Nov 2015 10:45:13 +0100 Subject: ssh: Improve group selection Now it chooses the first found if no exact match. --- lib/ssh/src/ssh_transport.erl | 42 +++++++++++++++--------------------------- 1 file changed, 15 insertions(+), 27 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 1fbe50e758..e3ee399b8e 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -1378,35 +1378,23 @@ dh_gex_default_groups() -> ?dh_default_groups. dh_gex_group(Min, N, Max, undefined) -> dh_gex_group(Min, N, Max, dh_gex_default_groups()); dh_gex_group(Min, N, Max, Groups) -> - %% First try to find an exact match. If not an exact match, select the largest possible. - {_,Group} = - lists:foldl( - fun(_, {I,G}) when I==N -> - %% If we have an exact match already: use that one - {I,G}; - ({I,G}, _) when I==N -> - %% If we now found an exact match: use that very one - {I,G}; - ({I,G}, {Imax,_Gmax}) when Min=Imax -> % b) {I,G} is larger than current max - %% A group within the limits and better than the one we have - {I,G}; - (_, IGmax) -> - %% Keep the one we have - IGmax - end, {-1,undefined}, Groups), - - case Group of - undefined -> - throw(#ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "No possible diffie-hellman-group-exchange group found", - language = ""}); - _ -> - Group + %% Try to find an exact match. If not an exact match, select the first found. + case lists:keyfind(N, 1, Groups) of + {N,Grp} -> + Grp; + false -> + case lists:dropwhile(fun({I,_}) -> I < Min-1 orelse I > Max+1 end, + Groups) of + [{_,Grp}|_] -> + Grp; + [] -> + throw(#ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "No possible diffie-hellman-group-exchange group found", + language = ""}) + end end. - generate_key(Algorithm, Args) -> {Public,Private} = crypto:generate_key(Algorithm, Args), {crypto:bytes_to_integer(Public), crypto:bytes_to_integer(Private)}. -- cgit v1.2.3 From 7596e5d97b4154f645eac6152f98c8c28f7ff6f6 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 26 Nov 2015 10:52:48 +0100 Subject: ssh: update existing testcases --- lib/ssh/test/ssh_protocol_SUITE.erl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index d8e99799e2..2415ceba47 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -333,13 +333,13 @@ no_common_alg_client_disconnects(Config) -> gex_client_init_default_noexact(Config) -> do_gex_client_init(Config, {2000, 3000, 4000}, %% Warning, app knowledege: - ?dh_group15). + ?dh_group14). gex_client_init_default_exact(Config) -> - do_gex_client_init(Config, {2000, 2048, 4000}, + do_gex_client_init(Config, {2000, 3072, 4000}, %% Warning, app knowledege: - ?dh_group14). + ?dh_group15). gex_client_init_option_groups(Config) -> -- cgit v1.2.3 From 9ec50b9817f7cd852cf3380f665ade9f86323283 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 26 Nov 2015 11:46:10 +0100 Subject: ssh: New test cases for SSH_MSG_KEX_DH_GEX_REQUEST_OLD --- lib/ssh/test/ssh_protocol_SUITE.erl | 37 ++++++++++++++++++++++++++++++++++--- 1 file changed, 34 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 2415ceba47..dd0adda2dc 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -60,7 +60,9 @@ groups() -> gex_client_init_default_noexact, gex_client_init_default_exact, gex_client_init_option_groups, - gex_client_init_option_groups_file + gex_client_init_option_groups_file, + gex_client_old_request_exact, + gex_client_old_request_noexact ]} ]. @@ -79,7 +81,9 @@ init_per_testcase(no_common_alg_server_disconnects, Config) -> init_per_testcase(TC, Config) when TC == gex_client_init_default_noexact ; TC == gex_client_init_default_exact ; TC == gex_client_init_option_groups ; - TC == gex_client_init_option_groups_file -> + TC == gex_client_init_option_groups_file ; + TC == gex_client_old_request_exact ; + TC == gex_client_old_request_noexact -> Opts = case TC of gex_client_init_option_groups -> [{dh_gex_groups, [{2345, 3, 41}]}]; @@ -101,7 +105,9 @@ end_per_testcase(no_common_alg_server_disconnects, Config) -> end_per_testcase(TC, Config) when TC == gex_client_init_default_noexact ; TC == gex_client_init_default_exact ; TC == gex_client_init_option_groups ; - TC == gex_client_init_option_groups_file -> + TC == gex_client_init_option_groups_file ; + TC == gex_client_old_request_exact ; + TC == gex_client_old_request_noexact -> stop_std_daemon(Config); end_per_testcase(_TestCase, Config) -> check_std_daemon_works(Config, ?LINE). @@ -373,6 +379,31 @@ do_gex_client_init(Config, {Min,N,Max}, {_,{G,P}}) -> ] ). +%%%-------------------------------------------------------------------- +gex_client_old_request_exact(Config) -> do_gex_client_init_old(Config, 2048, ?dh_group14). +gex_client_old_request_noexact(Config) -> do_gex_client_init_old(Config, 1000, ?dh_group1). + +do_gex_client_init_old(Config, N, {_,{G,P}}) -> + {ok,_} = + ssh_trpt_test_lib:exec( + [{set_options, [print_ops, print_seqnums, print_messages]}, + {connect, + server_host(Config),server_port(Config), + [{silently_accept_hosts, true}, + {user_dir, user_dir(Config)}, + {user_interaction, false}, + {preferred_algorithms,[{kex,['diffie-hellman-group-exchange-sha1']}]} + ]}, + receive_hello, + {send, hello}, + {send, ssh_msg_kexinit}, + {match, #ssh_msg_kexinit{_='_'}, receive_msg}, + {send, #ssh_msg_kex_dh_gex_request_old{n = N}}, + {match, #ssh_msg_kex_dh_gex_group{p=P, g=G, _='_'}, receive_msg} + ] + ). + + %%%================================================================ %%%==== Internal functions ======================================== %%%================================================================ -- cgit v1.2.3 From ad47d0d5617da6e0d1490d3cd91b3e247e4cdf1a Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 26 Nov 2015 11:51:35 +0100 Subject: ssh: vsn.mk updated --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 5bb18a656a..762bd9b208 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,4 +1,4 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 4.1.2 +SSH_VSN = 4.1.3 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 23ee0606f06e07755128a583541e63c7bb165182 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Thu, 26 Nov 2015 15:10:36 +0100 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index bb111c8e0e..b7e7634637 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,22 @@ notes.xml +
Ssh 4.1.3 + +
Known Bugs and Problems + + +

+ SSH_MSG_KEX_DH_GEX_REQUEST_OLD implemented to make PuTTY + work with erl server.

+

+ Own Id: OTP-13140

+ + +
+ +
+
Ssh 4.1.2
Fixed Bugs and Malfunctions -- cgit v1.2.3 From e14b301be3b5593a13e666885ca795e6bee54b5b Mon Sep 17 00:00:00 2001 From: Vipin Nair Date: Fri, 13 Nov 2015 18:51:03 +0530 Subject: Support SSH key callback module options This patch allows extra callback options to be passed to the module implementing the SSH callback module behaviour. A module implementing the SSH key callback API is used to customize the handling of public key. This patch allows extra callback options to be passed to the module implementing the SSH callback module behaviour. The key_cb option has been changed: {key_cb, atom()} -> {key_cb, key_cb()} Where: key_cb() :: atom() | {atom(), list()} The callback options, if specified, is made available to the callback module via the options passed to it under the key 'key_cb_private'. More details and some backgorund is available here[1]. [1]: http://erlang.org/pipermail/erlang-patches/2015-November/004800.html --- lib/ssh/doc/src/ssh.xml | 29 +++++++++++----- lib/ssh/src/ssh.erl | 14 ++++++-- lib/ssh/test/Makefile | 2 ++ lib/ssh/test/ssh_basic_SUITE.erl | 67 +++++++++++++++++++++++++++++++++++-- lib/ssh/test/ssh_key_cb.erl | 45 +++++++++++++++++++++++++ lib/ssh/test/ssh_key_cb_options.erl | 44 ++++++++++++++++++++++++ 6 files changed, 189 insertions(+), 12 deletions(-) create mode 100644 lib/ssh/test/ssh_key_cb.erl create mode 100644 lib/ssh/test/ssh_key_cb_options.erl (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 1e9acf4a99..18bced2d1d 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -85,6 +85,15 @@

atom() - Name of the Erlang module implementing the subsystem using the ssh_channel behavior, see ssh_channel(3)

 + key_cb() = + +

atom() | {atom(), list()}

+

atom() - Name of the erlang module implementing the behaviours + ssh_client_key_api or + ssh_client_key_api as the + case maybe.

+

list() - List of options that can be passed to the callback module.

+ channel_init_args() =

list()

 @@ -272,11 +281,13 @@ kex is implicit but public_key is set explicitly.

password, if the password authentication method is attempted.

- + -

Module implementing the behaviour - ssh_client_key_api. - Can be used to customize the handling of public keys. +

Module implementing the behaviour ssh_client_key_api. Can be used to + customize the handling of public keys. If callback options are provided + along with the module name, they are made available to the callback + module via the options passed to it under the key 'key_cb_private'.

@@ -607,11 +618,13 @@ kex is implicit but public_key is set explicitly.

- + -

Module implementing the behaviour - ssh_server_key_api. - Can be used to customize the handling of public keys. +

Module implementing the behaviour ssh_server_key_api. Can be used to + customize the handling of public keys. If callback options are provided + along with the module name, they are made available to the callback + module via the options passed to it under the key 'key_cb_private'.

diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index bb50e436a3..1d29c95229 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -369,8 +369,12 @@ handle_option([{user_passwords, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{pwdfun, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); -handle_option([{key_cb, _} = Opt | Rest], SocketOptions, SshOptions) -> - handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{key_cb, {Module, Options}} | Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option({key_cb, Module}), + handle_ssh_priv_option({key_cb_private, Options}) | + SshOptions]); +handle_option([{key_cb, Module} | Rest], SocketOptions, SshOptions) -> + handle_option([{key_cb, {Module, []}} | Rest], SocketOptions, SshOptions); handle_option([{keyboard_interact_fun, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); %%Backwards compatibility @@ -544,6 +548,9 @@ handle_ssh_option({pwdfun, Value} = Opt) when is_function(Value,4) -> Opt; handle_ssh_option({key_cb, Value} = Opt) when is_atom(Value) -> Opt; +handle_ssh_option({key_cb, {CallbackMod, CallbackOptions}} = Opt) when is_atom(CallbackMod), + is_list(CallbackOptions) -> + Opt; handle_ssh_option({keyboard_interact_fun, Value} = Opt) when is_function(Value,3) -> Opt; handle_ssh_option({compression, Value} = Opt) when is_atom(Value) -> @@ -610,6 +617,9 @@ handle_ssh_option({profile, Value} = Opt) when is_atom(Value) -> handle_ssh_option(Opt) -> throw({error, {eoptions, Opt}}). +handle_ssh_priv_option({key_cb_private, Value} = Opt) when is_list(Value) -> + Opt. + handle_inet_option({active, _} = Opt) -> throw({error, {{eoptions, Opt}, "SSH has built in flow control, " "and active is handled internally, user is not allowed" diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile index 96c74c6c8a..781a876723 100644 --- a/lib/ssh/test/Makefile +++ b/lib/ssh/test/Makefile @@ -47,6 +47,8 @@ MODULES= \ ssh_to_openssh_SUITE \ ssh_upgrade_SUITE \ ssh_test_lib \ + ssh_key_cb \ + ssh_key_cb_options \ ssh_trpt_test_lib \ ssh_echo_server \ ssh_peername_sockname_server \ diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 0a5964c560..d4cb03f2f2 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -54,8 +54,10 @@ send/1, shell/1, shell_no_unicode/1, - shell_unicode_string/1, - ssh_info_print/1 + shell_unicode_string/1, + ssh_info_print/1, + key_callback/1, + key_callback_options/1 ]). %%% Common test callbacks @@ -84,6 +86,7 @@ all() -> {group, ecdsa_sha2_nistp521_key}, {group, dsa_pass_key}, {group, rsa_pass_key}, + {group, key_cb}, {group, internal_error}, daemon_already_started, double_close, @@ -101,6 +104,7 @@ groups() -> {ecdsa_sha2_nistp521_key, [], basic_tests()}, {dsa_pass_key, [], [pass_phrase]}, {rsa_pass_key, [], [pass_phrase]}, + {key_cb, [], [key_callback, key_callback_options]}, {internal_error, [], [internal_error]} ]. @@ -180,6 +184,11 @@ init_per_group(dsa_pass_key, Config) -> PrivDir = ?config(priv_dir, Config), ssh_test_lib:setup_dsa_pass_pharse(DataDir, PrivDir, "Password"), [{pass_phrase, {dsa_pass_phrase, "Password"}}| Config]; +init_per_group(key_cb, Config) -> + DataDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + ssh_test_lib:setup_dsa(DataDir, PrivDir), + Config; init_per_group(internal_error, Config) -> DataDir = ?config(data_dir, Config), PrivDir = ?config(priv_dir, Config), @@ -247,6 +256,10 @@ end_per_group(rsa_pass_key, Config) -> PrivDir = ?config(priv_dir, Config), ssh_test_lib:clean_rsa(PrivDir), Config; +end_per_group(key_cb, Config) -> + PrivDir = ?config(priv_dir, Config), + ssh_test_lib:clean_dsa(PrivDir), + Config; end_per_group(internal_error, Config) -> PrivDir = ?config(priv_dir, Config), ssh_test_lib:clean_dsa(PrivDir), @@ -575,6 +588,56 @@ pass_phrase(Config) when is_list(Config) -> {ok, _ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), ssh:stop_daemon(Pid). +%%-------------------------------------------------------------------- +%%% Test that we can use key callback +key_callback(Config) when is_list(Config) -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + NoPubKeyDir = filename:join(UserDir, "nopubkey"), + file:make_dir(NoPubKeyDir), + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {failfun, fun ssh_test_lib:failfun/2}]), + + ConnectOpts = [{silently_accept_hosts, true}, + {user_dir, NoPubKeyDir}, + {user_interaction, false}, + {key_cb, ssh_key_cb}], + + ConnectionRef = ssh_test_lib:connect(Host, Port, ConnectOpts), + + {ok, _ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + ssh:stop_daemon(Pid). + + +%%-------------------------------------------------------------------- +%%% Test that we can use key callback with callback options +key_callback_options(Config) when is_list(Config) -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system), + UserDir = ?config(priv_dir, Config), + + NoPubKeyDir = filename:join(UserDir, "nopubkey"), + file:make_dir(NoPubKeyDir), + + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, UserDir}, + {failfun, fun ssh_test_lib:failfun/2}]), + + {ok, PrivKey} = file:read_file(filename:join(UserDir, "id_dsa")), + + ConnectOpts = [{silently_accept_hosts, true}, + {user_dir, NoPubKeyDir}, + {user_interaction, false}, + {key_cb, {ssh_key_cb_options, [{priv_key, PrivKey}]}}], + + ConnectionRef = ssh_test_lib:connect(Host, Port, ConnectOpts), + + {ok, _ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + ssh:stop_daemon(Pid). + %%-------------------------------------------------------------------- %%% Test that client does not hang if disconnects due to internal error diff --git a/lib/ssh/test/ssh_key_cb.erl b/lib/ssh/test/ssh_key_cb.erl new file mode 100644 index 0000000000..388ec2ecc1 --- /dev/null +++ b/lib/ssh/test/ssh_key_cb.erl @@ -0,0 +1,45 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2015. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%% +%% %CopyrightEnd% +%% + +%% +%%---------------------------------------------------------------------- + +%% Note: This module is used by ssh_basic_SUITE + +-module(ssh_key_cb). +-behaviour(ssh_client_key_api). +-compile(export_all). + +add_host_key(_, _, _) -> + ok. + +is_host_key(_, _, _, _) -> + true. + +user_key('ssh-dss', Opts) -> + UserDir = proplists:get_value(user_dir, Opts), + KeyFile = filename:join(filename:dirname(UserDir), "id_dsa"), + {ok, KeyBin} = file:read_file(KeyFile), + [Entry] = public_key:pem_decode(KeyBin), + Key = public_key:pem_entry_decode(Entry), + {ok, Key}; + +user_key(_Alg, _Opt) -> + {error, "Not Supported"}. diff --git a/lib/ssh/test/ssh_key_cb_options.erl b/lib/ssh/test/ssh_key_cb_options.erl new file mode 100644 index 0000000000..afccb34f0f --- /dev/null +++ b/lib/ssh/test/ssh_key_cb_options.erl @@ -0,0 +1,44 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2015. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%% +%% %CopyrightEnd% +%% + +%% +%%---------------------------------------------------------------------- + +%% Note: This module is used by ssh_basic_SUITE + +-module(ssh_key_cb_options). +-behaviour(ssh_client_key_api). +-compile(export_all). + +add_host_key(_, _, _) -> + ok. + +is_host_key(_, _, _, _) -> + true. + +user_key('ssh-dss', Opts) -> + KeyCbOpts = proplists:get_value(key_cb_private, Opts), + KeyBin = proplists:get_value(priv_key, KeyCbOpts), + [Entry] = public_key:pem_decode(KeyBin), + Key = public_key:pem_entry_decode(Entry), + {ok, Key}; + +user_key(_Alg, _Opt) -> + {error, "Not Supported"}. -- cgit v1.2.3 From 3864e195ec993f6d03a185b73b183b5c4857c016 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 3 Dec 2015 12:53:33 +0100 Subject: ssh: client pub key documentation --- lib/ssh/doc/src/ssh.xml | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 18bced2d1d..b3f850fc38 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -206,26 +206,25 @@ -

This option is kept for compatibility. It is ignored if the preferred_algorithms - option is used. The equivalence of {public_key_alg,'ssh-dss'} is - {preferred_algorithms, [{public_key,['ssh-dss','ssh-rsa']}]}.

+

This option will be removed in OTP 20, but is kept for compatibility. It is ignored if + the preferred pref_public_key_algs option is used.

Sets the preferred public key algorithm to use for user authentication. If the preferred algorithm fails, - the other algorithm is tried. The default is - to try first.

+ the other algorithm is tried. If {public_key_alg, 'ssh-rsa'} is set, it is translated + to {pref_public_key_algs, ['ssh-rsa','ssh-dss']}. If it is + {public_key_alg, 'ssh-dss'}, it is translated + to {pref_public_key_algs, ['ssh-dss','ssh-rsa']}. +

- -

This option is kept for compatibility. It is ignored if the preferred_algorithms - option is used. The equivalence of {pref_public_key_algs,['ssh-dss']} is - {preferred_algorithms, [{public_key,['ssh-dss']}]}.

- -

List of public key algorithms to try to use. - 'ssh-rsa' and 'ssh-dss' are available. - Overrides

+

List of user (client) public key algorithms to try to use.

+

The default value is + +

+

If there is no public key of a specified type available, the corresponding entry is ignored.

 @@ -233,6 +232,7 @@

List of algorithms to use in the algorithm negotiation. The default algs_list() can be obtained from default_algorithms/0.

+

If an alg_entry() is missing in the algs_list(), the default value is used for that entry.

Here is an example of this option:

{preferred_algorithms, @@ -243,9 +243,9 @@ {compression,[none,zlib]} } -

The example specifies different algorithms in the two directions (client2server and server2client), for cipher but specifies the same -algorithms for mac and compression in both directions. The kex (key exchange) and public key algorithms are set to their default values, -kex is implicit but public_key is set explicitly.

+

The example specifies different algorithms in the two directions (client2server and server2client), + for cipher but specifies the same algorithms for mac and compression in both directions. + The kex (key exchange) is implicit but public_key is set explicitly.

Changing the values can make a connection less secure. Do not change unless you @@ -451,6 +451,7 @@ kex is implicit but public_key is set explicitly.

List of algorithms to use in the algorithm negotiation. The default algs_list() can be obtained from default_algorithms/0.

+

If an alg_entry() is missing in the algs_list(), the default value is used for that entry.

Here is an example of this option:

{preferred_algorithms, @@ -461,9 +462,9 @@ kex is implicit but public_key is set explicitly.

{compression,[none,zlib]} } -

The example specifies different algorithms in the two directions (client2server and server2client), for cipher but specifies the same -algorithms for mac and compression in both directions. The kex (key exchange) and public key algorithms are set to their default values, -kex is implicit but public_key is set explicitly.

+

The example specifies different algorithms in the two directions (client2server and server2client), + for cipher but specifies the same algorithms for mac and compression in both directions. + The kex (key exchange) is implicit but public_key is set explicitly.

Changing the values can make a connection less secure. Do not change unless you -- cgit v1.2.3 From 8abb84f324d6302d720545ffd3955f524a38c219 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 3 Dec 2015 14:48:54 +0100 Subject: ssh: client pub key testcase --- lib/ssh/test/ssh_basic_SUITE.erl | 90 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index d4cb03f2f2..5ce6d172e1 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -41,6 +41,10 @@ double_close/1, exec/1, exec_compressed/1, + exec_key_differs1/1, + exec_key_differs2/1, + exec_key_differs3/1, + exec_key_differs_fail/1, idle_time/1, inet6_option/1, inet_option/1, @@ -86,6 +90,7 @@ all() -> {group, ecdsa_sha2_nistp521_key}, {group, dsa_pass_key}, {group, rsa_pass_key}, + {group, host_user_key_differs}, {group, key_cb}, {group, internal_error}, daemon_already_started, @@ -102,6 +107,10 @@ groups() -> {ecdsa_sha2_nistp256_key, [], basic_tests()}, {ecdsa_sha2_nistp384_key, [], basic_tests()}, {ecdsa_sha2_nistp521_key, [], basic_tests()}, + {host_user_key_differs, [], [exec_key_differs1, + exec_key_differs2, + exec_key_differs3, + exec_key_differs_fail]}, {dsa_pass_key, [], [pass_phrase]}, {rsa_pass_key, [], [pass_phrase]}, {key_cb, [], [key_callback, key_callback_options]}, @@ -184,6 +193,21 @@ init_per_group(dsa_pass_key, Config) -> PrivDir = ?config(priv_dir, Config), ssh_test_lib:setup_dsa_pass_pharse(DataDir, PrivDir, "Password"), [{pass_phrase, {dsa_pass_phrase, "Password"}}| Config]; +init_per_group(host_user_key_differs, Config) -> + Data = ?config(data_dir, Config), + Sys = filename:join(?config(priv_dir, Config), system_rsa), + SysUsr = filename:join(Sys, user), + Usr = filename:join(?config(priv_dir, Config), user_ecdsa_256), + file:make_dir(Sys), + file:make_dir(SysUsr), + file:make_dir(Usr), + file:copy(filename:join(Data, "ssh_host_rsa_key"), filename:join(Sys, "ssh_host_rsa_key")), + file:copy(filename:join(Data, "ssh_host_rsa_key.pub"), filename:join(Sys, "ssh_host_rsa_key.pub")), + file:copy(filename:join(Data, "id_ecdsa256"), filename:join(Usr, "id_ecdsa")), + file:copy(filename:join(Data, "id_ecdsa256.pub"), filename:join(Usr, "id_ecdsa.pub")), + ssh_test_lib:setup_ecdsa_auth_keys("256", Usr, SysUsr), + ssh_test_lib:setup_rsa_known_host(Sys, Usr), + Config; init_per_group(key_cb, Config) -> DataDir = ?config(data_dir, Config), PrivDir = ?config(priv_dir, Config), @@ -490,6 +514,72 @@ shell(Config) when is_list(Config) -> 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. +%%-------------------------------------------------------------------- +%%% Test that we could user different types of host pubkey and user pubkey +exec_key_differs1(Config) -> exec_key_differs(Config, ['ecdsa-sha2-nistp256']). + +exec_key_differs2(Config) -> exec_key_differs(Config, ['ssh-dss','ecdsa-sha2-nistp256']). + +exec_key_differs3(Config) -> exec_key_differs(Config, ['ecdsa-sha2-nistp384','ecdsa-sha2-nistp256']). + + + +exec_key_differs(Config, UserPKAlgs) -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system_rsa), + SystemUserDir = filename:join(SystemDir, user), + UserDir = filename:join(?config(priv_dir, Config), user_ecdsa_256), + + {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, SystemUserDir}, + {preferred_algorithms, + [{public_key,['ssh-rsa']}]}]), + ct:sleep(500), + + IO = ssh_test_lib:start_io_server(), + Shell = ssh_test_lib:start_shell(Port, IO, UserDir, + [{preferred_algorithms,[{public_key,['ssh-rsa']}]}, + {pref_public_key_algs,UserPKAlgs} + ]), + + + receive + {'EXIT', _, _} -> + ct:fail(no_ssh_connection); + ErlShellStart -> + ct:log("Erlang shell start: ~p~n", [ErlShellStart]), + do_shell(IO, Shell) + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) + end. + +%%-------------------------------------------------------------------- +exec_key_differs_fail(Config) when is_list(Config) -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system_rsa), + SystemUserDir = filename:join(SystemDir, user), + UserDir = filename:join(?config(priv_dir, Config), user_ecdsa_256), + + {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, SystemUserDir}, + {preferred_algorithms, + [{public_key,['ssh-rsa']}]}]), + ct:sleep(500), + + IO = ssh_test_lib:start_io_server(), + ssh_test_lib:start_shell(Port, IO, UserDir, + [{preferred_algorithms,[{public_key,['ssh-rsa']}]}, + {pref_public_key_algs,['ssh-dss']}]), + receive + {'EXIT', _, _} -> + ok; + ErlShellStart -> + ct:log("Erlang shell start: ~p~n", [ErlShellStart]), + ct:fail(connection_not_rejected) + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) + end. + %%-------------------------------------------------------------------- cli(Config) when is_list(Config) -> process_flag(trap_exit, true), -- cgit v1.2.3 From 1a6c8b90416e261b0429bbcc253347ce9fbac5ea Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 3 Dec 2015 15:56:03 +0100 Subject: ssh: client pub key opt implemented --- lib/ssh/src/ssh.erl | 74 +++++++++++++++++++++++++++--------------------- lib/ssh/src/ssh.hrl | 3 ++ lib/ssh/src/ssh_auth.erl | 6 +--- lib/ssh/src/ssh_auth.hrl | 1 - 4 files changed, 46 insertions(+), 38 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 1d29c95229..54f94acbdc 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -297,13 +297,6 @@ find_hostport(Fd) -> ok = inet:close(S), HostPort. -%% find_port(Fd) -> -%% %% Hack.... -%% {ok,TmpSock} = gen_tcp:listen(0,[{fd,Fd}]), -%% {ok, {_,ThePort}} = inet:sockname(TmpSock), -%% gen_tcp:close(TmpSock), -%% ThePort. - handle_options(Opts) -> try handle_option(algs_compatibility(proplists:unfold(Opts)), [], []) of @@ -315,32 +308,27 @@ handle_options(Opts) -> end. -algs_compatibility(Os) -> +algs_compatibility(Os0) -> %% Take care of old options 'public_key_alg' and 'pref_public_key_algs' - comp_pk(proplists:get_value(preferred_algorithms,Os), - proplists:get_value(pref_public_key_algs,Os), - proplists:get_value(public_key_alg, Os), - [{K,V} || {K,V} <- Os, - K =/= public_key_alg, - K =/= pref_public_key_algs] - ). - -comp_pk(undefined, undefined, undefined, Os) -> Os; -comp_pk( PrefAlgs, _, _, Os) when PrefAlgs =/= undefined -> Os; - -comp_pk(undefined, undefined, ssh_dsa, Os) -> comp_pk(undefined, undefined, 'ssh-dss', Os); -comp_pk(undefined, undefined, ssh_rsa, Os) -> comp_pk(undefined, undefined, 'ssh-rsa', Os); -comp_pk(undefined, undefined, PK, Os) -> - PKs = [PK | ssh_transport:supported_algorithms(public_key)--[PK]], - [{preferred_algorithms, [{public_key,PKs}] } | Os]; - -comp_pk(undefined, PrefPKs, _, Os) when PrefPKs =/= undefined -> - PKs = [case PK of - ssh_dsa -> 'ssh-dss'; - ssh_rsa -> 'ssh-rsa'; - _ -> PK - end || PK <- PrefPKs], - [{preferred_algorithms, [{public_key,PKs}]} | Os]. + case proplists:get_value(public_key_alg, Os0) of + undefined -> + Os0; + A when is_atom(A) -> + %% Skip public_key_alg if pref_public_key_algs is defined: + Os = lists:keydelete(public_key_alg, 1, Os0), + case proplists:get_value(pref_public_key_algs,Os) of + undefined when A == 'ssh-rsa' ; A==ssh_rsa -> + [{pref_public_key_algs,['ssh-rsa','ssh-dss']} | Os]; + undefined when A == 'ssh-dss' ; A==ssh_dsa -> + [{pref_public_key_algs,['ssh-dss','ssh-rsa']} | Os]; + undefined -> + throw({error, {eoptions, {public_key_alg,A} }}); + _ -> + Os + end; + V -> + throw({error, {eoptions, {public_key_alg,V} }}) + end. handle_option([], SocketOptions, SshOptions) -> @@ -411,6 +399,8 @@ handle_option([{auth_methods, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{auth_method_kb_interactive_data, _} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{pref_public_key_algs, _} = Opt | Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{preferred_algorithms,_} = Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{dh_gex_groups,_} = Opt | Rest], SocketOptions, SshOptions) -> @@ -522,6 +512,13 @@ handle_ssh_option({dh_gex_limits,{Min,I,Max}} = Opt) when is_integer(Min), Min>0 is_integer(Max), Max>=I -> %% Client Opt; +handle_ssh_option({pref_public_key_algs, Value} = Opt) when is_list(Value), length(Value) >= 1 -> + case handle_user_pref_pubkey_algs(Value, []) of + {true, NewOpts} -> + {pref_public_key_algs, NewOpts}; + _ -> + throw({error, {eoptions, Opt}}) + end; handle_ssh_option({connect_timeout, Value} = Opt) when is_integer(Value); Value == infinity -> Opt; handle_ssh_option({max_sessions, Value} = Opt) when is_integer(Value), Value>0 -> @@ -780,3 +777,16 @@ read_moduli_file(D, I, Acc) -> end end. +handle_user_pref_pubkey_algs([], Acc) -> + {true, lists:reverse(Acc)}; +handle_user_pref_pubkey_algs([H|T], Acc) -> + case lists:member(H, ?SUPPORTED_USER_KEYS) of + true -> + handle_user_pref_pubkey_algs(T, [H| Acc]); + + false when H==ssh_dsa -> handle_user_pref_pubkey_algs(T, ['ssh-dss'| Acc]); + false when H==ssh_rsa -> handle_user_pref_pubkey_algs(T, ['ssh-rsa'| Acc]); + + false -> + false + end. diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index 8efc743b67..f88098819d 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -33,6 +33,9 @@ -define(REKEY_DATA_TIMOUT, 60000). -define(DEFAULT_PROFILE, default). +-define(SUPPORTED_AUTH_METHODS, "publickey,keyboard-interactive,password"). +-define(SUPPORTED_USER_KEYS, ['ssh-rsa','ssh-dss','ecdsa-sha2-nistp256','ecdsa-sha2-nistp384','ecdsa-sha2-nistp521']). + -define(FALSE, 0). -define(TRUE, 1). %% basic binary constructors diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 4967a2e4cd..0d38c563ba 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -118,11 +118,7 @@ init_userauth_request_msg(#ssh{opts = Opts} = Ssh) -> service = "ssh-connection", method = "none", data = <<>>}, - - - Algs = proplists:get_value(public_key, - proplists:get_value(preferred_algorithms, Opts, []), - ssh_transport:default_algorithms(public_key)), + Algs = proplists:get_value(pref_public_key_algs, Opts, ?SUPPORTED_USER_KEYS), Prefs = method_preference(Algs), ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, userauth_preference = Prefs, diff --git a/lib/ssh/src/ssh_auth.hrl b/lib/ssh/src/ssh_auth.hrl index 5197a42fa4..449bc4fa45 100644 --- a/lib/ssh/src/ssh_auth.hrl +++ b/lib/ssh/src/ssh_auth.hrl @@ -22,7 +22,6 @@ %%% Description: Ssh User Authentication Protocol --define(SUPPORTED_AUTH_METHODS, "publickey,keyboard-interactive,password"). -define(SSH_MSG_USERAUTH_REQUEST, 50). -define(SSH_MSG_USERAUTH_FAILURE, 51). -- cgit v1.2.3 From 08401d7b2fc7ba8a50ac478ce6b99a8be646f9fb Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 4 Dec 2015 15:42:57 +0100 Subject: ssh: ssh_auth checks support for user pubkey alg --- lib/ssh/src/ssh_auth.erl | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 0d38c563ba..fdbb5c152a 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -118,7 +118,16 @@ init_userauth_request_msg(#ssh{opts = Opts} = Ssh) -> service = "ssh-connection", method = "none", data = <<>>}, - Algs = proplists:get_value(pref_public_key_algs, Opts, ?SUPPORTED_USER_KEYS), + Algs0 = proplists:get_value(pref_public_key_algs, Opts, ?SUPPORTED_USER_KEYS), + %% The following line is not strictly correct. The call returns the + %% supported HOST key types while we are interested in USER keys. However, + %% they "happens" to be the same (for now). This could change.... + %% There is no danger as long as the set of user keys is a subset of the set + %% of host keys. + CryptoSupported = ssh_transport:supported_algorithms(public_key), + Algs = [A || A <- Algs0, + lists:member(A, CryptoSupported)], + Prefs = method_preference(Algs), ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, userauth_preference = Prefs, -- cgit v1.2.3 From 58aff4fafed973059167ea64b6109ce2fec03fe1 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 4 Dec 2015 15:43:52 +0100 Subject: ssh: tests skips if not supported crypto --- lib/ssh/test/ssh_basic_SUITE.erl | 56 +++++++++++++++++++--------------- lib/ssh/test/ssh_renegotiate_SUITE.erl | 24 +++++++++++---- 2 files changed, 50 insertions(+), 30 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 5ce6d172e1..85a6bac972 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -525,32 +525,40 @@ exec_key_differs3(Config) -> exec_key_differs(Config, ['ecdsa-sha2-nistp384','ec exec_key_differs(Config, UserPKAlgs) -> - process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system_rsa), - SystemUserDir = filename:join(SystemDir, user), - UserDir = filename:join(?config(priv_dir, Config), user_ecdsa_256), + case lists:usort(['ssh-rsa'|UserPKAlgs]) + -- ssh_transport:supported_algorithms(public_key) + of + [] -> + process_flag(trap_exit, true), + SystemDir = filename:join(?config(priv_dir, Config), system_rsa), + SystemUserDir = filename:join(SystemDir, user), + UserDir = filename:join(?config(priv_dir, Config), user_ecdsa_256), - {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {user_dir, SystemUserDir}, - {preferred_algorithms, - [{public_key,['ssh-rsa']}]}]), - ct:sleep(500), - - IO = ssh_test_lib:start_io_server(), - Shell = ssh_test_lib:start_shell(Port, IO, UserDir, - [{preferred_algorithms,[{public_key,['ssh-rsa']}]}, - {pref_public_key_algs,UserPKAlgs} - ]), - + {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, + {user_dir, SystemUserDir}, + {preferred_algorithms, + [{public_key,['ssh-rsa']}]}]), + ct:sleep(500), + + IO = ssh_test_lib:start_io_server(), + Shell = ssh_test_lib:start_shell(Port, IO, UserDir, + [{preferred_algorithms,[{public_key,['ssh-rsa']}]}, + {pref_public_key_algs,UserPKAlgs} + ]), + + + receive + {'EXIT', _, _} -> + ct:fail(no_ssh_connection); + ErlShellStart -> + ct:log("Erlang shell start: ~p~n", [ErlShellStart]), + do_shell(IO, Shell) + after + 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) + end; - receive - {'EXIT', _, _} -> - ct:fail(no_ssh_connection); - ErlShellStart -> - ct:log("Erlang shell start: ~p~n", [ErlShellStart]), - do_shell(IO, Shell) - after - 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) + UnsupportedPubKeys -> + {skip, io_lib:format("~p unsupported",[UnsupportedPubKeys])} end. %%-------------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_renegotiate_SUITE.erl b/lib/ssh/test/ssh_renegotiate_SUITE.erl index 227dfcddcd..e5cfa58bad 100644 --- a/lib/ssh/test/ssh_renegotiate_SUITE.erl +++ b/lib/ssh/test/ssh_renegotiate_SUITE.erl @@ -57,9 +57,15 @@ end_per_suite(_Config) -> %%-------------------------------------------------------------------- init_per_group(aes_gcm, Config) -> - [{preferred_algorithms, [{cipher,[{client2server,['aes128-gcm@openssh.com']}, - {server2client,['aes128-gcm@openssh.com']}]}]} - | Config]; + case lists:member({client2server,['aes128-gcm@openssh.com']}, + ssh_transport:supported_algorithms(cipher)) of + true -> + [{preferred_algorithms, [{cipher,[{client2server,['aes128-gcm@openssh.com']}, + {server2client,['aes128-gcm@openssh.com']}]}]} + | Config]; + false -> + {skip, "aes_gcm not supported"} + end; init_per_group(_, Config) -> [{preferred_algorithms, ssh:default_algorithms()} | Config]. @@ -107,7 +113,9 @@ rekey_limit(Config) -> UserDir = ?config(priv_dir, Config), DataFile = filename:join(UserDir, "rekey.data"), - {Pid, Host, Port} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}]), + Algs = ?config(preferred_algorithms, Config), + {Pid, Host, Port} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}, + {preferred_algorithms,Algs}]), ConnectionRef = ssh_test_lib:std_connect(Config, Host, Port, [{rekey_limit, 6000}, {max_random_length_padding,0}]), @@ -151,7 +159,9 @@ renegotiate1(Config) -> UserDir = ?config(priv_dir, Config), DataFile = filename:join(UserDir, "renegotiate1.data"), - {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}]), + Algs = ?config(preferred_algorithms, Config), + {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}, + {preferred_algorithms,Algs}]), RPort = ssh_test_lib:inet_port(), {ok,RelayPid} = ssh_relay:start_link({0,0,0,0}, RPort, Host, DPort), @@ -189,7 +199,9 @@ renegotiate2(Config) -> UserDir = ?config(priv_dir, Config), DataFile = filename:join(UserDir, "renegotiate2.data"), - {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}]), + Algs = ?config(preferred_algorithms, Config), + {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}, + {preferred_algorithms,Algs}]), RPort = ssh_test_lib:inet_port(), {ok,RelayPid} = ssh_relay:start_link({0,0,0,0}, RPort, Host, DPort), -- cgit v1.2.3 From 52701a71707e44bef90c7ad8db8dc8a0f9a1feaf Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 7 Dec 2015 14:38:22 +0100 Subject: ssh: Add testcase precondition --- lib/ssh/test/ssh_to_openssh_SUITE.erl | 80 +++++++++++++++++------------------ 1 file changed, 40 insertions(+), 40 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index d1dfa2efdf..18690d8669 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -96,19 +96,9 @@ end_per_group(_, Config) -> init_per_testcase(erlang_server_openssh_client_public_key_dsa, Config) -> - case ssh_test_lib:openssh_supports(sshc, public_key, 'ssh-dss') of - true -> - init_per_testcase('__default__',Config); - false -> - {skip,"openssh client does not support DSA"} - end; + chk_key(sshc, 'ssh-dss', ".ssh/id_dsa", Config); init_per_testcase(erlang_client_openssh_server_publickey_dsa, Config) -> - case ssh_test_lib:openssh_supports(sshd, public_key, 'ssh-dss') of - true -> - init_per_testcase('__default__',Config); - false -> - {skip,"openssh client does not support DSA"} - end; + chk_key(sshd, 'ssh-dss', ".ssh/id_dsa", Config); init_per_testcase(_TestCase, Config) -> ssh:start(), Config. @@ -117,6 +107,27 @@ end_per_testcase(_TestCase, _Config) -> ssh:stop(), ok. + +chk_key(Pgm, Name, File, Config) -> + case ssh_test_lib:openssh_supports(Pgm, public_key, Name) of + true -> + {skip,lists:concat(["openssh client does not support ",Name])}; + false -> + {ok,[[Home]]} = init:get_argument(home), + KeyFile = filename:join(Home, File), + case file:read_file(KeyFile) of + {ok, Pem} -> + case public_key:pem_decode(Pem) of + [{_,_, not_encrypted}] -> + init_per_testcase('__default__',Config); + _ -> + {skip, {error, "Has pass phrase can not be used by automated test case"}} + end; + _ -> + {skip, lists:concat(["no ~/",File])} + end + end. + %%-------------------------------------------------------------------- %% Test Cases -------------------------------------------------------- %%-------------------------------------------------------------------- @@ -328,27 +339,16 @@ erlang_client_openssh_server_publickey_rsa(Config) when is_list(Config) -> erlang_client_openssh_server_publickey_dsa() -> [{doc, "Validate using dsa publickey."}]. erlang_client_openssh_server_publickey_dsa(Config) when is_list(Config) -> - {ok,[[Home]]} = init:get_argument(home), - KeyFile = filename:join(Home, ".ssh/id_dsa"), - case file:read_file(KeyFile) of - {ok, Pem} -> - case public_key:pem_decode(Pem) of - [{_,_, not_encrypted}] -> - ConnectionRef = - ssh_test_lib:connect(?SSH_DEFAULT_PORT, - [{public_key_alg, ssh_dsa}, - {user_interaction, false}, - silently_accept_hosts]), - {ok, Channel} = - ssh_connection:session_channel(ConnectionRef, infinity), - ok = ssh_connection:close(ConnectionRef, Channel), - ok = ssh:close(ConnectionRef); - _ -> - {skip, {error, "Has pass phrase can not be used by automated test case"}} - end; - _ -> - {skip, "no ~/.ssh/id_dsa"} - end. + ConnectionRef = + ssh_test_lib:connect(?SSH_DEFAULT_PORT, + [{public_key_alg, ssh_dsa}, + {user_interaction, false}, + silently_accept_hosts]), + {ok, Channel} = + ssh_connection:session_channel(ConnectionRef, infinity), + ok = ssh_connection:close(ConnectionRef, Channel), + ok = ssh:close(ConnectionRef). + %%-------------------------------------------------------------------- erlang_server_openssh_client_public_key_dsa() -> [{doc, "Validate using dsa publickey."}]. @@ -360,7 +360,7 @@ erlang_server_openssh_client_public_key_dsa(Config) when is_list(Config) -> {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {public_key_alg, ssh_dsa}, {failfun, fun ssh_test_lib:failfun/2}]), - + ct:sleep(500), Cmd = "ssh -p " ++ integer_to_list(Port) ++ @@ -369,12 +369,12 @@ erlang_server_openssh_client_public_key_dsa(Config) when is_list(Config) -> SshPort = open_port({spawn, Cmd}, [binary]), receive - {SshPort,{data, <<"2\n">>}} -> + {SshPort,{data, <<"2\n">>}} -> ok after ?TIMEOUT -> ct:fail("Did not receive answer") end, - ssh:stop_daemon(Pid). + ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- erlang_client_openssh_server_password() -> @@ -384,10 +384,10 @@ erlang_client_openssh_server_password(Config) when is_list(Config) -> UserDir = ?config(data_dir, Config), {error, Reason0} = ssh:connect(any, ?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, - {user, "foo"}, - {password, "morot"}, - {user_interaction, false}, - {user_dir, UserDir}]), + {user, "foo"}, + {password, "morot"}, + {user_interaction, false}, + {user_dir, UserDir}]), ct:log("Test of user foo that does not exist. " "Error msg: ~p~n", [Reason0]), -- cgit v1.2.3 From b424835b0d08c9fdf2650782e481e3e7a08eb1ae Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 7 Dec 2015 15:06:49 +0100 Subject: ssh: add check for available ipv6 addr in test case --- lib/ssh/test/ssh_basic_SUITE.erl | 8 ++++++++ lib/ssh/test/ssh_test_lib.erl | 12 ++++++++++++ 2 files changed, 20 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 85a6bac972..6c4c215b3d 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -311,6 +311,14 @@ init_per_testcase(TC, Config) when TC==shell_no_unicode ; ct:log("file:native_name_encoding() = ~p,~nio:getopts() = ~p", [file:native_name_encoding(),io:getopts()]), wait_for_erlang_first_line([{io,IO}, {shell,Shell}, {sftpd, Sftpd} | Config]); + +init_per_testcase(inet6_option, Config) -> + case ssh_test_lib:has_inet6_address() of + true -> + init_per_testcase('__default__', Config); + false -> + {skip,"No ipv6 interface address"} + end; init_per_testcase(_TestCase, Config) -> ssh:start(), Config. diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 424afc76fe..ed76f4f795 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -646,3 +646,15 @@ ssh_supports(Alg, SshDefaultAlg_tag) -> {false,UnSup} end end. + +%%%---------------------------------------------------------------- +has_inet6_address() -> + try + [throw(6) || {ok,L} <- [inet:getifaddrs()], + {_,L1} <- L, + {addr,{_,_,_,_,_,_,_,_}} <- L1] + of + [] -> false + catch + throw:6 -> true + end. -- cgit v1.2.3 From 7061105f5a8458486d43183a8b925c203b7a21fe Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 7 Dec 2015 15:15:33 +0100 Subject: ssh: add econnaborted as correct tcp disconnect reason in testcase --- lib/ssh/test/ssh_protocol_SUITE.erl | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 4639904061..5af60adfae 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -279,7 +279,9 @@ no_common_alg_server_disconnects(Config) -> {send, ssh_msg_kexinit}, % with server unsupported 'ssh-dss' ! {match, {'or',[#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, _='_'}, - tcp_closed]}, + tcp_closed, + {tcp_error,econnaborted} + ]}, receive_msg} ] ). @@ -475,7 +477,8 @@ bad_packet_length(Config, LengthExcess) -> %% Prohibit remote decoder starvation: {send, #ssh_msg_service_request{name="ssh-userauth"}}, {match, {'or',[#ssh_msg_disconnect{_='_'}, - tcp_closed + tcp_closed, + {tcp_error,econnaborted} ]}, receive_msg} ], InitialState). @@ -507,7 +510,8 @@ bad_service_name_length(Config, LengthExcess) -> %% Prohibit remote decoder starvation: {send, #ssh_msg_service_request{name="ssh-userauth"}}, {match, {'or',[#ssh_msg_disconnect{_='_'}, - tcp_closed + tcp_closed, + {tcp_error,econnaborted} ]}, receive_msg} ], InitialState). -- cgit v1.2.3 From b8ac85a0673d06606c6523e4bb8f46e1034d0638 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 7 Dec 2015 18:38:54 +0100 Subject: ssh: fix error for bad packet lengths found by Defensics --- lib/ssh/src/ssh_connection_handler.erl | 20 ++++++++++++++++++-- lib/ssh/src/ssh_transport.erl | 5 +---- 2 files changed, 19 insertions(+), 6 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 516a09bf6a..0eaeba26a9 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -999,7 +999,8 @@ handle_info({Protocol, Socket, Data}, StateName, encoded_data_buffer = EncData0, undecoded_packet_length = RemainingSshPacketLen0} = State0) -> Encoded = <>, - case ssh_transport:handle_packet_part(DecData0, Encoded, RemainingSshPacketLen0, Ssh0) of + try ssh_transport:handle_packet_part(DecData0, Encoded, RemainingSshPacketLen0, Ssh0) + of {get_more, DecBytes, EncDataRest, RemainingSshPacketLen, Ssh1} -> {next_state, StateName, next_packet(State0#state{encoded_data_buffer = EncDataRest, @@ -1021,7 +1022,22 @@ handle_info({Protocol, Socket, Data}, StateName, #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, description = "Bad mac", language = ""}, - handle_disconnect(DisconnectMsg, State0#state{ssh_params=Ssh1}) + handle_disconnect(DisconnectMsg, State0#state{ssh_params=Ssh1}); + + {error, {exceeds_max_size,PacketLen}} -> + DisconnectMsg = + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Bad packet length " + ++ integer_to_list(PacketLen), + language = ""}, + handle_disconnect(DisconnectMsg, State0) + catch + _:_ -> + DisconnectMsg = + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Bad packet", + language = ""}, + handle_disconnect(DisconnectMsg, State0) end; handle_info({CloseTag, _Socket}, _StateName, diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 67a0d29bb8..18037b8461 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -1004,10 +1004,7 @@ handle_packet_part(<<>>, Encrypted0, undefined, #ssh{decrypt = CryptoAlg} = Ssh0 {ok, PacketLen, _, _, _} when PacketLen > ?SSH_MAX_PACKET_SIZE -> %% far too long message than expected - throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad packet length " - ++ integer_to_list(PacketLen), - language = ""}); + {error, {exceeds_max_size,PacketLen}}; {ok, PacketLen, Decrypted, Encrypted1, #ssh{recv_mac_size = MacSize} = Ssh1} -> -- cgit v1.2.3 From bb1a28deb139c34e2425e08e11f55480f5de6526 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 7 Dec 2015 19:39:28 +0100 Subject: ssh: fix error for data fields errors --- lib/ssh/src/ssh_connection_handler.erl | 80 +++++++++++++++++++--------------- 1 file changed, 45 insertions(+), 35 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 0eaeba26a9..f082db136c 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1408,44 +1408,54 @@ generate_event(<> = Msg, StateName, Byte == ?SSH_MSG_CHANNEL_REQUEST; Byte == ?SSH_MSG_CHANNEL_SUCCESS; Byte == ?SSH_MSG_CHANNEL_FAILURE -> - ConnectionMsg = ssh_message:decode(Msg), - State1 = generate_event_new_state(State0, EncData), - try ssh_connection:handle_msg(ConnectionMsg, Connection0, Role) of - {{replies, Replies0}, Connection} -> - if StateName == connected -> - Replies = Replies0, - State2 = State1; - true -> - {ConnReplies, Replies} = - lists:splitwith(fun not_connected_filter/1, Replies0), - Q = State1#state.event_queue ++ ConnReplies, - State2 = State1#state{ event_queue = Q } - end, - State = send_replies(Replies, State2#state{connection_state = Connection}), - {next_state, StateName, next_packet(State)}; - {noreply, Connection} -> - {next_state, StateName, next_packet(State1#state{connection_state = Connection})}; - {disconnect, {_, Reason}, {{replies, Replies}, Connection}} when - Role == client andalso ((StateName =/= connected) and (not Renegotiation)) -> - State = send_replies(Replies, State1#state{connection_state = Connection}), - User ! {self(), not_connected, Reason}, - {stop, {shutdown, normal}, - next_packet(State#state{connection_state = Connection})}; - {disconnect, _Reason, {{replies, Replies}, Connection}} -> - State = send_replies(Replies, State1#state{connection_state = Connection}), - {stop, {shutdown, normal}, State#state{connection_state = Connection}} + try + ssh_message:decode(Msg) + of + ConnectionMsg -> + State1 = generate_event_new_state(State0, EncData), + try ssh_connection:handle_msg(ConnectionMsg, Connection0, Role) of + {{replies, Replies0}, Connection} -> + if StateName == connected -> + Replies = Replies0, + State2 = State1; + true -> + {ConnReplies, Replies} = + lists:splitwith(fun not_connected_filter/1, Replies0), + Q = State1#state.event_queue ++ ConnReplies, + State2 = State1#state{ event_queue = Q } + end, + State = send_replies(Replies, State2#state{connection_state = Connection}), + {next_state, StateName, next_packet(State)}; + {noreply, Connection} -> + {next_state, StateName, next_packet(State1#state{connection_state = Connection})}; + {disconnect, {_, Reason}, {{replies, Replies}, Connection}} when + Role == client andalso ((StateName =/= connected) and (not Renegotiation)) -> + State = send_replies(Replies, State1#state{connection_state = Connection}), + User ! {self(), not_connected, Reason}, + {stop, {shutdown, normal}, + next_packet(State#state{connection_state = Connection})}; + {disconnect, _Reason, {{replies, Replies}, Connection}} -> + State = send_replies(Replies, State1#state{connection_state = Connection}), + {stop, {shutdown, normal}, State#state{connection_state = Connection}} + catch + _:Error -> + {disconnect, _Reason, {{replies, Replies}, Connection}} = + ssh_connection:handle_msg( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + description = "Internal error", + language = "en"}, Connection0, Role), + State = send_replies(Replies, State1#state{connection_state = Connection}), + {stop, {shutdown, Error}, State#state{connection_state = Connection}} + end + catch - _:Error -> - {disconnect, _Reason, {{replies, Replies}, Connection}} = - ssh_connection:handle_msg( - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, - description = "Internal error", - language = "en"}, Connection0, Role), - State = send_replies(Replies, State1#state{connection_state = Connection}), - {stop, {shutdown, Error}, State#state{connection_state = Connection}} + _:_ -> + handle_disconnect( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Bad packet received", + language = ""}, State0) end; - generate_event(Msg, StateName, State0, EncData) -> try Event = ssh_message:decode(set_prefix_if_trouble(Msg,State0)), -- cgit v1.2.3 From 8a6a4c6f289a8326e52af52a232f6d89e63a7068 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 8 Dec 2015 16:25:18 +0100 Subject: ssh: more info from failed case --- lib/ssh/test/ssh_to_openssh_SUITE.erl | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 18690d8669..02cc79e4d5 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -366,13 +366,17 @@ erlang_server_openssh_client_public_key_dsa(Config) when is_list(Config) -> Cmd = "ssh -p " ++ integer_to_list(Port) ++ " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " 1+1.", - SshPort = open_port({spawn, Cmd}, [binary]), + SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), receive {SshPort,{data, <<"2\n">>}} -> ok after ?TIMEOUT -> - ct:fail("Did not receive answer") + receive + X -> ct:fail("Received: ~p",[X]) + after 0 -> + ct:fail("Did not receive answer") + end end, ssh:stop_daemon(Pid). -- cgit v1.2.3 From 909fa9fc39bee9d12d35bc9a82049b3d940fdd0c Mon Sep 17 00:00:00 2001 From: Lars Thorsen Date: Thu, 10 Dec 2015 09:28:13 +0100 Subject: [ssh] Align documentation to DTD --- lib/ssh/doc/src/ssh.xml | 28 +++++++++++----------- lib/ssh/doc/src/ssh_app.xml | 43 +++++++++++++++++----------------- lib/ssh/doc/src/ssh_connection.xml | 14 +++++------ lib/ssh/doc/src/ssh_server_key_api.xml | 4 ++-- lib/ssh/doc/src/ssh_sftp.xml | 31 +++++++++++++----------- 5 files changed, 62 insertions(+), 58 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index b3f850fc38..850557444d 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -4,7 +4,7 @@

- 20042014 + 20042015 Ericsson AB. All Rights Reserved. @@ -418,10 +418,10 @@

- -
where: -
PromptTexts = kb_int_tuple() | fun(Peer::{IP::tuple(),Port::integer()}, User::string(), Service::string()) -> kb_int_tuple() -
kb_int_tuple() = {Name::string(), Instruction::string(), Prompt::string(), Echo::boolean()} + +
where: +
PromptTexts = kb_int_tuple() | fun(Peer::{IP::tuple(),Port::integer()}, User::string(), Service::string()) -> kb_int_tuple() +
kb_int_tuple() = {Name::string(), Instruction::string(), Prompt::string(), Echo::boolean()}

Sets the text strings that the daemon sends to the client for presentation to the user when using keyboar-interactive authentication. If the fun/3 is used, it is called when the actual authentication occurs and may therefore return dynamic data like time, remote ip etc.

@@ -516,29 +516,29 @@

Provides a function for password validation. This could used for calling an external system or if passwords should be stored as a hash. The fun returns: - - true if the user and password is valid and - false otherwise. -

+ + true if the user and password is valid and + false otherwise. +

This fun can also be used to make delays in authentication tries for example by calling timer:sleep/1. To facilitate counting of failed tries the State variable could be used. This state is per connection only. The first time the pwdfun is called for a connection, the State variable has the value undefined. The pwdfun can return - in addition to the values above - a new state as: - - {true, NewState:any()} if the user and password is valid or - {false, NewState:any()} if the user or password is invalid -

+ + {true, NewState:any()} if the user and password is valid or + {false, NewState:any()} if the user or password is invalid +

A third usage is to block login attempts from a missbehaving peer. The State described above can be used for this. In addition to the responses above, the following return value is introduced: +

disconnect if the connection should be closed immediately after sending a SSH_MSG_DISCONNECT message. -

boolean()}]]> diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 79dd1e210e..f6ce44c015 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -4,7 +4,7 @@
- 20122013 + 20122015 Ericsson AB. All Rights Reserved. @@ -214,21 +214,21 @@

The following rfc:s are supported:

RFC 4251, The Secure Shell (SSH) Protocol Architecture. -

Except +

Except

9.4.6 Host-Based Authentication 9.5.2 Proxy Forwarding 9.5.3 X11 Forwarding -

+

RFC 4252, The Secure Shell (SSH) Authentication Protocol. -

Except +

Except

9. Host-Based Authentication: "hostbased" -

+

RFC 4253, The Secure Shell (SSH) Transport Layer Protocol. @@ -236,32 +236,32 @@ RFC 4254, The Secure Shell (SSH) Connection Protocol. -

Except +

Except

6.3. X11 Forwarding 7. TCP/IP Port Forwarding -

+

RFC 4256, Generic Message Exchange Authentication for the Secure Shell Protocol (SSH). -

Except +

Except

num-prompts > 1 password changing other identification methods than userid-password -

+

RFC 4419, Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol. -

+

RFC 4716, The Secure Shell (SSH) Public Key File Format. -

+

RFC 5647, AES Galois Counter Mode for @@ -270,34 +270,35 @@ This is resolved by OpenSSH in the ciphers aes128-gcm@openssh.com and aes256-gcm@openssh.com which are implemented. If the explicit ciphers and macs AEAD_AES_128_GCM or AEAD_AES_256_GCM are needed, they could be enabled with the option preferred_algorithms. +

- If the client or the server is not Erlang/OTP, it is the users responsibility to check that - other implementation has the same interpretation of AEAD_AES_*_GCM as the Erlang/OTP SSH before - enabling them. The aes*-gcm@openssh.com variants are always safe to use since they lack the - ambiguity. +

+ If the client or the server is not Erlang/OTP, it is the users responsibility to check that + other implementation has the same interpretation of AEAD_AES_*_GCM as the Erlang/OTP SSH before + enabling them. The aes*-gcm@openssh.com variants are always safe to use since they lack the + ambiguity. +

-

-

The second paragraph in section 5.1 is resolved as: +

The second paragraph in section 5.1 is resolved as:

If the negotiated cipher is AEAD_AES_128_GCM, the mac algorithm is set to AEAD_AES_128_GCM. If the negotiated cipher is AEAD_AES_256_GCM, the mac algorithm is set to AEAD_AES_256_GCM. If the mac algorithm is AEAD_AES_128_GCM, the cipher is set to AEAD_AES_128_GCM. If the mac algorithm is AEAD_AES_256_GCM, the cipher is set to AEAD_AES_256_GCM. - The first rule that matches when read in order from the top is applied -

+

The first rule that matches when read in order from the top is applied

 RFC 5656, Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer. -

Except +

Except

5. ECMQV Key Exchange 6.4. ECMQV Key Exchange and Verification Method Name 7.2. ECMQV Message Numbers 10.2. Recommended Curves -

+

RFC 6668, SHA-2 Data Integrity Verification for diff --git a/lib/ssh/doc/src/ssh_connection.xml b/lib/ssh/doc/src/ssh_connection.xml index 064a623eb6..150d46a9a2 100644 --- a/lib/ssh/doc/src/ssh_connection.xml +++ b/lib/ssh/doc/src/ssh_connection.xml @@ -5,7 +5,7 @@

2008 - 2014 + 2015 Ericsson AB, All Rights Reserved @@ -31,15 +31,15 @@
ssh_connection - This module provides API functions to send - SSH Connection Protocol - events to the other side of an SSH channel. + + This module provides API functions to send SSH Connection Protocol + events to the other side of an SSH channel. -

The SSH Connection Protocol is used by clients and servers, - that is, SSH channels, to communicate over the SSH connection. The - API functions in this module send SSH Connection Protocol events, +

The SSH Connection Protocol + is used by clients and servers, that is, SSH channels, to communicate over the + SSH connection. The API functions in this module send SSH Connection Protocol events, which are received as messages by the remote channel. If the receiving channel is an Erlang process, the messages have the format diff --git a/lib/ssh/doc/src/ssh_server_key_api.xml b/lib/ssh/doc/src/ssh_server_key_api.xml index efb2c436e8..a0694ca8d9 100644 --- a/lib/ssh/doc/src/ssh_server_key_api.xml +++ b/lib/ssh/doc/src/ssh_server_key_api.xml @@ -5,7 +5,7 @@

2012 - 2013 + 2015 Ericsson AB, All Rights Reserved @@ -75,7 +75,7 @@ Host key algorithm. Is to support 'ssh-rsa' | 'ssh-dss', but more algorithms can be handled. DaemonOptions = proplists:proplist() - Options provided to ssh:daemon/[2,3]. + Options provided to ssh:daemon/[2,3]. Key = private_key() Private key of the host matching the Algorithm. Reason = term() diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index 17800fac5d..c6ca0f161a 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -4,7 +4,7 @@
- 20052014 + 20052015 Ericsson AB. All Rights Reserved. @@ -61,20 +61,23 @@ - apread(ChannelPid, Handle, Position, Len) -> {async, N} | {error, Error} - ChannelPid = pid() - Handle = term() - Position = integer() - Len = integer() - N = term() - Reason = term() - -

The function reads from a specified position, - combining the and functions.

+ apread(ChannelPid, Handle, Position, Len) -> {async, N} | {error, Reason} + Reads asynchronously from an open file. + + ChannelPid = pid() + Handle = term() + Position = integer() + Len = integer() + N = term() + Reason = term() + + +

The function reads from a specified position, + combining the and functions.

ssh_sftp:apread/4

 - - - + + + apwrite(ChannelPid, Handle, Position, Data) -> ok | {error, Reason} Writes asynchronously to an open file. -- cgit v1.2.3 From f4a0ae1736216feac5ae053610644bba2e12ed34 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 15 Dec 2015 09:45:27 +0100 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 185 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 185 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 010b1b15c7..8fb689fdd5 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,191 @@ notes.xml
+
Ssh 4.2 + +
Fixed Bugs and Malfunctions + + +

+ Better error handling in ssh_file. There was some rare + errors when a NFS-mounted file was opened by ssh_file and + then remotely deleted during reading. That caused an + endless loop.

+

+ That bug is now fixed.

+

+ Own Id: OTP-12699 Aux Id: OTP-11688

+ + +

+ Fixed a bug in the compression algorithm + zlib@openssh.com.

+

+ Own Id: OTP-12759

+ + +

+ It is now possible to start more than one daemon with a + file descriptor given in option fd. Each daemon must of + course have a unique file descriptor.

+

+ Own Id: OTP-12966 Aux Id: seq12945

+ + +

+ Fixed a bug that caused the option dh_gex_limit to + be ignored.

+

+ Own Id: OTP-13029

+ + +

+ A problem is fixed with the ssh:connect option + pref_public_key_algs specifying user keys.

+

+ Own Id: OTP-13158

+ + +
+ + +
Improvements and New Features + + +

+ Document updates in the ssh reference manual: app doc + file and ssh_connection.

+

+ Own Id: OTP-12003

+ + +

+ The authorization phase is made stateful to prevent ssh + acting on messages sent in wrong order.

+

+ Own Id: OTP-12787

+ + +

+ Testcases for bad message lengths and for bad subfield + lengths added.

+

+ Own Id: OTP-12792 Aux Id: Codenomicon #5214, 6166

+ + +

+ The 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384' and + 'ecdsa-sha2-nistp521' signature algorithms for ssh are + implemented. See RFC 5656.

+

+ Own Id: OTP-12936

+ + +

+ The crypto algorithms 'aes192-ctr' and 'aes256-ctr' are + implemented. See RFC 4344.

+

+ Own Id: OTP-12939

+ + +

+ The ciphers and macs AEAD_AES_128_GCM and + AEAD_AES_256_GCM are implemented but not enabled per + default. See the SSH App Reference Manual and RFC5647 for + details.

+

+ The ciphers aes128-gcm@openssh.com and + aes256-gcm@openssh.com are also implemented and available + in the default configuration.

+

+ Own Id: OTP-13018

+ + +

+ The ssh:daemon option dh_gex_groups is extended to read a + user provided ssh moduli file with generator-modulus + pairs. The file is in openssh format.

+

+ Own Id: OTP-13052 Aux Id: OTP-13054

+ + +

+ There is now a file (public_key/priv/moduli) which lists + size-generator-modulus triples. The purpose is to give + servers the possibility to select the crypto primes + randomly among a list of pregenerated triples. This + reduces the risk for some attacks on diffie-hellman + negotiation.

+

+ See the reference manual for public_key:dh_gex_group/4 + where the handling of this is described.

+

+ The ssh server (ssh:daemon) uses this.

+

+ Own Id: OTP-13054 Aux Id: OTP-13052

+ + +

+ The ssh:daemon option pwdfun now also takes a fun/4. This + enables the user to 1) check userid-password in another + way than the builtin algorithm, 2) implement rate + limiting per user or source IP or IP+Port, and 3) + implement blocking of missbehaving peers.

+

+ The old fun/2 still works as previously.

+

+ Own Id: OTP-13055 Aux Id: OTP-13053

+ + +

+ There is now a new option to make the server limit the + size range of moduli available for the diffie-hellman + group exchange negotiation. See option + {dh_gex_limits,{Min,Max}} in ssh:daemon/3.

+

+ Own Id: OTP-13066

+ + +

+ Ecdh key exchange now validates compressed and + uncompressed keys as defined in rfc5656

+

+ Own Id: OTP-13067

+ + +

+ Search order for the .ssh directory are changed so + $HOME is tried before + init:get_argument(home).

+

+ Own Id: OTP-13109

+ + +

+ The sftp receive window handling is optimized so it will + not update the remote end too often. This makes "sftp + mget" considerable faster.

+

+ Own Id: OTP-13130

+ + +

+ The option key_cb is extended to take an optional + list that is passed to the callback module as an option. + With this it is possible to have different keys depending + on which host that is connected. Another possibility is + to write a callback module that fetches keys etc from a + database.

+

+ Thanks to Vipin Nair.

+

+ Own Id: OTP-13156

+ + +
+ +
+
Ssh 4.1.3
Known Bugs and Problems -- cgit v1.2.3 From 78a2b1f8dbba3227dc56e86a7df1231c04f5735d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 11 Dec 2015 11:54:20 +0100 Subject: ssh: fix the check that open-ssh supports certain pubkeys in a test suite --- lib/ssh/test/ssh_to_openssh_SUITE.erl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 02cc79e4d5..67a61d3c11 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -110,9 +110,9 @@ end_per_testcase(_TestCase, _Config) -> chk_key(Pgm, Name, File, Config) -> case ssh_test_lib:openssh_supports(Pgm, public_key, Name) of - true -> - {skip,lists:concat(["openssh client does not support ",Name])}; false -> + {skip,lists:concat(["openssh client does not support ",Name])}; + true -> {ok,[[Home]]} = init:get_argument(home), KeyFile = filename:join(Home, File), case file:read_file(KeyFile) of -- cgit v1.2.3 From 573552e7c6df1bc828385ff918b1ad1965463ba2 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 18 Dec 2015 12:10:47 +0100 Subject: ssh: add econnaborted to disconnect msgs in test suite --- lib/ssh/test/ssh_protocol_SUITE.erl | 47 +++++++++++++++---------------------- 1 file changed, 19 insertions(+), 28 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 5af60adfae..4c088acabf 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -277,12 +277,7 @@ no_common_alg_server_disconnects(Config) -> {send, hello}, {match, #ssh_msg_kexinit{_='_'}, receive_msg}, {send, ssh_msg_kexinit}, % with server unsupported 'ssh-dss' ! - {match, - {'or',[#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, _='_'}, - tcp_closed, - {tcp_error,econnaborted} - ]}, - receive_msg} + {match, disconnect(), receive_msg} ] ). @@ -323,10 +318,7 @@ no_common_alg_client_disconnects(Config) -> first_kex_packet_follows = false, reserved = 0 }}, - {match, - {'or',[#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, _='_'}, - tcp_closed]}, - receive_msg} + {match, disconnect(?SSH_DISCONNECT_KEY_EXCHANGE_FAILED), receive_msg} ], InitialState) } @@ -437,10 +429,7 @@ bad_service_name_then_correct(Config) -> [{set_options, [print_ops, print_seqnums, print_messages]}, {send, #ssh_msg_service_request{name = "kdjglkfdjgkldfjglkdfjglkfdjglkj"}}, {send, #ssh_msg_service_request{name = "ssh-connection"}}, - {match, {'or',[#ssh_msg_disconnect{_='_'}, - tcp_closed - ]}, - receive_msg} + {match, disconnect(), receive_msg} ], InitialState). @@ -450,10 +439,7 @@ bad_service_name(Config, Name) -> ssh_trpt_test_lib:exec( [{set_options, [print_ops, print_seqnums, print_messages]}, {send, #ssh_msg_service_request{name = Name}}, - {match, {'or',[#ssh_msg_disconnect{_='_'}, - tcp_closed - ]}, - receive_msg} + {match, disconnect(), receive_msg} ], InitialState). %%%-------------------------------------------------------------------- @@ -476,11 +462,7 @@ bad_packet_length(Config, LengthExcess) -> PacketFun}}, %% Prohibit remote decoder starvation: {send, #ssh_msg_service_request{name="ssh-userauth"}}, - {match, {'or',[#ssh_msg_disconnect{_='_'}, - tcp_closed, - {tcp_error,econnaborted} - ]}, - receive_msg} + {match, disconnect(), receive_msg} ], InitialState). %%%-------------------------------------------------------------------- @@ -509,11 +491,7 @@ bad_service_name_length(Config, LengthExcess) -> PacketFun} }, %% Prohibit remote decoder starvation: {send, #ssh_msg_service_request{name="ssh-userauth"}}, - {match, {'or',[#ssh_msg_disconnect{_='_'}, - tcp_closed, - {tcp_error,econnaborted} - ]}, - receive_msg} + {match, disconnect(), receive_msg} ], InitialState). %%%================================================================ @@ -644,3 +622,16 @@ connect_and_kex(Config, InitialState) -> {match, #ssh_msg_newkeys{_='_'}, receive_msg} ], InitialState). + +%%%---------------------------------------------------------------- + +%%% For matching peer disconnection +disconnect() -> + disconnect('_'). + +disconnect(Code) -> + {'or',[#ssh_msg_disconnect{code = Code, + _='_'}, + tcp_closed, + {tcp_error,econnaborted} + ]}. -- cgit v1.2.3 From c3135a817f22f76b1ae594dc5821d2d6eab1d25a Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 11 Dec 2015 12:01:43 +0100 Subject: ssh: Add first version of ssh_benchmark_SUITE --- lib/ssh/test/Makefile | 5 +- lib/ssh/test/ssh.spec | 3 + lib/ssh/test/ssh_bench.spec | 1 + lib/ssh/test/ssh_benchmark_SUITE.erl | 295 +++++++++++++++++++++ lib/ssh/test/ssh_benchmark_SUITE_data/id_dsa | 13 + lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa256 | 5 + .../test/ssh_benchmark_SUITE_data/id_ecdsa256.pub | 1 + lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa384 | 6 + .../test/ssh_benchmark_SUITE_data/id_ecdsa384.pub | 1 + lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa521 | 7 + .../test/ssh_benchmark_SUITE_data/id_ecdsa521.pub | 1 + lib/ssh/test/ssh_benchmark_SUITE_data/id_rsa | 15 ++ .../test/ssh_benchmark_SUITE_data/ssh_host_dsa_key | 13 + .../ssh_benchmark_SUITE_data/ssh_host_dsa_key.pub | 11 + .../ssh_benchmark_SUITE_data/ssh_host_ecdsa_key256 | 5 + .../ssh_host_ecdsa_key256.pub | 1 + .../ssh_benchmark_SUITE_data/ssh_host_ecdsa_key384 | 6 + .../ssh_host_ecdsa_key384.pub | 1 + .../ssh_benchmark_SUITE_data/ssh_host_ecdsa_key521 | 7 + .../ssh_host_ecdsa_key521.pub | 1 + .../test/ssh_benchmark_SUITE_data/ssh_host_rsa_key | 16 ++ .../ssh_benchmark_SUITE_data/ssh_host_rsa_key.pub | 5 + 22 files changed, 416 insertions(+), 3 deletions(-) create mode 100644 lib/ssh/test/ssh_bench.spec create mode 100644 lib/ssh/test/ssh_benchmark_SUITE.erl create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/id_dsa create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa256 create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa256.pub create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa384 create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa384.pub create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa521 create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa521.pub create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/id_rsa create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_dsa_key create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_dsa_key.pub create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key256 create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key256.pub create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key384 create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key384.pub create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key521 create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key521.pub create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_rsa_key create mode 100644 lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_rsa_key.pub (limited to 'lib/ssh') diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile index 781a876723..9cd98f069f 100644 --- a/lib/ssh/test/Makefile +++ b/lib/ssh/test/Makefile @@ -35,9 +35,8 @@ MODULES= \ ssh_algorithms_SUITE \ ssh_options_SUITE \ ssh_renegotiate_SUITE \ - \ ssh_basic_SUITE \ - \ + ssh_benchmark_SUITE \ ssh_connection_SUITE \ ssh_protocol_SUITE \ ssh_sftp_SUITE \ @@ -129,7 +128,7 @@ release_spec: opt release_tests_spec: opt $(INSTALL_DIR) "$(RELSYSDIR)" $(INSTALL_DATA) $(ERL_FILES) "$(RELSYSDIR)" - $(INSTALL_DATA) ssh.spec ssh.cover "$(RELSYSDIR)" + $(INSTALL_DATA) ssh.spec ssh_bench.spec ssh.cover "$(RELSYSDIR)" $(INSTALL_DATA) $(HRL_FILES_NEEDED_IN_TEST) "$(RELSYSDIR)" chmod -R u+w "$(RELSYSDIR)" @tar cf - *_SUITE_data | (cd "$(RELSYSDIR)"; tar xf -) diff --git a/lib/ssh/test/ssh.spec b/lib/ssh/test/ssh.spec index 8de0fe44e4..a3296d97a1 100644 --- a/lib/ssh/test/ssh.spec +++ b/lib/ssh/test/ssh.spec @@ -1,4 +1,7 @@ {suites,"../ssh_test",all}. +{skip_cases, "../ssh_test", + ssl_benchmark_SUITE, [openssh_shell,erl_shell], + "Benchmarks run separately"}. {skip_cases,"../ssh_test",ssh_ssh_SUITE, [ssh], "Current implementation is timingdependent and\nhence will succeed/fail on a whim"}. diff --git a/lib/ssh/test/ssh_bench.spec b/lib/ssh/test/ssh_bench.spec new file mode 100644 index 0000000000..029f0bd074 --- /dev/null +++ b/lib/ssh/test/ssh_bench.spec @@ -0,0 +1 @@ +{suites,"../ssh_test",[ssh_benchmark_SUITE]}. diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl new file mode 100644 index 0000000000..0d7239c5b5 --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -0,0 +1,295 @@ +%%%------------------------------------------------------------------- +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2015. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%% +%% %CopyrightEnd% +%% +-module(ssh_benchmark_SUITE). +-compile(export_all). + +-include_lib("common_test/include/ct_event.hrl"). +-include_lib("common_test/include/ct.hrl"). + +-include_lib("ssh/src/ssh.hrl"). +-include_lib("ssh/src/ssh_connect.hrl"). + +suite() -> [{ct_hooks,[{ts_install_cth,[{nodenames,2}]}]}]. +%%suite() -> [{ct_hooks,[ts_install_cth]}]. + +all() -> [{group, opensshc_erld} +%% {group, erlc_opensshd} + ]. + +groups() -> + [{opensshc_erld, [{repeat, 3}], [openssh_client_shell]}, + {erlc_opensshd, [{repeat, 3}], [erl_shell]} + ]. + + +init_per_suite(Config) -> + catch ssh:stop(), + catch crypto:stop(), + try + ok = crypto:start(), + ok = ssh:start(), + {ok,TracerPid} = erlang_trace(), + [{tracer_pid,TracerPid} | Config] + catch + C:E -> + {skip, io_lib:format("Couldn't start ~p:~p",[C,E])} + end. + +end_per_suite(_Config) -> + catch ssh:stop(), + catch crypto:stop(), + ok. + + + +init_per_group(opensshc_erld, Config) -> + case ssh_test_lib:ssh_type() of + openSSH -> + DataDir = ?config(data_dir, Config), + UserDir = ?config(priv_dir, Config), + ssh_test_lib:setup_dsa(DataDir, UserDir), + ssh_test_lib:setup_rsa(DataDir, UserDir), + ssh_test_lib:setup_ecdsa("256", DataDir, UserDir), + [{c_kexs, ssh_test_lib:sshc(kex)}, + {c_ciphers, ssh_test_lib:sshc(cipher)} + | Config]; + _ -> + {skip, "No OpenSsh client found"} + end; + +init_per_group(erlc_opensshd, _) -> + {skip, "Group erlc_opensshd not implemented"}; + +init_per_group(_GroupName, Config) -> + Config. + +end_per_group(_GroupName, _Config) -> + ok. + + +init_per_testcase(_Func, Conf) -> + Conf. + +end_per_testcase(_Func, _Conf) -> + ok. + +%%%================================================================ +openssh_client_shell(Config) -> + SystemDir = ?config(data_dir, Config), + UserDir = ?config(priv_dir, Config), + KnownHosts = filename:join(UserDir, "known_hosts"), + + {ok, TracerPid} = erlang_trace(), + {ServerPid, _Host, Port} = + ssh_test_lib:daemon([{system_dir, SystemDir}, + {public_key_alg, ssh_dsa}, + {failfun, fun ssh_test_lib:failfun/2}]), + ct:sleep(500), + + Data = lists:duplicate(100000, $a), + Cmd = lists:concat(["ssh -p ",Port, + " -o UserKnownHostsFile=", KnownHosts, + " -o \"StrictHostKeyChecking no\"", + " localhost '\"",Data,"\"'."]), +%% ct:pal("Cmd ="++Cmd), + + Parent = self(), + SlavePid = spawn(fun() -> + Parent ! {self(),os:cmd(Cmd)} + end), + receive + {SlavePid, ClientResponse} -> +%% ct:pal("ClientResponse = ~p",[ClientResponse]), + {ok, List} = get_trace_list(TracerPid), + Times = find_times(List), + Algs = proplists:get_value(algorithms, List, #alg{}), + ct:pal("List = ~p~n~nAlgorithms = ~p~n~nTimes = ~p",[List,Algs,Times]), + lists:foreach( + fun({Tag0,MicroSeconds,Unit}) -> + Tag = case Tag0 of + {A,B} -> lists:concat([A," ",B]); + _ when is_list(Tag0) -> lists:concat(Tag0); + _ when is_atom(Tag0) -> Tag0 + end, + DataName = + ["Erl server ",Tag,sp(algo(Tag,Algs))," [",Unit,"]"], + EventData = [{value, MicroSeconds}, + {suite, ?MODULE}, + {name, lists:concat(DataName)} + ], + ct:pal("ct_event:notify ~p",[EventData]), + ct_event:notify(#event{name = benchmark_data, + data = EventData}) + end, Times), + ssh:stop_daemon(ServerPid), + ok + after 10000 -> + ssh:stop_daemon(ServerPid), + exit(SlavePid, kill), + {fail, timeout} + end. + + +algo(kex, #alg{kex=Alg} ) -> Alg; +algo(_, _) -> "". + +sp("") -> ""; +sp(A) -> lists:concat([" ",A]). + +%%%================================================================ +find_times(L) -> + [{accept_to_hello, find_time([tcp_accept, + {send,hello}], L, [])/1000, + millisec}, + {kex, find_time([{send,hello}, + {send,ssh_msg_newkeys}], L, []), + microsec}, + {kex_to_auth, find_time([{send,ssh_msg_newkeys}, + {recv,ssh_msg_userauth_request}], L, []), + microsec}, + {auth, find_time([{recv,ssh_msg_userauth_request}, + {send,ssh_msg_userauth_success}], L, []), + microsec}, + {to_prompt, find_time([tcp_accept, + {recv,{ssh_msg_channel_request,"env"}}], L, []), + microsec} + + | alg_times([encrypt,decrypt], L) + ]. + + +find_time([Event|Events], [{Event,T}|TraceList], Ts) -> + %% Important that the first one found is used! + find_time(Events, TraceList, [T|Ts]); +find_time([], _, [T1,T0]) -> + now2micro_sec(now_diff(T1,T0)); +find_time(Events, [_|TraceList], Ts) -> + find_time(Events, TraceList, Ts); +find_time(_, [], _Ts) -> + throw({error,not_found}). + + + +alg_times(Ops, L) -> + OpAlgs = lists:usort([{Op,Alg} || Op <- Ops, + {{{Op,Alg},_,_},_} <- L]), + [begin + {[Op,"(",Alg,")"], + sum_times(OpAlg, L, 0, 0), + "microsec/kbyte" + } + end || {Op,Alg} = OpAlg <- OpAlgs]. + + +sum_times(T, [{{T,start,Id={_,Nbytes}},TS0}|Events], SumBytes, SumMicroSec) -> + TS1 = proplists:get_value({T,stop,Id}, Events), + sum_times(T, Events, SumBytes+Nbytes, SumMicroSec+now2micro_sec(now_diff(TS1,TS0))); +sum_times(T, [_|Events], SumBytes, SumMicroSec) -> + sum_times(T, Events, SumBytes, SumMicroSec); +sum_times(T, [], SumBytes, SumMicroSec) -> + round(1024*SumMicroSec / SumBytes). % Microseconds per 1k bytes. + +%%%---------------------------------------------------------------- +%%% +%%% API for the traceing +%%% +get_trace_list(TracerPid) -> + TracerPid ! {get_trace_list,self()}, + receive + {trace_list,L} -> {ok,lists:reverse(L)} + after 5000 -> {error,no_reply} + end. + +erlang_trace() -> + TracerPid = spawn(fun trace_loop/0), + 0 = erlang:trace(new, true, [call,timestamp,{tracer,TracerPid}]), + [init_trace(MFA, TP) + || {MFA,TP} <- [{{ssh_acceptor,handle_connection,5}, []}, + {{ssh_connection_handler,hello,2}, []}, + {{ssh_message,encode,1}, []}, + {{ssh_message,decode,1}, [{['_'], [], [{return_trace}]}]}, + {{ssh_transport,select_algorithm,3}, [{['_','_','_'], [], [{return_trace}]}]}, + {{ssh_transport,encrypt,2}, [{['_','_'], [], [{return_trace}]}]}, + {{ssh_transport,decrypt,2}, [{['_','_'], [], [{return_trace}]}]} + ]], + {ok, TracerPid}. + + +%%%---------------- +init_trace(MFA = {Module,_,_}, TP) -> + case code:is_loaded(Module) of + false -> code:load_file(Module); + _ -> ok + end, + erlang:trace_pattern(MFA, TP, [local]). + + +trace_loop() -> + trace_loop([]). + +trace_loop(L) -> + receive + {trace_ts, Pid, call, {M,F,Args}, TS} = Ev -> + cond_pal(Ev), + trace_loop(save_event(call, Pid, {M,F,Args}, TS, L)); + {trace_ts, Pid, return_from, {M,F,Arity}, Ret, TS} = Ev -> + cond_pal(Ev), + trace_loop(save_event(return_from, Pid, {M,F,Arity,Ret}, TS, L)); + {get_trace_list, From} -> + From ! {trace_list, L}, + trace_loop(L) + + ; Other -> io:format('~p got ~p~n',[self(),Other]), trace_loop(L) + end. + +%%cond_pal(Ev) -> ct:pal("~p",[Ev]). +cond_pal(Ev) -> ok. + + +save_event(_Type, _Pid, MFA, TimeStamp, L) -> + try + event_name(MFA) + of + {Tag, 'TS'} -> [{Tag,TimeStamp} | L]; + Val -> [Val | L] + catch + _:_ -> L + end. + +event_name({ssh_acceptor,handle_connection,_}) -> {tcp_accept, 'TS'}; +event_name({ssh_connection_handler,hello,[socket_control|_]}) -> {{send,hello}, 'TS'}; +event_name({ssh_connection_handler,hello,[{version_exchange,_}|_]}) -> {{recv,hello}, 'TS'}; +event_name({ssh_message,encode,[Msg]}) -> {{send,element(1,Msg)}, 'TS'}; +event_name({ssh_message,decode,1, + #ssh_msg_channel_request{request_type=ReqType}}) -> {{recv,{ssh_msg_channel_request,ReqType}}, 'TS'}; +event_name({ssh_message,decode,1,Return}) -> {{recv,element(1,Return)}, 'TS'}; +event_name({ssh_transport,select_algorithm,3,{ok,Algs}}) -> {algorithms,Algs}; +event_name({ssh_transport,encrypt,[S,Data]}) -> {{{encrypt,S#ssh.encrypt},start, {S#ssh.send_sequence,size(Data)}}, 'TS'}; +event_name({ssh_transport,encrypt,2,{S,Ret}}) -> {{{encrypt,S#ssh.encrypt},stop, {S#ssh.send_sequence,size(Ret) }}, 'TS'}; +event_name({ssh_transport,decrypt,[S,Data]}) -> {{{decrypt,S#ssh.decrypt},start, {S#ssh.recv_sequence,size(Data)}}, 'TS'}; +event_name({ssh_transport,decrypt,2,{S,Ret}}) -> {{{decrypt,S#ssh.decrypt},stop, {S#ssh.recv_sequence,size(Ret) }}, 'TS'}. + + +now2sec({A,B,C}) -> A*1000000 + B + C/1000000. + +now2micro_sec({A,B,C}) -> (A*1000000 + B)*1000000 + C. + +now_diff({A1,B1,C1}, {A0,B0,C0}) -> {A1-A0, B1-B0, C1-C0}. + diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/id_dsa b/lib/ssh/test/ssh_benchmark_SUITE_data/id_dsa new file mode 100644 index 0000000000..d306f8b26e --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/id_dsa @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBvAIBAAKBgQDfi2flSTZZofwT4yQT0NikX/LGNT7UPeB/XEWe/xovEYCElfaQ +APFixXvEgXwoojmZ5kiQRKzLM39wBP0jPERLbnZXfOOD0PDnw0haMh7dD7XKVMod +/EigVgHf/qBdM2M8yz1s/rRF7n1UpLSypziKjkzCm7JoSQ2zbWIPdmBIXwIVAMgP +kpr7Sq3O7sHdb8D601DRjoExAoGAMOQxDfB2Fd8ouz6G96f/UOzRMI/Kdv8kYYKW +JIGY+pRYrLPyYzUeJznwZreOJgrczAX+luHnKFWJ2Dnk5CyeXk67Wsr7pJ/4MBMD +OKeIS0S8qoSBN8+Krp79fgA+yS3IfqbkJLtLu4EBaCX4mKQIX4++k44d4U5lc8pt ++9hlEI8CgYEAznKxx9kyC6bVo7LUYKaGhofRFt0SYFc5PVmT2VUGRs1R6+6DPD+e +uEO6IhFct7JFSRbP9p0JD4Uk+3zlZF+XX6b2PsZkeV8f/02xlNGUSmEzCSiNg1AX +Cy/WusYhul0MncWCHMcOZB5rIvU/aP5EJJtn3xrRaz6u0SThF6AnT34CFQC63czE +ZU8w8Q+H7z0j+a+70x2iAw== +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa256 b/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa256 new file mode 100644 index 0000000000..4b1eb12eaa --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa256 @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIJfCaBKIIKhjbJl5F8BedqlXOQYDX5ba9Skypllmx/w+oAoGCCqGSM49 +AwEHoUQDQgAE49RbK2xQ/19ji3uDPM7uT4692LbwWF1TiaA9vUuebMGazoW/98br +N9xZu0L1AWwtEjs3kmJDTB7eJEGXnjUAcQ== +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa256.pub b/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa256.pub new file mode 100644 index 0000000000..a0147e60fa --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa256.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOPUWytsUP9fY4t7gzzO7k+Ovdi28FhdU4mgPb1LnmzBms6Fv/fG6zfcWbtC9QFsLRI7N5JiQ0we3iRBl541AHE= uabhnil@elxadlj3q32 diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa384 b/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa384 new file mode 100644 index 0000000000..4e8aa40959 --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa384 @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDCYXb6OSAZyXRfLXOtMo43za197Hdc/T0YKjgQQjwDt6rlRwqTh7v7S +PV2kXwNGdWigBwYFK4EEACKhZANiAARN2khlJUOOIiwsWHEALwDieeZR96qL4pUd +ci7aeGaczdUK5jOA9D9zmBZtSYTfO8Cr7ekVghDlcWAIJ/BXcswgQwSEQ6wyfaTF +8FYfyr4l3u9IirsnyaFzeIgeoNis8Gw= +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa384.pub b/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa384.pub new file mode 100644 index 0000000000..41e722e545 --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa384.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBE3aSGUlQ44iLCxYcQAvAOJ55lH3qovilR1yLtp4ZpzN1QrmM4D0P3OYFm1JhN87wKvt6RWCEOVxYAgn8FdyzCBDBIRDrDJ9pMXwVh/KviXe70iKuyfJoXN4iB6g2KzwbA== uabhnil@elxadlj3q32 diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa521 b/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa521 new file mode 100644 index 0000000000..7196f46e97 --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa521 @@ -0,0 +1,7 @@ +-----BEGIN EC PRIVATE KEY----- +MIHbAgEBBEFMadoz4ckEcClfqXa2tiUuYkJdDfwq+/iFQcpt8ESuEd26IY/vm47Q +9UzbPkO4ou8xkNsQ3WvCRQBBWtn5O2kUU6AHBgUrgQQAI6GBiQOBhgAEAde5BRu5 +01/jS0jRk212xsb2DxPrxNpgp6IMCV8TA4Eps+8bSqHB091nLiBcP422HXYfuCd7 +XDjSs8ihcmhp0hCRASLqZR9EzW9W/SOt876May1Huj5X+WSO6RLe7vPn9vmf7kHf +pip6m7M7qp2qGgQ3q2vRwS2K/O6156ohiOlmuuFs +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa521.pub b/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa521.pub new file mode 100644 index 0000000000..8f059120bc --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/id_ecdsa521.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAHXuQUbudNf40tI0ZNtdsbG9g8T68TaYKeiDAlfEwOBKbPvG0qhwdPdZy4gXD+Nth12H7gne1w40rPIoXJoadIQkQEi6mUfRM1vVv0jrfO+jGstR7o+V/lkjukS3u7z5/b5n+5B36YqepuzO6qdqhoEN6tr0cEtivzuteeqIYjpZrrhbA== uabhnil@elxadlj3q32 diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/id_rsa b/lib/ssh/test/ssh_benchmark_SUITE_data/id_rsa new file mode 100644 index 0000000000..9d7e0dd5fb --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/id_rsa @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQD1OET+3O/Bvj/dtjxDTXmj1oiJt4sIph5kGy0RfjoPrZfaS+CU +DhakCmS6t2ivxWFgtpKWaoGMZMJqWj6F6ZsumyFl3FPBtujwY/35cgifrI9Ns4Tl +zR1uuengNBmV+WRQ5cd9F2qS6Z8aDQihzt0r8JUqLcK+VQbrmNzboCCQQwIDAQAB +AoGAPQEyqPTt8JUT7mRXuaacjFXiweAXhp9NEDpyi9eLOjtFe9lElZCrsUOkq47V +TGUeRKEm9qSodfTbKPoqc8YaBJGJPhUaTAcha+7QcDdfHBvIsgxvU7ePVnlpXRp3 +CCUEMPhlnx6xBoTYP+fRU0e3+xJIPVyVCqX1jAdUMkzfRoECQQD6ux7B1QJAIWyK +SGkbDUbBilNmzCFNgIpOP6PA+bwfi5d16diTpra5AX09keQABAo/KaP1PdV8Vg0p +z4P3A7G3AkEA+l+AKG6m0kQTTBMJDqOdVPYwe+5GxunMaqmhokpEbuGsrZBl5Dvd +WpcBjR7jmenrhKZRIuA+Fz5HPo/UQJPl1QJBAKxstDkeED8j/S2XoFhPKAJ+6t39 +sUVICVTIZQeXdmzHJXCcUSkw8+WEhakqw/3SyW0oaK2FSWQJFWJUZ+8eJj8CQEh3 +xeduB5kKnS9CvzdeghZqX6QvVosSdtlUmfUYW/BgH5PpHKTP8wTaeld3XldZTpMJ +dKiMkUw2+XYROVUrubUCQD+Na1LhULlpn4ISEtIEfqpdlUhxDgO15Wg8USmsng+x +ICliVOSQtwaZjm8kwaFt0W7XnpnDxbRs37vIEbIMWak= +-----END RSA PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_dsa_key b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_dsa_key new file mode 100644 index 0000000000..51ab6fbd88 --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_dsa_key @@ -0,0 +1,13 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQCClaHzE2ul0gKSUxah5W0W8UiJLy4hXngKEqpaUq9SSdVdY2LK +wVfKH1gt5iuaf1FfzOhsIC9G/GLnjYttXZc92cv/Gfe3gR+s0ni2++MX+T++mE/Q +diltXv/Hp27PybS67SmiFW7I+RWnT2OKlMPtw2oUuKeztCe5UWjaj/y5FQIVAPLA +l9RpiU30Z87NRAHY3NTRaqtrAoGANMRxw8UfdtNVR0CrQj3AgPaXOGE4d+G4Gp4X +skvnCHycSVAjtYxebUkzUzt5Q6f/IabuLUdge3gXrc8BetvrcKbp+XZgM0/Vj2CF +Ymmy3in6kzGZq7Fw1sZaku6AOU8vLa5woBT2vAcHLLT1bLAzj7viL048T6MfjrOP +ef8nHvACgYBhDWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah +/XcF3DeRF+eEoz48wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+U +ykSTXYUbtsfTNRFQGBW2/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0CgIVAN4wtL5W +Lv62jKcdskxNyz2NQoBx +-----END DSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_dsa_key.pub b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_dsa_key.pub new file mode 100644 index 0000000000..4dbb1305b0 --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_dsa_key.pub @@ -0,0 +1,11 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1kc3MAAACBAIKVofMTa6XSApJTFqHlbRbxSIkvLiFeeAoSqlpSr1JJ1V1j +YsrBV8ofWC3mK5p/UV/M6GwgL0b8YueNi21dlz3Zy/8Z97eBH6zSeLb74xf5P76YT9B2 +KW1e/8enbs/JtLrtKaIVbsj5FadPY4qUw+3DahS4p7O0J7lRaNqP/LkVAAAAFQDywJfU +aYlN9GfOzUQB2NzU0WqrawAAAIA0xHHDxR9201VHQKtCPcCA9pc4YTh34bganheyS+cI +fJxJUCO1jF5tSTNTO3lDp/8hpu4tR2B7eBetzwF62+twpun5dmAzT9WPYIViabLeKfqT +MZmrsXDWxlqS7oA5Ty8trnCgFPa8BwcstPVssDOPu+IvTjxPox+Os495/yce8AAAAIBh +DWFQJ1mf99sg92LalVq1dHLmVXb3PTJDfCO/Gz5NFmj9EZbAtdah/XcF3DeRF+eEoz48 +wQF/ExVxSMIhLdL+o+ElpVhlM7Yii+T7dPhkQfEul6zZXu+UykSTXYUbtsfTNRFQGBW2 +/GfnEc0mnIxfn9v10NEWMzlq5z9wT9P0Cg== +---- END SSH2 PUBLIC KEY ---- diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key256 b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key256 new file mode 100644 index 0000000000..2979ea88ed --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key256 @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIMe4MDoit0t8RzSVPwkCBemQ9fhXL+xnTSAWISw8HNCioAoGCCqGSM49 +AwEHoUQDQgAEo2q7U3P6r0W5WGOLtM78UQtofM9UalEhiZeDdiyylsR/RR17Op0s +VPGSADLmzzgcucLEKy17j2S+oz42VUJy5A== +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key256.pub b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key256.pub new file mode 100644 index 0000000000..85dc419345 --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key256.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKNqu1Nz+q9FuVhji7TO/FELaHzPVGpRIYmXg3YsspbEf0UdezqdLFTxkgAy5s84HLnCxCste49kvqM+NlVCcuQ= uabhnil@elxadlj3q32 diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key384 b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key384 new file mode 100644 index 0000000000..fb1a862ded --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key384 @@ -0,0 +1,6 @@ +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDArxbDfh3p1okrD9wQw6jJ4d4DdlBPD5GqXE8bIeRJiK41Sh40LgvPw +mkqEDSXK++CgBwYFK4EEACKhZANiAAScl43Ih2lWTDKrSox5ve5uiTXil4smsup3 +CfS1XPjKxgBAmlfBim8izbdrT0BFdQzz2joduNMtpt61wO4rGs6jm0UP7Kim9PC7 +Hneb/99fIYopdMH5NMnk60zGO1uZ2vc= +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key384.pub b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key384.pub new file mode 100644 index 0000000000..428d5fb7d7 --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key384.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJyXjciHaVZMMqtKjHm97m6JNeKXiyay6ncJ9LVc+MrGAECaV8GKbyLNt2tPQEV1DPPaOh240y2m3rXA7isazqObRQ/sqKb08Lsed5v/318hiil0wfk0yeTrTMY7W5na9w== uabhnil@elxadlj3q32 diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key521 b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key521 new file mode 100644 index 0000000000..3e51ec2ecd --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key521 @@ -0,0 +1,7 @@ +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIB8O1BFkl2HQjQLRLonEZ97da/h39DMa9/0/hvPZWAI8gUPEQcHxRx +U7b09p3Zh+EBbMFq8+1ae9ds+ZTxE4WFSvKgBwYFK4EEACOhgYkDgYYABAAlWVjq +Bzg7Wt4gE6UNb1lRE2cnlmH2L/A5uo6qZRx5lPnSKOxEhxSb/Oay1+9d6KRdrh6/ +vlhd9SHDBhLcAPDvWgBnJIEj92Q3pXX4JtoitL0yl+SvvU+vUh966mzHShHzj8p5 +ccOgPkPNoA70yrpGzkIhPezpZOQdCaOXj/jFqNCTDg== +-----END EC PRIVATE KEY----- diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key521.pub b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key521.pub new file mode 100644 index 0000000000..017a29f4da --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_ecdsa_key521.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAAlWVjqBzg7Wt4gE6UNb1lRE2cnlmH2L/A5uo6qZRx5lPnSKOxEhxSb/Oay1+9d6KRdrh6/vlhd9SHDBhLcAPDvWgBnJIEj92Q3pXX4JtoitL0yl+SvvU+vUh966mzHShHzj8p5ccOgPkPNoA70yrpGzkIhPezpZOQdCaOXj/jFqNCTDg== uabhnil@elxadlj3q32 diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_rsa_key b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_rsa_key new file mode 100644 index 0000000000..79968bdd7d --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_rsa_key @@ -0,0 +1,16 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8semM4q843337 +zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RWRWzjaxSB +6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4QIDAQAB +AoGANmvJzJO5hkLuvyDZHKfAnGTtpifcR1wtSa9DjdKUyn8vhKF0mIimnbnYQEmW +NUUb3gXCZLi9PvkpRSVRrASDOZwcjoU/Kvww163vBUVb2cOZfFhyn6o2Sk88Tt++ +udH3hdjpf9i7jTtUkUe+QYPsia+wgvvrmn4QrahLAH86+kECQQDx5gFeXTME3cnW +WMpFz3PPumduzjqgqMMWEccX4FtQkMX/gyGa5UC7OHFyh0N/gSWvPbRHa8A6YgIt +n8DO+fh5AkEAzbqX4DOn8NY6xJIi42q7l/2jIA0RkB6P7YugW5NblhqBZ0XDnpA5 +sMt+rz+K07u9XZtxgh1xi7mNfwY6lEAMqQJBAJBEauCKmRj35Z6OyeQku59SPsnY ++SJEREVvSNw2lH9SOKQQ4wPsYlTGbvKtNVZgAcen91L5MmYfeckYE/fdIZECQQCt +64zxsTnM1I8iFxj/gP/OYlJBikrKt8udWmjaghzvLMEw+T2DExJyb9ZNeT53+UMB +m6O+B/4xzU/djvp+0hbhAkAemIt+rA5kTmYlFndhpvzkSSM8a2EXsO4XIPgGWCTT +tQKS/tTly0ADMjN/TVy11+9d6zcqadNVuHXHGtR4W0GR +-----END RSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_rsa_key.pub b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_rsa_key.pub new file mode 100644 index 0000000000..75d2025c71 --- /dev/null +++ b/lib/ssh/test/ssh_benchmark_SUITE_data/ssh_host_rsa_key.pub @@ -0,0 +1,5 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8 +semM4q843337zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RW +RWzjaxSB6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4Q== +---- END SSH2 PUBLIC KEY ---- -- cgit v1.2.3 From ee18dff59a88407e66eb852e3226665cddc8080b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 15 Dec 2015 21:05:39 +0100 Subject: ssh: ssh_benchmark_SUITE re-organized --- lib/ssh/test/ssh_benchmark_SUITE.erl | 251 +++++++++++++++++++++-------------- 1 file changed, 151 insertions(+), 100 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl index 0d7239c5b5..fe22aa9f20 100644 --- a/lib/ssh/test/ssh_benchmark_SUITE.erl +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -24,7 +24,10 @@ -include_lib("common_test/include/ct.hrl"). -include_lib("ssh/src/ssh.hrl"). +-include_lib("ssh/src/ssh_transport.hrl"). -include_lib("ssh/src/ssh_connect.hrl"). +-include_lib("ssh/src/ssh_userauth.hrl"). + suite() -> [{ct_hooks,[{ts_install_cth,[{nodenames,2}]}]}]. %%suite() -> [{ct_hooks,[ts_install_cth]}]. @@ -115,14 +118,14 @@ openssh_client_shell(Config) -> Parent ! {self(),os:cmd(Cmd)} end), receive - {SlavePid, ClientResponse} -> -%% ct:pal("ClientResponse = ~p",[ClientResponse]), + {SlavePid, _ClientResponse} -> +%% ct:pal("ClientResponse = ~p",[_ClientResponse]), {ok, List} = get_trace_list(TracerPid), Times = find_times(List), - Algs = proplists:get_value(algorithms, List, #alg{}), - ct:pal("List = ~p~n~nAlgorithms = ~p~n~nTimes = ~p",[List,Algs,Times]), + Algs = find_algs(List), + ct:pal("Algorithms = ~p~n~nTimes = ~p",[Algs,Times]), lists:foreach( - fun({Tag0,MicroSeconds,Unit}) -> + fun({Tag0,Value,Unit}) -> Tag = case Tag0 of {A,B} -> lists:concat([A," ",B]); _ when is_list(Tag0) -> lists:concat(Tag0); @@ -130,7 +133,7 @@ openssh_client_shell(Config) -> end, DataName = ["Erl server ",Tag,sp(algo(Tag,Algs))," [",Unit,"]"], - EventData = [{value, MicroSeconds}, + EventData = [{value, Value}, {suite, ?MODULE}, {name, lists:concat(DataName)} ], @@ -155,56 +158,109 @@ sp(A) -> lists:concat([" ",A]). %%%================================================================ find_times(L) -> - [{accept_to_hello, find_time([tcp_accept, - {send,hello}], L, [])/1000, - millisec}, - {kex, find_time([{send,hello}, - {send,ssh_msg_newkeys}], L, []), - microsec}, - {kex_to_auth, find_time([{send,ssh_msg_newkeys}, - {recv,ssh_msg_userauth_request}], L, []), - microsec}, - {auth, find_time([{recv,ssh_msg_userauth_request}, - {send,ssh_msg_userauth_success}], L, []), - microsec}, - {to_prompt, find_time([tcp_accept, - {recv,{ssh_msg_channel_request,"env"}}], L, []), - microsec} - - | alg_times([encrypt,decrypt], L) - ]. - - -find_time([Event|Events], [{Event,T}|TraceList], Ts) -> - %% Important that the first one found is used! - find_time(Events, TraceList, [T|Ts]); -find_time([], _, [T1,T0]) -> - now2micro_sec(now_diff(T1,T0)); -find_time(Events, [_|TraceList], Ts) -> - find_time(Events, TraceList, Ts); -find_time(_, [], _Ts) -> - throw({error,not_found}). - + Xs = [accept_to_hello, kex, kex_to_auth, auth, to_prompt], + [find_time(X,L) || X <- Xs] ++ + crypto_algs_times_sizes([encrypt,decrypt], L). + +-record(call, { + mfa, + pid, + t_call, + t_return, + args, + result + }). +%%%---------------- +-define(send(M), fun(C=#call{mfa = {ssh_message,encode,1}, + args = [M]}) -> + C#call.t_return + end). + +-define(recv(M), fun(C=#call{mfa = {ssh_message,decode,1}, + result = M}) -> + C#call.t_call + end). + +find_time(accept_to_hello, L) -> + [T0,T1] = find([fun(C=#call{mfa = {ssh_acceptor,handle_connection,5}}) -> + C#call.t_call + end, + fun(C=#call{mfa = {ssh_connection_handler,hello,_}, + args = [socket_control|_]}) -> + C#call.t_return + end + ], L, []), + {accept_to_hello, now2micro_sec(now_diff(T1,T0)), microsec}; +find_time(kex, L) -> + [T0,T1] = find([fun(C=#call{mfa = {ssh_connection_handler,hello,_}, + args = [socket_control|_]}) -> + C#call.t_call + end, + ?send(#ssh_msg_newkeys{}) + ], L, []), + {kex, now2micro_sec(now_diff(T1,T0)), microsec}; +find_time(kex_to_auth, L) -> + [T0,T1] = find([?send(#ssh_msg_newkeys{}), + ?recv(#ssh_msg_userauth_request{}) + ], L, []), + {kex_to_auth, now2micro_sec(now_diff(T1,T0)), microsec}; +find_time(auth, L) -> + [T0,T1] = find([?recv(#ssh_msg_userauth_request{}), + ?send(#ssh_msg_userauth_success{}) + ], L, []), + {auth, now2micro_sec(now_diff(T1,T0)), microsec}; +find_time(to_prompt, L) -> + [T0,T1] = find([fun(C=#call{mfa = {ssh_acceptor,handle_connection,5}}) -> + C#call.t_call + end, + ?recv(#ssh_msg_channel_request{request_type="env"}) + ], L, []), + {to_prompt, now2micro_sec(now_diff(T1,T0)), microsec}. + + +find([F|Fs], [C|Cs], Acc) when is_function(F,1) -> + try + F(C) + of + T -> find(Fs, Cs, [T|Acc]) + catch + _:_ -> find([F|Fs], Cs, Acc) + end; +find([], _, Acc) -> + lists:reverse(Acc). -alg_times(Ops, L) -> - OpAlgs = lists:usort([{Op,Alg} || Op <- Ops, - {{{Op,Alg},_,_},_} <- L]), - [begin - {[Op,"(",Alg,")"], - sum_times(OpAlg, L, 0, 0), - "microsec/kbyte" - } - end || {Op,Alg} = OpAlg <- OpAlgs]. +find_algs(L) -> + {value,#call{result={ok,Algs}}} = + lists:keysearch({ssh_transport,select_algorithm,3}, #call.mfa, L), + Algs. -sum_times(T, [{{T,start,Id={_,Nbytes}},TS0}|Events], SumBytes, SumMicroSec) -> - TS1 = proplists:get_value({T,stop,Id}, Events), - sum_times(T, Events, SumBytes+Nbytes, SumMicroSec+now2micro_sec(now_diff(TS1,TS0))); -sum_times(T, [_|Events], SumBytes, SumMicroSec) -> - sum_times(T, Events, SumBytes, SumMicroSec); -sum_times(T, [], SumBytes, SumMicroSec) -> - round(1024*SumMicroSec / SumBytes). % Microseconds per 1k bytes. +%%%---------------- +crypto_algs_times_sizes(EncDecs, L) -> + Raw = [{_Algorithm = case EncDec of + encrypt -> [encrypt," ",S#ssh.encrypt]; + decrypt -> [decrypt," ",S#ssh.decrypt] + end, + size(Data), + now2micro_sec(now_diff(T1, T0)) + } + || EncDec <- EncDecs, + #call{mfa = {ssh_transport,ED,2}, + args = [S,Data], + t_call = T0, + t_return = T1} <- L, + ED == EncDec + ], + [{Alg, round(1024*Time/Size), "microsec/kbyte"} % Microseconds per 1k bytes. + || {Alg,Size,Time} <- lists:foldl(fun increment/2, [], Raw)]. + +increment({Alg,Sz,T}, [{Alg,SumSz,SumT}|Acc]) -> + [{Alg,SumSz+Sz,SumT+T} | Acc]; +increment(Spec, [X|Acc]) -> + [X | increment(Spec,Acc)]; % Not so many Alg, 2 or 3 +increment({Alg,Sz,T},[]) -> + [{Alg,Sz,T}]. %%%---------------------------------------------------------------- %%% @@ -213,26 +269,28 @@ sum_times(T, [], SumBytes, SumMicroSec) -> get_trace_list(TracerPid) -> TracerPid ! {get_trace_list,self()}, receive - {trace_list,L} -> {ok,lists:reverse(L)} + {trace_list,L} -> {ok, pair_events(lists:reverse(L))} after 5000 -> {error,no_reply} end. erlang_trace() -> TracerPid = spawn(fun trace_loop/0), 0 = erlang:trace(new, true, [call,timestamp,{tracer,TracerPid}]), - [init_trace(MFA, TP) - || {MFA,TP} <- [{{ssh_acceptor,handle_connection,5}, []}, - {{ssh_connection_handler,hello,2}, []}, - {{ssh_message,encode,1}, []}, - {{ssh_message,decode,1}, [{['_'], [], [{return_trace}]}]}, - {{ssh_transport,select_algorithm,3}, [{['_','_','_'], [], [{return_trace}]}]}, - {{ssh_transport,encrypt,2}, [{['_','_'], [], [{return_trace}]}]}, - {{ssh_transport,decrypt,2}, [{['_','_'], [], [{return_trace}]}]} - ]], + [init_trace(MFA, tp(MFA)) + || MFA <- [{ssh_acceptor,handle_connection,5}, + {ssh_connection_handler,hello,2}, + {ssh_message,encode,1}, + {ssh_message,decode,1}, + {ssh_transport,select_algorithm,3}, + {ssh_transport,encrypt,2}, + {ssh_transport,decrypt,2} + ]], {ok, TracerPid}. +tp({_M,_F,Arity}) -> + [{lists:duplicate(Arity,'_'), [], [{return_trace}]}]. -%%%---------------- +%%%---------------------------------------------------------------- init_trace(MFA = {Module,_,_}, TP) -> case code:is_loaded(Module) of false -> code:load_file(Module); @@ -246,50 +304,43 @@ trace_loop() -> trace_loop(L) -> receive - {trace_ts, Pid, call, {M,F,Args}, TS} = Ev -> - cond_pal(Ev), - trace_loop(save_event(call, Pid, {M,F,Args}, TS, L)); - {trace_ts, Pid, return_from, {M,F,Arity}, Ret, TS} = Ev -> - cond_pal(Ev), - trace_loop(save_event(return_from, Pid, {M,F,Arity,Ret}, TS, L)); {get_trace_list, From} -> From ! {trace_list, L}, - trace_loop(L) - - ; Other -> io:format('~p got ~p~n',[self(),Other]), trace_loop(L) + trace_loop(L); + Ev -> + trace_loop([Ev|L]) end. - -%%cond_pal(Ev) -> ct:pal("~p",[Ev]). -cond_pal(Ev) -> ok. - - -save_event(_Type, _Pid, MFA, TimeStamp, L) -> - try - event_name(MFA) - of - {Tag, 'TS'} -> [{Tag,TimeStamp} | L]; - Val -> [Val | L] - catch - _:_ -> L - end. - -event_name({ssh_acceptor,handle_connection,_}) -> {tcp_accept, 'TS'}; -event_name({ssh_connection_handler,hello,[socket_control|_]}) -> {{send,hello}, 'TS'}; -event_name({ssh_connection_handler,hello,[{version_exchange,_}|_]}) -> {{recv,hello}, 'TS'}; -event_name({ssh_message,encode,[Msg]}) -> {{send,element(1,Msg)}, 'TS'}; -event_name({ssh_message,decode,1, - #ssh_msg_channel_request{request_type=ReqType}}) -> {{recv,{ssh_msg_channel_request,ReqType}}, 'TS'}; -event_name({ssh_message,decode,1,Return}) -> {{recv,element(1,Return)}, 'TS'}; -event_name({ssh_transport,select_algorithm,3,{ok,Algs}}) -> {algorithms,Algs}; -event_name({ssh_transport,encrypt,[S,Data]}) -> {{{encrypt,S#ssh.encrypt},start, {S#ssh.send_sequence,size(Data)}}, 'TS'}; -event_name({ssh_transport,encrypt,2,{S,Ret}}) -> {{{encrypt,S#ssh.encrypt},stop, {S#ssh.send_sequence,size(Ret) }}, 'TS'}; -event_name({ssh_transport,decrypt,[S,Data]}) -> {{{decrypt,S#ssh.decrypt},start, {S#ssh.recv_sequence,size(Data)}}, 'TS'}; -event_name({ssh_transport,decrypt,2,{S,Ret}}) -> {{{decrypt,S#ssh.decrypt},stop, {S#ssh.recv_sequence,size(Ret) }}, 'TS'}. +pair_events(L) -> + pair_events(L, []). + +pair_events([{trace_ts,Pid,call,{M,F,Args},TS0} | L], Acc) -> + Arity = length(Args), + {ReturnValue,TS1} = find_return(Pid, {M,F,Arity}, L), + pair_events(L, [#call{mfa = {M,F,Arity}, + pid = Pid, + t_call = TS0, + t_return = TS1, + args = Args, + result = ReturnValue} | Acc]); +pair_events([_|L], Acc) -> + pair_events(L, Acc); +pair_events([], Acc) -> + lists:reverse(Acc). + + +find_return(Pid, MFA, + [{trace_ts, Pid, return_from, MFA, ReturnValue, TS}|_]) -> + {ReturnValue, TS}; +find_return(Pid, MFA, [_|L]) -> + find_return(Pid, MFA, L); +find_return(_, _, []) -> + {undefined, undefined}. +%%%---------------------------------------------------------------- now2sec({A,B,C}) -> A*1000000 + B + C/1000000. now2micro_sec({A,B,C}) -> (A*1000000 + B)*1000000 + C. now_diff({A1,B1,C1}, {A0,B0,C0}) -> {A1-A0, B1-B0, C1-C0}. - + -- cgit v1.2.3 From 2900f5787d81a5ad9f2f8ebcf0d51c7fe87eeb2c Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 15 Dec 2015 21:52:20 +0100 Subject: New structure of the report --- lib/ssh/test/ssh_benchmark_SUITE.erl | 47 +++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 20 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl index fe22aa9f20..0a11654116 100644 --- a/lib/ssh/test/ssh_benchmark_SUITE.erl +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -125,18 +125,25 @@ openssh_client_shell(Config) -> Algs = find_algs(List), ct:pal("Algorithms = ~p~n~nTimes = ~p",[Algs,Times]), lists:foreach( - fun({Tag0,Value,Unit}) -> - Tag = case Tag0 of - {A,B} -> lists:concat([A," ",B]); - _ when is_list(Tag0) -> lists:concat(Tag0); - _ when is_atom(Tag0) -> Tag0 - end, - DataName = - ["Erl server ",Tag,sp(algo(Tag,Algs))," [",Unit,"]"], - EventData = [{value, Value}, + fun({Tag,Value,Unit}) -> + EventData = + case Tag of + {A,B} when A==encrypt ; A==decrypt -> + [{value, Value}, {suite, ?MODULE}, - {name, lists:concat(DataName)} - ], + {name, mk_name(["Cipher ",A," ",B," [",Unit,"]"])} + ]; + kex -> + [{value, Value}, + {suite, ?MODULE}, + {name, mk_name(["Erl server kex ",Algs#alg.kex," [",Unit,"]"])} + ]; + _ when is_atom(Tag) -> + [{value, Value}, + {suite, ?MODULE}, + {name, mk_name(["Erl server ",Tag," [",Unit,"]"])} + ] + end, ct:pal("ct_event:notify ~p",[EventData]), ct_event:notify(#event{name = benchmark_data, data = EventData}) @@ -150,13 +157,13 @@ openssh_client_shell(Config) -> end. -algo(kex, #alg{kex=Alg} ) -> Alg; -algo(_, _) -> "". - -sp("") -> ""; -sp(A) -> lists:concat([" ",A]). - %%%================================================================ +mk_name(Name) -> [char(C) || C <- lists:concat(Name)]. + +char($-) -> $_; +char(C) -> C. + +%%%---------------------------------------------------------------- find_times(L) -> Xs = [accept_to_hello, kex, kex_to_auth, auth, to_prompt], [find_time(X,L) || X <- Xs] ++ @@ -239,8 +246,8 @@ find_algs(L) -> %%%---------------- crypto_algs_times_sizes(EncDecs, L) -> Raw = [{_Algorithm = case EncDec of - encrypt -> [encrypt," ",S#ssh.encrypt]; - decrypt -> [decrypt," ",S#ssh.decrypt] + encrypt -> {encrypt,S#ssh.encrypt}; + decrypt -> {decrypt,S#ssh.decrypt} end, size(Data), now2micro_sec(now_diff(T1, T0)) @@ -252,7 +259,7 @@ crypto_algs_times_sizes(EncDecs, L) -> t_return = T1} <- L, ED == EncDec ], - [{Alg, round(1024*Time/Size), "microsec/kbyte"} % Microseconds per 1k bytes. + [{Alg, round(1024*Time/Size), "microsec per kbyte"} % Microseconds per 1k bytes. || {Alg,Size,Time} <- lists:foldl(fun increment/2, [], Raw)]. increment({Alg,Sz,T}, [{Alg,SumSz,SumT}|Acc]) -> -- cgit v1.2.3 From 74faca0ac7e9e4f1d44ec43749aafe125d8a6371 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 16 Dec 2015 15:06:26 +0100 Subject: ssh: benchmark all common kex and cipher algorithms --- lib/ssh/test/ssh_benchmark_SUITE.erl | 81 ++++++++++++++++++++++++++++++++++-- lib/ssh/test/ssh_test_lib.erl | 35 +++++++++++++++- 2 files changed, 111 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl index 0a11654116..2add99de97 100644 --- a/lib/ssh/test/ssh_benchmark_SUITE.erl +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -47,6 +47,7 @@ init_per_suite(Config) -> catch crypto:stop(), try ok = crypto:start(), + report_client_algorithms(), ok = ssh:start(), {ok,TracerPid} = erlang_trace(), [{tracer_pid,TracerPid} | Config] @@ -95,6 +96,34 @@ end_per_testcase(_Func, _Conf) -> %%%================================================================ openssh_client_shell(Config) -> + CommonAlgs = ssh_test_lib:intersect_bi_dir( + ssh_test_lib:intersection(ssh:default_algorithms(), + ssh_test_lib:default_algorithms(sshc))), + KexVariants = + [ [{kex,[Kex]}] + || Kex <- proplists:get_value(kex, CommonAlgs)], + CipherVariants = + [ [{cipher,[{client2server,[Cipher]}, + {server2client,[Cipher]}]}] + || Cipher <- proplists:get_value(cipher, CommonAlgs)], + + + lists:foreach( + fun(PrefAlgs=[{kex,[Kex]}]) when Kex == 'diffie-hellman-group-exchange-sha256' -> + lists:foreach( + fun(Grp) -> + openssh_client_shell(Config, + [{preferred_algorithms, PrefAlgs}, + {dh_gex_groups, [Grp]} + ]) + end, moduli()); + (PrefAlgs) -> + openssh_client_shell(Config, + [{preferred_algorithms, PrefAlgs}]) + end, KexVariants ++ CipherVariants). + + +openssh_client_shell(Config, Options) -> SystemDir = ?config(data_dir, Config), UserDir = ?config(priv_dir, Config), KnownHosts = filename:join(UserDir, "known_hosts"), @@ -103,7 +132,8 @@ openssh_client_shell(Config) -> {ServerPid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {public_key_alg, ssh_dsa}, - {failfun, fun ssh_test_lib:failfun/2}]), + {failfun, fun ssh_test_lib:failfun/2} | + Options]), ct:sleep(500), Data = lists:duplicate(100000, $a), @@ -134,9 +164,10 @@ openssh_client_shell(Config) -> {name, mk_name(["Cipher ",A," ",B," [",Unit,"]"])} ]; kex -> + KexAlgStr = fmt_alg(Algs#alg.kex, List), [{value, Value}, {suite, ?MODULE}, - {name, mk_name(["Erl server kex ",Algs#alg.kex," [",Unit,"]"])} + {name, mk_name(["Erl server kex ",KexAlgStr," [",Unit,"]"])} ]; _ when is_atom(Tag) -> [{value, Value}, @@ -158,6 +189,20 @@ openssh_client_shell(Config) -> %%%================================================================ +fmt_alg(Alg, List) when is_atom(Alg) -> + fmt_alg(atom_to_list(Alg), List); +fmt_alg(Alg = "diffie-hellman-group-exchange-sha" ++ _, List) -> + try + integer_to_list(find_gex_size_string(List)) + of + GexSize -> lists:concat([Alg," ",GexSize]) + catch + _:_ -> Alg + end; +fmt_alg(Alg, List) -> + Alg. + +%%%---------------------------------------------------------------- mk_name(Name) -> [char(C) || C <- lists:concat(Name)]. char($-) -> $_; @@ -239,10 +284,16 @@ find([], _, Acc) -> find_algs(L) -> - {value,#call{result={ok,Algs}}} = + {value, #call{result={ok,Algs}}} = lists:keysearch({ssh_transport,select_algorithm,3}, #call.mfa, L), Algs. +find_gex_size_string(L) -> + %% server + {value, #call{result={ok,{Size, _}}}} = + lists:keysearch({public_key,dh_gex_group,4}, #call.mfa, L), + Size. + %%%---------------- crypto_algs_times_sizes(EncDecs, L) -> Raw = [{_Algorithm = case EncDec of @@ -290,7 +341,8 @@ erlang_trace() -> {ssh_message,decode,1}, {ssh_transport,select_algorithm,3}, {ssh_transport,encrypt,2}, - {ssh_transport,decrypt,2} + {ssh_transport,decrypt,2}, + {public_key,dh_gex_group,4} % To find dh_gex group size ]], {ok, TracerPid}. @@ -345,9 +397,30 @@ find_return(_, _, []) -> {undefined, undefined}. %%%---------------------------------------------------------------- +report_client_algorithms() -> + try + ssh_test_lib:extract_algos( ssh_test_lib:default_algorithms(sshc) ) + of + ClientAlgs -> + ct:pal("The client supports:~n~p",[ClientAlgs]) + catch + Cls:Err -> + ct:pal("Testing client about algorithms failed:~n~p ~p",[Cls,Err]) + end. + +%%%---------------------------------------------------------------- + + now2sec({A,B,C}) -> A*1000000 + B + C/1000000. now2micro_sec({A,B,C}) -> (A*1000000 + B)*1000000 + C. now_diff({A1,B1,C1}, {A0,B0,C0}) -> {A1-A0, B1-B0, C1-C0}. +%%%================================================================ +moduli() -> + [{1023, 5, 16#CF973CD39DC7D62F2C45AAC5180491104C76E0FE5D80A10E6C06AE442F1F373167B0FCBC931F3C157B10A5557008FDE20D68051E6A4DB11CEE0B0749F76D7134B937A59DA998C42BC234A5C1A3CFCD70E624D253D7694076F7B1FD7B8D3427849C9377B3555796ACA58C69DFF542EEEC9859D3ADCE5CC88DF6F7817C9D182EB7}, + {2047, 5, 16#F7693FC11FDDEAA493D3BA36F1FFF9264AA9952209203192A88A697BE9D0E306E306A27430BD87AB9EE9DB4BC78C41950C2EB0E5E4C686E8B1BA6D6A2B1FE91EF40C5EA32C51018323E1D305FE637F35ACABDBFC40AD683F779570A76869EB90015A342B2D1F7C81602688081FCAAA8D623090258D9C5C729C8CDDC0C12CA2D561DD987DB79B6AD7A2A509EBC383BF223FD95BC5A2FCC26FB3F3A0DD3FDC1228E338D3290235A596F9465F7BF490974847E616229A9E60B8F4AA161C52F655843CCCAE8821B40C426B535DE087964778652BBD4EC601C0456AE7128B593FCC64402C891227AE6EE88CC839416FBF462B4852999C646BE0BED7D8CF2BE5E381EF}, + {4095, 2, 16#C8842271626E53546E0C712FA265713F2EE073C20A0723C96B6B182B1EAACC96233D4A199BD0E85F264078A513AD2454F284B8DF543D85019D1E70F2FF54BA43EFBC64AF465C170C3E376F5EC328F98E33E1ED8BED84FA097ABE584152B0E9827ED5CC2B1D4F5ECF2DC46F45C59816D02698EA26F319311E2B6973E83C37021CC8B416AEF653896A1764EE0CEE718A45E8B47CB960BD5907D0E843E8A8E7D4698363C3C3FB3ADC512368B72CAF16510C69052EA2AF51BE00BC8CA04DF1F00A00CC2CA4D74254A1E8738460FD244DDB446CB36554B0A24EEF3710E44DBCF39881E7D3F9AE223388084E7A49A3CB12612AE36416C0EB5628DF1477FEE4A5CF77CDC09AA0E2C989C0B7D1310AFA44B81DA79A65226C7EA510057991EABF9388DC5EA9F52FEA5D3B0872843F50878740794E523E9DC60E0EA1FC8746A7B2AA31FCA89AAA2FA907BED116C69D98F912DD5089BECF28577064225DE96FC214ED1794E7CCE8024F94036D915A123A464C951DA96A5ED7F286F205BEE71BDE2D133FD1891B31178FF25D31611A5B7839F0E68EAF0F8901A571E6917C580F31842A9F19C47E0638483B7947DDCD7864660AC2F8B2C430F1E7FC0F22FA51F96F0499332C5AD3FF9DC7F4332DD5BCCA820CC779B90C0F4C5F0CA52E96FAA187361753FBADC5C80D0492CD80A3EEA5D578772DA9FC1C0E10A0203098AF36D0ED2156BA7321EB}, + {6143, 5, 16#FD9E6B52785CD7BE64D396A599DA4B97CD0BB49183F932A97694D80CA553354DBC26E77B8A0EC002257AADDF6AD27819CE64A06416E4A80B6EA92F28EA8D5B96C774109EEE5816B4B18F84368D1B41864C11AA73D6881675D779B174F6B4E344303F3EFD11BD7DE468467242372FD00908F296F5A2B20E2684F9122D08A46D647B05E298F0BCDAB60468349CCA6DA1B9FEBBC69D256FB9A3F1980F68466364FCEF1C98C1405191A6737A3627BA7F7313A8A18FC0B8521BF3430B1C6805CB44BCEB39904DD30130D24B225B598ED83C5FD757B80189FD9D5C2F9596687C40BAB1C6ED6244944629849D074A4C33FB15DDB3F9760FC59C44BEBB0EC032177147F61789769DAAAE2123CE488F7ECF19BDA051925BA9ED11EAA72DF70C9ECC8F714B4C35728E6679E66A1B56CCAE0FBBD3F9EBF950D4D623ED78E77CC3AD604E91F304EA78CE876F036214BD6F1977BD04C9ADD707D7A3BCCE87AD5D5A11C95E7025B0EA9C649DCB37942A3970A4FB04C284E4DDB4DC90163353B98B1C254FFD28443353F17A87C02E0BDB9F05424CC44C86309F1D73706F039CDAAC3EDC1A64F38FB42707D351DB5360C2680ADC1CC8D1C4AD312ACC904382C26BE33DA0E61429A5940820356ED28586BEB629ED1521D12D25B4DA01926295F3DA504DC9F431B719AC63277BE675E6F6DD4F7499CA11A23744577D653941963E8DAB610F7F226DB52CE5C683F72AEED2B6CE35ED07C29410397A6F7F606477CCC0EDE18CD0D96A7863BC4606193A8799B5AC1EEE6AC5EE36AC3077EC8DAB30EE94434B45B78BC13D96F74D6C4056EAA528CD3C68D308344808819B12F2BFB95A5C1A7DEEE188BF139216DDB7D757D7A50D3C46CE18881D776D617DCFFAA62276045373AA4D9446D7570338F99C0CA8A08851B4F9D388B4C275D3F9B7BA25F235D4329F63F7457C2EB5C68CE2A96D19766F0ED8E19F66DF3C5E29A38795B2F92291BB6EAB6F70A7E89DC9691F28486E9CF87FF11D5DF2E6B030A30B5D476AD59A34EE7262712ED96CEF4A5CAC3F08B3563D44683F746DA094C9CDB34427AF8D8CC2AE1B23C3BEB637}, + {8191, 2, 16#DC61EF13E4F3FC10CC946EEABC33F83EFCB35E0F47E4EC25C1CCBB2C7B502B2EFB0691AA231C8476DD51BA73204E6EA10B1A970FE2CF14AF01E72E1AEA87519A91D00D1499189F94A6CDA9E29C05F11F17FE74A4919A710A2787E180744465DF81C62AA65662FDA46FA6175E8A31E5B29E66DED6701C8FC4217E91D733FE94380F046680967D4CEA7BAC8F3916CDF96AA2C474FAD9650F48403FD0B5B756D34667D36A07767FA33027AE55484D0F701C3CA16632F413A14E4B8645AFAF15B78978C19A7661EDC569BEC72394B1204B166A48FCD5F56BE29840C7794CA6D3440356F15858CDCA9B429C7EA92E17242893FDC8C9C63841A382C32F20CFAB121B4BCAFD7BF9EF07FBF7CDFFECA0CEF3A49C3E2B24FA836F3318435255655E1B281071F62D5E4CD63361299B7828F72936E3FEA9E8044562A6F6ADD5321187C3101E4669C6271598FE1A866C93FE2870A4CEB9254BA32A4719E439317EA42200A335B5CFFA7946A7D0F1BD1A69AA11288B73C71C80B77FE3707CB077DDDEA5CA36A449FAB230C9625A0B12F8275D3FF82F5DA380E7A3F11B6F155FE7E91AC960BD95D9B13F7423AB9B15CC3C4DC34EF296033F009468EA16A721AD659F56C18516025050749ABF05E6D3EBD9778142A530979291F46DAA399A86B7BCDF09CC3E6EEF101419762A306DB45AEFC96C64E83F28338D55905F6A387E0F515E580C3A9B35330E21C32198CDEE3AFB355967A098F635FCA7C49CB4E1E82464B2B390EF1F259E40B9A06235C0273F76284FE6BD534EF3AF7CB01A4A5252B8B94CADC2850B2E56D53F9A31D7C029DF967D0A30C05BC64E119BED6076818FABC8CDD93F3255693E14EFC1A740A5D63A5E847FFE87BAB1DDE0506E1762EA61EFA9F9756151ECCCADD91B98A961A901A2D8B01ABDDD29EC804E8C8D28214BBA26048F924CA66316696E51A49D02FF034D20E44914B1115339CAD3819E0CB1640F0084886FEDDE5E28C29DC48ED30A8C3D789734338F5A9DF42584326E536FD1CF30BC85B8DCBD6120D127C98FE4B3614074F13C2CA4854E6D794156C185C40EB3DA7619CE96ADAF0941BD5499848B034C2B11DFECC0BDFA81C594241F759EF53FC7CDE7F2DE4F23CF81A5A0B7D62E31DABB9198D40307F7824DD130B7D1B80E9B6D322FEEDB5ACE34944F0BFB7D016762A9B2E173BFDD69303766AFBAB45FAB75D05430B4A3515858C4B7F04E23414E4AD03842CB0A20D8FF4B59B7C852BA9A5BE982A8ADA5CB70C36CE2A4D2C31A7015C9F3275E43D192C1B2924424088907A057DA7F2D32A2149922AB2E33F2147D637A3508911CB3FEA5E1AAB4525BACF27B6DD7A3E0AFA978FC3A39DE8882FB22688C3CCC92B6E69ACB0BBF575AB3368E51A2F6A20C414C6F146727CC0045F29061E695D29F7C030CE6929EB3AD11A5CBD0CDEE37347869A3}]. diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index ed76f4f795..2db55b97b4 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -541,7 +541,6 @@ default_algorithms(sshc, DaemonOptions) -> ct:fail("No server respons 2") end. - run_fake_ssh({ok,InitialState}) -> KexInitPattern = #ssh_msg_kexinit{ @@ -583,6 +582,40 @@ run_fake_ssh({ok,InitialState}) -> {server2client, to_atoms(CompS2C)}]}]. +%%%---------------------------------------------------------------- +extract_algos(Spec) -> + [{Tag,get_atoms(List)} || {Tag,List} <- Spec]. + +get_atoms(L) -> + lists:usort( + [ A || X <- L, + A <- case X of + {_,L1} when is_list(L1) -> L1; + Y when is_atom(Y) -> [Y] + end]). + + +intersection(AlgoSpec1, AlgoSpec2) -> intersect(sort_spec(AlgoSpec1), sort_spec(AlgoSpec2)). + +intersect([{Tag,S1}|Ss1], [{Tag,S2}|Ss2]) -> + [{Tag,intersect(S1,S2)} | intersect(Ss1,Ss2)]; +intersect(L1=[A1|_], L2=[A2|_]) when is_atom(A1),is_atom(A2) -> + Diff = L1 -- L2, + L1 -- Diff; +intersect(_, _) -> + []. + +intersect_bi_dir([{Tag,[{client2server,L1},{server2client,L2}]}|T]) -> + [{Tag,intersect(L1,L2)} | intersect_bi_dir(T)]; +intersect_bi_dir([H={_,[A|_]}|T]) when is_atom(A) -> + [H | intersect_bi_dir(T)]; +intersect_bi_dir([]) -> + []. + + +sort_spec(L = [{_,_}|_] ) -> [{Tag,sort_spec(Es)} || {Tag,Es} <- L]; +sort_spec(L) -> lists:usort(L). + %%-------------------------------------------------------------------- sshc(Tag) -> to_atoms( -- cgit v1.2.3 From 0f41fa2ed0f9ac4fea2756fd29361f5e160bd3dc Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 22 Dec 2015 09:14:21 +0100 Subject: ssh: fix error (wrong suite) in test/ssh.spec --- lib/ssh/test/ssh.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh.spec b/lib/ssh/test/ssh.spec index a3296d97a1..271a5ecbaf 100644 --- a/lib/ssh/test/ssh.spec +++ b/lib/ssh/test/ssh.spec @@ -1,6 +1,6 @@ {suites,"../ssh_test",all}. {skip_cases, "../ssh_test", - ssl_benchmark_SUITE, [openssh_shell,erl_shell], + ssh_benchmark_SUITE, [openssh_shell,erl_shell], "Benchmarks run separately"}. {skip_cases,"../ssh_test",ssh_ssh_SUITE, [ssh], -- cgit v1.2.3 From 537ba0cfc4cb9640f912d382a4c7730736696376 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 22 Dec 2015 10:00:10 +0100 Subject: ssh: clean test specs --- lib/ssh/test/ssh.spec | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh.spec b/lib/ssh/test/ssh.spec index 271a5ecbaf..0076fc275e 100644 --- a/lib/ssh/test/ssh.spec +++ b/lib/ssh/test/ssh.spec @@ -1,10 +1,6 @@ {suites,"../ssh_test",all}. -{skip_cases, "../ssh_test", - ssh_benchmark_SUITE, [openssh_shell,erl_shell], - "Benchmarks run separately"}. -{skip_cases,"../ssh_test",ssh_ssh_SUITE, - [ssh], - "Current implementation is timingdependent and\nhence will succeed/fail on a whim"}. -{skip_cases,"../ssh_test",ssh_ssh_SUITE, - [ssh_compressed], - "Current implementation is timingdependent hence will succeed/fail on a whim"}. + +{skip_suites, "../ssh_test", [ssh_benchmark_SUITE], + "Benchmarks run separately"}. + + -- cgit v1.2.3 From 04a9f3d11d15035c583dbf3ff3009f186611faac Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 8 Jan 2016 13:00:26 +0100 Subject: ssh: testcase for abnormal keyboard-interactive authentication --- lib/ssh/test/ssh_protocol_SUITE.erl | 81 ++++++++++++++++++++++++++++++++++++- 1 file changed, 80 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 5af60adfae..98a196d705 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -48,6 +48,7 @@ all() -> [{group,tool_tests}, {group,kex}, {group,service_requests}, + {group,authentication}, {group,packet_size_error}, {group,field_size_error} ]. @@ -78,7 +79,9 @@ groups() -> bad_very_long_service_name, empty_service_name, bad_service_name_then_correct - ]} + ]}, + {authentication, [], [client_handles_keyboard_interactive_0_pwds + ]} ]. @@ -516,6 +519,82 @@ bad_service_name_length(Config, LengthExcess) -> receive_msg} ], InitialState). +%%%-------------------------------------------------------------------- +%%% This is due to a fault report (OTP-13255) with OpenSSH-6.6.1 +client_handles_keyboard_interactive_0_pwds(Config) -> + {User,_Pwd} = server_user_password(Config), + + %% Create a listening socket as server socket: + {ok,InitialState} = ssh_trpt_test_lib:exec(listen), + HostPort = ssh_trpt_test_lib:server_host_port(InitialState), + + %% Start a process handling one connection on the server side: + spawn_link( + fun() -> + {ok,_} = + ssh_trpt_test_lib:exec( + [{set_options, [print_ops, print_messages]}, + {accept, [{system_dir, system_dir(Config)}, + {user_dir, user_dir(Config)}]}, + receive_hello, + {send, hello}, + + {send, ssh_msg_kexinit}, + {match, #ssh_msg_kexinit{_='_'}, receive_msg}, + + {match, #ssh_msg_kexdh_init{_='_'}, receive_msg}, + {send, ssh_msg_kexdh_reply}, + + {send, #ssh_msg_newkeys{}}, + {match, #ssh_msg_newkeys{_='_'}, receive_msg}, + + {match, #ssh_msg_service_request{name="ssh-userauth"}, receive_msg}, + {send, #ssh_msg_service_accept{name="ssh-userauth"}}, + + {match, #ssh_msg_userauth_request{service="ssh-connection", + method="none", + user=User, + _='_'}, receive_msg}, + {send, #ssh_msg_userauth_failure{authentications = "keyboard-interactive", + partial_success = false}}, + + {match, #ssh_msg_userauth_request{service="ssh-connection", + method="keyboard-interactive", + user=User, + _='_'}, receive_msg}, + {send, #ssh_msg_userauth_info_request{name = "", + instruction = "", + language_tag = "", + num_prompts = 1, + data = <<0,0,0,10,80,97,115,115,119,111,114,100,58,32,0>> + }}, + {match, #ssh_msg_userauth_info_response{num_responses = 1, + _='_'}, receive_msg}, + + %% the next is strange, but openssh 6.6.1 does this and this is what this testcase is about + {send, #ssh_msg_userauth_info_request{name = "", + instruction = "", + language_tag = "", + num_prompts = 0, + data = <<>> + }}, + {match, #ssh_msg_userauth_info_response{num_responses = 0, + data = <<>>, + _='_'}, receive_msg}, + %% Here we know that the tested fault is fixed + {send, #ssh_msg_userauth_success{}}, + close_socket, + print_state + ], + InitialState) + end), + + %% and finally connect to it with a regular Erlang SSH client: + {ok,_} = std_connect(HostPort, Config, + [{preferred_algorithms,[{kex,['diffie-hellman-group1-sha1']}]}] + ). + + %%%================================================================ %%%==== Internal functions ======================================== %%%================================================================ -- cgit v1.2.3 From ed7d29ca3b6e8a165bdeb182799cbba5e204326f Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 7 Jan 2016 15:21:45 +0100 Subject: ssh: handle secondary ssh_msg_userauth_info_request message --- lib/ssh/src/ssh_auth.erl | 2 +- lib/ssh/src/ssh_connection_handler.erl | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index fdbb5c152a..b71bed033a 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -477,7 +477,7 @@ keyboard_interact_get_responses(_, undefined, Password, _, _, _, _, _, 1) when Password =/= undefined -> [Password]; %% Password auth implemented with keyboard-interaction and passwd is known keyboard_interact_get_responses(_, _, _, _, _, _, _, _, 0) -> - [""]; + []; keyboard_interact_get_responses(false, undefined, undefined, _, _, _, [Prompt|_], Opts, _) -> ssh_no_io:read_line(Prompt, Opts); %% Throws error as keyboard interaction is not allowed keyboard_interact_get_responses(true, undefined, _,IoCb, Name, Instr, PromptInfos, Opts, _) -> diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index f082db136c..ce1931e4f4 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -648,10 +648,12 @@ userauth_keyboard_interactive(Msg = #ssh_msg_userauth_failure{}, userauth_keyboard_interactive_info_response(Msg=#ssh_msg_userauth_failure{}, #state{ssh_params = #ssh{role = client}} = State) -> userauth(Msg, State); - userauth_keyboard_interactive_info_response(Msg=#ssh_msg_userauth_success{}, #state{ssh_params = #ssh{role = client}} = State) -> - userauth(Msg, State). + userauth(Msg, State); +userauth_keyboard_interactive_info_response(Msg=#ssh_msg_userauth_info_request{}, + #state{ssh_params = #ssh{role = client}} = State) -> + userauth_keyboard_interactive(Msg, State). %%-------------------------------------------------------------------- -spec connected({#ssh_msg_kexinit{}, binary()}, %%| %% #ssh_msg_kexdh_init{}, -- cgit v1.2.3 From 9394c572a28d08f3c564d6f388152c9c41968565 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 8 Jan 2016 10:42:45 +0100 Subject: ssh: update vsn.mk to 4.2.1 --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 25b19133b1..55d12abffe 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 4.2 +SSH_VSN = 4.2.1 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 9498322e15bf1cc049996813f3422462fd402502 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Fri, 8 Jan 2016 13:09:36 +0100 Subject: Update release notes --- lib/ssh/doc/src/notes.xml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 8fb689fdd5..75e1615c09 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,24 @@ notes.xml
+
Ssh 4.2.1 + +
Fixed Bugs and Malfunctions + + +

+ The authentication method 'keyboard-interactive' failed + in the Erlang client when the server after successful + authentication continued by asking for zero more + passwords.

+

+ Own Id: OTP-13225

+ + +
+ +
+
Ssh 4.2
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 2f0941478ed566949eae5d09b4cb16edcbaaec63 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 22 Dec 2015 13:24:24 +0100 Subject: ssh: added sftp server benchmark --- lib/ssh/test/ssh_benchmark_SUITE.erl | 144 +++++++++++++++++++++++++++++------ 1 file changed, 122 insertions(+), 22 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl index 2add99de97..24927805e4 100644 --- a/lib/ssh/test/ssh_benchmark_SUITE.erl +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -37,8 +37,8 @@ all() -> [{group, opensshc_erld} ]. groups() -> - [{opensshc_erld, [{repeat, 3}], [openssh_client_shell]}, - {erlc_opensshd, [{repeat, 3}], [erl_shell]} + [{opensshc_erld, [{repeat, 3}], [openssh_client_shell, + openssh_client_sftp]} ]. @@ -50,7 +50,7 @@ init_per_suite(Config) -> report_client_algorithms(), ok = ssh:start(), {ok,TracerPid} = erlang_trace(), - [{tracer_pid,TracerPid} | Config] + [{tracer_pid,TracerPid} | init_sftp_dirs(Config)] catch C:E -> {skip, io_lib:format("Couldn't start ~p:~p",[C,E])} @@ -71,8 +71,12 @@ init_per_group(opensshc_erld, Config) -> ssh_test_lib:setup_dsa(DataDir, UserDir), ssh_test_lib:setup_rsa(DataDir, UserDir), ssh_test_lib:setup_ecdsa("256", DataDir, UserDir), + Common = ssh_test_lib:intersect_bi_dir( + ssh_test_lib:intersection(ssh:default_algorithms(), + ssh_test_lib:default_algorithms(sshc))), [{c_kexs, ssh_test_lib:sshc(kex)}, - {c_ciphers, ssh_test_lib:sshc(cipher)} + {c_ciphers, ssh_test_lib:sshc(cipher)}, + {common_algs, Common} | Config]; _ -> {skip, "No OpenSsh client found"} @@ -94,20 +98,21 @@ init_per_testcase(_Func, Conf) -> end_per_testcase(_Func, _Conf) -> ok. + +init_sftp_dirs(Config) -> + UserDir = ?config(priv_dir, Config), + SrcDir = filename:join(UserDir, "sftp_src"), + ok = file:make_dir(SrcDir), + SrcFile = "big_data", + DstDir = filename:join(UserDir, "sftp_dst"), + ok = file:make_dir(DstDir), + N = 100 * 1024*1024, + ok = file:write_file(filename:join(SrcDir,SrcFile), crypto:rand_bytes(N)), + [{sftp_src_dir,SrcDir}, {sftp_dst_dir,DstDir}, {src_file,SrcFile}, {sftp_size,N} + | Config]. + %%%================================================================ openssh_client_shell(Config) -> - CommonAlgs = ssh_test_lib:intersect_bi_dir( - ssh_test_lib:intersection(ssh:default_algorithms(), - ssh_test_lib:default_algorithms(sshc))), - KexVariants = - [ [{kex,[Kex]}] - || Kex <- proplists:get_value(kex, CommonAlgs)], - CipherVariants = - [ [{cipher,[{client2server,[Cipher]}, - {server2client,[Cipher]}]}] - || Cipher <- proplists:get_value(cipher, CommonAlgs)], - - lists:foreach( fun(PrefAlgs=[{kex,[Kex]}]) when Kex == 'diffie-hellman-group-exchange-sha256' -> lists:foreach( @@ -120,7 +125,8 @@ openssh_client_shell(Config) -> (PrefAlgs) -> openssh_client_shell(Config, [{preferred_algorithms, PrefAlgs}]) - end, KexVariants ++ CipherVariants). + end, variants(kex,Config) ++ variants(cipher,Config) + ). openssh_client_shell(Config, Options) -> @@ -151,7 +157,7 @@ openssh_client_shell(Config, Options) -> {SlavePid, _ClientResponse} -> %% ct:pal("ClientResponse = ~p",[_ClientResponse]), {ok, List} = get_trace_list(TracerPid), - Times = find_times(List), + Times = find_times(List, [accept_to_hello, kex, kex_to_auth, auth, to_prompt]), Algs = find_algs(List), ct:pal("Algorithms = ~p~n~nTimes = ~p",[Algs,Times]), lists:foreach( @@ -189,6 +195,95 @@ openssh_client_shell(Config, Options) -> %%%================================================================ +openssh_client_sftp(Config) -> + lists:foreach( + fun(PrefAlgs) -> + openssh_client_sftp(Config, [{preferred_algorithms,PrefAlgs}]) + end, variants(cipher,Config)). + + +openssh_client_sftp(Config, Options) -> + SystemDir = ?config(data_dir, Config), + UserDir = ?config(priv_dir, Config), + SftpSrcDir = ?config(sftp_src_dir, Config), + SrcFile = ?config(src_file, Config), + SrcSize = ?config(sftp_size, Config), + KnownHosts = filename:join(UserDir, "known_hosts"), + + {ok, TracerPid} = erlang_trace(), + {ServerPid, _Host, Port} = + ssh_test_lib:daemon([{system_dir, SystemDir}, + {public_key_alg, ssh_dsa}, + {subsystems,[ssh_sftpd:subsystem_spec([%{cwd, SftpSrcDir}, + {root, SftpSrcDir}])]}, + {failfun, fun ssh_test_lib:failfun/2} + | Options]), + ct:sleep(500), + Cmd = lists:concat(["sftp", + " -b -", + " -P ",Port, + " -o UserKnownHostsFile=", KnownHosts, + " -o \"StrictHostKeyChecking no\"", + " localhost:",SrcFile + ]), +%% ct:pal("Cmd = ~p",[Cmd]), + + Parent = self(), + SlavePid = spawn(fun() -> + Parent ! {self(),os:cmd(Cmd)} + end), + receive + {SlavePid, _ClientResponse} -> + ct:pal("ClientResponse = ~p",[_ClientResponse]), + {ok, List} = get_trace_list(TracerPid), +%%ct:pal("List=~p",[List]), + Times = find_times(List, [channel_open_close]), + Algs = find_algs(List), + ct:pal("Algorithms = ~p~n~nTimes = ~p",[Algs,Times]), + lists:foreach( + fun({{A,B},Value,Unit}) when A==encrypt ; A==decrypt -> + Data = [{value, Value}, + {suite, ?MODULE}, + {name, mk_name(["Sftp Cipher ",A," ",B," [",Unit,"]"])} + ], + ct:pal("sftp ct_event:notify ~p",[Data]), + ct_event:notify(#event{name = benchmark_data, + data = Data}); + ({channel_open_close,Value,Unit}) -> + Data = [{value, round( (1024*Value) / SrcSize )}, + {suite, ?MODULE}, + {name, mk_name(["Sftp transfer [",Unit," per kbyte]"])} + ], + ct:pal("sftp ct_event:notify ~p",[Data]), + ct_event:notify(#event{name = benchmark_data, + data = Data}); + (_) -> + skip + end, Times), + ssh:stop_daemon(ServerPid), + ok + after 10000 -> + ssh:stop_daemon(ServerPid), + exit(SlavePid, kill), + {fail, timeout} + end. + +%%%================================================================ +variants(Tag, Config) -> + TagType = + case proplists:get_value(Tag, ssh:default_algorithms()) of + [{_,_}|_] -> one_way; + [A|_] when is_atom(A) -> two_way + end, + [ [{Tag,tag_value(TagType,Alg)}] + || Alg <- proplists:get_value(Tag, ?config(common_algs,Config)) + ]. + +tag_value(two_way, Alg) -> [Alg]; +tag_value(one_way, Alg) -> [{client2server,[Alg]}, + {server2client,[Alg]}]. + +%%%---------------------------------------------------------------- fmt_alg(Alg, List) when is_atom(Alg) -> fmt_alg(atom_to_list(Alg), List); fmt_alg(Alg = "diffie-hellman-group-exchange-sha" ++ _, List) -> @@ -199,7 +294,7 @@ fmt_alg(Alg = "diffie-hellman-group-exchange-sha" ++ _, List) -> catch _:_ -> Alg end; -fmt_alg(Alg, List) -> +fmt_alg(Alg, _List) -> Alg. %%%---------------------------------------------------------------- @@ -209,8 +304,7 @@ char($-) -> $_; char(C) -> C. %%%---------------------------------------------------------------- -find_times(L) -> - Xs = [accept_to_hello, kex, kex_to_auth, auth, to_prompt], +find_times(L, Xs) -> [find_time(X,L) || X <- Xs] ++ crypto_algs_times_sizes([encrypt,decrypt], L). @@ -268,7 +362,13 @@ find_time(to_prompt, L) -> end, ?recv(#ssh_msg_channel_request{request_type="env"}) ], L, []), - {to_prompt, now2micro_sec(now_diff(T1,T0)), microsec}. + {to_prompt, now2micro_sec(now_diff(T1,T0)), microsec}; +find_time(channel_open_close, L) -> + [T0,T1] = find([?recv(#ssh_msg_channel_request{request_type="subsystem"}), + ?send(#ssh_msg_channel_close{}) + ], L, []), + {channel_open_close, now2micro_sec(now_diff(T1,T0)), microsec}. + find([F|Fs], [C|Cs], Acc) when is_function(F,1) -> -- cgit v1.2.3 From 95f121ed04a632257cd0e429cb16ba9d9a7110bb Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 22 Dec 2015 15:10:00 +0100 Subject: ssh: added cipher name to transfer speed report --- lib/ssh/test/ssh_benchmark_SUITE.erl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl index 24927805e4..781230e728 100644 --- a/lib/ssh/test/ssh_benchmark_SUITE.erl +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -250,9 +250,10 @@ openssh_client_sftp(Config, Options) -> ct_event:notify(#event{name = benchmark_data, data = Data}); ({channel_open_close,Value,Unit}) -> + Cipher = fmt_alg(Algs#alg.encrypt, List), Data = [{value, round( (1024*Value) / SrcSize )}, {suite, ?MODULE}, - {name, mk_name(["Sftp transfer [",Unit," per kbyte]"])} + {name, mk_name(["Sftp transfer ",Cipher," [",Unit," per kbyte]"])} ], ct:pal("sftp ct_event:notify ~p",[Data]), ct_event:notify(#event{name = benchmark_data, -- cgit v1.2.3 From 02c266f80b87e690203b764bd518e347386fae7e Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 4 Jan 2016 15:17:41 +0100 Subject: ssh: encode/decode benchmark suites --- lib/ssh/test/ssh_benchmark_SUITE.erl | 38 ++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 13 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl index 781230e728..e90bfa3d16 100644 --- a/lib/ssh/test/ssh_benchmark_SUITE.erl +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -307,7 +307,10 @@ char(C) -> C. %%%---------------------------------------------------------------- find_times(L, Xs) -> [find_time(X,L) || X <- Xs] ++ - crypto_algs_times_sizes([encrypt,decrypt], L). + function_algs_times_sizes([{ssh_transport,encrypt,2}, + {ssh_transport,decrypt,2}, + {ssh_message,decode,1}, + {ssh_message,encode,1}], L). -record(call, { mfa, @@ -396,24 +399,31 @@ find_gex_size_string(L) -> Size. %%%---------------- -crypto_algs_times_sizes(EncDecs, L) -> - Raw = [{_Algorithm = case EncDec of - encrypt -> {encrypt,S#ssh.encrypt}; - decrypt -> {decrypt,S#ssh.decrypt} - end, - size(Data), - now2micro_sec(now_diff(T1, T0)) - } +function_algs_times_sizes(EncDecs, L) -> + Raw = [begin + {Tag,Size} = function_ats_result(EncDec, C), + {Tag, Size, now2micro_sec(now_diff(T1,T0))} + end || EncDec <- EncDecs, - #call{mfa = {ssh_transport,ED,2}, - args = [S,Data], - t_call = T0, - t_return = T1} <- L, + C = #call{mfa = ED, + args = Args, %%[S,Data], + t_call = T0, + t_return = T1} <- L, ED == EncDec ], [{Alg, round(1024*Time/Size), "microsec per kbyte"} % Microseconds per 1k bytes. || {Alg,Size,Time} <- lists:foldl(fun increment/2, [], Raw)]. +function_ats_result({ssh_transport,encrypt,2}, #call{args=[S,Data]}) -> + {{encrypt,S#ssh.encrypt}, size(Data)}; +function_ats_result({ssh_transport,decrypt,2}, #call{args=[S,Data]}) -> + {{decrypt,S#ssh.decrypt}, size(Data)}; +function_ats_result({ssh_message,encode,1}, #call{result=Data}) -> + {encode, size(Data)}; +function_ats_result({ssh_message,decode,1}, #call{args=[Data]}) -> + {decode, size(Data)}. + + increment({Alg,Sz,T}, [{Alg,SumSz,SumT}|Acc]) -> [{Alg,SumSz+Sz,SumT+T} | Acc]; increment(Spec, [X|Acc]) -> @@ -443,6 +453,8 @@ erlang_trace() -> {ssh_transport,select_algorithm,3}, {ssh_transport,encrypt,2}, {ssh_transport,decrypt,2}, + {ssh_message,encode,1}, + {ssh_message,decode,1}, {public_key,dh_gex_group,4} % To find dh_gex group size ]], {ok, TracerPid}. -- cgit v1.2.3 From b9b704f8b584994cbbb4975133d6032d5d0d294e Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 4 Jan 2016 15:21:51 +0100 Subject: ssh: Optimization - inline encoding in ssh_message:encode/1, now 8 times faster. Also fixes minor error in ssh_protocol_SUITE that the new encoder found. --- lib/ssh/src/ssh_bits.erl | 141 +++++------------------------- lib/ssh/src/ssh_message.erl | 169 ++++++++++++++++++++---------------- lib/ssh/src/ssh_transport.erl | 48 +++++----- lib/ssh/test/ssh_protocol_SUITE.erl | 2 +- 4 files changed, 135 insertions(+), 225 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_bits.erl b/lib/ssh/src/ssh_bits.erl index 4da3a6018b..101bf76cd3 100644 --- a/lib/ssh/src/ssh_bits.erl +++ b/lib/ssh/src/ssh_bits.erl @@ -26,52 +26,30 @@ -include("ssh.hrl"). --export([encode/2]). --export([mpint/1, string/1, name_list/1]). +-export([mpint/1, name_list/1]). -export([random/1]). --define(name_list(X), - (fun(B) -> ?binary(B) end)(list_to_binary(name_concat(X)))). - - -name_concat([Name]) when is_atom(Name) -> atom_to_list(Name); -name_concat([Name]) when is_list(Name) -> Name; -name_concat([Name|Ns]) -> - if is_atom(Name) -> - [atom_to_list(Name),"," | name_concat(Ns)]; - is_list(Name) -> - [Name,"," | name_concat(Ns)] - end; -name_concat([]) -> []. - - -name_list(Ns) -> - ?name_list(Ns). +%%%---------------------------------------------------------------- +name_list([Name]) -> to_bin(Name); +name_list([Name|Ns]) -> <<(to_bin(Name))/binary, ",", (name_list(Ns))/binary>>; +name_list([]) -> <<>>. + +to_bin(A) when is_atom(A) -> list_to_binary(atom_to_list(A)); +to_bin(S) when is_list(S) -> list_to_binary(S); +to_bin(B) when is_binary(B) -> B. + +%%%---------------------------------------------------------------- +%%% Multi Precision Integer encoding +mpint(-1) -> <<0,0,0,1,16#ff>>; +mpint(0) -> <<0,0,0,0>>; +mpint(X) when X < 0 -> mpint_neg(X,0,[]); +mpint(X) -> mpint_pos(X,0,[]). - -string(Str) -> - ?string(Str). - - -%% MP representaion (SSH2) -mpint(X) when X < 0 -> - if X == -1 -> - <<0,0,0,1,16#ff>>; - true -> - mpint_neg(X,0,[]) - end; -mpint(X) -> - if X == 0 -> - <<0,0,0,0>>; - true -> - mpint_pos(X,0,[]) - end. - mpint_neg(-1,I,Ds=[MSB|_]) -> if MSB band 16#80 =/= 16#80 -> <>; true -> - (<>) + <> end; mpint_neg(X,I,Ds) -> mpint_neg(X bsr 8,I+1,[(X band 255)|Ds]). @@ -80,96 +58,17 @@ mpint_pos(0,I,Ds=[MSB|_]) -> if MSB band 16#80 == 16#80 -> <>; true -> - (<>) + <> end; mpint_pos(X,I,Ds) -> mpint_pos(X bsr 8,I+1,[(X band 255)|Ds]). -encode(List, Types) -> - list_to_binary(enc(List, Types)). - -%% -%% Encode record element -%% -enc(Xs, Ts) -> - enc(Xs, Ts, 0). - -enc(Xs, [boolean|Ts], Offset) -> - X = hd(Xs), - [?boolean(X) | enc(tl(Xs), Ts, Offset+1)]; -enc(Xs, [byte|Ts], Offset) -> - X = hd(Xs), - [?byte(X) | enc(tl(Xs), Ts,Offset+1)]; -enc(Xs, [uint16|Ts], Offset) -> - X = hd(Xs), - [?uint16(X) | enc(tl(Xs), Ts,Offset+2)]; -enc(Xs, [uint32 |Ts], Offset) -> - X = hd(Xs), - [?uint32(X) | enc(tl(Xs), Ts,Offset+4)]; -enc(Xs, [uint64|Ts], Offset) -> - X = hd(Xs), - [?uint64(X) | enc(tl(Xs), Ts,Offset+8)]; -enc(Xs, [mpint|Ts], Offset) -> - Y = mpint(hd(Xs)), - [Y | enc(tl(Xs), Ts,Offset+size(Y))]; -enc(Xs, [string|Ts], Offset) -> - X0 = hd(Xs), - Y = ?string(X0), - [Y | enc(tl(Xs),Ts,Offset+size(Y))]; -enc(Xs, [string_utf8|Ts], Offset) -> - X0 = hd(Xs), - Y = ?string_utf8(X0), - [Y | enc(tl(Xs),Ts,Offset+size(Y))]; -enc(Xs, [binary|Ts], Offset) -> - X0 = hd(Xs), - Y = ?binary(X0), - [Y | enc(tl(Xs), Ts,Offset+size(Y))]; -enc(Xs, [name_list|Ts], Offset) -> - X0 = hd(Xs), - Y = ?name_list(X0), - [Y | enc(tl(Xs), Ts, Offset+size(Y))]; -enc(Xs, [cookie|Ts], Offset) -> - [random(16) | enc(tl(Xs), Ts, Offset+16)]; -enc(Xs, [{pad,N}|Ts], Offset) -> - K = (N - (Offset rem N)) rem N, - [fill_bits(K,0) | enc(Xs, Ts, Offset+K)]; -enc(Xs, ['...'| []], _Offset) -> - X = hd(Xs), - if is_binary(X) -> - [X]; - is_list(X) -> - [list_to_binary(X)]; - X==undefined -> - [] - end; -enc([], [],_) -> - []. - - -%% -%% Create a binary with constant bytes -%% -fill_bits(N,C) -> - list_to_binary(fill(N,C)). - -fill(0,_C) -> []; -fill(1,C) -> [C]; -fill(N,C) -> - Cs = fill(N div 2, C), - Cs1 = [Cs,Cs], - if N band 1 == 0 -> - Cs1; - true -> - [C,Cs,Cs] - end. - - +%%%---------------------------------------------------------------- %% random/1 %% Generate N random bytes %% -random(N) -> - crypto:strong_rand_bytes(N). +random(N) -> crypto:strong_rand_bytes(N). diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index b6c4496be2..a0e9a4961c 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -32,16 +32,44 @@ -export([encode/1, decode/1, decode_keyboard_interactive_prompts/2]). +-define('2bin'(X), (if is_binary(X) -> X; + is_list(X) -> list_to_binary(X); + X==undefined -> <<>> + end) ). + +-define('E...'(X), ?'2bin'(X)/binary ). +-define(Eboolean(X), ?BOOLEAN(case X of + true -> ?TRUE; + false -> ?FALSE + end) ). +-define(Ebyte(X), ?BYTE(X) ). +-define(Euint32(X), ?UINT32(X) ). +-define(Estring(X), ?STRING(?'2bin'(X)) ). +-define(Estring_utf8(X), ?string_utf8(X)/binary ). +-define(Ename_list(X), ?STRING(ssh_bits:name_list(X)) ). +-define(Empint(X), (ssh_bits:mpint(X))/binary ). +-define(Ebinary(X), ?STRING(X) ). + +%% encode(Msg) -> +%% try encode1(Msg) +%% catch +%% C:E -> +%% io:format('***********************~n~p:~p ~p~n',[C,E,Msg]), +%% error(E) +%% end. + encode(#ssh_msg_global_request{ name = Name, want_reply = Bool, data = Data}) -> - ssh_bits:encode([?SSH_MSG_GLOBAL_REQUEST, - Name, Bool, Data], [byte, string, boolean, '...']); + <>; + encode(#ssh_msg_request_success{data = Data}) -> - <>; + <>; + encode(#ssh_msg_request_failure{}) -> - <>; + <>; + encode(#ssh_msg_channel_open{ channel_type = Type, sender_channel = Sender, @@ -49,9 +77,8 @@ encode(#ssh_msg_channel_open{ maximum_packet_size = Max, data = Data }) -> - ssh_bits:encode([?SSH_MSG_CHANNEL_OPEN, - Type, Sender, Window, Max, Data], [byte, string, uint32, - uint32, uint32, '...']); + <>; + encode(#ssh_msg_channel_open_confirmation{ recipient_channel = Recipient, sender_channel = Sender, @@ -59,60 +86,63 @@ encode(#ssh_msg_channel_open_confirmation{ maximum_packet_size = MaxPacketSize, data = Data }) -> - ssh_bits:encode([?SSH_MSG_CHANNEL_OPEN_CONFIRMATION, Recipient, - Sender, InitWindowSize, MaxPacketSize, Data], - [byte, uint32, uint32, uint32, uint32, '...']); + <>; + encode(#ssh_msg_channel_open_failure{ recipient_channel = Recipient, reason = Reason, description = Desc, lang = Lang }) -> - ssh_bits:encode([?SSH_MSG_CHANNEL_OPEN_FAILURE, Recipient, - Reason, Desc, Lang], [byte, uint32, uint32, string, string]); + <>; + encode(#ssh_msg_channel_window_adjust{ recipient_channel = Recipient, bytes_to_add = Bytes }) -> - ssh_bits:encode([?SSH_MSG_CHANNEL_WINDOW_ADJUST, Recipient, Bytes], - [byte, uint32, uint32]); + <>; + encode(#ssh_msg_channel_data{ recipient_channel = Recipient, data = Data }) -> - ssh_bits:encode([?SSH_MSG_CHANNEL_DATA, Recipient, Data], [byte, uint32, binary]); + <>; encode(#ssh_msg_channel_extended_data{ recipient_channel = Recipient, data_type_code = DataType, data = Data }) -> - ssh_bits:encode([?SSH_MSG_CHANNEL_EXTENDED_DATA, Recipient, - DataType, Data], [byte, uint32, uint32, binary]); + <>; encode(#ssh_msg_channel_eof{recipient_channel = Recipient }) -> - <>; + <>; + encode(#ssh_msg_channel_close{ recipient_channel = Recipient }) -> - <>; + <>; + encode(#ssh_msg_channel_request{ recipient_channel = Recipient, request_type = Type, want_reply = Bool, data = Data }) -> - ssh_bits:encode([?SSH_MSG_CHANNEL_REQUEST, Recipient, Type, Bool, Data], - [byte, uint32, string, boolean, '...']); + <>; + encode(#ssh_msg_channel_success{ recipient_channel = Recipient }) -> - <>; + <>; + encode(#ssh_msg_channel_failure{ recipient_channel = Recipient }) -> - <>; + <>; encode(#ssh_msg_userauth_request{ user = User, @@ -120,36 +150,33 @@ encode(#ssh_msg_userauth_request{ method = Method, data = Data }) -> - ssh_bits:encode([?SSH_MSG_USERAUTH_REQUEST, User, Service, Method, Data], - [byte, string_utf8, string, string, '...']); + <>; + encode(#ssh_msg_userauth_failure{ authentications = Auths, partial_success = Bool }) -> - ssh_bits:encode([?SSH_MSG_USERAUTH_FAILURE, Auths, Bool], - [byte, string, boolean]); + <>; + encode(#ssh_msg_userauth_success{}) -> - <>; + <>; encode(#ssh_msg_userauth_banner{ message = Banner, language = Lang }) -> - ssh_bits:encode([?SSH_MSG_USERAUTH_BANNER, Banner, Lang], - [byte, string_utf8, string]); + <>; encode(#ssh_msg_userauth_pk_ok{ algorithm_name = Alg, key_blob = KeyBlob }) -> - ssh_bits:encode([?SSH_MSG_USERAUTH_PK_OK, Alg, KeyBlob], - [byte, string, binary]); + <>; encode(#ssh_msg_userauth_passwd_changereq{prompt = Prompt, languge = Lang })-> - ssh_bits:encode([?SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, Prompt, Lang], - [byte, string, string]); + <>; encode(#ssh_msg_userauth_info_request{ name = Name, @@ -157,41 +184,37 @@ encode(#ssh_msg_userauth_info_request{ language_tag = Lang, num_prompts = NumPromtps, data = Data}) -> - ssh_bits:encode([?SSH_MSG_USERAUTH_INFO_REQUEST, Name, Inst, Lang, NumPromtps, Data], - [byte, string, string, string, uint32, '...']); + <>; encode(#ssh_msg_userauth_info_response{ num_responses = Num, data = Data}) -> - Responses = lists:map(fun("") -> - <<>>; - (Response) -> - ssh_bits:encode([Response], [string]) - end, Data), - Start = ssh_bits:encode([?SSH_MSG_USERAUTH_INFO_RESPONSE, Num], - [byte, uint32]), - iolist_to_binary([Start, Responses]); + lists:foldl(fun %%("", Acc) -> Acc; % commented out since it seem wrong + (Response, Acc) -> <> + end, + <>, + Data); encode(#ssh_msg_disconnect{ code = Code, description = Desc, language = Lang }) -> - ssh_bits:encode([?SSH_MSG_DISCONNECT, Code, Desc, Lang], - [byte, uint32, string, string]); + <>; encode(#ssh_msg_service_request{ name = Service }) -> - ssh_bits:encode([?SSH_MSG_SERVICE_REQUEST, Service], [byte, string]); + <>; encode(#ssh_msg_service_accept{ name = Service }) -> - ssh_bits:encode([?SSH_MSG_SERVICE_ACCEPT, Service], [byte, string]); + <>; encode(#ssh_msg_newkeys{}) -> - <>; + <>; encode(#ssh_msg_kexinit{ cookie = Cookie, @@ -208,19 +231,13 @@ encode(#ssh_msg_kexinit{ first_kex_packet_follows = Bool, reserved = Reserved }) -> - ssh_bits:encode([?SSH_MSG_KEXINIT, Cookie, KeyAlgs, HostKeyAlgs, EncAlgC2S, EncAlgS2C, - MacAlgC2S, MacAlgS2C, CompAlgS2C, CompAlgC2S, LangC2S, LangS2C, Bool, - Reserved], - [byte, cookie, - name_list, name_list, - name_list, name_list, - name_list, name_list, - name_list, name_list, - name_list, name_list, - boolean, uint32]); + <>; encode(#ssh_msg_kexdh_init{e = E}) -> - ssh_bits:encode([?SSH_MSG_KEXDH_INIT, E], [byte, mpint]); + <>; encode(#ssh_msg_kexdh_reply{ public_host_key = Key, @@ -229,25 +246,23 @@ encode(#ssh_msg_kexdh_reply{ }) -> EncKey = public_key:ssh_encode(Key, ssh2_pubkey), EncSign = encode_signature(Key, Signature), - ssh_bits:encode([?SSH_MSG_KEXDH_REPLY, EncKey, F, EncSign], [byte, binary, mpint, binary]); + <>; encode(#ssh_msg_kex_dh_gex_request{ min = Min, n = N, max = Max }) -> - ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_REQUEST, Min, N, Max], - [byte, uint32, uint32, uint32]); + <>; + encode(#ssh_msg_kex_dh_gex_request_old{n = N}) -> - ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_REQUEST_OLD, N], - [byte, uint32]); + <>; encode(#ssh_msg_kex_dh_gex_group{p = Prime, g = Generator}) -> - ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_GROUP, Prime, Generator], - [byte, mpint, mpint]); + <>; encode(#ssh_msg_kex_dh_gex_init{e = Public}) -> - ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_INIT, Public], [byte, mpint]); + <>; encode(#ssh_msg_kex_dh_gex_reply{ %% Will be private key encode_host_key extracts only the public part! @@ -257,26 +272,26 @@ encode(#ssh_msg_kex_dh_gex_reply{ }) -> EncKey = public_key:ssh_encode(Key, ssh2_pubkey), EncSign = encode_signature(Key, Signature), - ssh_bits:encode([?SSH_MSG_KEX_DH_GEX_REPLY, EncKey, F, EncSign], [byte, binary, mpint, binary]); + <>; encode(#ssh_msg_kex_ecdh_init{q_c = Q_c}) -> - ssh_bits:encode([?SSH_MSG_KEX_ECDH_INIT, Q_c], [byte, mpint]); + <>; encode(#ssh_msg_kex_ecdh_reply{public_host_key = Key, q_s = Q_s, h_sig = Sign}) -> EncKey = public_key:ssh_encode(Key, ssh2_pubkey), EncSign = encode_signature(Key, Sign), - ssh_bits:encode([?SSH_MSG_KEX_ECDH_REPLY, EncKey, Q_s, EncSign], [byte, binary, mpint, binary]); + <>; encode(#ssh_msg_ignore{data = Data}) -> - ssh_bits:encode([?SSH_MSG_IGNORE, Data], [byte, string]); + <>; encode(#ssh_msg_unimplemented{sequence = Seq}) -> - ssh_bits:encode([?SSH_MSG_UNIMPLEMENTED, Seq], [byte, uint32]); + <>; encode(#ssh_msg_debug{always_display = Bool, message = Msg, language = Lang}) -> - ssh_bits:encode([?SSH_MSG_DEBUG, Bool, Msg, Lang], [byte, boolean, string, string]). + <>. %% Connection Messages @@ -553,10 +568,10 @@ decode_signature(<>) -> encode_signature(#'RSAPublicKey'{}, Signature) -> - ssh_bits:encode(["ssh-rsa", Signature],[string, binary]); + <>), ?Ebinary(Signature)>>; encode_signature({_, #'Dss-Parms'{}}, Signature) -> - ssh_bits:encode(["ssh-dss", Signature],[string, binary]); + <>), ?Ebinary(Signature)>>; encode_signature({#'ECPoint'{}, {namedCurve,OID}}, Signature) -> CurveName = public_key:oid2ssh_curvename(OID), - ssh_bits:encode([<<"ecdsa-sha2-",CurveName/binary>>, Signature], [binary,binary]). + <>), ?Ebinary(Signature)>>. diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 18037b8461..a648c7af3d 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -52,6 +52,14 @@ -export([pack/3]). -export([decompress/2, decrypt_blocks/3, is_valid_mac/3 ]). % FIXME: remove +-define(Estring(X), ?STRING((if is_binary(X) -> X; + is_list(X) -> list_to_binary(X); + X==undefined -> <<>> + end))). +-define(Empint(X), (ssh_bits:mpint(X))/binary ). +-define(Ebinary(X), ?STRING(X) ). +-define(Euint32(X), ?UINT32(X) ). + %%%---------------------------------------------------------------------------- %%% %%% There is a difference between supported and default algorithms. The @@ -1084,7 +1092,7 @@ sign(SigData, Hash, #'DSAPrivateKey'{} = Key) -> sign(SigData, Hash, Key = #'ECPrivateKey'{}) -> DerEncodedSign = public_key:sign(SigData, Hash, Key), #'ECDSA-Sig-Value'{r=R, s=S} = public_key:der_decode('ECDSA-Sig-Value', DerEncodedSign), - ssh_bits:encode([R,S], [mpint,mpint]); + <>; sign(SigData, Hash, Key) -> public_key:sign(SigData, Hash, Key). @@ -1584,21 +1592,16 @@ hash(K, H, Ki, N, HASH) -> kex_h(SSH, Key, E, F, K) -> KeyBin = public_key:ssh_encode(Key, ssh2_pubkey), - L = ssh_bits:encode([SSH#ssh.c_version, SSH#ssh.s_version, - SSH#ssh.c_keyinit, SSH#ssh.s_keyinit, - KeyBin, E,F,K], - [string,string,binary,binary,binary, - mpint,mpint,mpint]), + L = <>, crypto:hash(sha((SSH#ssh.algorithms)#alg.kex), L). -%% crypto:hash(sha,L). kex_h(SSH, Curve, Key, Q_c, Q_s, K) -> KeyBin = public_key:ssh_encode(Key, ssh2_pubkey), - L = ssh_bits:encode([SSH#ssh.c_version, SSH#ssh.s_version, - SSH#ssh.c_keyinit, SSH#ssh.s_keyinit, - KeyBin, Q_c, Q_s, K], - [string,string,binary,binary,binary, - mpint,mpint,mpint]), + L = <>, crypto:hash(sha(Curve), L). kex_h(SSH, Key, Min, NBits, Max, Prime, Gen, E, F, K) -> @@ -1607,21 +1610,14 @@ kex_h(SSH, Key, Min, NBits, Max, Prime, Gen, E, F, K) -> %% flag from 'ssh_msg_kex_dh_gex_request_old' %% It was like this before that message was supported, %% why? - Ts = [string,string,binary,binary,binary, - uint32, - mpint,mpint,mpint,mpint,mpint], - ssh_bits:encode([SSH#ssh.c_version,SSH#ssh.s_version, - SSH#ssh.c_keyinit,SSH#ssh.s_keyinit, - KeyBin, NBits, Prime, Gen, E,F,K], - Ts); + <>; true -> - Ts = [string,string,binary,binary,binary, - uint32,uint32,uint32, - mpint,mpint,mpint,mpint,mpint], - ssh_bits:encode([SSH#ssh.c_version,SSH#ssh.s_version, - SSH#ssh.c_keyinit,SSH#ssh.s_keyinit, - KeyBin, Min, NBits, Max, - Prime, Gen, E,F,K], Ts) + <> end, crypto:hash(sha((SSH#ssh.algorithms)#alg.kex), L). diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index fe197f8672..6b78a32a9b 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -307,7 +307,7 @@ no_common_alg_client_disconnects(Config) -> {send, hello}, {match, #ssh_msg_kexinit{_='_'}, receive_msg}, {send, #ssh_msg_kexinit{ % with unsupported "SOME-UNSUPPORTED" - cookie = 247381486335508958743193106082599558706, + cookie = <<80,158,95,51,174,35,73,130,246,141,200,49,180,190,82,234>>, kex_algorithms = ["diffie-hellman-group1-sha1"], server_host_key_algorithms = ["SOME-UNSUPPORTED"], % SIC! encryption_algorithms_client_to_server = ["aes128-ctr"], -- cgit v1.2.3 From 1bb8e4ae6eaf2f18d3b2ccc8e77cd7228e1c6e8a Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 14 Jan 2016 10:39:17 +0100 Subject: ssh: Experimental options for ssh_sftp:start_channel to set packet_size or window_size --- lib/ssh/src/ssh_sftp.erl | 28 ++++++++++++++++------------ lib/ssh/src/ssh_xfer.erl | 22 ++++++++++++++++------ 2 files changed, 32 insertions(+), 18 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl index dbacf730cc..eb99406626 100644 --- a/lib/ssh/src/ssh_sftp.erl +++ b/lib/ssh/src/ssh_sftp.erl @@ -99,8 +99,8 @@ start_channel(Host) when is_list(Host) -> start_channel(Host, []). start_channel(Cm, Opts) when is_pid(Cm) -> Timeout = proplists:get_value(timeout, Opts, infinity), - {_, SftpOpts} = handle_options(Opts, [], []), - case ssh_xfer:attach(Cm, []) of + {_, ChanOpts, SftpOpts} = handle_options(Opts, [], [], []), + case ssh_xfer:attach(Cm, [], ChanOpts) of {ok, ChannelId, Cm} -> case ssh_channel:start(Cm, ChannelId, ?MODULE, [Cm, ChannelId, SftpOpts]) of @@ -123,9 +123,9 @@ start_channel(Cm, Opts) when is_pid(Cm) -> start_channel(Host, Opts) -> start_channel(Host, 22, Opts). start_channel(Host, Port, Opts) -> - {SshOpts, SftpOpts} = handle_options(Opts, [], []), + {SshOpts, ChanOpts, SftpOpts} = handle_options(Opts, [], [], []), Timeout = proplists:get_value(timeout, SftpOpts, infinity), - case ssh_xfer:connect(Host, Port, SshOpts, Timeout) of + case ssh_xfer:connect(Host, Port, SshOpts, ChanOpts, Timeout) of {ok, ChannelId, Cm} -> case ssh_channel:start(Cm, ChannelId, ?MODULE, [Cm, ChannelId, SftpOpts]) of @@ -842,14 +842,18 @@ terminate(_Reason, State) -> %%==================================================================== %% Internal functions %%==================================================================== -handle_options([], Sftp, Ssh) -> - {Ssh, Sftp}; -handle_options([{timeout, _} = Opt | Rest], Sftp, Ssh) -> - handle_options(Rest, [Opt | Sftp], Ssh); -handle_options([{sftp_vsn, _} = Opt| Rest], Sftp, Ssh) -> - handle_options(Rest, [Opt | Sftp], Ssh); -handle_options([Opt | Rest], Sftp, Ssh) -> - handle_options(Rest, Sftp, [Opt | Ssh]). +handle_options([], Sftp, Chan, Ssh) -> + {Ssh, Chan, Sftp}; +handle_options([{timeout, _} = Opt | Rest], Sftp, Chan, Ssh) -> + handle_options(Rest, [Opt|Sftp], Chan, Ssh); +handle_options([{sftp_vsn, _} = Opt| Rest], Sftp, Chan, Ssh) -> + handle_options(Rest, [Opt|Sftp], Chan, Ssh); +handle_options([{window_size, _} = Opt| Rest], Sftp, Chan, Ssh) -> + handle_options(Rest, Sftp, [Opt|Chan], Ssh); +handle_options([{packet_size, _} = Opt| Rest], Sftp, Chan, Ssh) -> + handle_options(Rest, Sftp, [Opt|Chan], Ssh); +handle_options([Opt|Rest], Sftp, Chan, Ssh) -> + handle_options(Rest, Sftp, Chan, [Opt|Ssh]). call(Pid, Msg, TimeOut) -> ssh_channel:call(Pid, {{timeout, TimeOut}, Msg}, infinity). diff --git a/lib/ssh/src/ssh_xfer.erl b/lib/ssh/src/ssh_xfer.erl index b8dff1c533..e7dd8e7098 100644 --- a/lib/ssh/src/ssh_xfer.erl +++ b/lib/ssh/src/ssh_xfer.erl @@ -24,7 +24,7 @@ -module(ssh_xfer). --export([attach/2, connect/3, connect/4]). +-export([attach/2, attach/3, connect/3, connect/4, connect/5]). -export([open/6, opendir/3, readdir/3, close/3, read/5, write/5, rename/5, remove/3, mkdir/4, rmdir/3, realpath/3, extended/4, stat/4, fstat/4, lstat/4, setstat/4, @@ -51,24 +51,34 @@ -define(XFER_WINDOW_SIZE, 4*?XFER_PACKET_SIZE). attach(CM, Opts) -> - open_xfer(CM, Opts). + open_xfer(CM, Opts, []). + +attach(CM, Opts, ChanOpts) -> + open_xfer(CM, Opts, ChanOpts). + connect(Host, Port, Opts) -> case ssh:connect(Host, Port, Opts) of - {ok, CM} -> open_xfer(CM, Opts); + {ok, CM} -> open_xfer(CM, Opts, []); Error -> Error end. connect(Host, Port, Opts, Timeout) -> + connect(Host, Port, Opts, [], Timeout). + +connect(Host, Port, Opts, ChanOpts, Timeout) -> case ssh:connect(Host, Port, Opts, Timeout) of - {ok, CM} -> open_xfer(CM, [{timeout, Timeout}|Opts]); + {ok, CM} -> open_xfer(CM, [{timeout, Timeout}|Opts], ChanOpts); {error, Timeout} -> {error, timeout}; Error -> Error end. -open_xfer(CM, Opts) -> + +open_xfer(CM, Opts, ChanOpts) -> TMO = proplists:get_value(timeout, Opts, infinity), - case ssh_connection:session_channel(CM, ?XFER_WINDOW_SIZE, ?XFER_PACKET_SIZE, TMO) of + WindowSize = proplists:get_value(window_size, ChanOpts, ?XFER_WINDOW_SIZE), + PacketSize = proplists:get_value(packet_size, ChanOpts, ?XFER_PACKET_SIZE), + case ssh_connection:session_channel(CM, WindowSize, PacketSize, TMO) of {ok, ChannelId} -> {ok, ChannelId, CM}; Error -> -- cgit v1.2.3 From 8abcda0fa16bb06db5020f5dcd22e09aa37f412a Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 15 Jan 2016 17:57:28 +0100 Subject: ssh: Adjusted default packet and window sizes --- lib/ssh/src/ssh_connect.hrl | 5 +++-- lib/ssh/src/ssh_xfer.erl | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connect.hrl b/lib/ssh/src/ssh_connect.hrl index 9f9f3de8fa..0c9ddad641 100644 --- a/lib/ssh/src/ssh_connect.hrl +++ b/lib/ssh/src/ssh_connect.hrl @@ -24,8 +24,9 @@ -type channel_id() :: integer(). --define(DEFAULT_PACKET_SIZE, 32768). --define(DEFAULT_WINDOW_SIZE, 2*?DEFAULT_PACKET_SIZE). +-define(DEFAULT_PACKET_SIZE, 65536). +-define(DEFAULT_WINDOW_SIZE, 10*?DEFAULT_PACKET_SIZE). + -define(DEFAULT_TIMEOUT, 5000). -define(MAX_PROTO_VERSION, 255). diff --git a/lib/ssh/src/ssh_xfer.erl b/lib/ssh/src/ssh_xfer.erl index e7dd8e7098..259dc71aa5 100644 --- a/lib/ssh/src/ssh_xfer.erl +++ b/lib/ssh/src/ssh_xfer.erl @@ -47,8 +47,8 @@ -define(is_set(F, Bits), ((F) band (Bits)) == (F)). --define(XFER_PACKET_SIZE, 32768). --define(XFER_WINDOW_SIZE, 4*?XFER_PACKET_SIZE). +-define(XFER_PACKET_SIZE, 65536). +-define(XFER_WINDOW_SIZE, 20*?XFER_PACKET_SIZE). attach(CM, Opts) -> open_xfer(CM, Opts, []). -- cgit v1.2.3 From 034680f6d2063a83cab517d94cb12367a2cbe370 Mon Sep 17 00:00:00 2001 From: Kenneth Lundin Date: Fri, 5 Feb 2016 12:26:01 +0100 Subject: Minor correction of documentation as reported in bugs.erlang.org:ERL-87 --- lib/ssh/doc/src/ssh_sftp.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index c6ca0f161a..f4b41b74f3 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -333,7 +333,7 @@ position(ChannelPid, Handle, Location) -> - position(ChannelPid, Handle, Location, Timeout) -> {ok, NewPosition | {error, Error} + position(ChannelPid, Handle, Location, Timeout) -> {ok, NewPosition} | {error, Reason} Sets the file position of a file. ChannelPid = pid() @@ -399,7 +399,7 @@ pwrite(ChannelPid, Handle, Position, Data) -> ok - pwrite(ChannelPid, Handle, Position, Data, Timeout) -> ok | {error, Error} + pwrite(ChannelPid, Handle, Position, Data, Timeout) -> ok | {error, Reason} Writes to an open file. ChannelPid = pid() @@ -592,7 +592,7 @@ write(ChannelPid, Handle, Data) -> - write(ChannelPid, Handle, Data, Timeout) -> ok | {error, Error} + write(ChannelPid, Handle, Data, Timeout) -> ok | {error, Reason} Writes to an open file. ChannelPid = pid() -- cgit v1.2.3 From 60f828c89fde5fc9fccfa6305512d9458f5293c4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 28 Jan 2016 12:17:59 +0100 Subject: ssh: fixes port_command failure on WIndows in ssh_test_cli.erl --- lib/ssh/test/ssh_basic_SUITE.erl | 8 ++++++-- lib/ssh/test/ssh_test_cli.erl | 15 ++++++++++----- 2 files changed, 16 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 6c4c215b3d..4b53f6ec57 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -601,10 +601,14 @@ cli(Config) when is_list(Config) -> process_flag(trap_exit, true), SystemDir = filename:join(?config(priv_dir, Config), system), UserDir = ?config(priv_dir, Config), - + + TmpDir = filename:join(?config(priv_dir,Config), "tmp"), + ok = ssh_test_lib:del_dirs(TmpDir), + ok = file:make_dir(TmpDir), + {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, {password, "morot"}, - {ssh_cli, {ssh_test_cli, [cli]}}, + {ssh_cli, {ssh_test_cli, [cli,TmpDir]}}, {subsystems, []}, {failfun, fun ssh_test_lib:failfun/2}]), ct:sleep(500), diff --git a/lib/ssh/test/ssh_test_cli.erl b/lib/ssh/test/ssh_test_cli.erl index cd9ad5f2ff..697ddb730d 100644 --- a/lib/ssh/test/ssh_test_cli.erl +++ b/lib/ssh/test/ssh_test_cli.erl @@ -4,20 +4,25 @@ -record(state, { type, + tmpdir, id, ref, port }). -init([Type]) -> - {ok, #state{type = Type}}. + +init([Type]) -> init([Type,"/tmp"]); + +init([Type,TmpDir]) -> + {ok, #state{type = Type, + tmpdir = TmpDir}}. handle_msg({ssh_channel_up, Id, Ref}, S) -> User = get_ssh_user(Ref), ok = ssh_connection:send(Ref, Id, << "\r\nYou are accessing a dummy, type \"q\" to exit\r\n\n" >>), - Port = run_portprog(User, S#state.type), + Port = run_portprog(User, S#state.type, S#state.tmpdir), {ok, S#state{port = Port, id = Id, ref = Ref}}; handle_msg({Port, {data, Data}}, S = #state{port = Port}) -> @@ -68,10 +73,10 @@ handle_ssh_msg({ssh_cm, _, {exit_signal, Id, _, _, _}}, terminate(_Why, _S) -> nop. -run_portprog(User, cli) -> +run_portprog(User, cli, TmpDir) -> Pty_bin = os:find_executable("cat"), open_port({spawn_executable, Pty_bin}, - [stream, {cd, "/tmp"}, {env, [{"USER", User}]}, + [stream, {cd, TmpDir}, {env, [{"USER", User}]}, {args, []}, binary, exit_status, use_stdio, stderr_to_stdout]). -- cgit v1.2.3 From 4e1162bbdf88465a03da165c088ad1256b816956 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Gustavsson?= Date: Mon, 15 Feb 2016 16:04:32 +0100 Subject: Makefiles: Remove test_server from include path and code path Since no test suites includede test_server.hrl, there is no need to have test_server in the include path or code path. --- lib/ssh/test/Makefile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile index 9cd98f069f..fb539f98fa 100644 --- a/lib/ssh/test/Makefile +++ b/lib/ssh/test/Makefile @@ -64,8 +64,7 @@ TARGET_FILES= $(MODULES:%=$(EBIN)/%.$(EMULATOR)) DATA_DIRS = $(MODULES:%=%_data) -INCLUDES = -I$(ERL_TOP)/lib/test_server/include \ - -I$(ERL_TOP)/lib/ssh/src \ +INCLUDES = -I$(ERL_TOP)/lib/ssh/src EMAKEFILE=Emakefile MAKE_EMAKE = $(wildcard $(ERL_TOP)/make/make_emakefile) @@ -88,8 +87,7 @@ RELSYSDIR = $(RELEASE_PATH)/ssh_test # The path to the test_server ebin dir is needed when # running the target "targets". # ---------------------------------------------------- -ERL_COMPILE_FLAGS += -pa ../../../internal_tools/test_server/ebin \ - $(INCLUDES) +ERL_COMPILE_FLAGS += $(INCLUDES) EBIN = . -- cgit v1.2.3 From 0ff06d3941ce4487f18f11dde66dd6c28068e833 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 9 Feb 2016 13:53:23 +0100 Subject: ssh: remove some spurions test printouts --- lib/ssh/test/ssh_algorithms_SUITE.erl | 9 +++++++-- lib/ssh/test/ssh_basic_SUITE.erl | 11 +++++++++-- lib/ssh/test/ssh_test_lib.erl | 9 ++++----- 3 files changed, 20 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index f0ac92fef6..a0f1edd5fb 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -231,8 +231,11 @@ sshc_simple_exec(Config) -> " ",Host," 1+1."]), ct:log("~p",[Cmd]), SshPort = open_port({spawn, Cmd}, [binary]), + Expect = <<"2\n">>, receive - {SshPort,{data, <<"2\n">>}} -> + {SshPort, {data,Expect}} -> + ct:log("Got expected ~p from ~p",[Expect,SshPort]), + port_close(SshPort), ok after ?TIMEOUT -> ct:fail("Did not receive answer") @@ -273,7 +276,9 @@ sshd_simple_exec(_Config) -> ConnectionRef, ChannelId1); Other1 -> ct:fail(Other1) - end. + end, + ssh:close(ConnectionRef). + %%%================================================================ %%% diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 4b53f6ec57..642e7a82a2 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -441,6 +441,7 @@ exec(Config) when is_list(Config) -> ct:fail(Other1) end, ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId1), + ssh:close(ConnectionRef), ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- @@ -474,6 +475,7 @@ exec_compressed(Config) when is_list(Config) -> ct:fail(Other) end, ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId), + ssh:close(ConnectionRef), ssh:stop_daemon(Pid) end. @@ -979,7 +981,10 @@ shell_no_unicode(Config) -> new_do_shell(?config(io,Config), [new_prompt, {type,"io:format(\"hej ~p~n\",[42])."}, - {expect,"hej 42"} + {expect,"hej 42"}, + {expect,"ok"}, + new_prompt, + {type,"exit()."} ]). %%-------------------------------------------------------------------- @@ -988,7 +993,9 @@ shell_unicode_string(Config) -> [new_prompt, {type,"io:format(\"ã“ã«ã¡ã‚~ts~n\",[\"四二\"])."}, {expect,"ã“ã«ã¡ã‚四二"}, - {expect,"ok"} + {expect,"ok"}, + new_prompt, + {type,"exit()."} ]). %%-------------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 2db55b97b4..5f91fb627a 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -120,7 +120,8 @@ std_simple_exec(Host, Port, Config, Opts) -> Other -> ct:fail(Other) end, - ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId). + ssh_test_lib:receive_exec_end(ConnectionRef, ChannelId), + ssh:close(ConnectionRef). start_shell(Port, IOServer, UserDir) -> @@ -154,14 +155,12 @@ loop_io_server(TestCase, Buff0) -> {input, TestCase, Line} -> loop_io_server(TestCase, Buff0 ++ [Line]); {io_request, From, ReplyAs, Request} -> -%%ct:log("~p",[{io_request, From, ReplyAs, Request}]), {ok, Reply, Buff} = io_request(Request, TestCase, From, ReplyAs, Buff0), -%%ct:log("io_request(~p)-->~p",[Request,{ok, Reply, Buff}]), io_reply(From, ReplyAs, Reply), loop_io_server(TestCase, Buff); - {'EXIT',_, _} -> - erlang:display('ssh_test_lib:loop_io_server/2 EXIT'), + {'EXIT',_, _} = _Exit -> +%% ct:log("ssh_test_lib:loop_io_server/2 got ~p",[_Exit]), ok after 30000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) -- cgit v1.2.3 From 8626ba1bf825899ffad119aca5ae126176b0b6d3 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 16 Feb 2016 12:07:05 +0100 Subject: ssh: add timetrap to all test suites --- lib/ssh/test/ssh_algorithms_SUITE.erl | 3 ++- lib/ssh/test/ssh_basic_SUITE.erl | 3 ++- lib/ssh/test/ssh_connection_SUITE.erl | 3 +++ lib/ssh/test/ssh_options_SUITE.erl | 3 ++- lib/ssh/test/ssh_protocol_SUITE.erl | 3 ++- lib/ssh/test/ssh_renegotiate_SUITE.erl | 4 +++- lib/ssh/test/ssh_sftp_SUITE.erl | 4 +++- lib/ssh/test/ssh_sftpd_SUITE.erl | 3 +++ lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl | 4 +++- lib/ssh/test/ssh_to_openssh_SUITE.erl | 3 +++ lib/ssh/test/ssh_upgrade_SUITE.erl | 3 +++ 11 files changed, 29 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index a0f1edd5fb..beff561631 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -35,7 +35,8 @@ %%-------------------------------------------------------------------- suite() -> - [{ct_hooks,[ts_install_cth]}]. + [{ct_hooks,[ts_install_cth]}, + {timetrap,{minutes,5}}]. all() -> %% [{group,kex},{group,cipher}... etc diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 642e7a82a2..eee0925dd0 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -78,7 +78,8 @@ %%-------------------------------------------------------------------- suite() -> - [{ct_hooks,[ts_install_cth]}]. + [{ct_hooks,[ts_install_cth]}, + {timetrap,{minutes,5}}]. all() -> [app_test, diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 1b93cc9c32..f761442e35 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -36,6 +36,9 @@ %% suite() -> %% [{ct_hooks,[ts_install_cth]}]. +suite() -> + [{timetrap,{minutes,5}}]. + all() -> [ {group, openssh}, diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl index 6a201d401f..dc0cae37e8 100644 --- a/lib/ssh/test/ssh_options_SUITE.erl +++ b/lib/ssh/test/ssh_options_SUITE.erl @@ -79,7 +79,8 @@ %%-------------------------------------------------------------------- suite() -> - [{ct_hooks,[ts_install_cth]}]. + [{ct_hooks,[ts_install_cth]}, + {timetrap,{minutes,5}}]. all() -> [connectfun_disconnectfun_server, diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index fe197f8672..41087d2693 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -42,7 +42,8 @@ %%-------------------------------------------------------------------- suite() -> - [{ct_hooks,[ts_install_cth]}]. + [{ct_hooks,[ts_install_cth]}, + {timetrap,{minutes,5}}]. all() -> [{group,tool_tests}, diff --git a/lib/ssh/test/ssh_renegotiate_SUITE.erl b/lib/ssh/test/ssh_renegotiate_SUITE.erl index e5cfa58bad..4a6bcc102d 100644 --- a/lib/ssh/test/ssh_renegotiate_SUITE.erl +++ b/lib/ssh/test/ssh_renegotiate_SUITE.erl @@ -30,7 +30,9 @@ %% Common Test interface functions ----------------------------------- %%-------------------------------------------------------------------- -suite() -> [{ct_hooks,[ts_install_cth]}]. +suite() -> [{ct_hooks,[ts_install_cth]}, + {timetrap,{minutes,15}}]. + all() -> [{group,default_algs}, {group,aes_gcm} diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 698af259c8..0d6eb19f0c 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -35,7 +35,9 @@ %%-------------------------------------------------------------------- suite() -> - [{ct_hooks,[ts_install_cth]}]. + [{ct_hooks,[ts_install_cth]}, + {timetrap,{minutes,5}}]. + all() -> [{group, not_unicode}, diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl index 6b03a2b763..60fe34a152 100644 --- a/lib/ssh/test/ssh_sftpd_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_SUITE.erl @@ -44,6 +44,9 @@ %% Common Test interface functions ----------------------------------- %%-------------------------------------------------------------------- +suite() -> + [{timetrap,{minutes,5}}]. + all() -> [open_close_file, open_close_dir, diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl index 7a025a6518..91404e222f 100644 --- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl @@ -36,7 +36,9 @@ %%-------------------------------------------------------------------- suite() -> - [{ct_hooks,[ts_install_cth]}]. + [{ct_hooks,[ts_install_cth]}, + {timetrap,{minutes,5}}]. + all() -> [close_file, diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 67a61d3c11..2fc3cce516 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -33,6 +33,9 @@ %% Common Test interface functions ----------------------------------- %%-------------------------------------------------------------------- +suite() -> + [{timetrap,{minutes,5}}]. + all() -> case os:find_executable("ssh") of false -> diff --git a/lib/ssh/test/ssh_upgrade_SUITE.erl b/lib/ssh/test/ssh_upgrade_SUITE.erl index 85f4d36258..1a2a8de08c 100644 --- a/lib/ssh/test/ssh_upgrade_SUITE.erl +++ b/lib/ssh/test/ssh_upgrade_SUITE.erl @@ -38,6 +38,9 @@ %%% %%% CommonTest callbacks %%% +suite() -> + [{timetrap,{minutes,5}}]. + all() -> [ minor_upgrade, -- cgit v1.2.3 From 0f54fc85b91b5ad244534238aeab5c0bc5f93815 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 17 Feb 2016 13:40:42 +0100 Subject: ssh: remove calls to crypto:start|stop Conflicts: lib/ssh/test/ssh_upgrade_SUITE.erl --- lib/ssh/test/ssh_algorithms_SUITE.erl | 16 +++++----------- lib/ssh/test/ssh_basic_SUITE.erl | 13 ++++--------- lib/ssh/test/ssh_benchmark_SUITE.erl | 5 +---- lib/ssh/test/ssh_connection_SUITE.erl | 12 +++--------- lib/ssh/test/ssh_options_SUITE.erl | 13 ++++--------- lib/ssh/test/ssh_protocol_SUITE.erl | 20 ++++---------------- lib/ssh/test/ssh_renegotiate_SUITE.erl | 12 +++--------- lib/ssh/test/ssh_sftp_SUITE.erl | 20 ++++++-------------- lib/ssh/test/ssh_sftpd_SUITE.erl | 25 +++++++++---------------- lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl | 27 ++++++++++----------------- lib/ssh/test/ssh_to_openssh_SUITE.erl | 17 +++++------------ lib/ssh/test/ssh_upgrade_SUITE.erl | 22 ++++++---------------- 12 files changed, 60 insertions(+), 142 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index beff561631..8ccde6c29c 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -91,18 +91,12 @@ init_per_suite(Config) -> ?MAX_NUM_ALGORITHMS ]), ct:log("all() ->~n ~p.~n~ngroups()->~n ~p.~n",[all(),groups()]), - catch crypto:stop(), - case catch crypto:start() of - ok -> - ssh:start(), - [{std_simple_sftp_size,25000} % Sftp transferred data size - | setup_pubkey(Config)]; - _Else -> - {skip, "Crypto could not be started!"} - end. + ssh:start(), + [{std_simple_sftp_size,25000} % Sftp transferred data size + | setup_pubkey(Config)]. + end_per_suite(_Config) -> - ssh:stop(), - crypto:stop(). + ssh:stop(). init_per_group(Group, Config) -> diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index eee0925dd0..564fb66586 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -130,16 +130,11 @@ basic_tests() -> %%-------------------------------------------------------------------- init_per_suite(Config) -> - catch crypto:stop(), - case catch crypto:start() of - ok -> - Config; - _Else -> - {skip, "Crypto could not be started!"} - end. + Config. + end_per_suite(_Config) -> - ssh:stop(), - crypto:stop(). + ssh:stop(). + %%-------------------------------------------------------------------- init_per_group(dsa_key, Config) -> DataDir = ?config(data_dir, Config), diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl index e90bfa3d16..fe90da3028 100644 --- a/lib/ssh/test/ssh_benchmark_SUITE.erl +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -44,9 +44,7 @@ groups() -> init_per_suite(Config) -> catch ssh:stop(), - catch crypto:stop(), try - ok = crypto:start(), report_client_algorithms(), ok = ssh:start(), {ok,TracerPid} = erlang_trace(), @@ -58,7 +56,6 @@ init_per_suite(Config) -> end_per_suite(_Config) -> catch ssh:stop(), - catch crypto:stop(), ok. @@ -406,7 +403,7 @@ function_algs_times_sizes(EncDecs, L) -> end || EncDec <- EncDecs, C = #call{mfa = ED, - args = Args, %%[S,Data], + % args = Args, %%[S,Data], t_call = T0, t_return = T1} <- L, ED == EncDec diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index f761442e35..67d870bea4 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -70,16 +70,10 @@ ptty() -> %%-------------------------------------------------------------------- init_per_suite(Config) -> - catch crypto:stop(), - case catch crypto:start() of - ok -> - Config; - _Else -> - {skip, "Crypto could not be started!"} - end. + Config. -end_per_suite(_Config) -> - crypto:stop(). +end_per_suite(Config) -> + Config. %%-------------------------------------------------------------------- init_per_group(openssh, Config) -> diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl index dc0cae37e8..e0ef3a4b05 100644 --- a/lib/ssh/test/ssh_options_SUITE.erl +++ b/lib/ssh/test/ssh_options_SUITE.erl @@ -126,16 +126,11 @@ groups() -> %%-------------------------------------------------------------------- init_per_suite(Config) -> - catch crypto:stop(), - case catch crypto:start() of - ok -> - Config; - _Else -> - {skip, "Crypto could not be started!"} - end. + Config. + end_per_suite(_Config) -> - ssh:stop(), - crypto:stop(). + ssh:stop(). + %%-------------------------------------------------------------------- init_per_group(hardening_tests, Config) -> DataDir = ?config(data_dir, Config), diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 41087d2693..b6603d29e5 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -580,23 +580,11 @@ client_handles_keyboard_interactive_0_pwds(Config) -> %%%---- init_suite and end_suite --------------------------------------- start_apps(Config) -> - catch crypto:stop(), - case catch crypto:start() of - ok -> - catch ssh:stop(), - ok = ssh:start(), - [{stop_apps, - fun() -> - ssh:stop(), - crypto:stop() - end} | Config]; - _Else -> - {skip, "Crypto could not be started!"} - end. - + catch ssh:stop(), + ok = ssh:start(), + Config. -stop_apps(Config) -> - (?v(stop_apps, Config, fun()-> ok end))(), +stop_apps(_Config) -> ssh:stop(). diff --git a/lib/ssh/test/ssh_renegotiate_SUITE.erl b/lib/ssh/test/ssh_renegotiate_SUITE.erl index 4a6bcc102d..fabe9a5829 100644 --- a/lib/ssh/test/ssh_renegotiate_SUITE.erl +++ b/lib/ssh/test/ssh_renegotiate_SUITE.erl @@ -46,16 +46,10 @@ tests() -> [rekey, rekey_limit, renegotiate1, renegotiate2]. %%-------------------------------------------------------------------- init_per_suite(Config) -> - catch crypto:stop(), - case catch crypto:start() of - ok -> - Config; - _Else -> - {skip, "Crypto could not be started!"} - end. + Config. + end_per_suite(_Config) -> - ssh:stop(), - crypto:stop(). + ssh:stop(). %%-------------------------------------------------------------------- init_per_group(aes_gcm, Config) -> diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 0d6eb19f0c..6066221fc7 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -46,22 +46,14 @@ all() -> init_per_suite(Config) -> - catch crypto:stop(), - case (catch crypto:start()) of - ok -> - ct:log("file:native_name_encoding() = ~p,~nio:getopts() = ~p", - [file:native_name_encoding(),io:getopts()]), - ssh:start(), - Config; - _ -> - {skip,"Could not start crypto!"} - end. - -end_per_suite(Config) -> - ssh:stop(), - crypto:stop(), + ct:log("file:native_name_encoding() = ~p,~nio:getopts() = ~p", + [file:native_name_encoding(),io:getopts()]), + ssh:start(), Config. +end_per_suite(_onfig) -> + ssh:stop(). + %%-------------------------------------------------------------------- groups() -> [{not_unicode, [], [{group,erlang_server}, diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl index 60fe34a152..687f327206 100644 --- a/lib/ssh/test/ssh_sftpd_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_SUITE.erl @@ -72,28 +72,21 @@ groups() -> %%-------------------------------------------------------------------- init_per_suite(Config) -> - catch crypto:stop(), - case (catch crypto:start()) of - ok -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), - ssh_test_lib:setup_dsa(DataDir, PrivDir), - %% to make sure we don't use public-key-auth - %% this should be tested by other test suites - UserDir = filename:join(?config(priv_dir, Config), nopubkey), - file:make_dir(UserDir), - Config; - _ -> - {skip,"Could not start crypto!"} - end. + DataDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + ssh_test_lib:setup_dsa(DataDir, PrivDir), + %% to make sure we don't use public-key-auth + %% this should be tested by other test suites + UserDir = filename:join(?config(priv_dir, Config), nopubkey), + file:make_dir(UserDir), + Config. end_per_suite(Config) -> SysDir = ?config(priv_dir, Config), ssh_test_lib:clean_dsa(SysDir), UserDir = filename:join(?config(priv_dir, Config), nopubkey), file:del_dir(UserDir), - ssh:stop(), - crypto:stop(). + ssh:stop(). %%-------------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl index 91404e222f..84410f60e6 100644 --- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl @@ -55,29 +55,22 @@ groups() -> init_per_suite(Config) -> catch ssh:stop(), - catch crypto:stop(), - case catch crypto:start() of - ok -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), - FileAlt = filename:join(DataDir, "ssh_sftpd_file_alt.erl"), - c:c(FileAlt), - FileName = filename:join(DataDir, "test.txt"), - {ok, FileInfo} = file:read_file_info(FileName), - ok = file:write_file_info(FileName, - FileInfo#file_info{mode = 8#400}), - ssh_test_lib:setup_dsa(DataDir, PrivDir), - Config; - _Else -> - {skip,"Could not start ssh!"} - end. + DataDir = ?config(data_dir, Config), + PrivDir = ?config(priv_dir, Config), + FileAlt = filename:join(DataDir, "ssh_sftpd_file_alt.erl"), + c:c(FileAlt), + FileName = filename:join(DataDir, "test.txt"), + {ok, FileInfo} = file:read_file_info(FileName), + ok = file:write_file_info(FileName, + FileInfo#file_info{mode = 8#400}), + ssh_test_lib:setup_dsa(DataDir, PrivDir), + Config. end_per_suite(Config) -> UserDir = filename:join(?config(priv_dir, Config), nopubkey), file:del_dir(UserDir), SysDir = ?config(priv_dir, Config), ssh_test_lib:clean_dsa(SysDir), - crypto:stop(), ok. %%-------------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 2fc3cce516..37885dfdef 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -60,21 +60,14 @@ groups() -> ]. init_per_suite(Config) -> - catch crypto:stop(), - case catch crypto:start() of - ok -> - case gen_tcp:connect("localhost", 22, []) of - {error,econnrefused} -> - {skip,"No openssh deamon"}; - _ -> - ssh_test_lib:openssh_sanity_check(Config) - end; - _Else -> - {skip,"Could not start crypto!"} + case gen_tcp:connect("localhost", 22, []) of + {error,econnrefused} -> + {skip,"No openssh deamon"}; + _ -> + ssh_test_lib:openssh_sanity_check(Config) end. end_per_suite(_Config) -> - crypto:stop(), ok. init_per_group(erlang_server, Config) -> diff --git a/lib/ssh/test/ssh_upgrade_SUITE.erl b/lib/ssh/test/ssh_upgrade_SUITE.erl index 1a2a8de08c..006483d3ee 100644 --- a/lib/ssh/test/ssh_upgrade_SUITE.erl +++ b/lib/ssh/test/ssh_upgrade_SUITE.erl @@ -48,27 +48,17 @@ all() -> ]. init_per_suite(Config0) -> - catch crypto:stop(), - try {crypto:start(), erlang:system_info({wordsize, internal}) == - erlang:system_info({wordsize, external})} of - {ok, true} -> - case ct_release_test:init(Config0) of - {skip, Reason} -> - {skip, Reason}; - Config -> - ssh:start(), - Config - end; - {ok, false} -> - {skip, "Test server will not handle halfwordemulator correctly. Skip as halfwordemulator is deprecated"} - catch _:_ -> - {skip, "Crypto did not start"} + case ct_release_test:init(Config0) of + {skip, Reason} -> + {skip, Reason}; + Config -> + ssh:start(), + Config end. end_per_suite(Config) -> ct_release_test:cleanup(Config), ssh:stop(), - crypto:stop(), UserDir = ?config(priv_dir, Config), ssh_test_lib:clean_rsa(UserDir). -- cgit v1.2.3 From faa11910e0214ba05747ca8579e14efa421e3d02 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 22 Feb 2016 10:58:45 +0100 Subject: ssh: catch port_close in test --- lib/ssh/test/ssh_algorithms_SUITE.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 8ccde6c29c..a03a9ee0f2 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -230,7 +230,7 @@ sshc_simple_exec(Config) -> receive {SshPort, {data,Expect}} -> ct:log("Got expected ~p from ~p",[Expect,SshPort]), - port_close(SshPort), + catch port_close(SshPort), ok after ?TIMEOUT -> ct:fail("Did not receive answer") -- cgit v1.2.3 From 1c7a593c8220668c08da8782a905f4d599e184db Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 25 Feb 2016 13:12:35 +0100 Subject: ssh: step vsn.mk --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 55d12abffe..41b42d454b 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 4.2.1 +SSH_VSN = 4.2.2 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From 6e4a86b78215a2dde37e84e1dd2ab44ffa92b0f8 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 25 Feb 2016 15:39:46 +0100 Subject: ssh: add timetrap to ssh_sup_SUITE --- lib/ssh/test/ssh_sup_SUITE.erl | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_sup_SUITE.erl b/lib/ssh/test/ssh_sup_SUITE.erl index 5c77fcf1ef..18e91a9af3 100644 --- a/lib/ssh/test/ssh_sup_SUITE.erl +++ b/lib/ssh/test/ssh_sup_SUITE.erl @@ -34,6 +34,10 @@ %% Common Test interface functions ----------------------------------- %%-------------------------------------------------------------------- +suite() -> + [{ct_hooks,[ts_install_cth]}, + {timetrap,{minutes,1}}]. + all() -> [default_tree, sshc_subtree, sshd_subtree, sshd_subtree_profile]. -- cgit v1.2.3 From 96f6ec8111d3d7fa8c6017f3e58bdee82682ed01 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 25 Feb 2016 15:40:34 +0100 Subject: ssh: Adjusted timetrap values on ssh tests --- lib/ssh/test/ssh_algorithms_SUITE.erl | 2 +- lib/ssh/test/ssh_basic_SUITE.erl | 2 +- lib/ssh/test/ssh_connection_SUITE.erl | 2 +- lib/ssh/test/ssh_options_SUITE.erl | 2 +- lib/ssh/test/ssh_protocol_SUITE.erl | 2 +- lib/ssh/test/ssh_renegotiate_SUITE.erl | 2 +- lib/ssh/test/ssh_sftp_SUITE.erl | 2 +- lib/ssh/test/ssh_sftpd_SUITE.erl | 2 +- lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl | 2 +- lib/ssh/test/ssh_to_openssh_SUITE.erl | 2 +- lib/ssh/test/ssh_upgrade_SUITE.erl | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index a03a9ee0f2..49ed15698c 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -36,7 +36,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,5}}]. + {timetrap,{minutes,10}}]. all() -> %% [{group,kex},{group,cipher}... etc diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 564fb66586..094d28e879 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -79,7 +79,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,5}}]. + {timetrap,{minutes,10}}]. all() -> [app_test, diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 67d870bea4..6e90faf0e8 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -37,7 +37,7 @@ %% [{ct_hooks,[ts_install_cth]}]. suite() -> - [{timetrap,{minutes,5}}]. + [{timetrap,{minutes,2}}]. all() -> [ diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl index e0ef3a4b05..ba0107efd6 100644 --- a/lib/ssh/test/ssh_options_SUITE.erl +++ b/lib/ssh/test/ssh_options_SUITE.erl @@ -80,7 +80,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,5}}]. + {timetrap,{minutes,6}}]. all() -> [connectfun_disconnectfun_server, diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index b6603d29e5..44da0f4d6f 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -43,7 +43,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,5}}]. + {timetrap,{minutes,2}}]. all() -> [{group,tool_tests}, diff --git a/lib/ssh/test/ssh_renegotiate_SUITE.erl b/lib/ssh/test/ssh_renegotiate_SUITE.erl index fabe9a5829..6d2c97aa68 100644 --- a/lib/ssh/test/ssh_renegotiate_SUITE.erl +++ b/lib/ssh/test/ssh_renegotiate_SUITE.erl @@ -31,7 +31,7 @@ %%-------------------------------------------------------------------- suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,15}}]. + {timetrap,{minutes,12}}]. all() -> [{group,default_algs}, diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 6066221fc7..c2b04d7a05 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -36,7 +36,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,5}}]. + {timetrap,{minutes,2}}]. all() -> diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl index 687f327206..45439ce0fa 100644 --- a/lib/ssh/test/ssh_sftpd_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_SUITE.erl @@ -45,7 +45,7 @@ %%-------------------------------------------------------------------- suite() -> - [{timetrap,{minutes,5}}]. + [{timetrap,{minutes,3}}]. all() -> [open_close_file, diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl index 84410f60e6..02a2ac4cf9 100644 --- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl @@ -37,7 +37,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,5}}]. + {timetrap,{minutes,2}}]. all() -> diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 37885dfdef..2788bc6b58 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -34,7 +34,7 @@ %%-------------------------------------------------------------------- suite() -> - [{timetrap,{minutes,5}}]. + [{timetrap,{minutes,1}}]. all() -> case os:find_executable("ssh") of diff --git a/lib/ssh/test/ssh_upgrade_SUITE.erl b/lib/ssh/test/ssh_upgrade_SUITE.erl index 006483d3ee..bf8874b118 100644 --- a/lib/ssh/test/ssh_upgrade_SUITE.erl +++ b/lib/ssh/test/ssh_upgrade_SUITE.erl @@ -39,7 +39,7 @@ %%% CommonTest callbacks %%% suite() -> - [{timetrap,{minutes,5}}]. + [{timetrap,{minutes,2}}]. all() -> [ -- cgit v1.2.3 From 0f8afe80c6582f7affd17f36dc9cb48cc7946713 Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Mon, 14 Mar 2016 10:46:23 +0100 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 75e1615c09..5f2cd19cda 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,23 @@ notes.xml
+
Ssh 4.2.2 + +
Fixed Bugs and Malfunctions + + +

+ Documentation correction of ssh_sftp:position/4

+

+ Thanks to Rabbe Fogelholm.

+

+ Own Id: OTP-13305 Aux Id: ERL-87

+ + +
+ +
+
Ssh 4.2.1
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 6664eed554974336909d3ffe03f20349cc4c38fd Mon Sep 17 00:00:00 2001 From: Henrik Nord Date: Tue, 15 Mar 2016 15:19:56 +0100 Subject: update copyright-year --- lib/ssh/Makefile | 2 +- lib/ssh/doc/src/Makefile | 2 +- lib/ssh/doc/src/book.xml | 2 +- lib/ssh/doc/src/introduction.xml | 2 +- lib/ssh/doc/src/notes.xml | 2 +- lib/ssh/doc/src/part_notes.xml | 2 +- lib/ssh/doc/src/ref_man.xml | 2 +- lib/ssh/doc/src/ssh_channel.xml | 2 +- lib/ssh/doc/src/ssh_client_key_api.xml | 2 +- lib/ssh/doc/src/ssh_sftp.xml | 2 +- lib/ssh/doc/src/ssh_sftpd.xml | 2 +- lib/ssh/doc/src/usersguide.xml | 2 +- lib/ssh/doc/src/using_ssh.xml | 2 +- lib/ssh/examples/ssh_sample_cli.erl | 2 +- lib/ssh/src/Makefile | 2 +- lib/ssh/src/ssh.erl | 2 +- lib/ssh/src/ssh.hrl | 2 +- lib/ssh/src/ssh_acceptor_sup.erl | 2 +- lib/ssh/src/ssh_app.erl | 2 +- lib/ssh/src/ssh_auth.erl | 2 +- lib/ssh/src/ssh_auth.hrl | 2 +- lib/ssh/src/ssh_bits.erl | 2 +- lib/ssh/src/ssh_channel.erl | 2 +- lib/ssh/src/ssh_channel_sup.erl | 2 +- lib/ssh/src/ssh_cli.erl | 2 +- lib/ssh/src/ssh_client_key.erl | 2 +- lib/ssh/src/ssh_client_key_api.erl | 2 +- lib/ssh/src/ssh_connect.hrl | 2 +- lib/ssh/src/ssh_connection_handler.erl | 2 +- lib/ssh/src/ssh_connection_sup.erl | 2 +- lib/ssh/src/ssh_daemon_channel.erl | 2 +- lib/ssh/src/ssh_file.erl | 2 +- lib/ssh/src/ssh_io.erl | 2 +- lib/ssh/src/ssh_message.erl | 2 +- lib/ssh/src/ssh_no_io.erl | 2 +- lib/ssh/src/ssh_server_key.erl | 2 +- lib/ssh/src/ssh_server_key_api.erl | 2 +- lib/ssh/src/ssh_sftp.erl | 2 +- lib/ssh/src/ssh_sftpd_file.erl | 2 +- lib/ssh/src/ssh_sftpd_file_api.erl | 2 +- lib/ssh/src/ssh_shell.erl | 2 +- lib/ssh/src/ssh_subsystem_sup.erl | 2 +- lib/ssh/src/ssh_sup.erl | 2 +- lib/ssh/src/ssh_system_sup.erl | 2 +- lib/ssh/src/ssh_transport.erl | 2 +- lib/ssh/src/ssh_transport.hrl | 2 +- lib/ssh/src/ssh_userauth.hrl | 2 +- lib/ssh/src/ssh_xfer.erl | 2 +- lib/ssh/src/ssh_xfer.hrl | 2 +- lib/ssh/src/sshc_sup.erl | 2 +- lib/ssh/src/sshd_sup.erl | 2 +- lib/ssh/test/Makefile | 2 +- lib/ssh/test/property_test/ssh_eqc_client_server.erl | 2 +- lib/ssh/test/property_test/ssh_eqc_encode_decode.erl | 2 +- lib/ssh/test/property_test/ssh_eqc_subsys.erl | 2 +- lib/ssh/test/ssh_algorithms_SUITE.erl | 2 +- lib/ssh/test/ssh_basic_SUITE.erl | 2 +- lib/ssh/test/ssh_benchmark_SUITE.erl | 2 +- lib/ssh/test/ssh_connection_SUITE.erl | 2 +- lib/ssh/test/ssh_echo_server.erl | 2 +- lib/ssh/test/ssh_options_SUITE.erl | 2 +- lib/ssh/test/ssh_peername_sockname_server.erl | 2 +- lib/ssh/test/ssh_property_test_SUITE.erl | 2 +- lib/ssh/test/ssh_protocol_SUITE.erl | 2 +- lib/ssh/test/ssh_renegotiate_SUITE.erl | 2 +- lib/ssh/test/ssh_sftp_SUITE.erl | 2 +- lib/ssh/test/ssh_sftpd_SUITE.erl | 2 +- lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl | 2 +- lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_sftpd_file_alt.erl | 2 +- lib/ssh/test/ssh_sup_SUITE.erl | 2 +- lib/ssh/test/ssh_test_lib.erl | 2 +- lib/ssh/test/ssh_to_openssh_SUITE.erl | 2 +- lib/ssh/test/ssh_upgrade_SUITE.erl | 2 +- 73 files changed, 73 insertions(+), 73 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/Makefile b/lib/ssh/Makefile index 839aada22f..dedc7ac3a6 100644 --- a/lib/ssh/Makefile +++ b/lib/ssh/Makefile @@ -1,7 +1,7 @@ # # %CopyrightBegin% # -# Copyright Ericsson AB 2004-2010. All Rights Reserved. +# Copyright Ericsson AB 2004-2016. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/lib/ssh/doc/src/Makefile b/lib/ssh/doc/src/Makefile index c0707f8004..a759854da4 100644 --- a/lib/ssh/doc/src/Makefile +++ b/lib/ssh/doc/src/Makefile @@ -1,7 +1,7 @@ # # %CopyrightBegin% # -# Copyright Ericsson AB 2004-2012. All Rights Reserved. +# Copyright Ericsson AB 2004-2016. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/lib/ssh/doc/src/book.xml b/lib/ssh/doc/src/book.xml index 33b1e0036b..bc104b274d 100644 --- a/lib/ssh/doc/src/book.xml +++ b/lib/ssh/doc/src/book.xml @@ -4,7 +4,7 @@
- 20052013 + 20052016 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/introduction.xml b/lib/ssh/doc/src/introduction.xml index 187d458092..ca84528f3d 100644 --- a/lib/ssh/doc/src/introduction.xml +++ b/lib/ssh/doc/src/introduction.xml @@ -5,7 +5,7 @@
2012 - 2013 + 2016 Ericsson AB, All Rights Reserved diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 5f2cd19cda..96bc50c689 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -4,7 +4,7 @@
- 20042015 + 20042016 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/part_notes.xml b/lib/ssh/doc/src/part_notes.xml index 664cadce57..aaca8ca9f2 100644 --- a/lib/ssh/doc/src/part_notes.xml +++ b/lib/ssh/doc/src/part_notes.xml @@ -4,7 +4,7 @@
- 20042013 + 20042016 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/ref_man.xml b/lib/ssh/doc/src/ref_man.xml index 4a2f043948..140ebd8c76 100644 --- a/lib/ssh/doc/src/ref_man.xml +++ b/lib/ssh/doc/src/ref_man.xml @@ -4,7 +4,7 @@
- 20042013 + 20042016 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/ssh_channel.xml b/lib/ssh/doc/src/ssh_channel.xml index abfe590647..907b0b3bec 100644 --- a/lib/ssh/doc/src/ssh_channel.xml +++ b/lib/ssh/doc/src/ssh_channel.xml @@ -5,7 +5,7 @@
2009 - 2013 + 2016 Ericsson AB, All Rights Reserved diff --git a/lib/ssh/doc/src/ssh_client_key_api.xml b/lib/ssh/doc/src/ssh_client_key_api.xml index 6b8932e5a7..a1cd9d4b02 100644 --- a/lib/ssh/doc/src/ssh_client_key_api.xml +++ b/lib/ssh/doc/src/ssh_client_key_api.xml @@ -5,7 +5,7 @@
2012 - 2013 + 2016 Ericsson AB, All Rights Reserved diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index f4b41b74f3..1d37933369 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -4,7 +4,7 @@
- 20052015 + 20052016 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/ssh_sftpd.xml b/lib/ssh/doc/src/ssh_sftpd.xml index cf50fb1b23..1be29b3b29 100644 --- a/lib/ssh/doc/src/ssh_sftpd.xml +++ b/lib/ssh/doc/src/ssh_sftpd.xml @@ -4,7 +4,7 @@
- 20052013 + 20052016 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/usersguide.xml b/lib/ssh/doc/src/usersguide.xml index 7c925a3762..70051ba771 100644 --- a/lib/ssh/doc/src/usersguide.xml +++ b/lib/ssh/doc/src/usersguide.xml @@ -4,7 +4,7 @@
- 20122013 + 20122016 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/doc/src/using_ssh.xml b/lib/ssh/doc/src/using_ssh.xml index 6826f20fb3..0861c641c7 100644 --- a/lib/ssh/doc/src/using_ssh.xml +++ b/lib/ssh/doc/src/using_ssh.xml @@ -5,7 +5,7 @@
2012 - 2013 + 2016 Ericsson AB. All Rights Reserved. diff --git a/lib/ssh/examples/ssh_sample_cli.erl b/lib/ssh/examples/ssh_sample_cli.erl index 2d8aa428ec..f88aaf048a 100644 --- a/lib/ssh/examples/ssh_sample_cli.erl +++ b/lib/ssh/examples/ssh_sample_cli.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2010. All Rights Reserved. +%% Copyright Ericsson AB 2005-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile index b44c8eef35..ecf165ed23 100644 --- a/lib/ssh/src/Makefile +++ b/lib/ssh/src/Makefile @@ -1,7 +1,7 @@ # # %CopyrightBegin% # -# Copyright Ericsson AB 2004-2013. All Rights Reserved. +# Copyright Ericsson AB 2004-2016. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 54f94acbdc..d0121e73ba 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -1,7 +1,7 @@ % %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2014. All Rights Reserved. +%% Copyright Ericsson AB 2004-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index f88098819d..73d6e4d2bc 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2013. All Rights Reserved. +%% Copyright Ericsson AB 2004-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_acceptor_sup.erl b/lib/ssh/src/ssh_acceptor_sup.erl index a3dc64850f..b2f489a971 100644 --- a/lib/ssh/src/ssh_acceptor_sup.erl +++ b/lib/ssh/src/ssh_acceptor_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2014. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_app.erl b/lib/ssh/src/ssh_app.erl index 1a11938dd9..d3680e20da 100644 --- a/lib/ssh/src/ssh_app.erl +++ b/lib/ssh/src/ssh_app.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2010. All Rights Reserved. +%% Copyright Ericsson AB 2004-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index b71bed033a..4b3c21ce3f 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2014. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_auth.hrl b/lib/ssh/src/ssh_auth.hrl index 449bc4fa45..56314ca6d9 100644 --- a/lib/ssh/src/ssh_auth.hrl +++ b/lib/ssh/src/ssh_auth.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2012. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_bits.erl b/lib/ssh/src/ssh_bits.erl index 101bf76cd3..8bedaaf0c5 100644 --- a/lib/ssh/src/ssh_bits.erl +++ b/lib/ssh/src/ssh_bits.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2013. All Rights Reserved. +%% Copyright Ericsson AB 2005-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_channel.erl b/lib/ssh/src/ssh_channel.erl index d15a2c8eba..de6908bb38 100644 --- a/lib/ssh/src/ssh_channel.erl +++ b/lib/ssh/src/ssh_channel.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_channel_sup.erl b/lib/ssh/src/ssh_channel_sup.erl index 7c381553b8..8eaa85f795 100644 --- a/lib/ssh/src/ssh_channel_sup.erl +++ b/lib/ssh/src/ssh_channel_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl index 71f62a960e..2d60008de6 100644 --- a/lib/ssh/src/ssh_cli.erl +++ b/lib/ssh/src/ssh_cli.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2013. All Rights Reserved. +%% Copyright Ericsson AB 2005-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_client_key.erl b/lib/ssh/src/ssh_client_key.erl index 0758865ad1..5296ac2a02 100644 --- a/lib/ssh/src/ssh_client_key.erl +++ b/lib/ssh/src/ssh_client_key.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2011-2012. All Rights Reserved. +%% Copyright Ericsson AB 2011-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_client_key_api.erl b/lib/ssh/src/ssh_client_key_api.erl index 7fe97b6c13..039a7dea9b 100644 --- a/lib/ssh/src/ssh_client_key_api.erl +++ b/lib/ssh/src/ssh_client_key_api.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2011-2013. All Rights Reserved. +%% Copyright Ericsson AB 2011-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_connect.hrl b/lib/ssh/src/ssh_connect.hrl index 0c9ddad641..397d51de9d 100644 --- a/lib/ssh/src/ssh_connect.hrl +++ b/lib/ssh/src/ssh_connect.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2014. All Rights Reserved. +%% Copyright Ericsson AB 2005-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index ce1931e4f4..2bef6a41cd 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2015. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_connection_sup.erl b/lib/ssh/src/ssh_connection_sup.erl index e8d0d49668..8c7628e909 100644 --- a/lib/ssh/src/ssh_connection_sup.erl +++ b/lib/ssh/src/ssh_connection_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_daemon_channel.erl b/lib/ssh/src/ssh_daemon_channel.erl index 560e8246de..6ca93eff44 100644 --- a/lib/ssh/src/ssh_daemon_channel.erl +++ b/lib/ssh/src/ssh_daemon_channel.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2013. All Rights Reserved. +%% Copyright Ericsson AB 2013-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl index 3e066c453d..4486d36fe4 100644 --- a/lib/ssh/src/ssh_file.erl +++ b/lib/ssh/src/ssh_file.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2012. All Rights Reserved. +%% Copyright Ericsson AB 2005-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_io.erl b/lib/ssh/src/ssh_io.erl index a5e627fdb3..026d0f6151 100644 --- a/lib/ssh/src/ssh_io.erl +++ b/lib/ssh/src/ssh_io.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2014. All Rights Reserved. +%% Copyright Ericsson AB 2005-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index a0e9a4961c..65754956aa 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2013-2014. All Rights Reserved. +%% Copyright Ericsson AB 2013-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_no_io.erl b/lib/ssh/src/ssh_no_io.erl index e8d1afd0ed..8144aac66e 100644 --- a/lib/ssh/src/ssh_no_io.erl +++ b/lib/ssh/src/ssh_no_io.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2013. All Rights Reserved. +%% Copyright Ericsson AB 2005-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_server_key.erl b/lib/ssh/src/ssh_server_key.erl index 4ab326374a..2ce0c7e3fe 100644 --- a/lib/ssh/src/ssh_server_key.erl +++ b/lib/ssh/src/ssh_server_key.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2011-2012. All Rights Reserved. +%% Copyright Ericsson AB 2011-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_server_key_api.erl b/lib/ssh/src/ssh_server_key_api.erl index 7c05d82c03..c1d43a486c 100644 --- a/lib/ssh/src/ssh_server_key_api.erl +++ b/lib/ssh/src/ssh_server_key_api.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2011-2012. All Rights Reserved. +%% Copyright Ericsson AB 2011-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl index eb99406626..b03652a136 100644 --- a/lib/ssh/src/ssh_sftp.erl +++ b/lib/ssh/src/ssh_sftp.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2014. All Rights Reserved. +%% Copyright Ericsson AB 2005-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_sftpd_file.erl b/lib/ssh/src/ssh_sftpd_file.erl index a287e8891b..311cdc1a3d 100644 --- a/lib/ssh/src/ssh_sftpd_file.erl +++ b/lib/ssh/src/ssh_sftpd_file.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2006-2010. All Rights Reserved. +%% Copyright Ericsson AB 2006-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_sftpd_file_api.erl b/lib/ssh/src/ssh_sftpd_file_api.erl index c61d4e7ecf..78f452df67 100644 --- a/lib/ssh/src/ssh_sftpd_file_api.erl +++ b/lib/ssh/src/ssh_sftpd_file_api.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2007-2012. All Rights Reserved. +%% Copyright Ericsson AB 2007-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_shell.erl b/lib/ssh/src/ssh_shell.erl index 22ad4da948..d31d5a297d 100644 --- a/lib/ssh/src/ssh_shell.erl +++ b/lib/ssh/src/ssh_shell.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2009-2013. All Rights Reserved. +%% Copyright Ericsson AB 2009-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_subsystem_sup.erl b/lib/ssh/src/ssh_subsystem_sup.erl index ebe33ec7da..11e02491c4 100644 --- a/lib/ssh/src/ssh_subsystem_sup.erl +++ b/lib/ssh/src/ssh_subsystem_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_sup.erl b/lib/ssh/src/ssh_sup.erl index 649ea00a06..f827594717 100644 --- a/lib/ssh/src/ssh_sup.erl +++ b/lib/ssh/src/ssh_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_system_sup.erl b/lib/ssh/src/ssh_system_sup.erl index 18a5d8071a..6314671f0d 100644 --- a/lib/ssh/src/ssh_system_sup.erl +++ b/lib/ssh/src/ssh_system_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2014. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index a648c7af3d..c04bd350c7 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2014. All Rights Reserved. +%% Copyright Ericsson AB 2004-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_transport.hrl b/lib/ssh/src/ssh_transport.hrl index fd43326f0d..f91cb1dd63 100644 --- a/lib/ssh/src/ssh_transport.hrl +++ b/lib/ssh/src/ssh_transport.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2010. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_userauth.hrl b/lib/ssh/src/ssh_userauth.hrl index 935999b9d1..2cfc1f0f83 100644 --- a/lib/ssh/src/ssh_userauth.hrl +++ b/lib/ssh/src/ssh_userauth.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2011. All Rights Reserved. +%% Copyright Ericsson AB 2005-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_xfer.erl b/lib/ssh/src/ssh_xfer.erl index 259dc71aa5..e1680c120e 100644 --- a/lib/ssh/src/ssh_xfer.erl +++ b/lib/ssh/src/ssh_xfer.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2014. All Rights Reserved. +%% Copyright Ericsson AB 2005-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/ssh_xfer.hrl b/lib/ssh/src/ssh_xfer.hrl index fe1405ccae..a76e9151db 100644 --- a/lib/ssh/src/ssh_xfer.hrl +++ b/lib/ssh/src/ssh_xfer.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2013. All Rights Reserved. +%% Copyright Ericsson AB 2005-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/sshc_sup.erl b/lib/ssh/src/sshc_sup.erl index 8ee6aacfb5..5667fd2aec 100644 --- a/lib/ssh/src/sshc_sup.erl +++ b/lib/ssh/src/sshc_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/src/sshd_sup.erl b/lib/ssh/src/sshd_sup.erl index 7975b146fb..ac9e232b3a 100644 --- a/lib/ssh/src/sshd_sup.erl +++ b/lib/ssh/src/sshd_sup.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile index fb539f98fa..4ecc662c13 100644 --- a/lib/ssh/test/Makefile +++ b/lib/ssh/test/Makefile @@ -1,7 +1,7 @@ # # %CopyrightBegin% # -# Copyright Ericsson AB 2004-2013. All Rights Reserved. +# Copyright Ericsson AB 2004-2016. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/property_test/ssh_eqc_client_server.erl b/lib/ssh/test/property_test/ssh_eqc_client_server.erl index 4fcb5aea69..39d0b4e410 100644 --- a/lib/ssh/test/property_test/ssh_eqc_client_server.erl +++ b/lib/ssh/test/property_test/ssh_eqc_client_server.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2014. All Rights Reserved. +%% Copyright Ericsson AB 2004-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl b/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl index 803c8aa2ad..dc3b7dc7e6 100644 --- a/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl +++ b/lib/ssh/test/property_test/ssh_eqc_encode_decode.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2014. All Rights Reserved. +%% Copyright Ericsson AB 2004-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/property_test/ssh_eqc_subsys.erl b/lib/ssh/test/property_test/ssh_eqc_subsys.erl index 3b395b9285..30b254b9c0 100644 --- a/lib/ssh/test/property_test/ssh_eqc_subsys.erl +++ b/lib/ssh/test/property_test/ssh_eqc_subsys.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2014. All Rights Reserved. +%% Copyright Ericsson AB 2004-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 49ed15698c..74028c20a5 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2015. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 094d28e879..c70ae083ed 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2015. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl index fe90da3028..8ec1017642 100644 --- a/lib/ssh/test/ssh_benchmark_SUITE.erl +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -1,7 +1,7 @@ %%%------------------------------------------------------------------- %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2015. All Rights Reserved. +%% Copyright Ericsson AB 2015-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 6e90faf0e8..e08d6047a1 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2015. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_echo_server.erl b/lib/ssh/test/ssh_echo_server.erl index 96c9aad135..796a182502 100644 --- a/lib/ssh/test/ssh_echo_server.erl +++ b/lib/ssh/test/ssh_echo_server.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2013. All Rights Reserved. +%% Copyright Ericsson AB 2005-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl index ba0107efd6..bb4fbc0a17 100644 --- a/lib/ssh/test/ssh_options_SUITE.erl +++ b/lib/ssh/test/ssh_options_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2015. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_peername_sockname_server.erl b/lib/ssh/test/ssh_peername_sockname_server.erl index 88c96fe444..8731d80f62 100644 --- a/lib/ssh/test/ssh_peername_sockname_server.erl +++ b/lib/ssh/test/ssh_peername_sockname_server.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_property_test_SUITE.erl b/lib/ssh/test/ssh_property_test_SUITE.erl index 2278719f6a..c5cc36c45e 100644 --- a/lib/ssh/test/ssh_property_test_SUITE.erl +++ b/lib/ssh/test/ssh_property_test_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2014. All Rights Reserved. +%% Copyright Ericsson AB 2004-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index dbba48c726..4e13aeaf24 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2015. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in diff --git a/lib/ssh/test/ssh_renegotiate_SUITE.erl b/lib/ssh/test/ssh_renegotiate_SUITE.erl index 6d2c97aa68..94b78fdde2 100644 --- a/lib/ssh/test/ssh_renegotiate_SUITE.erl +++ b/lib/ssh/test/ssh_renegotiate_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2015. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index c2b04d7a05..931bf9c5ff 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2005-2014. All Rights Reserved. +%% Copyright Ericsson AB 2005-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl index 45439ce0fa..1670395880 100644 --- a/lib/ssh/test/ssh_sftpd_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2006-2015. All Rights Reserved. +%% Copyright Ericsson AB 2006-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl index 02a2ac4cf9..992505d955 100644 --- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2007-2013. All Rights Reserved. +%% Copyright Ericsson AB 2007-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_sftpd_file_alt.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_sftpd_file_alt.erl index 4f494cf829..6cfa8ee83f 100644 --- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_sftpd_file_alt.erl +++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE_data/ssh_sftpd_file_alt.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2007-2013. All Rights Reserved. +%% Copyright Ericsson AB 2007-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_sup_SUITE.erl b/lib/ssh/test/ssh_sup_SUITE.erl index 18e91a9af3..9fc41168ee 100644 --- a/lib/ssh/test/ssh_sup_SUITE.erl +++ b/lib/ssh/test/ssh_sup_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2015-2015. All Rights Reserved. +%% Copyright Ericsson AB 2015-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 5f91fb627a..abbd4857c9 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2004-2015. All Rights Reserved. +%% Copyright Ericsson AB 2004-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 2788bc6b58..8e79f80a58 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2008-2015. All Rights Reserved. +%% Copyright Ericsson AB 2008-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. diff --git a/lib/ssh/test/ssh_upgrade_SUITE.erl b/lib/ssh/test/ssh_upgrade_SUITE.erl index bf8874b118..4008d94f60 100644 --- a/lib/ssh/test/ssh_upgrade_SUITE.erl +++ b/lib/ssh/test/ssh_upgrade_SUITE.erl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2014-2015. All Rights Reserved. +%% Copyright Ericsson AB 2014-2016. All Rights Reserved. %% %% Licensed under the Apache License, Version 2.0 (the "License"); %% you may not use this file except in compliance with the License. -- cgit v1.2.3 From 449e66a2676f4607f43a4e70b3dcad99b9d45a78 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 8 Mar 2016 12:14:39 +0100 Subject: Set timetrap to 40s except for some long running test cases Conflicts: lib/ssh/test/ssh_connection_SUITE.erl --- lib/ssh/test/ssh_algorithms_SUITE.erl | 8 +++++++- lib/ssh/test/ssh_basic_SUITE.erl | 2 +- lib/ssh/test/ssh_connection_SUITE.erl | 8 ++------ lib/ssh/test/ssh_options_SUITE.erl | 14 +++++++++++--- lib/ssh/test/ssh_protocol_SUITE.erl | 2 +- lib/ssh/test/ssh_renegotiate_SUITE.erl | 7 +++++-- lib/ssh/test/ssh_sftp_SUITE.erl | 2 +- lib/ssh/test/ssh_sftpd_SUITE.erl | 2 +- lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl | 2 +- lib/ssh/test/ssh_sup_SUITE.erl | 2 +- lib/ssh/test/ssh_to_openssh_SUITE.erl | 2 +- lib/ssh/test/ssh_upgrade_SUITE.erl | 2 +- 12 files changed, 33 insertions(+), 20 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 49ed15698c..256c8c8da3 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -36,7 +36,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,10}}]. + {timetrap,{seconds,40}}]. all() -> %% [{group,kex},{group,cipher}... etc @@ -191,6 +191,9 @@ simple_exec_groups_no_match_too_large(Config) -> %%-------------------------------------------------------------------- %% Testing all default groups + +simple_exec_groups() -> [{timetrap,{seconds,90}}]. + simple_exec_groups(Config) -> Sizes = interpolate( public_key:dh_gex_group_sizes() ), lists:foreach( @@ -217,6 +220,9 @@ interpolate(Is) -> %%-------------------------------------------------------------------- %% Use the ssh client of the OS to connect + +sshc_simple_exec() -> [{timetrap,{seconds,90}}]. + sshc_simple_exec(Config) -> PrivDir = ?config(priv_dir, Config), KnownHosts = filename:join(PrivDir, "known_hosts"), diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 094d28e879..18a05c0fb8 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -79,7 +79,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,10}}]. + {timetrap,{seconds,40}}]. all() -> [app_test, diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 6e90faf0e8..a1fbe28a83 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -37,7 +37,7 @@ %% [{ct_hooks,[ts_install_cth]}]. suite() -> - [{timetrap,{minutes,2}}]. + [{timetrap,{seconds,40}}]. all() -> [ @@ -314,11 +314,7 @@ ptty_alloc_pixel(Config) when is_list(Config) -> ssh:close(ConnectionRef). %%-------------------------------------------------------------------- - -interrupted_send() -> - [{doc, "Use a subsystem that echos n char and then sends eof to cause a channel exit partway through a large send."}]. - -interrupted_send(Config) when is_list(Config) -> +interrupted_send(Config) -> PrivDir = ?config(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl index ba0107efd6..22a311df3c 100644 --- a/lib/ssh/test/ssh_options_SUITE.erl +++ b/lib/ssh/test/ssh_options_SUITE.erl @@ -51,8 +51,10 @@ ssh_connect_arg4_timeout/1, ssh_connect_negtimeout_parallel/1, ssh_connect_negtimeout_sequential/1, - ssh_connect_nonegtimeout_connected_parallel/1, - ssh_connect_nonegtimeout_connected_sequential/1, + ssh_connect_nonegtimeout_connected_parallel/0, + ssh_connect_nonegtimeout_connected_parallel/1, + ssh_connect_nonegtimeout_connected_sequential/0, + ssh_connect_nonegtimeout_connected_sequential/1, ssh_connect_timeout/1, connect/4, ssh_daemon_minimal_remote_max_packet_size_option/1, ssh_msg_debug_fun_option_client/1, @@ -80,7 +82,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,6}}]. + {timetrap,{seconds,40}}]. all() -> [connectfun_disconnectfun_server, @@ -980,10 +982,16 @@ ssh_connect_negtimeout(Config, Parallel) -> %%-------------------------------------------------------------------- %%% Test that ssh connection does not timeout if the connection is established (parallel) + +ssh_connect_nonegtimeout_connected_parallel() -> [{timetrap,{seconds,90}}]. + ssh_connect_nonegtimeout_connected_parallel(Config) -> ssh_connect_nonegtimeout_connected(Config, true). %%% Test that ssh connection does not timeout if the connection is established (non-parallel) + +ssh_connect_nonegtimeout_connected_sequential() -> [{timetrap,{seconds,90}}]. + ssh_connect_nonegtimeout_connected_sequential(Config) -> ssh_connect_nonegtimeout_connected(Config, false). diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index dbba48c726..eea71038aa 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -43,7 +43,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,2}}]. + {timetrap,{seconds,40}}]. all() -> [{group,tool_tests}, diff --git a/lib/ssh/test/ssh_renegotiate_SUITE.erl b/lib/ssh/test/ssh_renegotiate_SUITE.erl index 6d2c97aa68..abbe57796f 100644 --- a/lib/ssh/test/ssh_renegotiate_SUITE.erl +++ b/lib/ssh/test/ssh_renegotiate_SUITE.erl @@ -31,7 +31,7 @@ %%-------------------------------------------------------------------- suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,12}}]. + {timetrap,{seconds,40}}]. all() -> [{group,default_algs}, @@ -83,7 +83,8 @@ end_per_testcase(_TestCase, _Config) -> %%-------------------------------------------------------------------- %%% Idle timeout test - +rekey() -> [{timetrap,{seconds,90}}]. + rekey(Config) -> {Pid, Host, Port} = ssh_test_lib:std_daemon(Config, @@ -105,6 +106,8 @@ rekey(Config) -> %%% Test rekeying by data volume +rekey_limit() -> [{timetrap,{seconds,400}}]. + rekey_limit(Config) -> UserDir = ?config(priv_dir, Config), DataFile = filename:join(UserDir, "rekey.data"), diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index c2b04d7a05..76ba78b728 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -36,7 +36,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,2}}]. + {timetrap,{seconds,40}}]. all() -> diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl index 45439ce0fa..57b93a5f36 100644 --- a/lib/ssh/test/ssh_sftpd_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_SUITE.erl @@ -45,7 +45,7 @@ %%-------------------------------------------------------------------- suite() -> - [{timetrap,{minutes,3}}]. + [{timetrap,{seconds,40}}]. all() -> [open_close_file, diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl index 02a2ac4cf9..4c3c2dcd5a 100644 --- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl @@ -37,7 +37,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,2}}]. + {timetrap,{seconds,40}}]. all() -> diff --git a/lib/ssh/test/ssh_sup_SUITE.erl b/lib/ssh/test/ssh_sup_SUITE.erl index 18e91a9af3..cbbd7d4d76 100644 --- a/lib/ssh/test/ssh_sup_SUITE.erl +++ b/lib/ssh/test/ssh_sup_SUITE.erl @@ -36,7 +36,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{minutes,1}}]. + {timetrap,{seconds,40}}]. all() -> [default_tree, sshc_subtree, sshd_subtree, sshd_subtree_profile]. diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 2788bc6b58..80f8607f65 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -34,7 +34,7 @@ %%-------------------------------------------------------------------- suite() -> - [{timetrap,{minutes,1}}]. + [{timetrap,{seconds,40}}]. all() -> case os:find_executable("ssh") of diff --git a/lib/ssh/test/ssh_upgrade_SUITE.erl b/lib/ssh/test/ssh_upgrade_SUITE.erl index bf8874b118..20df865b55 100644 --- a/lib/ssh/test/ssh_upgrade_SUITE.erl +++ b/lib/ssh/test/ssh_upgrade_SUITE.erl @@ -39,7 +39,7 @@ %%% CommonTest callbacks %%% suite() -> - [{timetrap,{minutes,2}}]. + [{timetrap,{seconds,180}}]. all() -> [ -- cgit v1.2.3 From e7ec2d06b5b7b26f7a00e3853e99ce6a00be2932 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 17 Mar 2016 10:01:50 +0100 Subject: ssh: Make ssh_info:string() return the result from print() as a string Good for test cases. --- lib/ssh/src/ssh_info.erl | 127 ++++++++++++++++++++++++++++++----------------- 1 file changed, 81 insertions(+), 46 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl index 4e6e25bc70..0a4bd7706b 100644 --- a/lib/ssh/src/ssh_info.erl +++ b/lib/ssh/src/ssh_info.erl @@ -27,6 +27,14 @@ -compile(export_all). +string() -> + Pid = spawn(fun init/0), + print(Pid), + Pid ! {get,self()}, + receive + {result,R} -> R + end. + print() -> print(user). @@ -34,55 +42,57 @@ print(D) -> try supervisor:which_children(ssh_sup) of _ -> - io:nl(D), + io__nl(D), print_general(D), - io:nl(D), + io__nl(D), underline(D, "Client part", $=), print_clients(D), - io:nl(D), + io__nl(D), underline(D, "Server part", $=), print_servers(D), - io:nl(D), + io__nl(D), %% case os:type() of %% {unix,_} -> - %% io:nl(), + %% io__nl(), %% underline("Linux part", $=), %% underline("Listening"), - %% catch io:format(os:cmd("netstat -tpln")), - %% io:nl(), + %% catch io__format(os:cmd("netstat -tpln")), + %% io__nl(), %% underline("Other"), - %% catch io:format(os:cmd("netstat -tpn")); + %% catch io__format(os:cmd("netstat -tpn")); %% _ -> ok %% end, underline(D, "Supervisors", $=), walk_sups(D, ssh_sup), - io:nl(D) + io__nl(D) catch _:_ -> - io:format(D,"Ssh not found~n",[]) + io__format(D,"Ssh not found~n",[]) end. %%%================================================================ print_general(D) -> {_Name, Slogan, Ver} = lists:keyfind(ssh,1,application:which_applications()), underline(D, io_lib:format("~s ~s", [Slogan, Ver]), $=), - io:format(D, 'This printout is generated ~s. ~n',[datetime()]). + io__format(D, 'This printout is generated ~s. ~n',[datetime()]). %%%================================================================ +-define(INDENT, " "). + print_clients(D) -> PrintClient = fun(X) -> print_client(D,X) end, try lists:foreach(PrintClient, supervisor:which_children(sshc_sup)) catch C:E -> - io:format(D, '***FAILED: ~p:~p~n',[C,E]) + io__format(D, '***FAILED: ~p:~p~n',[C,E]) end. print_client(D, {undefined,Pid,supervisor,[ssh_connection_handler]}) -> {{Local,Remote},_Str} = ssh_connection_handler:get_print_info(Pid), - io:format(D, " Local=~s Remote=~s ConnectionRef=~p~n",[fmt_host_port(Local),fmt_host_port(Remote),Pid]); + io__format(D, ?INDENT"Local: ~s Remote: ~s ConnectionRef = ~p~n",[fmt_host_port(Local),fmt_host_port(Remote),Pid]); print_client(D, Other) -> - io:format(D, " [[Other 1: ~p]]~n",[Other]). + io__format(D, " [[Other 1: ~p]]~n",[Other]). %%%================================================================ @@ -92,51 +102,56 @@ print_servers(D) -> lists:foreach(PrintServer, supervisor:which_children(sshd_sup)) catch C:E -> - io:format(D, '***FAILED: ~p:~p~n',[C,E]) + io__format(D, '***FAILED: ~p:~p~n',[C,E]) end. -print_server(D, {{server,ssh_system_sup,LocalHost,LocalPort},Pid,supervisor,[ssh_system_sup]}) when is_pid(Pid) -> - io:format(D, 'Local=~s (~p children)~n',[fmt_host_port({LocalHost,LocalPort}), - ssh_acceptor:number_of_connections(Pid)]), + +print_server(D, {{server,ssh_system_sup,LocalHost,LocalPort,Profile},Pid,supervisor,[ssh_system_sup]}) when is_pid(Pid) -> + io__format(D, ?INDENT"Listen: ~s (~p children) Profile ~p~n",[fmt_host_port({LocalHost,LocalPort}), + ssh_acceptor:number_of_connections(Pid), + Profile]), PrintSystemSup = fun(X) -> print_system_sup(D,X) end, - lists:foreach(PrintSystemSup, supervisor:which_children(Pid)); -print_server(D, Other) -> - io:format(D, " [[Other 2: ~p]]~n",[Other]). - + lists:foreach(PrintSystemSup, supervisor:which_children(Pid)). + + print_system_sup(D, {Ref,Pid,supervisor,[ssh_subsystem_sup]}) when is_reference(Ref), - is_pid(Pid) -> + is_pid(Pid) -> PrintChannels = fun(X) -> print_channels(D,X) end, lists:foreach(PrintChannels, supervisor:which_children(Pid)); -print_system_sup(D, {{ssh_acceptor_sup,LocalHost,LocalPort}, Pid,supervisor, [ssh_acceptor_sup]}) when is_pid(Pid) -> - io:format(D, " [Acceptor for ~s]~n",[fmt_host_port({LocalHost,LocalPort})]); -print_system_sup(D, Other) -> - io:format(D, " [[Other 3: ~p]]~n",[Other]). +print_system_sup(D, {{ssh_acceptor_sup,LocalHost,LocalPort,Profile}, Pid, supervisor, [ssh_acceptor_sup]}) when is_pid(Pid) -> + io__format(D, ?INDENT?INDENT"[Acceptor Pid ~p]~n",[Pid]). -print_channels(D, {{server,ssh_channel_sup,_,_},Pid,supervisor,[ssh_channel_sup]}) when is_pid(Pid) -> - PrintChannel = fun(X) -> print_channel(D,X) end, - lists:foreach(PrintChannel, supervisor:which_children(Pid)); -print_channels(D, Other) -> - io:format(D, " [[Other 4: ~p]]~n",[Other]). +print_channels(D, {{server,ssh_channel_sup,_,_},Pid,supervisor,[ssh_channel_sup]}) when is_pid(Pid) -> + Children = supervisor:which_children(Pid), + ChannelPids = [P || {R,P,worker,[ssh_channel]} <- Children, + is_pid(P), + is_reference(R)], + case ChannelPids of + [] -> io__format(D, ?INDENT?INDENT"No channels~n",[]); + [Ch1Pid|_] -> + {{ConnManager,_}, _Str} = ssh_channel:get_print_info(Ch1Pid), + {{_,Remote},_} = ssh_connection_handler:get_print_info(ConnManager), + io__format(D, ?INDENT?INDENT"Remote: ~s ConnectionRef = ~p~n",[fmt_host_port(Remote),ConnManager]), + lists:foreach(fun(P) -> print_ch(D,P) end, ChannelPids) + end; +print_channels(_D, {{server,ssh_connection_sup,_,_},Pid,supervisor,[ssh_connection_sup]}) when is_pid(Pid) -> + ok. % The supervisor of the connections socket owning process -print_channel(D, {Ref,Pid,worker,[ssh_channel]}) when is_reference(Ref), - is_pid(Pid) -> +print_ch(D, Pid) -> {{ConnManager,ChannelID}, Str} = ssh_channel:get_print_info(Pid), - {{Local,Remote},StrM} = ssh_connection_handler:get_print_info(ConnManager), - io:format(D, ' ch ~p: ~s ~s',[ChannelID, StrM, Str]), - io:format(D, " Local=~s Remote=~s~n",[fmt_host_port(Local),fmt_host_port(Remote)]); -print_channel(D, Other) -> - io:format(D, " [[Other 5: ~p]]~n",[Other]). - + {_LocalRemote,StrM} = ssh_connection_handler:get_print_info(ConnManager), + io__format(D, ?INDENT?INDENT?INDENT"ch ~p: ~s ~s~n",[ChannelID, StrM, Str]). + %%%================================================================ -define(inc(N), (N+4)). walk_sups(D, StartPid) -> - io:format(D, "Start at ~p, ~s.~n",[StartPid,dead_or_alive(StartPid)]), + io__format(D, "Start at ~p, ~s.~n",[StartPid,dead_or_alive(StartPid)]), walk_sups(D, children(StartPid), _Indent=?inc(0)). walk_sups(D, [H={_,Pid,_,_}|T], Indent) -> - indent(D, Indent), io:format(D, '~200p ~p is ~s~n',[H,Pid,dead_or_alive(Pid)]), + indent(D, Indent), io__format(D, '~200p ~p is ~s~n',[H,Pid,dead_or_alive(Pid)]), case H of {_,_,supervisor,[ssh_connection_handler]} -> ok; {_,Pid,supervisor,_} -> walk_sups(D, children(Pid), ?inc(Indent)); @@ -159,7 +174,7 @@ dead_or_alive(Pid) when is_pid(Pid) -> _ -> "alive" end. -indent(D, I) -> io:format(D,'~*c',[I,$ ]). +indent(D, I) -> io__format(D,'~*c',[I,$ ]). children(Pid) -> Parent = self(), @@ -181,11 +196,11 @@ underline(D, Str) -> underline(D, Str, LineChar) -> Len = lists:flatlength(Str), - io:format(D, '~s~n',[Str]), + io__format(D, '~s~n',[Str]), line(D,Len,LineChar). line(D, Len, Char) -> - io:format(D, '~*c~n', [Len,Char]). + io__format(D, '~*c~n', [Len,Char]). datetime() -> @@ -199,5 +214,25 @@ fmt_host_port({Host,Port}) -> io_lib:format('~s:~p',[Host,Port]). nyi(D) -> - io:format(D,'Not yet implemented~n',[]), + io__format(D,'Not yet implemented~n',[]), nyi. + +%%%################################################################ + +io__nl(D) when is_atom(D) -> io:nl(D); +io__nl(P) when is_pid(P) -> P ! {string,io_lib:nl()}. + +io__format(D, Fmt, Args) when is_atom(D) -> io:format(D, Fmt, Args); +io__format(P, Fmt, Args) when is_pid(P) -> P ! {string,io_lib:format(Fmt, Args)}. + + +init() -> loop([]). + +loop(Acc) -> + receive + {string,Str} -> + loop([Str|Acc]); + {get,Who} -> + Who ! {result,lists:flatten(lists:reverse(Acc))} + end. + -- cgit v1.2.3 From cb6b4b6c4a307239a714f6137ec93accfad0bd76 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 17 Mar 2016 13:30:25 +0100 Subject: ssh: cleaning and add export decl in ssh_info --- lib/ssh/src/ssh_info.erl | 43 +++++++++++++------------------------------ 1 file changed, 13 insertions(+), 30 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl index 0a4bd7706b..652466c32b 100644 --- a/lib/ssh/src/ssh_info.erl +++ b/lib/ssh/src/ssh_info.erl @@ -25,15 +25,10 @@ -module(ssh_info). --compile(export_all). - -string() -> - Pid = spawn(fun init/0), - print(Pid), - Pid ! {get,self()}, - receive - {result,R} -> R - end. +-export([print/0, + print/1, + string/0 + ]). print() -> print(user). @@ -51,17 +46,6 @@ print(D) -> underline(D, "Server part", $=), print_servers(D), io__nl(D), - %% case os:type() of - %% {unix,_} -> - %% io__nl(), - %% underline("Linux part", $=), - %% underline("Listening"), - %% catch io__format(os:cmd("netstat -tpln")), - %% io__nl(), - %% underline("Other"), - %% catch io__format(os:cmd("netstat -tpn")); - %% _ -> ok - %% end, underline(D, "Supervisors", $=), walk_sups(D, ssh_sup), io__nl(D) @@ -70,6 +54,14 @@ print(D) -> io__format(D,"Ssh not found~n",[]) end. +string() -> + Pid = spawn(fun init/0), + print(Pid), + Pid ! {get,self()}, + receive + {result,R} -> R + end. + %%%================================================================ print_general(D) -> {_Name, Slogan, Ver} = lists:keyfind(ssh,1,application:which_applications()), @@ -118,7 +110,7 @@ print_system_sup(D, {Ref,Pid,supervisor,[ssh_subsystem_sup]}) when is_reference( is_pid(Pid) -> PrintChannels = fun(X) -> print_channels(D,X) end, lists:foreach(PrintChannels, supervisor:which_children(Pid)); -print_system_sup(D, {{ssh_acceptor_sup,LocalHost,LocalPort,Profile}, Pid, supervisor, [ssh_acceptor_sup]}) when is_pid(Pid) -> +print_system_sup(D, {{ssh_acceptor_sup,_LocalHost,_LocalPort,_Profile}, Pid, supervisor, [ssh_acceptor_sup]}) when is_pid(Pid) -> io__format(D, ?INDENT?INDENT"[Acceptor Pid ~p]~n",[Pid]). @@ -191,9 +183,6 @@ children(Pid) -> end. %%%================================================================ -underline(D, Str) -> - underline(D, Str, $-). - underline(D, Str, LineChar) -> Len = lists:flatlength(Str), io__format(D, '~s~n',[Str]), @@ -211,12 +200,6 @@ datetime() -> fmt_host_port({{A,B,C,D},Port}) -> io_lib:format('~p.~p.~p.~p:~p',[A,B,C,D,Port]); fmt_host_port({Host,Port}) -> io_lib:format('~s:~p',[Host,Port]). - - -nyi(D) -> - io__format(D,'Not yet implemented~n',[]), - nyi. - %%%################################################################ io__nl(D) when is_atom(D) -> io:nl(D); -- cgit v1.2.3 From 7e9b90812b191bfbe7e775332fcbae62fca097da Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 17 Mar 2016 15:25:38 +0100 Subject: ssh: Add ssh_info:collect/0 which returns all pids in the ssh supervisor tree Good for test cases. --- lib/ssh/src/ssh_info.erl | 59 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 58 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl index 652466c32b..2dfc55cd92 100644 --- a/lib/ssh/src/ssh_info.erl +++ b/lib/ssh/src/ssh_info.erl @@ -27,7 +27,8 @@ -export([print/0, print/1, - string/0 + string/0, + collect_pids/0 ]). print() -> @@ -219,3 +220,59 @@ loop(Acc) -> Who ! {result,lists:flatten(lists:reverse(Acc))} end. +%%%################################################################ +collect_pids() -> collect_pids(ssh_sup). + +collect_pids(P) -> + Collector = pcollect_pids(P, spawn(fun init_collector/0)), + Collector ! {get_values,self()}, + receive + {values,Values} -> + Values + end. + +%%%---------------- +pcollect_pids(undefined, Collector) -> + Collector; + +pcollect_pids(A, Collector) when is_atom(A) -> + pcollect_pids(whereis(A), Collector); + +pcollect_pids(Pid, Collector) when is_pid(Pid) -> + Collector ! {expect,Pid}, + spawn(fun() -> + lists:foreach( + fun(P2) -> + pcollect_pids(P2,Collector) + end, children(Pid)), + Collector ! {value,Pid,Pid} + end), + Collector; + +pcollect_pids({_,Pid,supervisor,_}, Collector) when is_pid(Pid) -> + pcollect_pids(Pid, Collector); + +pcollect_pids({_,Pid,worker,_}, Collector) when is_pid(Pid) -> + Collector ! {value,Pid,Pid}, + Collector; + +pcollect_pids(_, Collector) -> + Collector. + +%%%---------------- +init_collector() -> + loop_collector([],[]). + +loop_collector(Expects, Values) -> + receive + {expect, Ref} -> + loop_collector([Ref|Expects], Values); + {value, Ref, Val} -> + loop_collector(Expects--[Ref], [Val|Values]); + {get_values, From} when Expects==[] -> +%% Values=/=[] -> + From ! {values,Values} + end. + + + -- cgit v1.2.3 From 6032030a1248514d277f15e0c3d4bed3298f9f8a Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 21 Mar 2016 15:14:15 +0100 Subject: ssh: Make test case ssh_algorithms_SUITE report unexpected messages --- lib/ssh/test/ssh_algorithms_SUITE.erl | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 256c8c8da3..094c9d406d 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -233,11 +233,19 @@ sshc_simple_exec(Config) -> ct:log("~p",[Cmd]), SshPort = open_port({spawn, Cmd}, [binary]), Expect = <<"2\n">>, + rcv_expected(SshPort, Expect). + + +rcv_expected(SshPort, Expect) -> receive {SshPort, {data,Expect}} -> ct:log("Got expected ~p from ~p",[Expect,SshPort]), catch port_close(SshPort), - ok + ok; + Other -> + ct:log("Got UNEXPECTED ~p",[Expect]), + rcv_expected(SshPort, Expect) + after ?TIMEOUT -> ct:fail("Did not receive answer") end. -- cgit v1.2.3 From 59f8b16d04ef738097564d3a33cd6f67949a3742 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 22 Mar 2016 12:23:00 +0100 Subject: ssh: Increase timetrap for GEX --- lib/ssh/test/ssh_algorithms_SUITE.erl | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 094c9d406d..2dc228a3cf 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -28,7 +28,7 @@ %% Note: This directive should only be used in test suites. -compile(export_all). --define(TIMEOUT, 50000). +-define(TIMEOUT, 10000). %%-------------------------------------------------------------------- %% Common Test interface functions ----------------------------------- @@ -192,7 +192,7 @@ simple_exec_groups_no_match_too_large(Config) -> %%-------------------------------------------------------------------- %% Testing all default groups -simple_exec_groups() -> [{timetrap,{seconds,90}}]. +simple_exec_groups() -> [{timetrap,{seconds,180}}]. simple_exec_groups(Config) -> Sizes = interpolate( public_key:dh_gex_group_sizes() ), @@ -221,8 +221,6 @@ interpolate(Is) -> %%-------------------------------------------------------------------- %% Use the ssh client of the OS to connect -sshc_simple_exec() -> [{timetrap,{seconds,90}}]. - sshc_simple_exec(Config) -> PrivDir = ?config(priv_dir, Config), KnownHosts = filename:join(PrivDir, "known_hosts"), @@ -243,10 +241,11 @@ rcv_expected(SshPort, Expect) -> catch port_close(SshPort), ok; Other -> - ct:log("Got UNEXPECTED ~p",[Expect]), + ct:log("Got UNEXPECTED ~p",[Other]), rcv_expected(SshPort, Expect) after ?TIMEOUT -> + catch port_close(SshPort), ct:fail("Did not receive answer") end. -- cgit v1.2.3 From bedbc46b08fc58c1c907e58c3443a4b0831f7aba Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 24 Mar 2016 14:39:12 +0100 Subject: ssh: Add logging in testing subsystem --- lib/ssh/test/ssh_echo_server.erl | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_echo_server.erl b/lib/ssh/test/ssh_echo_server.erl index 96c9aad135..8b6273c3fe 100644 --- a/lib/ssh/test/ssh_echo_server.erl +++ b/lib/ssh/test/ssh_echo_server.erl @@ -31,6 +31,7 @@ -export([init/1, handle_msg/2, handle_ssh_msg/2, terminate/2]). init([N]) -> + ct:pal("Echo server: ~p",[self()]), {ok, #state{n = N}}. handle_msg({ssh_channel_up, ChannelId, ConnectionManager}, State) -> -- cgit v1.2.3 From fb8f1f1b53f57744c86e60ee6b02d8d86d298fdf Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 23 Mar 2016 19:14:42 +0100 Subject: ssh: experimental ssh_info extended --- lib/ssh/src/ssh_info.erl | 288 ++++++++++++++++++++++++++++------------------- 1 file changed, 173 insertions(+), 115 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl index 2dfc55cd92..67130d5eac 100644 --- a/lib/ssh/src/ssh_info.erl +++ b/lib/ssh/src/ssh_info.erl @@ -31,134 +31,168 @@ collect_pids/0 ]). +-include("ssh_connect.hrl"). + print() -> - print(user). + io:format("~s", [string()]). +print(File) when is_list(File) -> + {ok,D} = file:open(File, write), + print(D), + file:close(D); print(D) -> + io:format(D, "~s", [string()]). + +string() -> try supervisor:which_children(ssh_sup) of _ -> - io__nl(D), - print_general(D), - io__nl(D), - underline(D, "Client part", $=), - print_clients(D), - io__nl(D), - underline(D, "Server part", $=), - print_servers(D), - io__nl(D), - underline(D, "Supervisors", $=), - walk_sups(D, ssh_sup), - io__nl(D) + [io_lib:nl(), + print_general(), + io_lib:nl(), + underline("Client part", $=), + print_clients(), + io_lib:nl(), + underline("Server part", $=), + print_servers(), + io_lib:nl(), + underline("Supervisors", $=), + walk_sups(ssh_sup), + io_lib:nl()] catch _:_ -> - io__format(D,"Ssh not found~n",[]) + io_lib:format("Ssh not found~n",[]) end. -string() -> - Pid = spawn(fun init/0), - print(Pid), - Pid ! {get,self()}, - receive - {result,R} -> R - end. - -%%%================================================================ -print_general(D) -> - {_Name, Slogan, Ver} = lists:keyfind(ssh,1,application:which_applications()), - underline(D, io_lib:format("~s ~s", [Slogan, Ver]), $=), - io__format(D, 'This printout is generated ~s. ~n',[datetime()]). %%%================================================================ -define(INDENT, " "). -print_clients(D) -> - PrintClient = fun(X) -> print_client(D,X) end, +print_general() -> + {_Name, Slogan, Ver} = lists:keyfind(ssh,1,application:which_applications()), + [underline(io_lib:format("~s ~s", [Slogan, Ver]), $=), + io_lib:format('This printout is generated ~s. ~n',[datetime()]) + ]. + +print_clients() -> try - lists:foreach(PrintClient, supervisor:which_children(sshc_sup)) + lists:map(fun print_client/1, + supervisor:which_children(sshc_sup)) catch C:E -> - io__format(D, '***FAILED: ~p:~p~n',[C,E]) + io_lib:format('***print_clients FAILED: ~p:~p~n',[C,E]) end. -print_client(D, {undefined,Pid,supervisor,[ssh_connection_handler]}) -> +print_client({undefined,Pid,supervisor,[ssh_connection_handler]}) -> {{Local,Remote},_Str} = ssh_connection_handler:get_print_info(Pid), - io__format(D, ?INDENT"Local: ~s Remote: ~s ConnectionRef = ~p~n",[fmt_host_port(Local),fmt_host_port(Remote),Pid]); -print_client(D, Other) -> - io__format(D, " [[Other 1: ~p]]~n",[Other]). + [io_lib:format(?INDENT"Local: ~s Remote: ~s ConnectionRef = ~p~n", + [fmt_host_port(Local), fmt_host_port(Remote), Pid]), + case channels(Pid) of + {ok,Channels=[_|_]} -> + [print_ch(ChPid) || #channel{user=ChPid} <- Channels]; + _ -> + io_lib:format(?INDENT?INDENT?INDENT"No channels~n",[]) + end]; + +print_client(Other) -> + io_lib:format(" [[Other 1: ~p]]~n",[Other]). %%%================================================================ -print_servers(D) -> - PrintServer = fun(X) -> print_server(D,X) end, +print_servers() -> try - lists:foreach(PrintServer, supervisor:which_children(sshd_sup)) + lists:map(fun print_server/1, + supervisor:which_children(sshd_sup)) catch C:E -> - io__format(D, '***FAILED: ~p:~p~n',[C,E]) + io_lib:format('***print_servers FAILED: ~p:~p~n',[C,E]) end. -print_server(D, {{server,ssh_system_sup,LocalHost,LocalPort,Profile},Pid,supervisor,[ssh_system_sup]}) when is_pid(Pid) -> - io__format(D, ?INDENT"Listen: ~s (~p children) Profile ~p~n",[fmt_host_port({LocalHost,LocalPort}), - ssh_acceptor:number_of_connections(Pid), - Profile]), - PrintSystemSup = fun(X) -> print_system_sup(D,X) end, - lists:foreach(PrintSystemSup, supervisor:which_children(Pid)). +print_server({{server,ssh_system_sup,LocalHost,LocalPort,Profile},Pid,supervisor,[ssh_system_sup]}) when is_pid(Pid) -> + Children = supervisor:which_children(Pid), + [io_lib:format(?INDENT"Listen: ~s (~p children) Profile ~p",[fmt_host_port({LocalHost,LocalPort}), + ssh_acceptor:number_of_connections(Pid), + Profile]), + case [AccPid + || {{ssh_acceptor_sup,_LocalHost,_LocalPort,_Profile}, AccPid, supervisor, [ssh_acceptor_sup]} + <- Children] of + AcceptorPids = [_|_] -> + [io_lib:format(" [Acceptor Pid", []), + [io_lib:format(" ~p",[AccPid]) || AccPid <- AcceptorPids], + io_lib:format("]~n", []) + ]; + [] -> + io_lib:nl() + end, + lists:map(fun print_system_sup/1, + supervisor:which_children(Pid)) + ]. + + +print_system_sup({Ref,Pid,supervisor,[ssh_subsystem_sup]}) when is_reference(Ref), + is_pid(Pid) -> + lists:map(fun print_channels/1, + supervisor:which_children(Pid)); +print_system_sup({{ssh_acceptor_sup,_LocalHost,_LocalPort,_Profile}, Pid, supervisor, [ssh_acceptor_sup]}) when is_pid(Pid) -> + []. -print_system_sup(D, {Ref,Pid,supervisor,[ssh_subsystem_sup]}) when is_reference(Ref), - is_pid(Pid) -> - PrintChannels = fun(X) -> print_channels(D,X) end, - lists:foreach(PrintChannels, supervisor:which_children(Pid)); -print_system_sup(D, {{ssh_acceptor_sup,_LocalHost,_LocalPort,_Profile}, Pid, supervisor, [ssh_acceptor_sup]}) when is_pid(Pid) -> - io__format(D, ?INDENT?INDENT"[Acceptor Pid ~p]~n",[Pid]). -print_channels(D, {{server,ssh_channel_sup,_,_},Pid,supervisor,[ssh_channel_sup]}) when is_pid(Pid) -> +print_channels({{server,ssh_channel_sup,_,_},Pid,supervisor,[ssh_channel_sup]}) when is_pid(Pid) -> Children = supervisor:which_children(Pid), ChannelPids = [P || {R,P,worker,[ssh_channel]} <- Children, is_pid(P), is_reference(R)], case ChannelPids of - [] -> io__format(D, ?INDENT?INDENT"No channels~n",[]); + [] -> io_lib:format(?INDENT?INDENT"No channels~n",[]); [Ch1Pid|_] -> {{ConnManager,_}, _Str} = ssh_channel:get_print_info(Ch1Pid), {{_,Remote},_} = ssh_connection_handler:get_print_info(ConnManager), - io__format(D, ?INDENT?INDENT"Remote: ~s ConnectionRef = ~p~n",[fmt_host_port(Remote),ConnManager]), - lists:foreach(fun(P) -> print_ch(D,P) end, ChannelPids) + [io_lib:format(?INDENT?INDENT"Remote: ~s ConnectionRef = ~p~n",[fmt_host_port(Remote),ConnManager]), + lists:map(fun print_ch/1, ChannelPids) + ] end; -print_channels(_D, {{server,ssh_connection_sup,_,_},Pid,supervisor,[ssh_connection_sup]}) when is_pid(Pid) -> - ok. % The supervisor of the connections socket owning process - -print_ch(D, Pid) -> - {{ConnManager,ChannelID}, Str} = ssh_channel:get_print_info(Pid), - {_LocalRemote,StrM} = ssh_connection_handler:get_print_info(ConnManager), - io__format(D, ?INDENT?INDENT?INDENT"ch ~p: ~s ~s~n",[ChannelID, StrM, Str]). - +print_channels({{server,ssh_connection_sup,_,_},Pid,supervisor,[ssh_connection_sup]}) when is_pid(Pid) -> + []. % The supervisor of the connections socket owning process + +print_ch(Pid) -> + try + {{ConnManager,ChannelID}, Str} = ssh_channel:get_print_info(Pid), + {_LocalRemote,StrM} = ssh_connection_handler:get_print_info(ConnManager), + io_lib:format(?INDENT?INDENT?INDENT"ch ~p ~p: ~s ~s~n",[ChannelID, Pid, StrM, Str]) + catch + C:E -> + io_lib:format('****print_ch FAILED for ChanPid ~p: ~p:~p~n',[Pid, C, E]) + end. + + %%%================================================================ -define(inc(N), (N+4)). -walk_sups(D, StartPid) -> - io__format(D, "Start at ~p, ~s.~n",[StartPid,dead_or_alive(StartPid)]), - walk_sups(D, children(StartPid), _Indent=?inc(0)). - -walk_sups(D, [H={_,Pid,_,_}|T], Indent) -> - indent(D, Indent), io__format(D, '~200p ~p is ~s~n',[H,Pid,dead_or_alive(Pid)]), - case H of - {_,_,supervisor,[ssh_connection_handler]} -> ok; - {_,Pid,supervisor,_} -> walk_sups(D, children(Pid), ?inc(Indent)); - _ -> ok - end, - walk_sups(D, T, Indent); -walk_sups(_D, [], _) -> - ok. +walk_sups(StartPid) -> + io_lib:format("Start at ~p, ~s.~n",[StartPid,dead_or_alive(StartPid)]), + walk_sups(children(StartPid), _Indent=?inc(0)). + +walk_sups([H={_,Pid,_,_}|T], Indent) -> + [indent(Indent), + io_lib:format('~200p ~p is ~s~n',[H,Pid,dead_or_alive(Pid)]), + case H of + {_,_,supervisor,[ssh_connection_handler]} -> ""; + {_,Pid,supervisor,_} -> walk_sups(children(Pid), ?inc(Indent)); + _ -> "" + end, + walk_sups(T, Indent) + ]; +walk_sups([], _) -> + "". dead_or_alive(Name) when is_atom(Name) -> case whereis(Name) of - undefined -> + undefined -> "**UNDEFINED**"; - Pid -> + Pid -> dead_or_alive(Pid) end; dead_or_alive(Pid) when is_pid(Pid) -> @@ -167,7 +201,8 @@ dead_or_alive(Pid) when is_pid(Pid) -> _ -> "alive" end. -indent(D, I) -> io__format(D,'~*c',[I,$ ]). +indent(I) -> io_lib:format('~*c',[I,$ ]). + children(Pid) -> Parent = self(), @@ -178,20 +213,39 @@ children(Pid) -> {Helper,L} when is_list(L) -> L after - 2000 -> + 2000 -> catch exit(Helper, kill), [] end. +is_connection_handler(Pid) -> + try + {ssh_connection_handler,init,_} = + proplists:get_value( + '$initial_call', + proplists:get_value( + dictionary, + process_info(Pid, [dictionary]))) + of + _ -> true + + catch + _:_ -> + false + end. + +channels(Pid) -> + case is_connection_handler(Pid) of + true -> + ssh_connection_handler:info(Pid,all); + false -> + false + end. + %%%================================================================ -underline(D, Str, LineChar) -> - Len = lists:flatlength(Str), - io__format(D, '~s~n',[Str]), - line(D,Len,LineChar). +underline(Str, LineChar) -> + io_lib:format('~s~n~*c~n',[Str, lists:flatlength(Str), LineChar]). -line(D, Len, Char) -> - io__format(D, '~*c~n', [Len,Char]). - datetime() -> {{YYYY,MM,DD}, {H,M,S}} = calendar:now_to_universal_time(erlang:timestamp()), @@ -201,29 +255,10 @@ datetime() -> fmt_host_port({{A,B,C,D},Port}) -> io_lib:format('~p.~p.~p.~p:~p',[A,B,C,D,Port]); fmt_host_port({Host,Port}) -> io_lib:format('~s:~p',[Host,Port]). -%%%################################################################ - -io__nl(D) when is_atom(D) -> io:nl(D); -io__nl(P) when is_pid(P) -> P ! {string,io_lib:nl()}. - -io__format(D, Fmt, Args) when is_atom(D) -> io:format(D, Fmt, Args); -io__format(P, Fmt, Args) when is_pid(P) -> P ! {string,io_lib:format(Fmt, Args)}. - - -init() -> loop([]). - -loop(Acc) -> - receive - {string,Str} -> - loop([Str|Acc]); - {get,Who} -> - Who ! {result,lists:flatten(lists:reverse(Acc))} - end. - %%%################################################################ collect_pids() -> collect_pids(ssh_sup). -collect_pids(P) -> +collect_pids(P) -> Collector = pcollect_pids(P, spawn(fun init_collector/0)), Collector ! {get_values,self()}, receive @@ -231,7 +266,7 @@ collect_pids(P) -> Values end. -%%%---------------- +%%%---------------- pcollect_pids(undefined, Collector) -> Collector; @@ -249,17 +284,43 @@ pcollect_pids(Pid, Collector) when is_pid(Pid) -> end), Collector; -pcollect_pids({_,Pid,supervisor,_}, Collector) when is_pid(Pid) -> +pcollect_pids({Ref,Pid,supervisor,_}, Collector) when is_pid(Pid), + is_reference(Ref) -> pcollect_pids(Pid, Collector); -pcollect_pids({_,Pid,worker,_}, Collector) when is_pid(Pid) -> +pcollect_pids({sshc_sup,Pid,supervisor,_}, Collector) when is_pid(Pid) -> + pcollect_pids(Pid, Collector); + +pcollect_pids({sshd_sup,Pid,supervisor,_}, Collector) when is_pid(Pid) -> + pcollect_pids(Pid, Collector); + +pcollect_pids({{ssh_acceptor_sup,_,_,_},Pid,supervisor,_}, Collector) when is_pid(Pid) -> + pcollect_pids(Pid, Collector); + +pcollect_pids({{server,_,_,_},Pid,supervisor,_}, Collector) when is_pid(Pid) -> + pcollect_pids(Pid, Collector); + +pcollect_pids({{server,_,_,_,_},Pid,supervisor,_}, Collector) when is_pid(Pid) -> + pcollect_pids(Pid, Collector); + +pcollect_pids({undefined,Pid,supervisor,[ssh_connection_handler]}, Collector) -> + Collector ! {value,Pid,Pid}, + case channels(Pid) of + {ok,L} -> + [Collector!{value,P,P} || #channel{user=P} <- L]; + _ -> + ok + end, + Collector; + +pcollect_pids({_,Pid,_,_}, Collector) when is_pid(Pid) -> Collector ! {value,Pid,Pid}, Collector; pcollect_pids(_, Collector) -> Collector. -%%%---------------- +%%%---------------- init_collector() -> loop_collector([],[]). @@ -273,6 +334,3 @@ loop_collector(Expects, Values) -> %% Values=/=[] -> From ! {values,Values} end. - - - -- cgit v1.2.3 From ac5b738e4a9d2bc87966d265b90f82422d92b5c5 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 18 Mar 2016 15:19:38 +0100 Subject: ssh: Experimental debug interface module --- lib/ssh/src/Makefile | 1 + lib/ssh/src/ssh_dbg.erl | 140 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 141 insertions(+) create mode 100644 lib/ssh/src/ssh_dbg.erl (limited to 'lib/ssh') diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile index b44c8eef35..d8e4bfd50c 100644 --- a/lib/ssh/src/Makefile +++ b/lib/ssh/src/Makefile @@ -54,6 +54,7 @@ MODULES= \ ssh_connection_sup \ ssh_connection \ ssh_connection_handler \ + ssh_dbg \ ssh_shell \ ssh_system_sup \ ssh_subsystem_sup \ diff --git a/lib/ssh/src/ssh_dbg.erl b/lib/ssh/src/ssh_dbg.erl new file mode 100644 index 0000000000..fbf85cfcfc --- /dev/null +++ b/lib/ssh/src/ssh_dbg.erl @@ -0,0 +1,140 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2004-2016. All Rights Reserved. +%% +%% Licensed under the Apache License, Version 2.0 (the "License"); +%% you may not use this file except in compliance with the License. +%% You may obtain a copy of the License at +%% +%% http://www.apache.org/licenses/LICENSE-2.0 +%% +%% Unless required by applicable law or agreed to in writing, software +%% distributed under the License is distributed on an "AS IS" BASIS, +%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +%% See the License for the specific language governing permissions and +%% limitations under the License. +%% +%% %CopyrightEnd% +%% + +%% + +-module(ssh_dbg). + +-export([messages/0, + messages/1 + ]). + +-include("ssh.hrl"). +-include("ssh_transport.hrl"). +-include("ssh_connect.hrl"). +-include("ssh_auth.hrl"). + +-record(data, { + writer, + acc = []}). +%%%================================================================ +messages() -> messages(fun(String,_D) -> io:format(String) end). +%% messages() -> messages(fun(String,Acc) -> [String|Acc] end) + +messages(Write) when is_function(Write,2) -> + catch dbg:start(), + + Handler = fun msg_formater/2, + InitialData = #data{writer = Write}, + {ok,_} = dbg:tracer(process, {Handler, InitialData}), + + dbg:p(new,c), + dbg:tp(ssh_message,encode,1, x), + dbg:tp(ssh_message,decode,1, x), + dbg:tpl(ssh_transport,select_algorithm,3, x). + +%%%================================================================ +msg_formater({trace,Pid,call,{ssh_message,encode,[Msg]}}, D) -> + fmt("~nSEND ~p ~s~n", [Pid,wr_record(shrink_bin(Msg))], D); + +msg_formater({trace,Pid,return_from,{ssh_message,decode,1},Msg}, D) -> + fmt("~nRECV ~p ~s~n", [Pid,wr_record(shrink_bin(Msg))], D); + +msg_formater({trace,Pid,return_from,{ssh_transport,select_algorithm,3},{ok,Alg}}, D) -> + fmt("~nALGORITHMS ~p~n~s~n", [Pid, wr_record(Alg)], D); + +msg_formater(_, D) -> + D. + + +fmt(Fmt, Args, D=#data{writer=Write,acc=Acc}) -> + D#data{acc = Write(io_lib:format(Fmt, Args), Acc)}. + +%%%---------------------------------------------------------------- +shrink_bin(B) when is_binary(B), size(B)>100 -> {'*** SHRINKED BIN',size(B),element(1,split_binary(B,20)),'***'}; +shrink_bin(L) when is_list(L) -> lists:map(fun shrink_bin/1, L); +shrink_bin(T) when is_tuple(T) -> list_to_tuple(shrink_bin(tuple_to_list(T))); +shrink_bin(X) -> X. + +%%%---------------------------------------------------------------- +-define(wr_record(N,BlackList), wr_record(R=#N{}) -> wr_record(R, record_info(fields,N), BlackList)). + +-define(wr_record(N), ?wr_record(N, [])). + + +?wr_record(alg); + +?wr_record(ssh_msg_disconnect); +?wr_record(ssh_msg_ignore); +?wr_record(ssh_msg_unimplemented); +?wr_record(ssh_msg_debug); +?wr_record(ssh_msg_service_request); +?wr_record(ssh_msg_service_accept); +?wr_record(ssh_msg_kexinit); +?wr_record(ssh_msg_kexdh_init); +?wr_record(ssh_msg_kexdh_reply); +?wr_record(ssh_msg_newkeys); +?wr_record(ssh_msg_kex_dh_gex_request); +?wr_record(ssh_msg_kex_dh_gex_request_old); +?wr_record(ssh_msg_kex_dh_gex_group); +?wr_record(ssh_msg_kex_dh_gex_init); +?wr_record(ssh_msg_kex_dh_gex_reply); +?wr_record(ssh_msg_kex_ecdh_init); +?wr_record(ssh_msg_kex_ecdh_reply); + +?wr_record(ssh_msg_userauth_request); +?wr_record(ssh_msg_userauth_failure); +?wr_record(ssh_msg_userauth_success); +?wr_record(ssh_msg_userauth_banner); +?wr_record(ssh_msg_userauth_passwd_changereq); +?wr_record(ssh_msg_userauth_pk_ok); +?wr_record(ssh_msg_userauth_info_request); +?wr_record(ssh_msg_userauth_info_response); + +?wr_record(ssh_msg_global_request); +?wr_record(ssh_msg_request_success); +?wr_record(ssh_msg_request_failure); +?wr_record(ssh_msg_channel_open); +?wr_record(ssh_msg_channel_open_confirmation); +?wr_record(ssh_msg_channel_open_failure); +?wr_record(ssh_msg_channel_window_adjust); +?wr_record(ssh_msg_channel_data); +?wr_record(ssh_msg_channel_extended_data); +?wr_record(ssh_msg_channel_eof); +?wr_record(ssh_msg_channel_close); +?wr_record(ssh_msg_channel_request); +?wr_record(ssh_msg_channel_success); +?wr_record(ssh_msg_channel_failure); + +wr_record(R) -> io_lib:format('~p~n',[R]). + + +wr_record(T, Fs, BL) when is_tuple(T) -> + wr_record(tuple_to_list(T), Fs, BL); +wr_record([Name|Values], Fields, BlackL) -> + W = case Fields of + [] -> 0; + _ -> lists:max([length(atom_to_list(F)) || F<-Fields]) + end, + [io_lib:format("~p:~n",[string:to_upper(atom_to_list(Name))]) + | [io_lib:format(" ~*p: ~p~n",[W,Tag,Value]) || {Tag,Value} <- lists:zip(Fields,Values), + not lists:member(Tag,BlackL) + ] + ]. -- cgit v1.2.3 From 0aa6120cb15e6b7c1d819073fa5c557899c6aaa4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 29 Mar 2016 10:52:46 +0200 Subject: ssh: app-file updated with the experimental ssh_dbg module --- lib/ssh/src/ssh.app.src | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.app.src b/lib/ssh/src/ssh.app.src index 4a76fd9cd3..c67350bf72 100644 --- a/lib/ssh/src/ssh.app.src +++ b/lib/ssh/src/ssh.app.src @@ -18,6 +18,7 @@ ssh_connection_handler, ssh_connection_sup, ssh_daemon_channel, + ssh_dbg, ssh_shell, sshc_sup, sshd_sup, -- cgit v1.2.3 From af05855ddc48ae72bb2cfd82ab3fd3ab45238135 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 22 Apr 2016 10:23:56 +0200 Subject: ssh: Remove use of crypto:rand_bytes/1 ssh use cases are cryptographical so use crypto:strong_rand_bytes/1 instead. --- lib/ssh/test/ssh_benchmark_SUITE.erl | 2 +- lib/ssh/test/ssh_sftp_SUITE.erl | 4 ++-- lib/ssh/test/ssh_test_lib.erl | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl index 8ec1017642..6e1d18cc95 100644 --- a/lib/ssh/test/ssh_benchmark_SUITE.erl +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -104,7 +104,7 @@ init_sftp_dirs(Config) -> DstDir = filename:join(UserDir, "sftp_dst"), ok = file:make_dir(DstDir), N = 100 * 1024*1024, - ok = file:write_file(filename:join(SrcDir,SrcFile), crypto:rand_bytes(N)), + ok = file:write_file(filename:join(SrcDir,SrcFile), crypto:strong_rand_bytes(N)), [{sftp_src_dir,SrcDir}, {sftp_dst_dir,DstDir}, {src_file,SrcFile}, {sftp_size,N} | Config]. diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index c4bb02841b..cd6c5f82b9 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -869,7 +869,7 @@ aes_cbc256_crypto_tar(Config) -> {"d1",fn("d1",Config)} % Dir ]), Key = <<"This is a 256 bit key. Boring...">>, - Ivec0 = crypto:rand_bytes(16), + Ivec0 = crypto:strong_rand_bytes(16), DataSize = 1024, % data_size rem 16 = 0 for aes_cbc Cinitw = fun() -> {ok, Ivec0, DataSize} end, @@ -914,7 +914,7 @@ aes_ctr_stream_crypto_tar(Config) -> {"d1",fn("d1",Config)} % Dir ]), Key = <<"This is a 256 bit key. Boring...">>, - Ivec0 = crypto:rand_bytes(16), + Ivec0 = crypto:strong_rand_bytes(16), Cinitw = Cinitr = fun() -> {ok, crypto:stream_init(aes_ctr,Key,Ivec0)} end, diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index abbd4857c9..4db7d09ccd 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -100,7 +100,7 @@ std_simple_sftp(Host, Port, Config, Opts) -> DataFile = filename:join(UserDir, "test.data"), ConnectionRef = ssh_test_lib:std_connect(Config, Host, Port, Opts), {ok, ChannelRef} = ssh_sftp:start_channel(ConnectionRef), - Data = crypto:rand_bytes(proplists:get_value(std_simple_sftp_size,Config,10)), + Data = crypto:strong_rand_bytes(proplists:get_value(std_simple_sftp_size,Config,10)), ok = ssh_sftp:write_file(ChannelRef, DataFile, Data), {ok,ReadData} = file:read_file(DataFile), ok = ssh:close(ConnectionRef), @@ -354,7 +354,7 @@ setup_rsa_pass_pharse(DataDir, UserDir, Phrase) -> setup_pass_pharse(KeyBin, OutFile, Phrase) -> [{KeyType, _,_} = Entry0] = public_key:pem_decode(KeyBin), Key = public_key:pem_entry_decode(Entry0), - Salt = crypto:rand_bytes(8), + Salt = crypto:strong_rand_bytes(8), Entry = public_key:pem_entry_encode(KeyType, Key, {{"DES-CBC", Salt}, Phrase}), Pem = public_key:pem_encode([Entry]), -- cgit v1.2.3 From 4dd173e8355f0105a9a6cbc5d8243c44dc83a2e4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 25 Feb 2016 19:09:32 +0100 Subject: ssh: ssh_sftp doc updated (error reason, no file: refs) --- lib/ssh/doc/src/ssh_sftp.xml | 162 +++++++++++++++++++------------------------ 1 file changed, 71 insertions(+), 91 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index 1d37933369..ae9b914eba 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -44,8 +44,23 @@

+ reason() + +

= atom() A description of the reason why an operation failed.

+

+ The value is formed from the sftp error codes in the protocol-level responses as defined in + draft-ietf-secsh-filexfer-13.txt + section 9.1. +

+

+ The codes are named as SSH_FX_* which are transformed into lowercase(*), e.g. the error code ?SSH_FX_NO_SUCH_FILE + will cause the reason() to be no_such_file. +

+ + ssh_connection_ref() =

opaque() - as returned by ssh:connect/3

 + timeout()

= infinity | integer() in milliseconds. Default infinity.

 @@ -61,7 +76,7 @@ - apread(ChannelPid, Handle, Position, Len) -> {async, N} | {error, Reason} + apread(ChannelPid, Handle, Position, Len) -> {async, N} | {error, reason()} Reads asynchronously from an open file. ChannelPid = pid() @@ -69,7 +84,6 @@ Position = integer() Len = integer() N = term() - Reason = term()

The function reads from a specified position, @@ -78,7 +92,7 @@ - apwrite(ChannelPid, Handle, Position, Data) -> ok | {error, Reason} + apwrite(ChannelPid, Handle, Position, Data) -> ok | {error, reason()} Writes asynchronously to an open file. ChannelPid = pid() @@ -87,7 +101,6 @@ Len = integer() Data = binary() Timeout = timeout() - Reason = term()

writes on a specified position, combining @@ -96,7 +109,7 @@ - aread(ChannelPid, Handle, Len) -> {async, N} | {error, Error} + aread(ChannelPid, Handle, Len) -> {async, N} | {error, reason()} Reads asynchronously from an open file. ChannelPid = pid() @@ -104,7 +117,6 @@ Position = integer() Len = integer() N = term() - Reason = term()

Reads from an open file, without waiting for the result. If the @@ -113,14 +125,14 @@ The actual data is sent as a message to the calling process. This message has the form , where is the result from the read, either , - , or .

+ , or .

 - awrite(ChannelPid, Handle, Data) -> ok | {error, Reason} + awrite(ChannelPid, Handle, Data) -> ok | {error, reason()} Writes asynchronously to an open file. ChannelPid = pid() @@ -129,7 +141,6 @@ Len = integer() Data = binary() Timeout = timeout() - Reason = term()

Writes to an open file, without waiting for the result. If the @@ -138,19 +149,18 @@ . The result of the operation is sent as a message to the calling process. This message has the form , where is the result - from the write, either , or .

+ from the write, either , or .

 close(ChannelPid, Handle) -> - close(ChannelPid, Handle, Timeout) -> ok | {error, Reason} + close(ChannelPid, Handle, Timeout) -> ok | {error, reason()} Closes an open handle. ChannelPid = pid() Handle = term() Timeout = timeout() - Reason = term()

Closes a handle to an open file or directory on the server.

@@ -159,29 +169,27 @@ delete(ChannelPid, Name) -> - delete(ChannelPid, Name, Timeout) -> ok | {error, Reason} + delete(ChannelPid, Name, Timeout) -> ok | {error, reason()} Deletes a file. ChannelPid = pid() Name = string() Timeout = timeout() - Reason = term() -

Deletes the file specified by , like - file:delete/1

+

Deletes the file specified by . +

del_dir(ChannelPid, Name) -> - del_dir(ChannelPid, Name, Timeout) -> ok | {error, Reason} + del_dir(ChannelPid, Name, Timeout) -> ok | {error, reason()} Deletes an empty directory. ChannelPid = pid() Name = string() Timeout = timeout() - Reason = term()

Deletes a directory specified by . @@ -192,7 +200,7 @@ list_dir(ChannelPid, Path) -> - list_dir(ChannelPid, Path, Timeout) -> {ok, Filenames} | {error, Reason} + list_dir(ChannelPid, Path, Timeout) -> {ok, Filenames} | {error, reason()} Lists the directory. ChannelPid = pid() @@ -200,7 +208,6 @@ Filenames = [Filename] Filename = string() Timeout = timeout() - Reason = term()

Lists the given directory on the server, returning the @@ -210,13 +217,12 @@ make_dir(ChannelPid, Name) -> - make_dir(ChannelPid, Name, Timeout) -> ok | {error, Reason} + make_dir(ChannelPid, Name, Timeout) -> ok | {error, reason()} Creates a directory. ChannelPid = pid() Name = string() Timeout = timeout() - Reason = term()

Creates a directory specified by . @@ -227,24 +233,23 @@ make_symlink(ChannelPid, Name, Target) -> - make_symlink(ChannelPid, Name, Target, Timeout) -> ok | {error, Reason} + make_symlink(ChannelPid, Name, Target, Timeout) -> ok | {error, reason()} Creates a symbolic link. ChannelPid = pid() Name = string() Target = string() - Reason = term()

Creates a symbolic link pointing to with the - name , like - file:make_symlink/2

+ name . +

open(ChannelPid, File, Mode) -> - open(ChannelPid, File, Mode, Timeout) -> {ok, Handle} | {error, Reason} + open(ChannelPid, File, Mode, Timeout) -> {ok, Handle} | {error, reason()} Opens a file and returns a handle. ChannelPid = pid() @@ -253,7 +258,6 @@ Modeflag = read | write | creat | trunc | append | binary Timeout = timeout() Handle = term() - Reason = term()

Opens a file on the server and returns a handle, which @@ -262,13 +266,12 @@ opendir(ChannelPid, Path) -> - opendir(ChannelPid, Path, Timeout) -> {ok, Handle} | {error, Reason} + opendir(ChannelPid, Path, Timeout) -> {ok, Handle} | {error, reason()} Opens a directory and returns a handle. ChannelPid = pid() Path = string() Timeout = timeout() - Reason = term()

Opens a handle to a directory on the server. The handle @@ -278,7 +281,7 @@ open_tar(ChannelPid, Path, Mode) -> - open_tar(ChannelPid, Path, Mode, Timeout) -> {ok, Handle} | {error, Reason} + open_tar(ChannelPid, Path, Mode, Timeout) -> {ok, Handle} | {error, reason()} Opens a tar file on the server to which ChannelPid is connected and returns a handle. @@ -298,7 +301,6 @@ DecryptResult = {ok,PlainBin,CryptoState} | {ok,PlainBin,CryptoState,ChunkSize} CloseFun = (fun(PlainBin,CryptoState) -> {ok,EncryptedBin}) Timeout = timeout() - Reason = term()

Opens a handle to a tar file on the server, associated with ChannelPid. @@ -333,7 +335,7 @@ position(ChannelPid, Handle, Location) -> - position(ChannelPid, Handle, Location, Timeout) -> {ok, NewPosition} | {error, Reason} + position(ChannelPid, Handle, Location, Timeout) -> {ok, NewPosition | {error, reason()} Sets the file position of a file. ChannelPid = pid() @@ -343,12 +345,11 @@ Offset = integer() Timeout = timeout() NewPosition = integer() - Reason = term()

Sets the file position of the file referenced by . Returns (as an absolute offset) if - successful, otherwise . is + successful, otherwise . is one of the following:

@@ -379,7 +380,7 @@ pread(ChannelPid, Handle, Position, Len) -> - pread(ChannelPid, Handle, Position, Len, Timeout) -> {ok, Data} | eof | {error, Error} + pread(ChannelPid, Handle, Position, Len, Timeout) -> {ok, Data} | eof | {error, reason()} Reads from an open file. ChannelPid = pid() @@ -388,7 +389,6 @@ Len = integer() Timeout = timeout() Data = string() | binary() - Reason = term()

The function reads from a specified position, @@ -399,7 +399,7 @@ pwrite(ChannelPid, Handle, Position, Data) -> ok - pwrite(ChannelPid, Handle, Position, Data, Timeout) -> ok | {error, Reason} + pwrite(ChannelPid, Handle, Position, Data, Timeout) -> ok | {error, reason()} Writes to an open file. ChannelPid = pid() @@ -407,7 +407,6 @@ Position = integer() Data = iolist() Timeout = timeout() - Reason = term()

The function writes to a specified position, @@ -419,7 +418,7 @@ read(ChannelPid, Handle, Len) -> - read(ChannelPid, Handle, Len, Timeout) -> {ok, Data} | eof | {error, Error} + read(ChannelPid, Handle, Len, Timeout) -> {ok, Data} | eof | {error, reason()} Reads from an open file. ChannelPid = pid() @@ -428,12 +427,11 @@ Len = integer() Timeout = timeout() Data = string() | binary() - Reason = term()

Reads bytes from the file referenced by . Returns , , or - . If the file is opened with , + . If the file is opened with , is a binary, otherwise it is a string.

If the file is read past eof, only the remaining bytes are read and returned. If no bytes are read, @@ -443,25 +441,22 @@ read_file(ChannelPid, File) -> - read_file(ChannelPid, File, Timeout) -> {ok, Data} | {error, Reason} + read_file(ChannelPid, File, Timeout) -> {ok, Data} | {error, reason()} Reads a file. ChannelPid = pid() File = string() Data = binary() Timeout = timeout() - Reason = term() -

Reads a file from the server, and returns the data in a binary, - like - file:read_file/1

+

Reads a file from the server, and returns the data in a binary.

 read_file_info(ChannelPid, Name) -> - read_file_info(ChannelPid, Name, Timeout) -> {ok, FileInfo} | {error, Reason} + read_file_info(ChannelPid, Name, Timeout) -> {ok, FileInfo} | {error, reason()} Gets information about a file. ChannelPid = pid() @@ -469,35 +464,34 @@ Handle = term() Timeout = timeout() FileInfo = record() - Reason = term()

Returns a record from the file specified by - or , - like file:read_file_info/2

+ or . See + file:read_file_info/2 + for information about the record. +

read_link(ChannelPid, Name) -> - read_link(ChannelPid, Name, Timeout) -> {ok, Target} | {error, Reason} + read_link(ChannelPid, Name, Timeout) -> {ok, Target} | {error, reason()} Reads symbolic link. ChannelPid = pid() Name = string() Target = string() - Reason = term() -

Reads the link target from the symbolic link specified - by , like - file:read_link/1

+

Reads the link target from the symbolic link specified by . +

- read_link_info(ChannelPid, Name) -> {ok, FileInfo} | {error, Reason} - read_link_info(ChannelPid, Name, Timeout) -> {ok, FileInfo} | {error, Reason} + read_link_info(ChannelPid, Name) -> {ok, FileInfo} | {error, reason()} + read_link_info(ChannelPid, Name, Timeout) -> {ok, FileInfo} | {error, reason()} Gets information about a symbolic link. ChannelPid = pid() @@ -505,30 +499,31 @@ Handle = term() Timeout = timeout() FileInfo = record() - Reason = term()

Returns a record from the symbolic - link specified by or , like - file:read_link_info/2

+ link specified by or . + See + file:read_link_info/2 + for information about the record. +

rename(ChannelPid, OldName, NewName) -> - rename(ChannelPid, OldName, NewName, Timeout) -> ok | {error, Reason} + rename(ChannelPid, OldName, NewName, Timeout) -> ok | {error, reason()} Renames a file. ChannelPid = pid() OldName = string() NewName = string() Timeout = timeout() - Reason = term()

Renames a file named and gives it the name - , like - file:rename/2

+ . +

@@ -537,14 +532,13 @@ start_channel(ConnectionRef, Options) -> start_channel(Host, Options) -> start_channel(Host, Port, Options) -> {ok, Pid} | {ok, Pid, ConnectionRef} | - {error, Reason} + {error, reason()|term()} Starts an SFTP client. Host = string() ConnectionRef = ssh_connection_ref() Port = integer() Options = [{Option, Value}] - Reason = term()

If no connection reference is provided, a connection is set @@ -592,7 +586,7 @@ write(ChannelPid, Handle, Data) -> - write(ChannelPid, Handle, Data, Timeout) -> ok | {error, Reason} + write(ChannelPid, Handle, Data, Timeout) -> ok | {error, reason()} Writes to an open file. ChannelPid = pid() @@ -600,61 +594,47 @@ Position = integer() Data = iolist() Timeout = timeout() - Reason = term()

Writes to the file referenced by . The file is to be opened with or - flag. Returns if successful or + flag. Returns if successful or otherwise.

-

Typical error reasons:

- - - -

File is not opened for writing.

- - - -

No space is left on the device.

- - write_file(ChannelPid, File, Iolist) -> - write_file(ChannelPid, File, Iolist, Timeout) -> ok | {error, Reason} + write_file(ChannelPid, File, Iolist, Timeout) -> ok | {error, reason()} Writes a file. ChannelPid = pid() File = string() Iolist = iolist() Timeout = timeout() - Reason = term() -

Writes a file to the server, like file:write_file/2 The - file is created if it does not exist. The file is overwritten - if it exists.

+

Writes a file to the server. The file is created if it does not exist + but overwritten if it exists.

 write_file_info(ChannelPid, Name, Info) -> - write_file_info(ChannelPid, Name, Info, Timeout) -> ok | {error, Reason} + write_file_info(ChannelPid, Name, Info, Timeout) -> ok | {error, reason()} Writes information for a file. ChannelPid = pid() Name = string() Info = record() Timeout = timeout() - Reason = term()

Writes file information from a record to the - file specified by , like - file:write_file_info/[2,3]

+ file specified by . See + file:write_file_info/[2,3] + for information about the record. +

-- cgit v1.2.3 From 89280e06df44ac1ab8f29c1159300e86b5880e47 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 26 Feb 2016 14:48:36 +0100 Subject: ssh: explicit return value checking in test suites to check the doc --- lib/ssh/test/ssh_sftp_SUITE.erl | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index cd6c5f82b9..fbe0e154b7 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -365,7 +365,7 @@ write_file(Config) when is_list(Config) -> {Sftp, _} = ?config(sftp, Config), Data = list_to_binary("Hej hopp!"), - ssh_sftp:write_file(Sftp, FileName, [Data]), + ok = ssh_sftp:write_file(Sftp, FileName, [Data]), {ok, Data} = file:read_file(FileName). %%-------------------------------------------------------------------- @@ -378,7 +378,7 @@ write_file_iolist(Config) when is_list(Config) -> Data = list_to_binary("Hej hopp!"), lists:foreach( fun(D) -> - ssh_sftp:write_file(Sftp, FileName, [D]), + ok = ssh_sftp:write_file(Sftp, FileName, [D]), Expected = if is_binary(D) -> D; is_list(D) -> list_to_binary(D) end, @@ -397,7 +397,7 @@ write_big_file(Config) when is_list(Config) -> {Sftp, _} = ?config(sftp, Config), Data = list_to_binary(lists:duplicate(750000,"a")), - ssh_sftp:write_file(Sftp, FileName, [Data]), + ok = ssh_sftp:write_file(Sftp, FileName, [Data]), {ok, Data} = file:read_file(FileName). %%-------------------------------------------------------------------- @@ -409,7 +409,7 @@ sftp_read_big_file(Config) when is_list(Config) -> Data = list_to_binary(lists:duplicate(750000,"a")), ct:log("Data size to write is ~p bytes",[size(Data)]), - ssh_sftp:write_file(Sftp, FileName, [Data]), + ok = ssh_sftp:write_file(Sftp, FileName, [Data]), {ok, Data} = ssh_sftp:read_file(Sftp, FileName). %%-------------------------------------------------------------------- @@ -425,7 +425,7 @@ remove_file(Config) when is_list(Config) -> ok = ssh_sftp:delete(Sftp, FileName), {ok, NewFiles} = ssh_sftp:list_dir(Sftp, PrivDir), false = lists:member(filename:basename(FileName), NewFiles), - {error, _} = ssh_sftp:delete(Sftp, FileName). + {error, no_such_file} = ssh_sftp:delete(Sftp, FileName). %%-------------------------------------------------------------------- rename_file() -> [{doc, "Test API function rename_file/2"}]. @@ -500,7 +500,7 @@ set_attributes(Config) when is_list(Config) -> io:put_chars(Fd,"foo"), ok = ssh_sftp:write_file_info(Sftp, FileName, #file_info{mode=8#400}), {error, eacces} = file:write_file(FileName, "hello again"), - ssh_sftp:write_file_info(Sftp, FileName, #file_info{mode=8#600}), + ok = ssh_sftp:write_file_info(Sftp, FileName, #file_info{mode=8#600}), ok = file:write_file(FileName, "hello again"). %%-------------------------------------------------------------------- @@ -549,7 +549,7 @@ position(Config) when is_list(Config) -> {Sftp, _} = ?config(sftp, Config), Data = list_to_binary("1234567890"), - ssh_sftp:write_file(Sftp, FileName, [Data]), + ok = ssh_sftp:write_file(Sftp, FileName, [Data]), {ok, Handle} = ssh_sftp:open(Sftp, FileName, [read]), {ok, 3} = ssh_sftp:position(Sftp, Handle, {bof, 3}), @@ -577,7 +577,7 @@ pos_read(Config) when is_list(Config) -> FileName = ?config(testfile, Config), {Sftp, _} = ?config(sftp, Config), Data = list_to_binary("Hej hopp!"), - ssh_sftp:write_file(Sftp, FileName, [Data]), + ok = ssh_sftp:write_file(Sftp, FileName, [Data]), {ok, Handle} = ssh_sftp:open(Sftp, FileName, [read]), {async, Ref} = ssh_sftp:apread(Sftp, Handle, {bof, 5}, 4), @@ -607,7 +607,7 @@ pos_write(Config) when is_list(Config) -> {ok, Handle} = ssh_sftp:open(Sftp, FileName, [write]), Data = list_to_binary("Bye,"), - ssh_sftp:write_file(Sftp, FileName, [Data]), + ok = ssh_sftp:write_file(Sftp, FileName, [Data]), NewData = list_to_binary(" see you tomorrow"), {async, Ref} = ssh_sftp:apwrite(Sftp, Handle, {bof, 4}, NewData), -- cgit v1.2.3 From 12da50061254d46c47f707362080dfd7c5941d68 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 29 Feb 2016 18:22:31 +0100 Subject: ssh: fix some errors in ssh_sftp doc --- lib/ssh/doc/src/ssh_sftp.xml | 54 +++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 28 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index ae9b914eba..21c6ba3ac7 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -53,16 +53,18 @@ section 9.1.

- The codes are named as SSH_FX_* which are transformed into lowercase(*), e.g. the error code ?SSH_FX_NO_SUCH_FILE + The codes are named as SSH_FX_* which are transformed into lowercase of the star-part. + E.g. the error code SSH_FX_NO_SUCH_FILE will cause the reason() to be no_such_file.

ssh_connection_ref() = -

opaque() - as returned by ssh:connect/3

 +

opaque() - as returned by + ssh:connect/3

 timeout() -

= infinity | integer() in milliseconds. Default infinity.

 +

= infinity | integer() in milliseconds. Default infinity.
@@ -85,14 +87,14 @@ Len = integer() N = term() - -

The function reads from a specified position, - combining the and functions.

-

ssh_sftp:apread/4

 +

The function reads from a specified position, + combining the position/3 and + aread/3 functions.

+ - apwrite(ChannelPid, Handle, Position, Data) -> ok | {error, reason()} + apwrite(ChannelPid, Handle, Position, Data) -> {async, N} | {error, reason()} Writes asynchronously to an open file. ChannelPid = pid() @@ -101,11 +103,12 @@ Len = integer() Data = binary() Timeout = timeout() + N = term() - -

writes on a specified position, combining - the and operations.

-

ssh_sftp:awrite/3

+

The function writes to a specified position, + combining the position/3 and + awrite/3 functions.

+ @@ -129,10 +132,8 @@ - - - awrite(ChannelPid, Handle, Data) -> ok | {error, reason()} + awrite(ChannelPid, Handle, Data) -> {async, N} | {error, reason()} Writes asynchronously to an open file. ChannelPid = pid() @@ -390,12 +391,11 @@ Timeout = timeout() Data = string() | binary() - -

The function reads from a specified position, - combining the and functions.

-

ssh_sftp:read/4

- - +

The function reads from a specified position, + combining the position/3 and + read/3,4 functions.

+ + pwrite(ChannelPid, Handle, Position, Data) -> ok @@ -408,15 +408,13 @@ Data = iolist() Timeout = timeout() - -

The function writes to a specified position, - combining the and functions.

-

ssh_sftp:write/3

- +

The function writes to a specified position, + combining the position/3 and + write/3,4 functions.

+ - - + read(ChannelPid, Handle, Len) -> read(ChannelPid, Handle, Len, Timeout) -> {ok, Data} | eof | {error, reason()} Reads from an open file. -- cgit v1.2.3 From e334fbf5671724f2e404b032795310f2e6425944 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 2 Mar 2016 12:10:20 +0100 Subject: ssh: re-phrase ssh_sftp ref man section on timeouts --- lib/ssh/doc/src/ssh_sftp.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index 21c6ba3ac7..071d46ec57 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -71,9 +71,9 @@
Time-outs

If the request functions for the SFTP channel return {error, timeout}, - it does not guarantee that the request never reached the server and was - not performed. It only means that no answer was received from the - server within the expected time.

+ no answer was received from the server within the expected time.

+

The request may have reached the server and may have been performed. + However, no answer was received from the server within the expected time.

-- cgit v1.2.3 From bbe703b993cd75a13932b4d9809184af7e3ec4d6 Mon Sep 17 00:00:00 2001 From: Stuart Thackray Date: Wed, 20 Apr 2016 17:21:05 +0200 Subject: Documentation: example provided was not a valid term --- lib/ssh/doc/src/ssh.xml | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 850557444d..7dda5d67a2 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -241,6 +241,7 @@ {server2client,['aes128-cbc','3des-cbc']}]}, {mac,['hmac-sha2-256','hmac-sha1']}, {compression,[none,zlib]} + ] }

The example specifies different algorithms in the two directions (client2server and server2client), -- cgit v1.2.3 From 581a973dc3130a22219ec3d1c7e9fbf5db60fbc5 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 27 Apr 2016 12:22:18 +0200 Subject: ssh: fix same doc error as PR-1021 in another place where it also was wrong --- lib/ssh/doc/src/ssh.xml | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 7dda5d67a2..33aacb8ffe 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -461,6 +461,7 @@ {server2client,['aes128-cbc','3des-cbc']}]}, {mac,['hmac-sha2-256','hmac-sha1']}, {compression,[none,zlib]} + ] }

The example specifies different algorithms in the two directions (client2server and server2client), -- cgit v1.2.3 From 9dc46e8d58c9464c8a48b74342951265c3b43dc8 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 22 Jan 2016 19:28:16 +0100 Subject: ssh: Gen_statem rewrite of ssh_connection_handler Including misc fixes in surronding code as well as in test cases. --- lib/ssh/src/ssh_auth.erl | 22 +- lib/ssh/src/ssh_connection.erl | 26 +- lib/ssh/src/ssh_connection_handler.erl | 1760 +++++++++++++--------------- lib/ssh/src/ssh_message.erl | 46 +- lib/ssh/src/ssh_no_io.erl | 32 +- lib/ssh/src/ssh_transport.erl | 191 ++- lib/ssh/test/ssh_algorithms_SUITE.erl | 4 +- lib/ssh/test/ssh_benchmark_SUITE.erl | 44 +- lib/ssh/test/ssh_options_SUITE.erl | 4 +- lib/ssh/test/ssh_renegotiate_SUITE.erl | 3 +- lib/ssh/test/ssh_sftp_SUITE.erl | 1 - lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl | 1 - lib/ssh/test/ssh_test_lib.erl | 4 + 13 files changed, 1015 insertions(+), 1123 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 4b3c21ce3f..49eec8072f 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -135,9 +135,9 @@ init_userauth_request_msg(#ssh{opts = Opts} = Ssh) -> service = "ssh-connection"}); {error, no_user} -> ErrStr = "Could not determine the users name", - throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_ILLEGAL_USER_NAME, - description = ErrStr, - language = "en"}) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_ILLEGAL_USER_NAME, + description = ErrStr}) end. userauth_request_msg(#ssh{userauth_preference = []} = Ssh) -> @@ -355,10 +355,10 @@ handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1, handle_userauth_info_response(#ssh_msg_userauth_info_response{}, _Auth) -> - throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = "Server does not support" - "keyboard-interactive", - language = "en"}). + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "Server does not support keyboard-interactive" + }). %%-------------------------------------------------------------------- @@ -420,10 +420,10 @@ check_password(User, Password, Opts, Ssh) -> {false,NewState} -> {false, Ssh#ssh{pwdfun_user_state=NewState}}; disconnect -> - throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = - "Unable to connect using the available authentication methods", - language = ""}) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "Unable to connect using the available authentication methods" + }) end end. diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index a34478732c..6ca6ed6d77 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -232,6 +232,8 @@ exit_status(ConnectionHandler, Channel, Status) -> ssh_connection_handler:request(ConnectionHandler, Channel, "exit-status", false, [?uint32(Status)], 0). +%% The client wants the server to make a tcp connection on behalf of +%% the client direct_tcpip(ConnectionHandler, RemoteHost, RemotePort, OrigIP, OrigPort, Timeout) -> direct_tcpip(ConnectionHandler, RemoteHost, RemotePort, OrigIP, OrigPort, @@ -256,6 +258,10 @@ direct_tcpip(ConnectionHandler, RemoteIP, RemotePort, OrigIP, OrigPort, Timeout) end. +%% The client wants the server to listen on BindIP:BindPort for tcp +%% connections. When there is a tcp connect (SYN) to that pair on the +%% server, the server sends a #ssh_msg_channel_open{"forwarded-tcpip"} +%% back to the client for each new tcp connection tcpip_forward(ConnectionHandler, BindIP, BindPort) -> case encode_ip(BindIP) of false -> @@ -331,8 +337,9 @@ channel_data(ChannelId, DataType, Data, FlowCtrlMsgs = flow_control(Replies, Channel, Cache), {{replies, Replies ++ FlowCtrlMsgs}, Connection}; _ -> - gen_fsm:reply(From, {error, closed}), - {noreply, Connection} + {{replies,[{channel_request_reply,From,{error,closed}}]}, Connection} + %% gen_fsm:reply(From, {error, closed}), + %% {noreply, Connection} end. handle_msg(#ssh_msg_channel_open_confirmation{recipient_channel = ChannelId, @@ -499,7 +506,8 @@ handle_msg(#ssh_msg_channel_open{channel_type = "session" = Type, handle_msg(#ssh_msg_channel_open{channel_type = "session", sender_channel = RemoteId}, - Connection, client) -> + Connection, + client) -> %% Client implementations SHOULD reject any session channel open %% requests to make it more difficult for a corrupt server to attack the %% client. See See RFC 4254 6.1. @@ -514,10 +522,10 @@ handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip" = Type, initial_window_size = RWindowSz, maximum_packet_size = RPacketSz, data = Data}, - #connection{channel_cache = Cache, - options = SSHopts} = Connection0, server) -> + #connection{channel_cache = Cache, options = SSHopts} = Connection0, + server) -> <> = Data, + ?UINT32(OLen), Orig:OLen/binary, ?UINT32(OrigPort)>> = Data, MinAcceptedPackSz = proplists:get_value(minimal_remote_max_packet_size, SSHopts, 0), @@ -786,11 +794,11 @@ handle_msg(#ssh_msg_global_request{name = _Type, handle_msg(#ssh_msg_request_failure{}, #connection{requests = [{_, From} | Rest]} = Connection, _) -> - {{replies, [{channel_requst_reply, From, {failure, <<>>}}]}, + {{replies, [{channel_request_reply, From, {failure, <<>>}}]}, Connection#connection{requests = Rest}}; handle_msg(#ssh_msg_request_success{data = Data}, #connection{requests = [{_, From} | Rest]} = Connection, _) -> - {{replies, [{channel_requst_reply, From, {success, Data}}]}, + {{replies, [{channel_request_reply, From, {success, Data}}]}, Connection#connection{requests = Rest}}; handle_msg(#ssh_msg_disconnect{code = Code, @@ -1059,7 +1067,7 @@ request_reply_or_data(#channel{local_id = ChannelId, user = ChannelPid}, Connection, Reply) -> case lists:keysearch(ChannelId, 1, Requests) of {value, {ChannelId, From}} -> - {{channel_requst_reply, From, Reply}, + {{channel_request_reply, From, Reply}, Connection#connection{requests = lists:keydelete(ChannelId, 1, Requests)}}; false when (Reply == success) or (Reply == failure) -> diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 2bef6a41cd..d26c586c54 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -28,7 +28,7 @@ -module(ssh_connection_handler). --behaviour(gen_fsm). +-behaviour(gen_statem). -include("ssh.hrl"). -include("ssh_transport.hrl"). @@ -37,45 +37,37 @@ -compile(export_all). -export([start_link/3]). +%%-define(IO_FORMAT(F,A), io:format(F,A)). +-define(IO_FORMAT(F,A), ok). + %% Internal application API -export([open_channel/6, reply_request/3, request/6, request/7, global_request/4, send/5, send_eof/2, info/1, info/2, connection_info/2, channel_info/3, adjust_window/3, close/2, stop/1, renegotiate/1, renegotiate_data/1, + disconnect/1, disconnect/2, start_connection/4, get_print_info/1]). -%% gen_fsm callbacks --export([hello/2, kexinit/2, key_exchange/2, - key_exchange_dh_gex_init/2, key_exchange_dh_gex_reply/2, - new_keys/2, - service_request/2, connected/2, - userauth/2, - userauth_keyboard_interactive/2, - userauth_keyboard_interactive_info_response/2, - error/2]). - --export([init/1, handle_event/3, - handle_sync_event/4, handle_info/3, terminate/3, format_status/2, code_change/4]). +%% gen_statem callbacks +-export([init/1, handle_event/4, terminate/3, format_status/2, code_change/4]). -record(state, { - role, client, starter, auth_user, connection_state, latest_channel_id = 0, idle_timer_ref, - transport_protocol, % ex: tcp + transport_protocol, % ex: tcp transport_cb, transport_close_tag, - ssh_params, % #ssh{} - from ssh.hrl - socket, % socket() - decoded_data_buffer, % binary() - encoded_data_buffer, % binary() + ssh_params, % #ssh{} - from ssh.hrl + socket, % socket() + decoded_data_buffer, % binary() + encoded_data_buffer, % binary() undecoded_packet_length, % integer() - key_exchange_init_msg, % #ssh_msg_kexinit{} - renegotiate = false, % boolean() + key_exchange_init_msg, % #ssh_msg_kexinit{} last_size_rekey = 0, event_queue = [], connection_queue, @@ -83,30 +75,13 @@ port, opts, recbuf - }). - --type state_name() :: hello | kexinit | key_exchange | key_exchange_dh_gex_init | - key_exchange_dh_gex_reply | new_keys | service_request | - userauth | userauth_keyboard_interactive | - userauth_keyboard_interactive_info_response | - connection. - --type gen_fsm_state_return() :: {next_state, state_name(), term()} | - {next_state, state_name(), term(), timeout()} | - {stop, term(), term()}. - --type gen_fsm_sync_return() :: {next_state, state_name(), term()} | - {next_state, state_name(), term(), timeout()} | - {reply, term(), state_name(), term()} | - {stop, term(), term(), term()}. + }). %%==================================================================== %% Internal application API %%==================================================================== %%-------------------------------------------------------------------- --spec start_connection(client| server, port(), proplists:proplist(), - timeout()) -> {ok, pid()} | {error, term()}. %%-------------------------------------------------------------------- start_connection(client = Role, Socket, Options, Timeout) -> try @@ -128,8 +103,8 @@ start_connection(server = Role, Socket, Options, Timeout) -> try case proplists:get_value(parallel_login, SSH_Opts, false) of true -> - HandshakerPid = - spawn_link(fun() -> + HandshakerPid = + spawn_link(fun() -> receive {do_handshake, Pid} -> handshake(Pid, erlang:monitor(process,Pid), Timeout) @@ -164,11 +139,10 @@ start_link(Role, Socket, Options) -> init([Role, Socket, SshOpts]) -> process_flag(trap_exit, true), {NumVsn, StrVsn} = ssh_transport:versions(Role, SshOpts), - {Protocol, Callback, CloseTag} = + {Protocol, Callback, CloseTag} = proplists:get_value(transport, SshOpts, {tcp, gen_tcp, tcp_closed}), Cache = ssh_channel:cache_create(), State0 = #state{ - role = Role, connection_state = #connection{channel_cache = Cache, channel_id_seed = 0, port_bindings = [], @@ -183,142 +157,118 @@ init([Role, Socket, SshOpts]) -> opts = SshOpts }, - State = init_role(State0), + State = init_role(Role, State0), try init_ssh(Role, NumVsn, StrVsn, SshOpts, Socket) of Ssh -> - gen_fsm:enter_loop(?MODULE, [], hello, - State#state{ssh_params = Ssh}) + gen_statem:enter_loop(?MODULE, + [], %%[{debug,[trace,log,statistics,debug]} || Role==server], + handle_event_function, + {hello,Role}, + State#state{ssh_params = Ssh}, + []) catch _:Error -> - gen_fsm:enter_loop(?MODULE, [], error, {Error, State}) + gen_statem:enter_loop(?MODULE, + [], + handle_event_function, + {init_error,Error}, + State, + []) end. -%% Temporary fix for the Nessus error. SYN-> <-SYNACK ACK-> RST-> ? -error(_Event, {Error,State=#state{}}) -> - case Error of - {badmatch,{error,enotconn}} -> - %% {error,enotconn} probably from inet:peername in - %% init_ssh(server,..)/5 called from init/1 - {stop, {shutdown,"TCP connenction to server was prematurely closed by the client"}, State}; - _ -> - {stop, {shutdown,{init,Error}}, State} - end; -error(Event, State) -> - %% State deliberately not checked beeing #state. This is a panic-clause... - {stop, {shutdown,{init,{spurious_error,Event}}}, State}. - %%-------------------------------------------------------------------- --spec open_channel(pid(), string(), iodata(), integer(), integer(), - timeout()) -> {open, channel_id()} | {error, term()}. %%-------------------------------------------------------------------- open_channel(ConnectionHandler, ChannelType, ChannelSpecificData, InitialWindowSize, MaxPacketSize, Timeout) -> - sync_send_all_state_event(ConnectionHandler, {open, self(), ChannelType, + call(ConnectionHandler, {open, self(), ChannelType, InitialWindowSize, MaxPacketSize, ChannelSpecificData, Timeout}). %%-------------------------------------------------------------------- --spec request(pid(), pid(), channel_id(), string(), boolean(), iodata(), - timeout()) -> success | failure | ok | {error, term()}. %%-------------------------------------------------------------------- request(ConnectionHandler, ChannelPid, ChannelId, Type, true, Data, Timeout) -> - sync_send_all_state_event(ConnectionHandler, {request, ChannelPid, ChannelId, Type, Data, + call(ConnectionHandler, {request, ChannelPid, ChannelId, Type, Data, Timeout}); request(ConnectionHandler, ChannelPid, ChannelId, Type, false, Data, _) -> - send_all_state_event(ConnectionHandler, {request, ChannelPid, ChannelId, Type, Data}). + cast(ConnectionHandler, {request, ChannelPid, ChannelId, Type, Data}). %%-------------------------------------------------------------------- --spec request(pid(), channel_id(), string(), boolean(), iodata(), - timeout()) -> success | failure | {error, timeout}. %%-------------------------------------------------------------------- request(ConnectionHandler, ChannelId, Type, true, Data, Timeout) -> - sync_send_all_state_event(ConnectionHandler, {request, ChannelId, Type, Data, Timeout}); + call(ConnectionHandler, {request, ChannelId, Type, Data, Timeout}); request(ConnectionHandler, ChannelId, Type, false, Data, _) -> - send_all_state_event(ConnectionHandler, {request, ChannelId, Type, Data}). + cast(ConnectionHandler, {request, ChannelId, Type, Data}). %%-------------------------------------------------------------------- --spec reply_request(pid(), success | failure, channel_id()) -> ok. %%-------------------------------------------------------------------- reply_request(ConnectionHandler, Status, ChannelId) -> - send_all_state_event(ConnectionHandler, {reply_request, Status, ChannelId}). + cast(ConnectionHandler, {reply_request, Status, ChannelId}). %%-------------------------------------------------------------------- --spec global_request(pid(), string(), boolean(), iolist()) -> ok | error. %%-------------------------------------------------------------------- global_request(ConnectionHandler, Type, true = Reply, Data) -> - case sync_send_all_state_event(ConnectionHandler, - {global_request, self(), Type, Reply, Data}) of + case call(ConnectionHandler, {global_request, self(), Type, Reply, Data}) of {ssh_cm, ConnectionHandler, {success, _}} -> ok; {ssh_cm, ConnectionHandler, {failure, _}} -> error end; global_request(ConnectionHandler, Type, false = Reply, Data) -> - send_all_state_event(ConnectionHandler, {global_request, self(), Type, Reply, Data}). + cast(ConnectionHandler, {global_request, self(), Type, Reply, Data}). %%-------------------------------------------------------------------- --spec send(pid(), channel_id(), integer(), iodata(), timeout()) -> - ok | {error, timeout} | {error, closed}. %%-------------------------------------------------------------------- send(ConnectionHandler, ChannelId, Type, Data, Timeout) -> - sync_send_all_state_event(ConnectionHandler, {data, ChannelId, Type, Data, Timeout}). + call(ConnectionHandler, {data, ChannelId, Type, Data, Timeout}). %%-------------------------------------------------------------------- --spec send_eof(pid(), channel_id()) -> ok | {error, closed}. %%-------------------------------------------------------------------- send_eof(ConnectionHandler, ChannelId) -> - sync_send_all_state_event(ConnectionHandler, {eof, ChannelId}). + call(ConnectionHandler, {eof, ChannelId}). %%-------------------------------------------------------------------- --spec connection_info(pid(), [atom()]) -> proplists:proplist(). %%-------------------------------------------------------------------- get_print_info(ConnectionHandler) -> - sync_send_all_state_event(ConnectionHandler, get_print_info, 1000). + call(ConnectionHandler, get_print_info, 1000). connection_info(ConnectionHandler, Options) -> - sync_send_all_state_event(ConnectionHandler, {connection_info, Options}). + call(ConnectionHandler, {connection_info, Options}). %%-------------------------------------------------------------------- --spec channel_info(pid(), channel_id(), [atom()]) -> proplists:proplist(). %%-------------------------------------------------------------------- channel_info(ConnectionHandler, ChannelId, Options) -> - sync_send_all_state_event(ConnectionHandler, {channel_info, ChannelId, Options}). + call(ConnectionHandler, {channel_info, ChannelId, Options}). %%-------------------------------------------------------------------- --spec adjust_window(pid(), channel_id(), integer()) -> ok. %%-------------------------------------------------------------------- adjust_window(ConnectionHandler, Channel, Bytes) -> - send_all_state_event(ConnectionHandler, {adjust_window, Channel, Bytes}). + cast(ConnectionHandler, {adjust_window, Channel, Bytes}). %%-------------------------------------------------------------------- --spec renegotiate(pid()) -> ok. %%-------------------------------------------------------------------- renegotiate(ConnectionHandler) -> - send_all_state_event(ConnectionHandler, renegotiate). + cast(ConnectionHandler, renegotiate). %%-------------------------------------------------------------------- --spec renegotiate_data(pid()) -> ok. %%-------------------------------------------------------------------- renegotiate_data(ConnectionHandler) -> - send_all_state_event(ConnectionHandler, data_size). + cast(ConnectionHandler, data_size). %%-------------------------------------------------------------------- --spec close(pid(), channel_id()) -> ok. %%-------------------------------------------------------------------- close(ConnectionHandler, ChannelId) -> - case sync_send_all_state_event(ConnectionHandler, {close, ChannelId}) of + case call(ConnectionHandler, {close, ChannelId}) of ok -> ok; - {error, closed} -> + {error, closed} -> ok - end. - + end. + %%-------------------------------------------------------------------- --spec stop(pid()) -> ok | {error, term()}. %%-------------------------------------------------------------------- stop(ConnectionHandler)-> - case sync_send_all_state_event(ConnectionHandler, stop) of + case call(ConnectionHandler, stop) of {error, closed} -> ok; Other -> @@ -329,484 +279,492 @@ info(ConnectionHandler) -> info(ConnectionHandler, {info, all}). info(ConnectionHandler, ChannelProcess) -> - sync_send_all_state_event(ConnectionHandler, {info, ChannelProcess}). - + call(ConnectionHandler, {info, ChannelProcess}). %%==================================================================== -%% gen_fsm callbacks +%% gen_statem callbacks %%==================================================================== -%%-------------------------------------------------------------------- --spec hello(socket_control | {info_line, list()} | {version_exchange, list()}, - #state{}) -> gen_fsm_state_return(). -%%-------------------------------------------------------------------- +%% Temporary fix for the Nessus error. SYN-> <-SYNACK ACK-> RST-> ? +handle_event(_, _Event, {init_error,Error}, _State) -> + case Error of + {badmatch,{error,enotconn}} -> + %% {error,enotconn} probably from inet:peername in + %% init_ssh(server,..)/5 called from init/1 + {stop, {shutdown,"TCP connenction to server was prematurely closed by the client"}}; + _ -> + {stop, {shutdown,{init,Error}}} + end; + -hello(socket_control, #state{socket = Socket, ssh_params = Ssh} = State) -> +%%% ######## {hello, client|server} #### + +handle_event(_, socket_control, StateName={hello,_}, S=#state{socket=Socket, + ssh_params=Ssh}) -> VsnMsg = ssh_transport:hello_version_msg(string_version(Ssh)), - send_msg(VsnMsg, State), + send_bytes(VsnMsg, S), case getopt(recbuf, Socket) of {ok, Size} -> - inet:setopts(Socket, [{packet, line}, {active, once}, {recbuf, ?MAX_PROTO_VERSION}]), - {next_state, hello, State#state{recbuf = Size}}; + inet:setopts(Socket, [{packet, line}, {active, once}, {recbuf, ?MAX_PROTO_VERSION}, {nodelay,true}]), + {next_state, StateName, S#state{recbuf=Size}}; {error, Reason} -> - {stop, {shutdown, Reason}, State} + {stop, {shutdown,Reason}} end; -hello({info_line, _Line},#state{role = client, socket = Socket} = State) -> +handle_event(_, {info_line,_Line}, StateName={hello,client}, S=#state{socket=Socket}) -> %% The server may send info lines before the version_exchange inet:setopts(Socket, [{active, once}]), - {next_state, hello, State}; + {next_state, StateName, S}; -hello({info_line, _Line},#state{role = server, - socket = Socket, - transport_cb = Transport } = State) -> +handle_event(_, {info_line,_Line}, {hello,server}, S) -> %% as openssh - Transport:send(Socket, "Protocol mismatch."), - {stop, {shutdown,"Protocol mismatch in version exchange."}, State}; + send_bytes("Protocol mismatch.", S), + {stop, {shutdown,"Protocol mismatch in version exchange."}}; -hello({version_exchange, Version}, #state{ssh_params = Ssh0, - socket = Socket, - recbuf = Size} = State) -> +handle_event(_, {version_exchange,Version}, {hello,Role}, S=#state{ssh_params = Ssh0, + socket = Socket, + recbuf = Size}) -> {NumVsn, StrVsn} = ssh_transport:handle_hello_version(Version), case handle_version(NumVsn, StrVsn, Ssh0) of {ok, Ssh1} -> inet:setopts(Socket, [{packet,0}, {mode,binary}, {active, once}, {recbuf, Size}]), {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh1), - send_msg(SshPacket, State), - {next_state, kexinit, next_packet(State#state{ssh_params = Ssh, - key_exchange_init_msg = - KeyInitMsg})}; + send_bytes(SshPacket, S), + {next_state, {kexinit,Role,init}, S#state{ssh_params = Ssh, + key_exchange_init_msg = KeyInitMsg}}; not_supported -> - DisconnectMsg = - #ssh_msg_disconnect{code = - ?SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED, - description = "Protocol version " ++ StrVsn - ++ " not supported", - language = "en"}, - handle_disconnect(DisconnectMsg, State) - end. - -%%-------------------------------------------------------------------- --spec kexinit({#ssh_msg_kexinit{}, binary()}, #state{}) -> gen_fsm_state_return(). -%%-------------------------------------------------------------------- -kexinit({#ssh_msg_kexinit{} = Kex, Payload}, - #state{ssh_params = #ssh{role = Role} = Ssh0, - key_exchange_init_msg = OwnKex} = - State) -> - Ssh1 = ssh_transport:key_init(opposite_role(Role), Ssh0, Payload), - case ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1) of - {ok, NextKexMsg, Ssh} when Role == client -> - send_msg(NextKexMsg, State), - {next_state, key_exchange, - next_packet(State#state{ssh_params = Ssh})}; - {ok, Ssh} when Role == server -> - {next_state, key_exchange, - next_packet(State#state{ssh_params = Ssh})} - end. - -%%-------------------------------------------------------------------- --spec key_exchange(#ssh_msg_kexdh_init{} | #ssh_msg_kexdh_reply{} | - #ssh_msg_kex_dh_gex_group{} | #ssh_msg_kex_dh_gex_request{} | - #ssh_msg_kex_dh_gex_request{} | #ssh_msg_kex_dh_gex_reply{}, #state{}) - -> gen_fsm_state_return(). -%%-------------------------------------------------------------------- - -key_exchange(#ssh_msg_kexdh_init{} = Msg, - #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> - case ssh_transport:handle_kexdh_init(Msg, Ssh0) of - {ok, KexdhReply, Ssh1} -> - send_msg(KexdhReply, State), - {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), - send_msg(NewKeys, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})} + disconnect( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED, + description = ["Protocol version ",StrVsn," not supported"]}, + {next_state, {hello,Role}, S}) end; + +%%% ######## {kexinit, client|server, init|renegotiate} #### + +handle_event(_, {#ssh_msg_kexinit{} = Kex, Payload}, {kexinit,client,ReNeg}, + S = #state{ssh_params = Ssh0, + key_exchange_init_msg = OwnKex}) -> + Ssh1 = ssh_transport:key_init(server, Ssh0, Payload), % Yes, *server* + {ok, NextKexMsg, Ssh} = ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1), + send_bytes(NextKexMsg, S), + {next_state, {key_exchange,client,ReNeg}, S#state{ssh_params = Ssh}}; + +handle_event(_, {#ssh_msg_kexinit{} = Kex, Payload}, {kexinit,server,ReNeg}, + S = #state{ssh_params = Ssh0, + key_exchange_init_msg = OwnKex}) -> + Ssh1 = ssh_transport:key_init(client, Ssh0, Payload), % Yes, *client* + {ok, Ssh} = ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1), + {next_state, {key_exchange,server,ReNeg}, S#state{ssh_params = Ssh}}; + +%%% ######## {key_exchange, client|server, init|renegotiate} #### + +handle_event(_, #ssh_msg_kexdh_init{} = Msg, {key_exchange,server,ReNeg}, + S = #state{ssh_params = Ssh0}) -> + {ok, KexdhReply, Ssh1} = ssh_transport:handle_kexdh_init(Msg, Ssh0), + send_bytes(KexdhReply, S), + {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), + send_bytes(NewKeys, S), + {next_state, {new_keys,server,ReNeg}, S#state{ssh_params = Ssh}}; -key_exchange(#ssh_msg_kexdh_reply{} = Msg, - #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> +handle_event(_, #ssh_msg_kexdh_reply{} = Msg, {key_exchange,client,ReNeg}, + #state{ssh_params=Ssh0} = State) -> {ok, NewKeys, Ssh} = ssh_transport:handle_kexdh_reply(Msg, Ssh0), - send_msg(NewKeys, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}; + send_bytes(NewKeys, State), + {next_state, {new_keys,client,ReNeg}, State#state{ssh_params = Ssh}}; -key_exchange(#ssh_msg_kex_dh_gex_request{} = Msg, - #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> +handle_event(_, #ssh_msg_kex_dh_gex_request{} = Msg, {key_exchange,server,ReNeg}, + #state{ssh_params=Ssh0} = State) -> {ok, GexGroup, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0), - send_msg(GexGroup, State), - {next_state, key_exchange_dh_gex_init, next_packet(State#state{ssh_params = Ssh})}; + send_bytes(GexGroup, State), + {next_state, {key_exchange_dh_gex_init,server,ReNeg}, State#state{ssh_params = Ssh}}; -key_exchange(#ssh_msg_kex_dh_gex_request_old{} = Msg, - #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> +handle_event(_, #ssh_msg_kex_dh_gex_request_old{} = Msg, {key_exchange,server,ReNeg}, + #state{ssh_params=Ssh0} = State) -> {ok, GexGroup, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0), - send_msg(GexGroup, State), - {next_state, key_exchange_dh_gex_init, next_packet(State#state{ssh_params = Ssh})}; + send_bytes(GexGroup, State), + {next_state, {key_exchange_dh_gex_init,server,ReNeg}, State#state{ssh_params = Ssh}}; -key_exchange(#ssh_msg_kex_dh_gex_group{} = Msg, - #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> +handle_event(_, #ssh_msg_kex_dh_gex_group{} = Msg, {key_exchange,client,ReNeg}, + #state{ssh_params=Ssh0} = State) -> {ok, KexGexInit, Ssh} = ssh_transport:handle_kex_dh_gex_group(Msg, Ssh0), - send_msg(KexGexInit, State), - {next_state, key_exchange_dh_gex_reply, next_packet(State#state{ssh_params = Ssh})}; + send_bytes(KexGexInit, State), + {next_state, {key_exchange_dh_gex_reply,client,ReNeg}, State#state{ssh_params = Ssh}}; -key_exchange(#ssh_msg_kex_ecdh_init{} = Msg, - #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> +handle_event(_, #ssh_msg_kex_ecdh_init{} = Msg, {key_exchange,server,ReNeg}, + #state{ssh_params=Ssh0} = State) -> {ok, KexEcdhReply, Ssh1} = ssh_transport:handle_kex_ecdh_init(Msg, Ssh0), - send_msg(KexEcdhReply, State), + send_bytes(KexEcdhReply, State), {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), - send_msg(NewKeys, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}; + send_bytes(NewKeys, State), + {next_state, {new_keys,server,ReNeg}, State#state{ssh_params = Ssh}}; -key_exchange(#ssh_msg_kex_ecdh_reply{} = Msg, - #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> +handle_event(_, #ssh_msg_kex_ecdh_reply{} = Msg, {key_exchange,client,ReNeg}, + #state{ssh_params=Ssh0} = State) -> {ok, NewKeys, Ssh} = ssh_transport:handle_kex_ecdh_reply(Msg, Ssh0), - send_msg(NewKeys, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}. + send_bytes(NewKeys, State), + {next_state, {new_keys,client,ReNeg}, State#state{ssh_params = Ssh}}; -%%-------------------------------------------------------------------- --spec key_exchange_dh_gex_init(#ssh_msg_kex_dh_gex_init{}, #state{}) -> gen_fsm_state_return(). -%%-------------------------------------------------------------------- -key_exchange_dh_gex_init(#ssh_msg_kex_dh_gex_init{} = Msg, - #state{ssh_params = #ssh{role = server} = Ssh0} = State) -> +%%% ######## {key_exchange_dh_gex_init, server, init|renegotiate} #### + +handle_event(_, #ssh_msg_kex_dh_gex_init{} = Msg, {key_exchange_dh_gex_init,server,ReNeg}, + #state{ssh_params=Ssh0} = State) -> {ok, KexGexReply, Ssh1} = ssh_transport:handle_kex_dh_gex_init(Msg, Ssh0), - send_msg(KexGexReply, State), + send_bytes(KexGexReply, State), {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), - send_msg(NewKeys, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh})}. + send_bytes(NewKeys, State), + {next_state, {new_keys,server,ReNeg}, State#state{ssh_params = Ssh}}; -%%-------------------------------------------------------------------- --spec key_exchange_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{}, #state{}) -> gen_fsm_state_return(). -%%-------------------------------------------------------------------- -key_exchange_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{} = Msg, - #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> - {ok, NewKeys, Ssh1} = ssh_transport:handle_kex_dh_gex_reply(Msg, Ssh0), - send_msg(NewKeys, State), - {next_state, new_keys, next_packet(State#state{ssh_params = Ssh1})}. +%%% ######## {key_exchange_dh_gex_reply, client, init|renegotiate} #### -%%-------------------------------------------------------------------- --spec new_keys(#ssh_msg_newkeys{}, #state{}) -> gen_fsm_state_return(). -%%-------------------------------------------------------------------- +handle_event(_, #ssh_msg_kex_dh_gex_reply{} = Msg, {key_exchange_dh_gex_reply,client,ReNeg}, + #state{ssh_params=Ssh0} = State) -> + {ok, NewKeys, Ssh1} = ssh_transport:handle_kex_dh_gex_reply(Msg, Ssh0), + send_bytes(NewKeys, State), + {next_state, {new_keys,client,ReNeg}, State#state{ssh_params = Ssh1}}; + +%%% ######## {new_keys, client|server} #### + +handle_event(_, #ssh_msg_newkeys{} = Msg, {new_keys,client,init}, + #state{ssh_params = Ssh0} = State) -> + {ok, Ssh1} = ssh_transport:handle_new_keys(Msg, Ssh0), + {MsgReq, Ssh} = ssh_auth:service_request_msg(Ssh1), + send_bytes(MsgReq, State), + {next_state, {service_request,client}, State#state{ssh_params=Ssh}}; -new_keys(#ssh_msg_newkeys{} = Msg, #state{ssh_params = Ssh0} = State0) -> +handle_event(_, #ssh_msg_newkeys{} = Msg, {new_keys,server,init}, + S = #state{ssh_params = Ssh0}) -> {ok, Ssh} = ssh_transport:handle_new_keys(Msg, Ssh0), - after_new_keys(next_packet(State0#state{ssh_params = Ssh})). + {next_state, {service_request,server}, S#state{ssh_params = Ssh}}; -%%-------------------------------------------------------------------- --spec service_request(#ssh_msg_service_request{} | #ssh_msg_service_accept{}, - #state{}) -> gen_fsm_state_return(). -%%-------------------------------------------------------------------- -service_request(#ssh_msg_service_request{name = "ssh-userauth"} = Msg, - #state{ssh_params = #ssh{role = server, - session_id = SessionId} = Ssh0} = State) -> +handle_event(_, #ssh_msg_newkeys{}, {new_keys,Role,renegotiate}, S) -> + {next_state, {connected,Role}, S}; + +%%% ######## {service_request, client|server} + +handle_event(_, #ssh_msg_service_request{name = "ssh-userauth"} = Msg, {service_request,server}, + #state{ssh_params = #ssh{session_id=SessionId} = Ssh0} = State) -> {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0), - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; + send_bytes(Reply, State), + {next_state, {userauth,server}, State#state{ssh_params = Ssh}}; + +handle_event(_, #ssh_msg_service_request{}, {service_request,server}=StateName, State) -> + Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "Unknown service"}, + disconnect(Msg, StateName, State); -service_request(#ssh_msg_service_accept{name = "ssh-userauth"}, - #state{ssh_params = #ssh{role = client, - service = "ssh-userauth"} = Ssh0} = - State) -> +handle_event(_, #ssh_msg_service_accept{name = "ssh-userauth"}, {service_request,client}, + #state{ssh_params = #ssh{service="ssh-userauth"} = Ssh0} = State) -> {Msg, Ssh} = ssh_auth:init_userauth_request_msg(Ssh0), - send_msg(Msg, State), - {next_state, userauth, next_packet(State#state{auth_user = Ssh#ssh.user, ssh_params = Ssh})}. + send_bytes(Msg, State), + {next_state, {userauth,client}, State#state{auth_user = Ssh#ssh.user, ssh_params = Ssh}}; -%%-------------------------------------------------------------------- --spec userauth(#ssh_msg_userauth_request{} | #ssh_msg_userauth_info_request{} | - #ssh_msg_userauth_info_response{} | #ssh_msg_userauth_success{} | - #ssh_msg_userauth_failure{} | #ssh_msg_userauth_banner{}, - #state{}) -> gen_fsm_state_return(). -%%-------------------------------------------------------------------- -userauth(#ssh_msg_userauth_request{service = "ssh-connection", - method = "none"} = Msg, - #state{ssh_params = #ssh{session_id = SessionId, role = server, +%%% ######## {userauth, client|server} #### + +handle_event(_, #ssh_msg_userauth_request{service = "ssh-connection", + method = "none"} = Msg, StateName={userauth,server}, + #state{ssh_params = #ssh{session_id = SessionId, service = "ssh-connection"} = Ssh0 - } = State) -> + } = State) -> +?IO_FORMAT('~p #ssh_msg_userauth_request{ssh-connection,~p}~n',[self(),Msg#ssh_msg_userauth_request.method]), {not_authorized, {_User, _Reason}, {Reply, Ssh}} = ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0), - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})}; + send_bytes(Reply, State), + {next_state, StateName, State#state{ssh_params = Ssh}}; -userauth(#ssh_msg_userauth_request{service = "ssh-connection", - method = Method} = Msg, - #state{ssh_params = #ssh{session_id = SessionId, role = server, +handle_event(_, #ssh_msg_userauth_request{service = "ssh-connection", + method = Method} = Msg, StateName={userauth,server}, + #state{ssh_params = #ssh{session_id = SessionId, service = "ssh-connection", peer = {_, Address}} = Ssh0, opts = Opts, starter = Pid} = State) -> +?IO_FORMAT('~p #ssh_msg_userauth_request{ssh-connection,~p}~n',[self(),Msg#ssh_msg_userauth_request.method]), case lists:member(Method, Ssh0#ssh.userauth_methods) of true -> case ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of {authorized, User, {Reply, Ssh}} -> - send_msg(Reply, State), + send_bytes(Reply, State), Pid ! ssh_connected, connected_fun(User, Address, Method, Opts), - {next_state, connected, - next_packet(State#state{auth_user = User, ssh_params = Ssh#ssh{authenticated = true}})}; +?IO_FORMAT('~p CONNECTED!~n',[self()]), + {next_state, {connected,server}, + State#state{auth_user = User, ssh_params = Ssh#ssh{authenticated = true}}}; {not_authorized, {User, Reason}, {Reply, Ssh}} when Method == "keyboard-interactive" -> retry_fun(User, Address, Reason, Opts), - send_msg(Reply, State), - {next_state, userauth_keyboard_interactive, next_packet(State#state{ssh_params = Ssh})}; + send_bytes(Reply, State), +?IO_FORMAT('~p not_authorized (1)~n',[self()]), + {next_state, {userauth_keyboard_interactive,server}, State#state{ssh_params = Ssh}}; {not_authorized, {User, Reason}, {Reply, Ssh}} -> retry_fun(User, Address, Reason, Opts), - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} + send_bytes(Reply, State), +?IO_FORMAT('~p not_authorized (2)~n',[self()]), + {next_state, StateName, State#state{ssh_params = Ssh}} end; false -> - userauth(Msg#ssh_msg_userauth_request{method="none"}, State) - end; + %% At least one non-erlang client does like this. Retry as the next event +?IO_FORMAT('~p bug-fix~n',[self()]), + {next_state, StateName, State, + [{next_event, internal, Msg#ssh_msg_userauth_request{method="none"}}] + } + end; -userauth(#ssh_msg_userauth_success{}, #state{ssh_params = #ssh{role = client} = Ssh, - starter = Pid} = State) -> +handle_event(_, #ssh_msg_userauth_request{service = Service}, {userauth,server}=StateName, State) + when Service =/= "ssh-connection" -> +?IO_FORMAT('~p #ssh_msg_userauth_request{~p,...}~n',[self(),Service]), + Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "Unknown service"}, + disconnect(Msg, StateName, State); + +handle_event(_, #ssh_msg_userauth_success{}, {userauth,client}, #state{ssh_params = Ssh, + starter = Pid} = State) -> Pid ! ssh_connected, - {next_state, connected, next_packet(State#state{ssh_params = - Ssh#ssh{authenticated = true}})}; -userauth(#ssh_msg_userauth_failure{}, - #state{ssh_params = #ssh{role = client, - userauth_methods = []}} - = State) -> - Msg = #ssh_msg_disconnect{code = - ?SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE, + {next_state, {connected,client}, State#state{ssh_params=Ssh#ssh{authenticated = true}}}; + +handle_event(_, #ssh_msg_userauth_failure{}, {userauth,client}=StateName, + #state{ssh_params = #ssh{userauth_methods = []}} = State) -> + Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE, description = "Unable to connect using the available" - " authentication methods", - language = "en"}, - handle_disconnect(Msg, State); - -%% Server tells us which authentication methods that are allowed -userauth(#ssh_msg_userauth_failure{authentications = Methodes}, - #state{ssh_params = #ssh{role = client, - userauth_methods = none} = Ssh0} = State) -> - AuthMethods = string:tokens(Methodes, ","), - Ssh1 = Ssh0#ssh{userauth_methods = AuthMethods}, + " authentication methods"}, + disconnect(Msg, StateName, State); + + +handle_event(_, #ssh_msg_userauth_failure{authentications = Methods}, StateName={userauth,client}, + #state{ssh_params = Ssh0 = #ssh{userauth_methods=AuthMthds}} = State) -> + %% The prefered authentication method failed try next method + Ssh1 = case AuthMthds of + none -> + %% Server tells us which authentication methods that are allowed + Ssh0#ssh{userauth_methods = string:tokens(Methods, ",")}; + _ -> + %% We already know... + Ssh0 + end, case ssh_auth:userauth_request_msg(Ssh1) of {disconnect, DisconnectMsg, {Msg, Ssh}} -> - send_msg(Msg, State), - handle_disconnect(DisconnectMsg, State#state{ssh_params = Ssh}); + send_bytes(Msg, State), + disconnect(DisconnectMsg, StateName, State#state{ssh_params = Ssh}); {"keyboard-interactive", {Msg, Ssh}} -> - send_msg(Msg, State), - {next_state, userauth_keyboard_interactive, next_packet(State#state{ssh_params = Ssh})}; + send_bytes(Msg, State), + {next_state, {userauth_keyboard_interactive,client}, State#state{ssh_params = Ssh}}; {_Method, {Msg, Ssh}} -> - send_msg(Msg, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} + send_bytes(Msg, State), + {next_state, StateName, State#state{ssh_params = Ssh}} end; -%% The prefered authentication method failed try next method -userauth(#ssh_msg_userauth_failure{}, - #state{ssh_params = #ssh{role = client} = Ssh0} = State) -> - case ssh_auth:userauth_request_msg(Ssh0) of - {disconnect, DisconnectMsg,{Msg, Ssh}} -> - send_msg(Msg, State), - handle_disconnect(DisconnectMsg, State#state{ssh_params = Ssh}); - {"keyboard-interactive", {Msg, Ssh}} -> - send_msg(Msg, State), - {next_state, userauth_keyboard_interactive, next_packet(State#state{ssh_params = Ssh})}; - {_Method, {Msg, Ssh}} -> - send_msg(Msg, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} - end; +handle_event(_, #ssh_msg_userauth_banner{}, StateName={userauth,client}, + #state{ssh_params = #ssh{userauth_quiet_mode=true}} = State) -> + {next_state, StateName, State}; -userauth(#ssh_msg_userauth_banner{}, - #state{ssh_params = #ssh{userauth_quiet_mode = true, - role = client}} = State) -> - {next_state, userauth, next_packet(State)}; -userauth(#ssh_msg_userauth_banner{message = Msg}, - #state{ssh_params = - #ssh{userauth_quiet_mode = false, role = client}} = State) -> +handle_event(_, #ssh_msg_userauth_banner{message = Msg}, StateName={userauth,client}, + #state{ssh_params = #ssh{userauth_quiet_mode=false}} = State) -> io:format("~s", [Msg]), - {next_state, userauth, next_packet(State)}. - + {next_state, StateName, State}; +%%% ######## {userauth_keyboard_interactive, client|server} -userauth_keyboard_interactive(#ssh_msg_userauth_info_request{} = Msg, - #state{ssh_params = #ssh{role = client, - io_cb = IoCb} = Ssh0} = State) -> +handle_event(_, #ssh_msg_userauth_info_request{} = Msg, {userauth_keyboard_interactive, client}, + #state{ssh_params = #ssh{io_cb=IoCb} = Ssh0} = State) -> {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_info_request(Msg, IoCb, Ssh0), - send_msg(Reply, State), - {next_state, userauth_keyboard_interactive_info_response, next_packet(State#state{ssh_params = Ssh})}; + send_bytes(Reply, State), + {next_state, {userauth_keyboard_interactive_info_response,client}, State#state{ssh_params = Ssh}}; -userauth_keyboard_interactive(#ssh_msg_userauth_info_response{} = Msg, - #state{ssh_params = #ssh{role = server, - peer = {_, Address}} = Ssh0, - opts = Opts, starter = Pid} = State) -> +handle_event(_, #ssh_msg_userauth_info_response{} = Msg, {userauth_keyboard_interactive, server}, + #state{ssh_params = #ssh{peer = {_,Address}} = Ssh0, + opts = Opts, + starter = Pid} = State) -> case ssh_auth:handle_userauth_info_response(Msg, Ssh0) of {authorized, User, {Reply, Ssh}} -> - send_msg(Reply, State), + send_bytes(Reply, State), Pid ! ssh_connected, connected_fun(User, Address, "keyboard-interactive", Opts), - {next_state, connected, - next_packet(State#state{auth_user = User, ssh_params = Ssh#ssh{authenticated = true}})}; + {next_state, {connected,server}, State#state{auth_user = User, + ssh_params = Ssh#ssh{authenticated = true}}}; {not_authorized, {User, Reason}, {Reply, Ssh}} -> retry_fun(User, Address, Reason, Opts), - send_msg(Reply, State), - {next_state, userauth, next_packet(State#state{ssh_params = Ssh})} + send_bytes(Reply, State), + {next_state, {userauth,server}, State#state{ssh_params = Ssh}} end; -userauth_keyboard_interactive(Msg = #ssh_msg_userauth_failure{}, - #state{ssh_params = Ssh0 = - #ssh{role = client, - userauth_preference = Prefs0}} - = State) -> +handle_event(_, Msg = #ssh_msg_userauth_failure{}, {userauth_keyboard_interactive, client}, + #state{ssh_params = Ssh0 = #ssh{userauth_preference=Prefs0}} = State) -> Prefs = [{Method,M,F,A} || {Method,M,F,A} <- Prefs0, Method =/= "keyboard-interactive"], - userauth(Msg, State#state{ssh_params = Ssh0#ssh{userauth_preference=Prefs}}). + {next_state, {userauth,client}, + State#state{ssh_params = Ssh0#ssh{userauth_preference=Prefs}}, + [{next_event, internal, Msg}]}; +handle_event(_, Msg=#ssh_msg_userauth_failure{}, {userauth_keyboard_interactive_info_response, client}, S) -> + {next_state, {userauth,client}, S, [{next_event, internal, Msg}]}; +handle_event(_, Msg=#ssh_msg_userauth_success{}, {userauth_keyboard_interactive_info_response, client}, S) -> + {next_state, {userauth,client}, S, [{next_event, internal, Msg}]}; -userauth_keyboard_interactive_info_response(Msg=#ssh_msg_userauth_failure{}, - #state{ssh_params = #ssh{role = client}} = State) -> - userauth(Msg, State); -userauth_keyboard_interactive_info_response(Msg=#ssh_msg_userauth_success{}, - #state{ssh_params = #ssh{role = client}} = State) -> - userauth(Msg, State); -userauth_keyboard_interactive_info_response(Msg=#ssh_msg_userauth_info_request{}, - #state{ssh_params = #ssh{role = client}} = State) -> - userauth_keyboard_interactive(Msg, State). +handle_event(_, Msg=#ssh_msg_userauth_info_request{}, {userauth_keyboard_interactive_info_response, client}, S) -> + {next_state, {userauth_keyboard_interactive,client}, S, [{next_event, internal, Msg}]}; -%%-------------------------------------------------------------------- --spec connected({#ssh_msg_kexinit{}, binary()}, %%| %% #ssh_msg_kexdh_init{}, - #state{}) -> gen_fsm_state_return(). -%%-------------------------------------------------------------------- -connected({#ssh_msg_kexinit{}, _Payload} = Event, #state{ssh_params = Ssh0} = State0) -> +%%% ######## {connected, client|server} #### + +handle_event(_, {#ssh_msg_kexinit{},_} = Event, {connected,Role}, #state{ssh_params = Ssh0} = State0) -> {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), State = State0#state{ssh_params = Ssh, - key_exchange_init_msg = KeyInitMsg, - renegotiate = true}, - send_msg(SshPacket, State), - kexinit(Event, State). - -%%-------------------------------------------------------------------- --spec handle_event(#ssh_msg_disconnect{} | #ssh_msg_ignore{} | #ssh_msg_debug{} | - #ssh_msg_unimplemented{} | {adjust_window, integer(), integer()} | - {reply_request, success | failure, integer()} | renegotiate | - data_size | {request, pid(), integer(), integer(), iolist()} | - {request, integer(), integer(), iolist()}, state_name(), - #state{}) -> gen_fsm_state_return(). - -%%-------------------------------------------------------------------- -handle_event(#ssh_msg_disconnect{description = Desc} = DisconnectMsg, _StateName, #state{} = State) -> - handle_disconnect(peer, DisconnectMsg, State), - {stop, {shutdown, Desc}, State}; + key_exchange_init_msg = KeyInitMsg}, + send_bytes(SshPacket, State), + {next_state, {kexinit,Role,renegotiate}, State, [{next_event, internal, Event}]}; + +handle_event(_, #ssh_msg_disconnect{description=Desc} = Msg, StateName, + State0 = #state{connection_state = Connection0}) -> + {disconnect, _, {{replies, Replies}, _Connection}} = + ssh_connection:handle_msg(Msg, Connection0, role(StateName)), + {Repls,State} = send_replies(Replies, State0), + disconnect_fun(Desc, State#state.opts), + {stop_and_reply, {shutdown,Desc}, Repls, State}; -handle_event(#ssh_msg_ignore{}, StateName, State) -> - {next_state, StateName, next_packet(State)}; +handle_event(_, #ssh_msg_ignore{}, StateName, State) -> + {next_state, StateName, State}; -handle_event(#ssh_msg_debug{always_display = Display, message = DbgMsg, language=Lang}, - StateName, #state{opts = Opts} = State) -> - F = proplists:get_value(ssh_msg_debug_fun, Opts, +handle_event(_, #ssh_msg_debug{always_display = Display, + message = DbgMsg, + language = Lang}, StateName, #state{opts = Opts} = State) -> + F = proplists:get_value(ssh_msg_debug_fun, Opts, fun(_ConnRef, _AlwaysDisplay, _Msg, _Language) -> ok end ), catch F(self(), Display, DbgMsg, Lang), - {next_state, StateName, next_packet(State)}; + {next_state, StateName, State}; + +handle_event(_, #ssh_msg_unimplemented{}, StateName, State) -> + {next_state, StateName, State}; + +handle_event(internal, Msg=#ssh_msg_global_request{}, StateName, State) -> + handle_connection_msg(Msg, StateName, State); + +handle_event(internal, Msg=#ssh_msg_request_success{}, StateName, State) -> + handle_connection_msg(Msg, StateName, State); -handle_event(#ssh_msg_unimplemented{}, StateName, State) -> - {next_state, StateName, next_packet(State)}; +handle_event(internal, Msg=#ssh_msg_request_failure{}, StateName, State) -> + handle_connection_msg(Msg, StateName, State); -handle_event(renegotiate, connected, #state{ssh_params = Ssh0} - = State) -> +handle_event(internal, Msg=#ssh_msg_channel_open{}, StateName, State) -> + handle_connection_msg(Msg, StateName, State); + +handle_event(internal, Msg=#ssh_msg_channel_open_confirmation{}, StateName, State) -> + handle_connection_msg(Msg, StateName, State); + +handle_event(internal, Msg=#ssh_msg_channel_open_failure{}, StateName, State) -> + handle_connection_msg(Msg, StateName, State); + +handle_event(internal, Msg=#ssh_msg_channel_window_adjust{}, StateName, State) -> + handle_connection_msg(Msg, StateName, State); + +handle_event(internal, Msg=#ssh_msg_channel_data{}, StateName, State) -> + handle_connection_msg(Msg, StateName, State); + +handle_event(internal, Msg=#ssh_msg_channel_extended_data{}, StateName, State) -> + handle_connection_msg(Msg, StateName, State); + +handle_event(internal, Msg=#ssh_msg_channel_eof{}, StateName, State) -> + handle_connection_msg(Msg, StateName, State); + +handle_event(internal, Msg=#ssh_msg_channel_close{}, StateName, State) -> + handle_connection_msg(Msg, StateName, State); + +handle_event(internal, Msg=#ssh_msg_channel_request{}, StateName, State) -> + handle_connection_msg(Msg, StateName, State); + +handle_event(internal, Msg=#ssh_msg_channel_success{}, StateName, State) -> + handle_connection_msg(Msg, StateName, State); + +handle_event(internal, Msg=#ssh_msg_channel_failure{}, StateName, State) -> + handle_connection_msg(Msg, StateName, State); + +handle_event(cast, renegotiate, {connected,Role}, #state{ssh_params=Ssh0} = State) -> {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), - send_msg(SshPacket, State), - timer:apply_after(?REKEY_TIMOUT, gen_fsm, send_all_state_event, [self(), renegotiate]), - {next_state, kexinit, - next_packet(State#state{ssh_params = Ssh, - key_exchange_init_msg = KeyInitMsg, - renegotiate = true})}; - -handle_event(renegotiate, StateName, State) -> + send_bytes(SshPacket, State), +%%% FIXME: timer + timer:apply_after(?REKEY_TIMOUT, gen_statem, cast, [self(), renegotiate]), + {next_state, {kexinit,Role,renegotiate}, State#state{ssh_params = Ssh, + key_exchange_init_msg = KeyInitMsg}}; + +handle_event(cast, renegotiate, StateName, State) -> %% Already in key-exchange so safe to ignore {next_state, StateName, State}; %% Rekey due to sent data limit reached? -handle_event(data_size, connected, #state{ssh_params = Ssh0} = State) -> +handle_event(cast, data_size, {connected,Role}, #state{ssh_params=Ssh0} = State) -> {ok, [{send_oct,Sent0}]} = inet:getstat(State#state.socket, [send_oct]), Sent = Sent0 - State#state.last_size_rekey, MaxSent = proplists:get_value(rekey_limit, State#state.opts, 1024000000), - timer:apply_after(?REKEY_DATA_TIMOUT, gen_fsm, send_all_state_event, [self(), data_size]), +%%% FIXME: timer + timer:apply_after(?REKEY_DATA_TIMOUT, gen_statem, cast, [self(), data_size]), case Sent >= MaxSent of true -> {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), - send_msg(SshPacket, State), - {next_state, kexinit, - next_packet(State#state{ssh_params = Ssh, - key_exchange_init_msg = KeyInitMsg, - renegotiate = true, - last_size_rekey = Sent0})}; + send_bytes(SshPacket, State), + {next_state, {kexinit,Role,renegotiate}, State#state{ssh_params = Ssh, + key_exchange_init_msg = KeyInitMsg, + last_size_rekey = Sent0}}; _ -> - {next_state, connected, next_packet(State)} + {next_state, {connected,Role}, State} end; -handle_event(data_size, StateName, State) -> +handle_event(cast, data_size, StateName, State) -> %% Already in key-exchange so safe to ignore {next_state, StateName, State}; -handle_event(Event, StateName, State) when StateName /= connected -> - Events = [{event, Event} | State#state.event_queue], - {next_state, StateName, State#state{event_queue = Events}}; +handle_event(cast, _, StateName, State) when StateName /= {connected,server}, + StateName /= {connected,client} -> + {next_state, StateName, State, [postpone]}; -handle_event({adjust_window, ChannelId, Bytes}, StateName, +handle_event(cast, {adjust_window,ChannelId,Bytes}, StateName={connected,_Role}, #state{connection_state = #connection{channel_cache = Cache}} = State0) -> - State = - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{recv_window_size = WinSize, - recv_window_pending = Pending, - recv_packet_size = PktSize} = Channel - when (WinSize-Bytes) >= 2*PktSize -> - %% The peer can send at least two more *full* packet, no hurry. - ssh_channel:cache_update(Cache, - Channel#channel{recv_window_pending = Pending + Bytes}), - State0; - - #channel{recv_window_size = WinSize, - recv_window_pending = Pending, - remote_id = Id} = Channel -> - %% Now we have to update the window - we can't receive so many more pkts - ssh_channel:cache_update(Cache, - Channel#channel{recv_window_size = - WinSize + Bytes + Pending, - recv_window_pending = 0}), - Msg = ssh_connection:channel_adjust_window_msg(Id, Bytes + Pending), - send_replies([{connection_reply, Msg}], State0); + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{recv_window_size = WinSize, + recv_window_pending = Pending, + recv_packet_size = PktSize} = Channel + when (WinSize-Bytes) >= 2*PktSize -> + %% The peer can send at least two more *full* packet, no hurry. + ssh_channel:cache_update(Cache, + Channel#channel{recv_window_pending = Pending + Bytes}), + {next_state, StateName, State0}; + + #channel{recv_window_size = WinSize, + recv_window_pending = Pending, + remote_id = Id} = Channel -> + %% Now we have to update the window - we can't receive so many more pkts + ssh_channel:cache_update(Cache, + Channel#channel{recv_window_size = + WinSize + Bytes + Pending, + recv_window_pending = 0}), + Msg = ssh_connection:channel_adjust_window_msg(Id, Bytes + Pending), + {next_state, StateName, send_msg(Msg,State0)}; + + undefined -> + {next_state, StateName, State0} + end; - undefined -> - State0 - end, - {next_state, StateName, next_packet(State)}; - -handle_event({reply_request, success, ChannelId}, StateName, - #state{connection_state = - #connection{channel_cache = Cache}} = State0) -> - State = case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{remote_id = RemoteId} -> - Msg = ssh_connection:channel_success_msg(RemoteId), - send_replies([{connection_reply, Msg}], State0); - undefined -> - State0 - end, - {next_state, StateName, State}; +handle_event(cast, {reply_request,success,ChannelId}, StateName={connected,_}, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{remote_id = RemoteId} -> + Msg = ssh_connection:channel_success_msg(RemoteId), + {next_state, StateName, send_msg(Msg,State0)}; + + undefined -> + {next_state, StateName, State0} + end; -handle_event({request, ChannelPid, ChannelId, Type, Data}, StateName, State0) -> - {{replies, Replies}, State1} = handle_request(ChannelPid, ChannelId, - Type, Data, - false, none, State0), - State = send_replies(Replies, State1), - {next_state, StateName, next_packet(State)}; +handle_event(cast, {request,ChannelPid,ChannelId,Type,Data}, StateName={connected,_}, State0) -> + State = handle_request(ChannelPid, ChannelId, Type, Data, false, none, State0), + {next_state, StateName, State}; -handle_event({request, ChannelId, Type, Data}, StateName, State0) -> - {{replies, Replies}, State1} = handle_request(ChannelId, Type, Data, - false, none, State0), - State = send_replies(Replies, State1), - {next_state, StateName, next_packet(State)}; +handle_event(cast, {request,ChannelId,Type,Data}, StateName={connected,_}, State0) -> + State = handle_request(ChannelId, Type, Data, false, none, State0), + {next_state, StateName, State}; -handle_event({unknown, Data}, StateName, State) -> +handle_event(cast, {unknown,Data}, StateName={connected,_}, State) -> Msg = #ssh_msg_unimplemented{sequence = Data}, - send_msg(Msg, State), - {next_state, StateName, next_packet(State)}. + {next_state, StateName, send_msg(Msg,State)}; -%%-------------------------------------------------------------------- --spec handle_sync_event({request, pid(), channel_id(), integer(), binary(), timeout()} | - {request, channel_id(), integer(), binary(), timeout()} | - {global_request, pid(), integer(), boolean(), binary()} | {eof, integer()} | - {open, pid(), integer(), channel_id(), integer(), binary(), _} | - {send_window, channel_id()} | {recv_window, channel_id()} | - {connection_info, [client_version | server_version | peer | - sockname]} | {channel_info, channel_id(), [recv_window | - send_window]} | - {close, channel_id()} | stop, term(), state_name(), #state{}) - -> gen_fsm_sync_return(). -%%-------------------------------------------------------------------- -handle_sync_event(get_print_info, _From, StateName, State) -> +%%% Previously handle_sync_event began here +handle_event({call,From}, get_print_info, StateName, State) -> Reply = try {inet:sockname(State#state.socket), @@ -818,25 +776,24 @@ handle_sync_event(get_print_info, _From, StateName, State) -> catch _:_ -> {{"?",0},"?"} end, - {reply, Reply, StateName, State}; + {next_state, StateName, State, [{reply,From,Reply}]}; -handle_sync_event({connection_info, Options}, _From, StateName, State) -> +handle_event({call,From}, {connection_info, Options}, StateName, State) -> Info = ssh_info(Options, State, []), - {reply, Info, StateName, State}; + {next_state, StateName, State, [{reply,From,Info}]}; -handle_sync_event({channel_info, ChannelId, Options}, _From, StateName, - #state{connection_state = #connection{channel_cache = Cache}} = State) -> +handle_event({call,From}, {channel_info,ChannelId,Options}, StateName, + State=#state{connection_state = #connection{channel_cache = Cache}}) -> case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{} = Channel -> Info = ssh_channel_info(Options, Channel, []), - {reply, Info, StateName, State}; + {next_state, StateName, State, [{reply,From,Info}]}; undefined -> - {reply, [], StateName, State} + {next_state, StateName, State, [{reply,From,[]}]} end; -handle_sync_event({info, ChannelPid}, _From, StateName, - #state{connection_state = - #connection{channel_cache = Cache}} = State) -> +handle_event({call,From}, {info, ChannelPid}, StateName, State = #state{connection_state = + #connection{channel_cache = Cache}}) -> Result = ssh_channel:cache_foldl( fun(Channel, Acc) when ChannelPid == all; Channel#channel.user == ChannelPid -> @@ -844,86 +801,74 @@ handle_sync_event({info, ChannelPid}, _From, StateName, (_, Acc) -> Acc end, [], Cache), - {reply, {ok, Result}, StateName, State}; + {next_state, StateName, State, [{reply, From, {ok,Result}}]}; -handle_sync_event(stop, _, _StateName, #state{connection_state = Connection0, - role = Role} = State0) -> +handle_event({call,From}, stop, StateName, #state{connection_state = Connection0} = State0) -> {disconnect, _Reason, {{replies, Replies}, Connection}} = ssh_connection:handle_msg(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, - description = "User closed down connection", - language = "en"}, Connection0, Role), - State = send_replies(Replies, State0), - {stop, normal, ok, State#state{connection_state = Connection}}; - + description = "User closed down connection"}, + Connection0, role(StateName)), + {Repls,State} = send_replies(Replies, State0), + {stop_and_reply, normal, [{reply,From,ok}|Repls], State#state{connection_state=Connection}}; -handle_sync_event(Event, From, StateName, State) when StateName /= connected -> - Events = [{sync, Event, From} | State#state.event_queue], - {next_state, StateName, State#state{event_queue = Events}}; +handle_event({call,_}, _, StateName, State) when StateName /= {connected,server}, + StateName /= {connected,client} -> + {next_state, StateName, State, [postpone]}; -handle_sync_event({request, ChannelPid, ChannelId, Type, Data, Timeout}, From, StateName, State0) -> - {{replies, Replies}, State1} = handle_request(ChannelPid, - ChannelId, Type, Data, - true, From, State0), +handle_event({call,From}, {request, ChannelPid, ChannelId, Type, Data, Timeout}, StateName={connected,_}, State0) -> + State = handle_request(ChannelPid, ChannelId, Type, Data, true, From, State0), %% Note reply to channel will happen later when %% reply is recived from peer on the socket - State = send_replies(Replies, State1), start_timeout(ChannelId, From, Timeout), handle_idle_timeout(State), - {next_state, StateName, next_packet(State)}; + {next_state, StateName, State}; -handle_sync_event({request, ChannelId, Type, Data, Timeout}, From, StateName, State0) -> - {{replies, Replies}, State1} = handle_request(ChannelId, Type, Data, - true, From, State0), +handle_event({call,From}, {request, ChannelId, Type, Data, Timeout}, StateName={connected,_}, State0) -> + State = handle_request(ChannelId, Type, Data, true, From, State0), %% Note reply to channel will happen later when %% reply is recived from peer on the socket - State = send_replies(Replies, State1), start_timeout(ChannelId, From, Timeout), handle_idle_timeout(State), - {next_state, StateName, next_packet(State)}; + {next_state, StateName, State}; -handle_sync_event({global_request, Pid, _, _, _} = Request, From, StateName, - #state{connection_state = - #connection{channel_cache = Cache}} = State0) -> +handle_event({call,From}, {global_request, Pid, _, _, _} = Request, StateName={connected,_}, + #state{connection_state = #connection{channel_cache = Cache}} = State0) -> State1 = handle_global_request(Request, State0), Channel = ssh_channel:cache_find(Pid, Cache), State = add_request(true, Channel#channel.local_id, From, State1), - {next_state, StateName, next_packet(State)}; - -handle_sync_event({data, ChannelId, Type, Data, Timeout}, From, StateName, - #state{connection_state = #connection{channel_cache = _Cache} - = Connection0} = State0) -> + {next_state, StateName, State}; +handle_event({call,From}, {data, ChannelId, Type, Data, Timeout}, StateName={connected,_}, + #state{connection_state = #connection{channel_cache=_Cache} = Connection0} = State0) -> case ssh_connection:channel_data(ChannelId, Type, Data, Connection0, From) of {{replies, Replies}, Connection} -> - State = send_replies(Replies, State0#state{connection_state = Connection}), + {Repls,State} = send_replies(Replies, State0#state{connection_state = Connection}), start_timeout(ChannelId, From, Timeout), - {next_state, StateName, next_packet(State)}; + {next_state, StateName, State, Repls}; {noreply, Connection} -> start_timeout(ChannelId, From, Timeout), - {next_state, StateName, next_packet(State0#state{connection_state = Connection})} + {next_state, StateName, State0#state{connection_state = Connection}} end; -handle_sync_event({eof, ChannelId}, _From, StateName, - #state{connection_state = - #connection{channel_cache = Cache}} = State0) -> +handle_event({call,From}, {eof, ChannelId}, StateName={connected,_}, + #state{connection_state = #connection{channel_cache=Cache}} = State0) -> case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{remote_id = Id, sent_close = false} -> - State = send_replies([{connection_reply, - ssh_connection:channel_eof_msg(Id)}], State0), - {reply, ok, StateName, next_packet(State)}; + State = send_msg(ssh_connection:channel_eof_msg(Id), State0), + {next_state, StateName, State, [{reply,From,ok}]}; _ -> - {reply, {error,closed}, StateName, State0} + {next_state, StateName, State0, [{reply,From,{error,closed}}]} end; -handle_sync_event({open, ChannelPid, Type, InitialWindowSize, MaxPacketSize, Data, Timeout}, - From, StateName, #state{connection_state = - #connection{channel_cache = Cache}} = State0) -> +handle_event({call,From}, {open, ChannelPid, Type, InitialWindowSize, MaxPacketSize, Data, Timeout}, + StateName={connected,_}, + #state{connection_state = #connection{channel_cache = Cache}} = State0) -> erlang:monitor(process, ChannelPid), {ChannelId, State1} = new_channel_id(State0), Msg = ssh_connection:channel_open_msg(Type, ChannelId, InitialWindowSize, MaxPacketSize, Data), - State2 = send_replies([{connection_reply, Msg}], State1), + State2 = send_msg(Msg, State1), Channel = #channel{type = Type, sys = "none", user = ChannelPid, @@ -935,11 +880,10 @@ handle_sync_event({open, ChannelPid, Type, InitialWindowSize, MaxPacketSize, Dat ssh_channel:cache_update(Cache, Channel), State = add_request(true, ChannelId, From, State2), start_timeout(ChannelId, From, Timeout), - {next_state, StateName, next_packet(remove_timer_ref(State))}; + {next_state, StateName, remove_timer_ref(State)}; -handle_sync_event({send_window, ChannelId}, _From, StateName, - #state{connection_state = - #connection{channel_cache = Cache}} = State) -> +handle_event({call,From}, {send_window, ChannelId}, StateName={connected,_}, + #state{connection_state = #connection{channel_cache = Cache}} = State) -> Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{send_window_size = WinSize, send_packet_size = Packsize} -> @@ -947,12 +891,10 @@ handle_sync_event({send_window, ChannelId}, _From, StateName, undefined -> {error, einval} end, - {reply, Reply, StateName, next_packet(State)}; - -handle_sync_event({recv_window, ChannelId}, _From, StateName, - #state{connection_state = #connection{channel_cache = Cache}} - = State) -> + {next_state, StateName, State, [{reply,From,Reply}]}; +handle_event({call,From}, {recv_window, ChannelId}, StateName={connected,_}, + #state{connection_state = #connection{channel_cache = Cache}} = State) -> Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{recv_window_size = WinSize, recv_packet_size = Packsize} -> @@ -960,127 +902,145 @@ handle_sync_event({recv_window, ChannelId}, _From, StateName, undefined -> {error, einval} end, - {reply, Reply, StateName, next_packet(State)}; - -handle_sync_event({close, ChannelId}, _, StateName, - #state{connection_state = - #connection{channel_cache = Cache}} = State0) -> - State = - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{remote_id = Id} = Channel -> - State1 = send_replies([{connection_reply, - ssh_connection:channel_close_msg(Id)}], State0), - ssh_channel:cache_update(Cache, Channel#channel{sent_close = true}), - handle_idle_timeout(State1), - State1; - undefined -> - State0 - end, - {reply, ok, StateName, next_packet(State)}. + {next_state, StateName, State, [{reply,From,Reply}]}; -%%-------------------------------------------------------------------- --spec handle_info({atom(), port(), binary()} | {atom(), port()} | - term (), state_name(), #state{}) -> gen_fsm_state_return(). -%%-------------------------------------------------------------------- +handle_event({call,From}, {close, ChannelId}, StateName={connected,_}, + #state{connection_state = + #connection{channel_cache = Cache}} = State0) -> + case ssh_channel:cache_lookup(Cache, ChannelId) of + #channel{remote_id = Id} = Channel -> + State1 = send_msg(ssh_connection:channel_close_msg(Id), State0), + ssh_channel:cache_update(Cache, Channel#channel{sent_close = true}), + handle_idle_timeout(State1), + {next_state, StateName, State1, [{reply,From,ok}]}; + undefined -> + {next_state, StateName, State0, [{reply,From,ok}]} + end; -handle_info({Protocol, Socket, "SSH-" ++ _ = Version}, hello, - #state{socket = Socket, - transport_protocol = Protocol} = State ) -> - event({version_exchange, Version}, hello, State); - -handle_info({Protocol, Socket, Info}, hello, - #state{socket = Socket, - transport_protocol = Protocol} = State) -> - event({info_line, Info}, hello, State); - -handle_info({Protocol, Socket, Data}, StateName, - #state{socket = Socket, - transport_protocol = Protocol, - ssh_params = Ssh0, - decoded_data_buffer = DecData0, - encoded_data_buffer = EncData0, - undecoded_packet_length = RemainingSshPacketLen0} = State0) -> +handle_event(info, {Protocol, Socket, "SSH-" ++ _ = Version}, StateName={hello,_}, + State=#state{socket = Socket, + transport_protocol = Protocol}) -> + {next_state, StateName, State, [{next_event, internal, {version_exchange,Version}}]}; + +handle_event(info, {Protocol, Socket, Info}, StateName={hello,_}, + State=#state{socket = Socket, + transport_protocol = Protocol}) -> + {next_state, StateName, State, [{next_event, internal, {info_line,Info}}]}; + +handle_event(info, {Protocol, Socket, Data}, StateName, State0 = + #state{socket = Socket, + transport_protocol = Protocol, + decoded_data_buffer = DecData0, + encoded_data_buffer = EncData0, + undecoded_packet_length = RemainingSshPacketLen0, + ssh_params = Ssh0}) -> +?IO_FORMAT('~p Recv tcp~n',[self()]), Encoded = <>, - try ssh_transport:handle_packet_part(DecData0, Encoded, RemainingSshPacketLen0, Ssh0) + try ssh_transport:handle_packet_part(DecData0, Encoded, RemainingSshPacketLen0, Ssh0) of + {decoded, Bytes, EncDataRest, Ssh1} -> + State = State0#state{ssh_params = + Ssh1#ssh{recv_sequence = ssh_transport:next_seqnum(Ssh1#ssh.recv_sequence)}, + decoded_data_buffer = <<>>, + undecoded_packet_length = undefined, + encoded_data_buffer = EncDataRest}, + try + ssh_message:decode(set_prefix_if_trouble(Bytes,State)) + of + Msg = #ssh_msg_kexinit{} -> + {next_state, StateName, State, [{next_event, internal, {Msg,Bytes}}, + {next_event, internal, prepare_next_packet} + ]}; + Msg -> + {next_state, StateName, State, [{next_event, internal, Msg}, + {next_event, internal, prepare_next_packet} + ]} + catch + _C:_E -> + DisconnectMsg = + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Encountered unexpected input"}, + disconnect(DisconnectMsg, StateName, State) + end; + {get_more, DecBytes, EncDataRest, RemainingSshPacketLen, Ssh1} -> - {next_state, StateName, - next_packet(State0#state{encoded_data_buffer = EncDataRest, - decoded_data_buffer = DecBytes, - undecoded_packet_length = RemainingSshPacketLen, - ssh_params = Ssh1})}; - {decoded, MsgBytes, EncDataRest, Ssh1} -> - generate_event(MsgBytes, StateName, - State0#state{ssh_params = Ssh1, - %% Important to be set for - %% next_packet -%%% FIXME: the following three seem to always be set in generate_event! - decoded_data_buffer = <<>>, - undecoded_packet_length = undefined, - encoded_data_buffer = EncDataRest}, - EncDataRest); + %% Here we know that there are not enough bytes in EncDataRest to use. Must wait. + inet:setopts(Socket, [{active, once}]), + {next_state, StateName, State0#state{encoded_data_buffer = EncDataRest, + decoded_data_buffer = DecBytes, + undecoded_packet_length = RemainingSshPacketLen, + ssh_params = Ssh1}}; + {bad_mac, Ssh1} -> - DisconnectMsg = + DisconnectMsg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad mac", - language = ""}, - handle_disconnect(DisconnectMsg, State0#state{ssh_params=Ssh1}); + description = "Bad mac"}, + disconnect(DisconnectMsg, StateName, State0#state{ssh_params=Ssh1}); {error, {exceeds_max_size,PacketLen}} -> - DisconnectMsg = + DisconnectMsg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad packet length " - ++ integer_to_list(PacketLen), - language = ""}, - handle_disconnect(DisconnectMsg, State0) + description = "Bad packet length " + ++ integer_to_list(PacketLen)}, + disconnect(DisconnectMsg, StateName, State0) catch - _:_ -> - DisconnectMsg = + _C:_E -> + DisconnectMsg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad packet", - language = ""}, - handle_disconnect(DisconnectMsg, State0) + description = "Bad packet"}, + disconnect(DisconnectMsg, StateName, State0) end; - -handle_info({CloseTag, _Socket}, _StateName, - #state{transport_close_tag = CloseTag, - ssh_params = #ssh{role = _Role, opts = _Opts}} = State) -> - DisconnectMsg = + +handle_event(internal, prepare_next_packet, StateName, State) -> + Enough = erlang:max(8, State#state.ssh_params#ssh.decrypt_block_size), + case size(State#state.encoded_data_buffer) of + Sz when Sz >= Enough -> +?IO_FORMAT('~p Send <<>> to self~n',[self()]), + self() ! {State#state.transport_protocol, State#state.socket, <<>>}; + _ -> +?IO_FORMAT('~p Set active_once~n',[self()]), + inet:setopts(State#state.socket, [{active, once}]) + end, + {next_state, StateName, State}; + +handle_event(info, {CloseTag,Socket}, StateName, + State=#state{socket = Socket, + transport_close_tag = CloseTag}) -> + DisconnectMsg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, - description = "Connection closed", - language = "en"}, - handle_disconnect(DisconnectMsg, State); + description = "Connection closed"}, + disconnect(DisconnectMsg, StateName, State); -handle_info({timeout, {_, From} = Request}, Statename, +handle_event(info, {timeout, {_, From} = Request}, StateName, #state{connection_state = #connection{requests = Requests} = Connection} = State) -> case lists:member(Request, Requests) of true -> - gen_fsm:reply(From, {error, timeout}), - {next_state, Statename, + {next_state, StateName, State#state{connection_state = Connection#connection{requests = - lists:delete(Request, Requests)}}}; + lists:delete(Request, Requests)}}, + [{reply,From,{error,timeout}}]}; false -> - {next_state, Statename, State} + {next_state, StateName, State} end; %%% Handle that ssh channels user process goes down -handle_info({'DOWN', _Ref, process, ChannelPid, _Reason}, Statename, State0) -> +handle_event(info, {'DOWN', _Ref, process, ChannelPid, _Reason}, StateName, State0) -> {{replies, Replies}, State1} = handle_channel_down(ChannelPid, State0), - State = send_replies(Replies, State1), - {next_state, Statename, next_packet(State)}; + {Repls, State} = send_replies(Replies, State1), + {next_state, StateName, State, Repls}; %%% So that terminate will be run when supervisor is shutdown -handle_info({'EXIT', _Sup, Reason}, _StateName, State) -> - {stop, {shutdown, Reason}, State}; +handle_event(info, {'EXIT', _Sup, Reason}, _, _) -> + {stop, {shutdown, Reason}}; -handle_info({check_cache, _ , _}, - StateName, #state{connection_state = - #connection{channel_cache = Cache}} = State) -> +handle_event(info, {check_cache, _ , _}, StateName, + #state{connection_state = #connection{channel_cache=Cache}} = State) -> {next_state, StateName, check_cache(State, Cache)}; -handle_info(UnexpectedMessage, StateName, #state{opts = Opts, - ssh_params = SshParams} = State) -> +handle_event(info, UnexpectedMessage, StateName, + State = #state{opts = Opts, + ssh_params = SshParams}) -> case unexpected_fun(UnexpectedMessage, Opts, SshParams) of report -> Msg = lists:flatten( @@ -1091,10 +1051,11 @@ handle_info(UnexpectedMessage, StateName, #state{opts = Opts, "Local Address: ~p\n", [UnexpectedMessage, StateName, SshParams#ssh.role, SshParams#ssh.peer, proplists:get_value(address, SshParams#ssh.opts)])), - error_logger:info_report(Msg); + error_logger:info_report(Msg), + {next_state, StateName, State}; skip -> - ok; + {next_state, StateName, State}; Other -> Msg = lists:flatten( @@ -1103,60 +1064,78 @@ handle_info(UnexpectedMessage, StateName, #state{opts = Opts, "Message: ~p\n" "Role: ~p\n" "Peer: ~p\n" - "Local Address: ~p\n", [Other, UnexpectedMessage, - SshParams#ssh.role, + "Local Address: ~p\n", [Other, UnexpectedMessage, + SshParams#ssh.role, element(2,SshParams#ssh.peer), proplists:get_value(address, SshParams#ssh.opts)] )), + error_logger:error_report(Msg), + {next_state, StateName, State} + end; - error_logger:error_report(Msg) - end, - {next_state, StateName, State}. +handle_event(internal, {disconnect,Msg,_Reason}, StateName, State) -> + disconnect(Msg, StateName, State); + +handle_event(Type, Ev, StateName, State) -> + case catch atom_to_list(element(1,Ev)) of + "ssh_msg_" ++_ when Type==internal -> + Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Message in wrong state"}, + disconnect(Msg, StateName, State); + _ -> + Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Internal error"}, + disconnect(Msg, StateName, State) + end. %%-------------------------------------------------------------------- --spec terminate(Reason::term(), state_name(), #state{}) -> _. -%%-------------------------------------------------------------------- -terminate(normal, _, #state{transport_cb = Transport, - connection_state = Connection, - socket = Socket}) -> - terminate_subsystem(Connection), - (catch Transport:close(Socket)), - ok; +terminate(normal, StateName, State) -> + ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,normal,StateName]), + normal_termination(StateName, State); terminate({shutdown,{init,Reason}}, StateName, State) -> + ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,{shutdown,{init,Reason}},StateName]), error_logger:info_report(io_lib:format("Erlang ssh in connection handler init: ~p~n",[Reason])), - terminate(normal, StateName, State); + normal_termination(StateName, State); + +terminate(shutdown, StateName, State) -> + %% Terminated by supervisor + ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,shutdown,StateName]), + normal_termination(StateName, + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + description = "Application shutdown"}, + State); + +%% terminate({shutdown,Msg}, StateName, State) when is_record(Msg,ssh_msg_disconnect)-> +%% ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,{shutdown,Msg},StateName]), +%% normal_termination(StateName, Msg, State); + +terminate({shutdown,_R}, StateName, State) -> + ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,{shutdown,_R},StateName]), + normal_termination(StateName, State); + +terminate(Reason, StateName, State) -> + %% Others, e.g undef, {badmatch,_} + ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,Reason,StateName]), + log_error(Reason), + normal_termination(StateName, + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + description = "Internal error"}, + State). -%% Terminated by supervisor -terminate(shutdown, StateName, #state{ssh_params = Ssh0} = State) -> - DisconnectMsg = - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, - description = "Application shutdown", - language = "en"}, - {SshPacket, Ssh} = ssh_transport:ssh_packet(DisconnectMsg, Ssh0), - send_msg(SshPacket, State), - terminate(normal, StateName, State#state{ssh_params = Ssh}); - -terminate({shutdown, #ssh_msg_disconnect{} = Msg}, StateName, - #state{ssh_params = Ssh0} = State) -> - {SshPacket, Ssh} = ssh_transport:ssh_packet(Msg, Ssh0), - send_msg(SshPacket, State), - terminate(normal, StateName, State#state{ssh_params = Ssh}); - -terminate({shutdown, _}, StateName, State) -> - terminate(normal, StateName, State); - -terminate(Reason, StateName, #state{ssh_params = Ssh0, starter = _Pid, - connection_state = Connection} = State) -> + +normal_termination(StateName, Msg, State0) -> + State = send_msg(Msg,State0), +timer:sleep(400), %% FIXME!!! gen_tcp:shutdown instead + normal_termination(StateName, State). + +normal_termination(_StateName, #state{transport_cb = Transport, + connection_state = Connection, + socket = Socket}) -> + ?IO_FORMAT('~p ~p:~p normal_termination in state ~p~n',[self(),?MODULE,?LINE,_StateName]), terminate_subsystem(Connection), - log_error(Reason), - DisconnectMsg = - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, - description = "Internal error", - language = "en"}, - {SshPacket, Ssh} = ssh_transport:ssh_packet(DisconnectMsg, Ssh0), - send_msg(SshPacket, State), - terminate(normal, StateName, State#state{ssh_params = Ssh}). + (catch Transport:close(Socket)), + ok. terminate_subsystem(#connection{system_supervisor = SysSup, @@ -1165,9 +1144,10 @@ terminate_subsystem(#connection{system_supervisor = SysSup, terminate_subsystem(_) -> ok. -format_status(normal, [_, State]) -> - [{data, [{"StateData", State}]}]; -format_status(terminate, [_, State]) -> + +format_status(normal, [_, _StateName, State]) -> + [{data, [{"State", State}]}]; +format_status(terminate, [_, _StateName, State]) -> SshParams0 = (State#state.ssh_params), SshParams = SshParams0#ssh{c_keyinit = "***", s_keyinit = "***", @@ -1183,37 +1163,44 @@ format_status(terminate, [_, State]) -> decompress_ctx = "***", shared_secret = "***", exchanged_hash = "***", - session_id = "***", - keyex_key = "***", - keyex_info = "***", + session_id = "***", + keyex_key = "***", + keyex_info = "***", available_host_keys = "***"}, - [{data, [{"StateData", State#state{decoded_data_buffer = "***", - encoded_data_buffer = "***", - key_exchange_init_msg = "***", - opts = "***", - recbuf = "***", - ssh_params = SshParams - }}]}]. + [{data, [{"State", State#state{decoded_data_buffer = "***", + encoded_data_buffer = "***", + key_exchange_init_msg = "***", + opts = "***", + recbuf = "***", + ssh_params = SshParams + }}]}]. + -%%-------------------------------------------------------------------- --spec code_change(OldVsn::term(), state_name(), Oldstate::term(), Extra::term()) -> - {ok, state_name(), #state{}}. -%%-------------------------------------------------------------------- code_change(_OldVsn, StateName, State, _Extra) -> {ok, StateName, State}. %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- -init_role(#state{role = client, opts = Opts} = State0) -> + +%% StateName to Role +role({_,Role}) -> Role; +role({_,Role,_}) -> Role. + +renegotiation({_,_,ReNeg}) -> ReNeg == renegotiation; +renegotiation(_) -> false. + + + +init_role(client, #state{opts = Opts} = State0) -> Pid = proplists:get_value(user_pid, Opts), TimerRef = get_idle_time(Opts), - timer:apply_after(?REKEY_TIMOUT, gen_fsm, send_all_state_event, [self(), renegotiate]), - timer:apply_after(?REKEY_DATA_TIMOUT, gen_fsm, send_all_state_event, + timer:apply_after(?REKEY_TIMOUT, gen_statem, cast, [self(), renegotiate]), + timer:apply_after(?REKEY_DATA_TIMOUT, gen_statem, cast, [self(), data_size]), State0#state{starter = Pid, idle_timer_ref = TimerRef}; -init_role(#state{role = server, opts = Opts, connection_state = Connection} = State) -> +init_role(server, #state{opts = Opts, connection_state = Connection} = State) -> Sups = proplists:get_value(supervisors, Opts), Pid = proplists:get_value(user_pid, Opts), SystemSup = proplists:get_value(system_sup, Sups), @@ -1240,16 +1227,16 @@ get_idle_time(SshOptions) -> init_ssh(client = Role, Vsn, Version, Options, Socket) -> IOCb = case proplists:get_value(user_interaction, Options, true) of - true -> + true -> ssh_io; - false -> + false -> ssh_no_io end, - AuthMethods = proplists:get_value(auth_methods, Options, + AuthMethods = proplists:get_value(auth_methods, Options, ?SUPPORTED_AUTH_METHODS), {ok, PeerAddr} = inet:peername(Socket), - + PeerName = proplists:get_value(host, Options), KeyCb = proplists:get_value(key_cb, Options, ssh_file), @@ -1263,13 +1250,13 @@ init_ssh(client = Role, Vsn, Version, Options, Socket) -> userauth_supported_methods = AuthMethods, peer = {PeerName, PeerAddr}, available_host_keys = supported_host_keys(Role, KeyCb, Options), - random_length_padding = proplists:get_value(max_random_length_padding, - Options, + random_length_padding = proplists:get_value(max_random_length_padding, + Options, (#ssh{})#ssh.random_length_padding) }; init_ssh(server = Role, Vsn, Version, Options, Socket) -> - AuthMethods = proplists:get_value(auth_methods, Options, + AuthMethods = proplists:get_value(auth_methods, Options, ?SUPPORTED_AUTH_METHODS), AuthMethodsAsList = string:tokens(AuthMethods, ","), {ok, PeerAddr} = inet:peername(Socket), @@ -1286,17 +1273,17 @@ init_ssh(server = Role, Vsn, Version, Options, Socket) -> kb_tries_left = 3, peer = {undefined, PeerAddr}, available_host_keys = supported_host_keys(Role, KeyCb, Options), - random_length_padding = proplists:get_value(max_random_length_padding, - Options, + random_length_padding = proplists:get_value(max_random_length_padding, + Options, (#ssh{})#ssh.random_length_padding) }. supported_host_keys(client, _, Options) -> try - case proplists:get_value(public_key, + case proplists:get_value(public_key, proplists:get_value(preferred_algorithms,Options,[]) ) of - undefined -> + undefined -> ssh_transport:default_algorithms(public_key); L -> L -- (L--ssh_transport:default_algorithms(public_key)) @@ -1311,7 +1298,7 @@ supported_host_keys(client, _, Options) -> {stop, {shutdown, Reason}} end; supported_host_keys(server, KeyCb, Options) -> - [atom_to_list(A) || A <- proplists:get_value(public_key, + [atom_to_list(A) || A <- proplists:get_value(public_key, proplists:get_value(preferred_algorithms,Options,[]), ssh_transport:default_algorithms(public_key) ), @@ -1322,10 +1309,19 @@ supported_host_keys(server, KeyCb, Options) -> available_host_key(KeyCb, Alg, Opts) -> element(1, catch KeyCb:host_key(Alg, Opts)) == ok. -send_msg(Msg, #state{socket = Socket, transport_cb = Transport}) -> - Transport:send(Socket, Msg). -handle_version({2, 0} = NumVsn, StrVsn, Ssh0) -> +send_msg(Msg, State=#state{ssh_params=Ssh0}) when is_tuple(Msg) -> + {Bytes, Ssh} = ssh_transport:ssh_packet(Msg, Ssh0), + send_bytes(Bytes, State), + State#state{ssh_params=Ssh}. + +send_bytes(Bytes, #state{socket = Socket, transport_cb = Transport}) -> + R = Transport:send(Socket, Bytes), +?IO_FORMAT('~p send_bytes ~p~n',[self(),R]), + R. + + +handle_version({2, 0} = NumVsn, StrVsn, Ssh0) -> Ssh = counterpart_versions(NumVsn, StrVsn, Ssh0), {ok, Ssh}; handle_version(_,_,_) -> @@ -1336,161 +1332,89 @@ string_version(#ssh{role = client, c_version = Vsn}) -> string_version(#ssh{role = server, s_version = Vsn}) -> Vsn. -send_event(FsmPid, Event) -> - gen_fsm:send_event(FsmPid, Event). -send_all_state_event(FsmPid, Event) -> - gen_fsm:send_all_state_event(FsmPid, Event). +cast(FsmPid, Event) -> + gen_statem:cast(FsmPid, Event). -sync_send_all_state_event(FsmPid, Event) -> - sync_send_all_state_event(FsmPid, Event, infinity). +call(FsmPid, Event) -> + call(FsmPid, Event, infinity). -sync_send_all_state_event(FsmPid, Event, Timeout) -> - try gen_fsm:sync_send_all_state_event(FsmPid, Event, Timeout) of - {closed, _Channel} -> +call(FsmPid, Event, Timeout) -> + try gen_statem:call(FsmPid, Event, Timeout) of + {closed, _R} -> + {error, closed}; + {killed, _R} -> {error, closed}; Result -> Result catch - exit:{noproc, _} -> + exit:{noproc, _R} -> {error, closed}; - exit:{normal, _} -> + exit:{normal, _R} -> {error, closed}; - exit:{{shutdown, _},_} -> + exit:{{shutdown, _R},_} -> {error, closed} end. -%% simulate send_all_state_event(self(), Event) -event(#ssh_msg_disconnect{} = Event, StateName, State) -> - handle_event(Event, StateName, State); -event(#ssh_msg_ignore{} = Event, StateName, State) -> - handle_event(Event, StateName, State); -event(#ssh_msg_debug{} = Event, StateName, State) -> - handle_event(Event, StateName, State); -event(#ssh_msg_unimplemented{} = Event, StateName, State) -> - handle_event(Event, StateName, State); -%% simulate send_event(self(), Event) -event(Event, StateName, State) -> - try - ?MODULE:StateName(Event, State) + +handle_connection_msg(Msg, StateName, State0 = + #state{starter = User, + connection_state = Connection0, + event_queue = Qev0}) -> + Renegotiation = renegotiation(StateName), + Role = role(StateName), + try ssh_connection:handle_msg(Msg, Connection0, Role) of + {{replies, Replies}, Connection} -> + case StateName of + {connected,_} -> + {Repls, State} = send_replies(Replies, + State0#state{connection_state=Connection}), + {next_state, StateName, State, Repls}; + _ -> + {ConnReplies, Replies} = + lists:splitwith(fun not_connected_filter/1, Replies), + {Repls, State} = send_replies(Replies, + State0#state{event_queue = Qev0 ++ ConnReplies}), + {next_state, StateName, State, Repls} + end; + + {noreply, Connection} -> + {next_state, StateName, State0#state{connection_state = Connection}}; + + {disconnect, Reason0, {{replies, Replies}, Connection}} -> + {Repls,State} = send_replies(Replies, State0#state{connection_state = Connection}), + case {Reason0,Role} of + {{_, Reason}, client} when ((StateName =/= {connected,client}) and (not Renegotiation)) -> + User ! {self(), not_connected, Reason}; + _ -> + ok + end, + {stop, {shutdown,normal}, Repls, State#state{connection_state = Connection}} + catch - throw:#ssh_msg_disconnect{} = DisconnectMsg -> - handle_disconnect(DisconnectMsg, State); - throw:{ErrorToDisplay, #ssh_msg_disconnect{} = DisconnectMsg} -> - handle_disconnect(DisconnectMsg, State, ErrorToDisplay); - _C:_Error -> - handle_disconnect(#ssh_msg_disconnect{code = error_code(StateName), - description = "Invalid state", - language = "en"}, State) + _:Error -> + {disconnect, _Reason, {{replies, Replies}, Connection}} = + ssh_connection:handle_msg( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + description = "Internal error"}, + Connection0, Role), + {Repls,State} = send_replies(Replies, State0#state{connection_state = Connection}), + {stop, {shutdown,Error}, Repls, State#state{connection_state = Connection}} end. -error_code(key_exchange) -> - ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED; -error_code(new_keys) -> - ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED; -error_code(_) -> - ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE. - -generate_event(<> = Msg, StateName, - #state{ - role = Role, - starter = User, - renegotiate = Renegotiation, - connection_state = Connection0} = State0, EncData) - when Byte == ?SSH_MSG_GLOBAL_REQUEST; - Byte == ?SSH_MSG_REQUEST_SUCCESS; - Byte == ?SSH_MSG_REQUEST_FAILURE; - Byte == ?SSH_MSG_CHANNEL_OPEN; - Byte == ?SSH_MSG_CHANNEL_OPEN_CONFIRMATION; - Byte == ?SSH_MSG_CHANNEL_OPEN_FAILURE; - Byte == ?SSH_MSG_CHANNEL_WINDOW_ADJUST; - Byte == ?SSH_MSG_CHANNEL_DATA; - Byte == ?SSH_MSG_CHANNEL_EXTENDED_DATA; - Byte == ?SSH_MSG_CHANNEL_EOF; - Byte == ?SSH_MSG_CHANNEL_CLOSE; - Byte == ?SSH_MSG_CHANNEL_REQUEST; - Byte == ?SSH_MSG_CHANNEL_SUCCESS; - Byte == ?SSH_MSG_CHANNEL_FAILURE -> - try - ssh_message:decode(Msg) - of - ConnectionMsg -> - State1 = generate_event_new_state(State0, EncData), - try ssh_connection:handle_msg(ConnectionMsg, Connection0, Role) of - {{replies, Replies0}, Connection} -> - if StateName == connected -> - Replies = Replies0, - State2 = State1; - true -> - {ConnReplies, Replies} = - lists:splitwith(fun not_connected_filter/1, Replies0), - Q = State1#state.event_queue ++ ConnReplies, - State2 = State1#state{ event_queue = Q } - end, - State = send_replies(Replies, State2#state{connection_state = Connection}), - {next_state, StateName, next_packet(State)}; - {noreply, Connection} -> - {next_state, StateName, next_packet(State1#state{connection_state = Connection})}; - {disconnect, {_, Reason}, {{replies, Replies}, Connection}} when - Role == client andalso ((StateName =/= connected) and (not Renegotiation)) -> - State = send_replies(Replies, State1#state{connection_state = Connection}), - User ! {self(), not_connected, Reason}, - {stop, {shutdown, normal}, - next_packet(State#state{connection_state = Connection})}; - {disconnect, _Reason, {{replies, Replies}, Connection}} -> - State = send_replies(Replies, State1#state{connection_state = Connection}), - {stop, {shutdown, normal}, State#state{connection_state = Connection}} - catch - _:Error -> - {disconnect, _Reason, {{replies, Replies}, Connection}} = - ssh_connection:handle_msg( - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, - description = "Internal error", - language = "en"}, Connection0, Role), - State = send_replies(Replies, State1#state{connection_state = Connection}), - {stop, {shutdown, Error}, State#state{connection_state = Connection}} - end - catch - _:_ -> - handle_disconnect( - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad packet received", - language = ""}, State0) - end; -generate_event(Msg, StateName, State0, EncData) -> - try - Event = ssh_message:decode(set_prefix_if_trouble(Msg,State0)), - State = generate_event_new_state(State0, EncData), - case Event of - #ssh_msg_kexinit{} -> - %% We need payload for verification later. - event({Event, Msg}, StateName, State); - _ -> - event(Event, StateName, State) - end - catch - _C:_E -> - DisconnectMsg = - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Encountered unexpected input", - language = "en"}, - handle_disconnect(DisconnectMsg, State0) - end. - - -set_prefix_if_trouble(Msg = <>, #state{ssh_params=SshParams}) +set_prefix_if_trouble(Msg = <>, #state{ssh_params=SshParams}) when Op == 30; Op == 31 -> case catch atom_to_list(kex(SshParams)) of - "ecdh-sha2-" ++ _ -> + "ecdh-sha2-" ++ _ -> <<"ecdh",Msg/binary>>; "diffie-hellman-group-exchange-" ++ _ -> <<"dh_gex",Msg/binary>>; "diffie-hellman-group" ++ _ -> <<"dh",Msg/binary>>; - _ -> + _ -> Msg end; set_prefix_if_trouble(Msg, _) -> @@ -1499,7 +1423,7 @@ set_prefix_if_trouble(Msg, _) -> kex(#ssh{algorithms=#alg{kex=Kex}}) -> Kex; kex(_) -> undefined. - +%%%---------------------------------------------------------------- handle_request(ChannelPid, ChannelId, Type, Data, WantReply, From, #state{connection_state = #connection{channel_cache = Cache}} = State0) -> @@ -1508,11 +1432,9 @@ handle_request(ChannelPid, ChannelId, Type, Data, WantReply, From, update_sys(Cache, Channel, Type, ChannelPid), Msg = ssh_connection:channel_request_msg(Id, Type, WantReply, Data), - Replies = [{connection_reply, Msg}], - State = add_request(WantReply, ChannelId, From, State0), - {{replies, Replies}, State}; + send_msg(Msg, add_request(WantReply, ChannelId, From, State0)); undefined -> - {{replies, []}, State0} + State0 end. handle_request(ChannelId, Type, Data, WantReply, From, @@ -1522,13 +1444,12 @@ handle_request(ChannelId, Type, Data, WantReply, From, #channel{remote_id = Id} -> Msg = ssh_connection:channel_request_msg(Id, Type, WantReply, Data), - Replies = [{connection_reply, Msg}], - State = add_request(WantReply, ChannelId, From, State0), - {{replies, Replies}, State}; + send_msg(Msg, add_request(WantReply, ChannelId, From, State0)); undefined -> - {{replies, []}, State0} + State0 end. +%%%---------------------------------------------------------------- handle_global_request({global_request, ChannelPid, "tcpip-forward" = Type, WantReply, < Connection = ssh_connection:unbind(IP, Port, Connection0), Msg = ssh_connection:global_request_msg(Type, WantReply, Data), - send_replies([{connection_reply, Msg}], State#state{connection_state = Connection}); + send_msg(Msg, State#state{connection_state = Connection}); handle_global_request({global_request, _, "cancel-tcpip-forward" = Type, WantReply, Data}, State) -> Msg = ssh_connection:global_request_msg(Type, WantReply, Data), - send_replies([{connection_reply, Msg}], State). + send_msg(Msg, State). +%%%---------------------------------------------------------------- handle_idle_timeout(#state{opts = Opts}) -> case proplists:get_value(idle_time, Opts, infinity) of infinity -> @@ -1594,21 +1516,10 @@ new_channel_id(#state{connection_state = #connection{channel_id_seed = Id} = {Id, State#state{connection_state = Connection#connection{channel_id_seed = Id + 1}}}. -generate_event_new_state(#state{ssh_params = - #ssh{recv_sequence = SeqNum0} - = Ssh} = State, EncData) -> - SeqNum = ssh_transport:next_seqnum(SeqNum0), - State#state{ssh_params = Ssh#ssh{recv_sequence = SeqNum}, - decoded_data_buffer = <<>>, - encoded_data_buffer = EncData, - undecoded_packet_length = undefined}. - -next_packet(#state{decoded_data_buffer = <<>>, - encoded_data_buffer = Buff, - ssh_params = #ssh{decrypt_block_size = BlockSize}, - socket = Socket, - transport_protocol = Protocol} = State) when Buff =/= <<>> -> - case size(Buff) >= erlang:max(8, BlockSize) of +prepare_for_next_packet(State = #state{transport_protocol = Protocol, + socket = Socket}, + Ssh, EncDataRest) -> + case size(EncDataRest) >= erlang:max(8, Ssh#ssh.decrypt_block_size) of true -> %% Enough data from the next packet has been received to %% decode the length indicator, fake a socket-recive @@ -1617,84 +1528,37 @@ next_packet(#state{decoded_data_buffer = <<>>, false -> inet:setopts(Socket, [{active, once}]) end, - State; - -next_packet(#state{socket = Socket} = State) -> - inet:setopts(Socket, [{active, once}]), - State. - -after_new_keys(#state{renegotiate = true} = State) -> - State1 = State#state{renegotiate = false, event_queue = []}, - lists:foldr(fun after_new_keys_events/2, {next_state, connected, State1}, State#state.event_queue); -after_new_keys(#state{renegotiate = false, - ssh_params = #ssh{role = client} = Ssh0} = State) -> - {Msg, Ssh} = ssh_auth:service_request_msg(Ssh0), - send_msg(Msg, State), - {next_state, service_request, State#state{ssh_params = Ssh}}; -after_new_keys(#state{renegotiate = false, - ssh_params = #ssh{role = server}} = State) -> - {next_state, service_request, State}. - -after_new_keys_events({sync, _Event, From}, {stop, _Reason, _StateData}=Terminator) -> - gen_fsm:reply(From, {error, closed}), - Terminator; -after_new_keys_events(_, {stop, _Reason, _StateData}=Terminator) -> - Terminator; -after_new_keys_events({sync, Event, From}, {next_state, StateName, StateData}) -> - case handle_sync_event(Event, From, StateName, StateData) of - {reply, Reply, NextStateName, NewStateData} -> - gen_fsm:reply(From, Reply), - {next_state, NextStateName, NewStateData}; - {next_state, NextStateName, NewStateData}-> - {next_state, NextStateName, NewStateData}; - {stop, Reason, Reply, NewStateData} -> - gen_fsm:reply(From, Reply), - {stop, Reason, NewStateData} - end; -after_new_keys_events({event, Event}, {next_state, StateName, StateData}) -> - case handle_event(Event, StateName, StateData) of - {next_state, NextStateName, NewStateData}-> - {next_state, NextStateName, NewStateData}; - {stop, Reason, NewStateData} -> - {stop, Reason, NewStateData} - end; -after_new_keys_events({connection_reply, _Data} = Reply, {StateName, State}) -> - NewState = send_replies([Reply], State), - {next_state, StateName, NewState}. + State#state{ssh_params = + Ssh#ssh{recv_sequence = ssh_transport:next_seqnum(Ssh#ssh.recv_sequence)}, + decoded_data_buffer = <<>>, + undecoded_packet_length = undefined, + encoded_data_buffer = EncDataRest}. +%%%---------------------------------------------------------------- +%%% Some other module has decided to disconnect: +disconnect(Msg = #ssh_msg_disconnect{}) -> + throw({keep_state_and_data, + [{next_event, internal, {disconnect, Msg, Msg#ssh_msg_disconnect.description}}]}). -handle_disconnect(DisconnectMsg, State) -> - handle_disconnect(own, DisconnectMsg, State). +disconnect(Msg = #ssh_msg_disconnect{}, ExtraInfo) -> + throw({keep_state_and_data, + [{next_event, internal, {disconnect, Msg, {Msg#ssh_msg_disconnect.description,ExtraInfo}}}]}). -handle_disconnect(#ssh_msg_disconnect{} = DisconnectMsg, State, Error) -> - handle_disconnect(own, DisconnectMsg, State, Error); -handle_disconnect(Type, #ssh_msg_disconnect{description = Desc} = Msg, #state{connection_state = Connection0, role = Role} = State0) -> - {disconnect, _, {{replies, Replies}, Connection}} = ssh_connection:handle_msg(Msg, Connection0, Role), - State = send_replies(disconnect_replies(Type, Msg, Replies), State0), - disconnect_fun(Desc, State#state.opts), - {stop, {shutdown, Desc}, State#state{connection_state = Connection}}. -handle_disconnect(Type, #ssh_msg_disconnect{description = Desc} = Msg, #state{connection_state = Connection0, - role = Role} = State0, ErrorMsg) -> - {disconnect, _, {{replies, Replies}, Connection}} = ssh_connection:handle_msg(Msg, Connection0, Role), - State = send_replies(disconnect_replies(Type, Msg, Replies), State0), - disconnect_fun(Desc, State#state.opts), - {stop, {shutdown, {Desc, ErrorMsg}}, State#state{connection_state = Connection}}. - -disconnect_replies(own, Msg, Replies) -> - [{connection_reply, Msg} | Replies]; -disconnect_replies(peer, _, Replies) -> - Replies. +%% %%% This server/client has decided to disconnect via the state machine: +disconnect(Msg=#ssh_msg_disconnect{description=Description}, _StateName, State0) -> + ?IO_FORMAT('~p ~p:~p disconnect ~p ~p~n',[self(),?MODULE,?LINE,Msg,_StateName]), + State = send_msg(Msg, State0), + disconnect_fun(Description, State#state.opts), +timer:sleep(400), + {stop, {shutdown,Description}, State}. +%%%---------------------------------------------------------------- counterpart_versions(NumVsn, StrVsn, #ssh{role = server} = Ssh) -> Ssh#ssh{c_vsn = NumVsn , c_version = StrVsn}; counterpart_versions(NumVsn, StrVsn, #ssh{role = client} = Ssh) -> Ssh#ssh{s_vsn = NumVsn , s_version = StrVsn}. -opposite_role(client) -> - server; -opposite_role(server) -> - client. connected_fun(User, PeerAddr, Method, Opts) -> case proplists:get_value(connectfun, Opts) of undefined -> @@ -1739,7 +1603,7 @@ ssh_info([client_version | Rest], #state{ssh_params = #ssh{c_vsn = IntVsn, ssh_info([server_version | Rest], #state{ssh_params =#ssh{s_vsn = IntVsn, s_version = StringVsn}} = State, Acc) -> ssh_info(Rest, State, [{server_version, {IntVsn, StringVsn}} | Acc]); -ssh_info([peer | Rest], #state{ssh_params = #ssh{peer = Peer}} = State, Acc) -> +ssh_info([peer | Rest], #state{ssh_params = #ssh{peer = Peer}} = State, Acc) -> ssh_info(Rest, State, [{peer, Peer} | Acc]); ssh_info([sockname | Rest], #state{socket = Socket} = State, Acc) -> {ok, SockName} = inet:sockname(Socket), @@ -1749,6 +1613,7 @@ ssh_info([user | Rest], #state{auth_user = User} = State, Acc) -> ssh_info([ _ | Rest], State, Acc) -> ssh_info(Rest, State, Acc). + ssh_channel_info([], _, Acc) -> Acc; @@ -1765,38 +1630,48 @@ ssh_channel_info([send_window | Rest], #channel{send_window_size = WinSize, ssh_channel_info([ _ | Rest], Channel, Acc) -> ssh_channel_info(Rest, Channel, Acc). + log_error(Reason) -> - Report = io_lib:format("Erlang ssh connection handler failed with reason: " - "~p ~n, Stacktrace: ~p ~n", - [Reason, erlang:get_stacktrace()]), - error_logger:error_report(Report), - "Internal error". - -not_connected_filter({connection_reply, _Data}) -> - true; -not_connected_filter(_) -> - false. - -send_replies([], State) -> - State; -send_replies([{connection_reply, Data} | Rest], #state{ssh_params = Ssh0} = State) -> - {Packet, Ssh} = ssh_transport:ssh_packet(Data, Ssh0), - send_msg(Packet, State), - send_replies(Rest, State#state{ssh_params = Ssh}); -send_replies([Msg | Rest], State) -> - catch send_reply(Msg), - send_replies(Rest, State). - -send_reply({channel_data, Pid, Data}) -> - Pid ! {ssh_cm, self(), Data}; -send_reply({channel_requst_reply, From, Data}) -> - gen_fsm:reply(From, Data); -send_reply({flow_control, Cache, Channel, From, Msg}) -> + Report = io_lib:format("Erlang ssh connection handler failed with reason:~n" + " ~p~n" + "Stacktrace:~n" + " ~p~n", + [Reason, erlang:get_stacktrace()]), + error_logger:error_report(Report). + + +%%%---------------------------------------------------------------- +not_connected_filter({connection_reply, _Data}) -> true; +not_connected_filter(_) -> false. + +%%%---------------------------------------------------------------- +send_replies(Repls, State) -> + lists:foldl(fun get_repl/2, + {[],State}, + Repls). + +get_repl({connection_reply,Msg}, {CallRepls,S}) -> + {CallRepls, send_msg(Msg,S)}; +get_repl({channel_data,undefined,Data}, Acc) -> + Acc; +get_repl({channel_data,Pid,Data}, Acc) -> + Pid ! {ssh_cm, self(), Data}, + Acc; +get_repl({channel_request_reply,From,Data}, {CallRepls,S}) -> + {[{reply,From,Data}|CallRepls], S}; +get_repl({flow_control,Cache,Channel,From,Msg}, {CallRepls,S}) -> ssh_channel:cache_update(Cache, Channel#channel{flow_control = undefined}), - gen_fsm:reply(From, Msg); -send_reply({flow_control, From, Msg}) -> - gen_fsm:reply(From, Msg). + {[{reply,From,Msg}|CallRepls], S}; +get_repl({flow_control,From,Msg}, {CallRepls,S}) -> + {[{reply,From,Msg}|CallRepls], S}; +get_repl(noreply, Acc) -> + Acc; +get_repl(X, Acc) -> + exit({get_repl,X,Acc}). + + +%%%---------------------------------------------------------------- disconnect_fun({disconnect,Msg}, Opts) -> disconnect_fun(Msg, Opts); disconnect_fun(_, undefined) -> @@ -1814,7 +1689,7 @@ unexpected_fun(UnexpectedMessage, Opts, #ssh{peer={_,Peer}}) -> undefined -> report; Fun -> - catch Fun(UnexpectedMessage, Peer) + catch Fun(UnexpectedMessage, Peer) end. @@ -1852,7 +1727,7 @@ remove_timer_ref(State) -> socket_control(Socket, Pid, Transport) -> case Transport:controlling_process(Socket, Pid) of ok -> - send_event(Pid, socket_control); + gen_statem:cast(Pid, socket_control); {error, Reason} -> {error, Reason} end. @@ -1893,4 +1768,3 @@ getopt(Opt, Socket) -> Other -> {error, {unexpected_getopts_return, Other}} end. - diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index 65754956aa..db80d4c9e3 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -50,13 +50,7 @@ -define(Empint(X), (ssh_bits:mpint(X))/binary ). -define(Ebinary(X), ?STRING(X) ). -%% encode(Msg) -> -%% try encode1(Msg) -%% catch -%% C:E -> -%% io:format('***********************~n~p:~p ~p~n',[C,E,Msg]), -%% error(E) -%% end. +-define(unicode_list(B), unicode:characters_to_list(B)). encode(#ssh_msg_global_request{ name = Name, @@ -176,7 +170,7 @@ encode(#ssh_msg_userauth_pk_ok{ encode(#ssh_msg_userauth_passwd_changereq{prompt = Prompt, languge = Lang })-> - <>; + <>; encode(#ssh_msg_userauth_info_request{ name = Name, @@ -184,14 +178,14 @@ encode(#ssh_msg_userauth_info_request{ language_tag = Lang, num_prompts = NumPromtps, data = Data}) -> - <>; encode(#ssh_msg_userauth_info_response{ num_responses = Num, data = Data}) -> lists:foldl(fun %%("", Acc) -> Acc; % commented out since it seem wrong - (Response, Acc) -> <> + (Response, Acc) -> <> end, <>, Data); @@ -201,17 +195,17 @@ encode(#ssh_msg_disconnect{ description = Desc, language = Lang }) -> - <>; + <>; encode(#ssh_msg_service_request{ name = Service }) -> - <>; + <>; encode(#ssh_msg_service_accept{ name = Service }) -> - <>; + <>; encode(#ssh_msg_newkeys{}) -> <>; @@ -283,7 +277,7 @@ encode(#ssh_msg_kex_ecdh_reply{public_host_key = Key, q_s = Q_s, h_sig = Sign}) <>; encode(#ssh_msg_ignore{data = Data}) -> - <>; + <>; encode(#ssh_msg_unimplemented{sequence = Seq}) -> <>; @@ -291,7 +285,7 @@ encode(#ssh_msg_unimplemented{sequence = Seq}) -> encode(#ssh_msg_debug{always_display = Bool, message = Msg, language = Lang}) -> - <>. + <>. %% Connection Messages @@ -330,7 +324,7 @@ decode(<>) -> @@ -363,7 +357,7 @@ decode(<>) -> #ssh_msg_channel_request{ recipient_channel = Recipient, - request_type = unicode:characters_to_list(RequestType), + request_type = ?unicode_list(RequestType), want_reply = erl_boolean(Bool), data = Data }; @@ -381,9 +375,9 @@ decode(<>) -> #ssh_msg_userauth_request{ - user = unicode:characters_to_list(User), - service = unicode:characters_to_list(Service), - method = unicode:characters_to_list(Method), + user = ?unicode_list(User), + service = ?unicode_list(Service), + method = ?unicode_list(Method), data = Data }; @@ -391,7 +385,7 @@ decode(<>) -> #ssh_msg_userauth_failure { - authentications = unicode:characters_to_list(Auths), + authentications = ?unicode_list(Auths), partial_success = erl_boolean(Bool) }; @@ -493,18 +487,18 @@ decode(<<"ecdh",?BYTE(?SSH_MSG_KEX_ECDH_REPLY), decode(<>) -> #ssh_msg_service_request{ - name = unicode:characters_to_list(Service) + name = ?unicode_list(Service) }; decode(<>) -> #ssh_msg_service_accept{ - name = unicode:characters_to_list(Service) + name = ?unicode_list(Service) }; decode(<>) -> #ssh_msg_disconnect{ code = Code, - description = unicode:characters_to_list(Desc), + description = ?unicode_list(Desc), language = Lang }; @@ -512,7 +506,7 @@ decode(<>) -> #ssh_msg_disconnect{ code = Code, - description = unicode:characters_to_list(Desc), + description = ?unicode_list(Desc), language = <<"en">> }; @@ -554,7 +548,7 @@ decode_kex_init(<>, Acc, 0) -> X = 0, list_to_tuple(lists:reverse([X, erl_boolean(Bool) | Acc])); decode_kex_init(<>, Acc, N) -> - Names = string:tokens(unicode:characters_to_list(Data), ","), + Names = string:tokens(?unicode_list(Data), ","), decode_kex_init(Rest, [Names | Acc], N -1). diff --git a/lib/ssh/src/ssh_no_io.erl b/lib/ssh/src/ssh_no_io.erl index 8144aac66e..2358560a26 100644 --- a/lib/ssh/src/ssh_no_io.erl +++ b/lib/ssh/src/ssh_no_io.erl @@ -28,26 +28,26 @@ -export([yes_no/2, read_password/2, read_line/2, format/2]). yes_no(_, _) -> - throw({{no_io_allowed, yes_no}, - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = "User interaction is not allowed", - language = "en"}}). + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "User interaction is not allowed"}, + {no_io_allowed, yes_no}). read_password(_, _) -> - throw({{no_io_allowed, read_password}, - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = "User interaction is not allowed", - language = "en"}}). + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "User interaction is not allowed"}, + {no_io_allowed, read_password}). read_line(_, _) -> - throw({{no_io_allowed, read_line}, - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = "User interaction is not allowed", - language = "en"}} ). + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "User interaction is not allowed"}, + {no_io_allowed, read_line}). format(_, _) -> - throw({{no_io_allowed, format}, - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = "User interaction is not allowed", - language = "en"}}). + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "User interaction is not allowed"}, + {no_io_allowed, format}). diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index c04bd350c7..83e75eb8c6 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -265,7 +265,8 @@ new_keys_message(Ssh0) -> {SshPacket, Ssh} = ssh_packet(#ssh_msg_newkeys{}, Ssh0), {ok, SshPacket, Ssh}. - + + handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own, #ssh{role = client} = Ssh0) -> {ok, Algoritms} = select_algorithm(client, Own, CounterPart), @@ -275,10 +276,10 @@ handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own, Ssh0#ssh{algorithms = Algoritms}); _ -> %% TODO: Correct code? - throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Selection of key exchange" - " algorithm failed", - language = ""}) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Selection of key exchange algorithm failed" + }) end; handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own, @@ -288,10 +289,10 @@ handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own, true -> {ok, Ssh#ssh{algorithms = Algoritms}}; _ -> - throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Selection of key exchange" - " algorithm failed", - language = ""}) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Selection of key exchange algorithm failed" + }) end. @@ -371,12 +372,12 @@ handle_kexdh_init(#ssh_msg_kexdh_init{e = E}, session_id = sid(Ssh1, H)}}; true -> - throw({{error,bad_e_from_peer}, - #ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Key exchange failed, 'e' out of bounds", - language = ""} - }) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'e' out of bounds"}, + {error,bad_e_from_peer} + ) end. handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = PeerPubHostKey, @@ -396,21 +397,20 @@ handle_kexdh_reply(#ssh_msg_kexdh_reply{public_host_key = PeerPubHostKey, exchanged_hash = H, session_id = sid(Ssh, H)}}; Error -> - throw({Error, - #ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Key exchange failed", - language = "en"} - }) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed"}, + Error) end; true -> - throw({{error,bad_f_from_peer}, - #ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Key exchange failed, 'f' out of bounds", - language = ""} - }) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'f' out of bounds"}, + bad_f_from_peer + ) end. @@ -435,10 +435,11 @@ handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request{min = Min0, keyex_info = {Min, Max, NBits} }}; {error,_} -> - throw(#ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "No possible diffie-hellman-group-exchange group found", - language = ""}) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "No possible diffie-hellman-group-exchange group found" + }) end; handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request_old{n = NBits}, @@ -469,19 +470,19 @@ handle_kex_dh_gex_request(#ssh_msg_kex_dh_gex_request_old{n = NBits}, keyex_info = {-1, -1, NBits} % flag for kex_h hash calc }}; {error,_} -> - throw(#ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "No possible diffie-hellman-group-exchange group found", - language = ""}) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "No possible diffie-hellman-group-exchange group found" + }) end; handle_kex_dh_gex_request(_, _) -> - throw({{error,bad_ssh_msg_kex_dh_gex_request}, + ssh_connection_handler:disconnect( #ssh_msg_disconnect{ code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Key exchange failed, bad values in ssh_msg_kex_dh_gex_request", - language = ""} - }). + description = "Key exchange failed, bad values in ssh_msg_kex_dh_gex_request"}, + bad_ssh_msg_kex_dh_gex_request). adjust_gex_min_max(Min0, Max0, Opts) -> @@ -495,10 +496,11 @@ adjust_gex_min_max(Min0, Max0, Opts) -> Min2 =< Max2 -> {Min2, Max2}; Max2 < Min2 -> - throw(#ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "No possible diffie-hellman-group-exchange group possible", - language = ""}) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "No possible diffie-hellman-group-exchange group possible" + }) end end. @@ -535,20 +537,18 @@ handle_kex_dh_gex_init(#ssh_msg_kex_dh_gex_init{e = E}, session_id = sid(Ssh, H) }}; true -> - throw({{error,bad_K}, - #ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Key exchange failed, 'K' out of bounds", - language = ""} - }) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'K' out of bounds"}, + bad_K) end; true -> - throw({{error,bad_e_from_peer}, - #ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Key exchange failed, 'e' out of bounds", - language = ""} - }) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'e' out of bounds"}, + bad_e_from_peer) end. handle_kex_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{public_host_key = PeerPubHostKey, @@ -572,29 +572,28 @@ handle_kex_dh_gex_reply(#ssh_msg_kex_dh_gex_reply{public_host_key = PeerPubHostK exchanged_hash = H, session_id = sid(Ssh, H)}}; _Error -> - throw(#ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Key exchange failed", - language = ""} - ) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed" + }) end; true -> - throw({{error,bad_K}, - #ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Key exchange failed, 'K' out of bounds", - language = ""} - }) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'K' out of bounds"}, + bad_K) end; true -> - throw({{error,bad_f_from_peer}, - #ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Key exchange failed, 'f' out of bounds", - language = ""} - }) - end. + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed, 'f' out of bounds"}, + bad_f_from_peer + ) + end. %%%---------------------------------------------------------------- %%% @@ -624,12 +623,11 @@ handle_kex_ecdh_init(#ssh_msg_kex_ecdh_init{q_c = PeerPublic}, session_id = sid(Ssh1, H)}} catch _:_ -> - throw({{error,invalid_peer_public_key}, - #ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Peer ECDH public key is invalid", - language = ""} - }) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Peer ECDH public key is invalid"}, + invalid_peer_public_key) end. handle_kex_ecdh_reply(#ssh_msg_kex_ecdh_reply{public_host_key = PeerPubHostKey, @@ -650,21 +648,19 @@ handle_kex_ecdh_reply(#ssh_msg_kex_ecdh_reply{public_host_key = PeerPubHostKey, exchanged_hash = H, session_id = sid(Ssh, H)}}; Error -> - throw({Error, - #ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Key exchange failed", - language = ""} - }) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Key exchange failed"}, + Error) end catch _:_ -> - throw({{error,invalid_peer_public_key}, - #ssh_msg_disconnect{ - code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, - description = "Peer ECDH public key is invalid", - language = ""} - }) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{ + code = ?SSH_DISCONNECT_KEY_EXCHANGE_FAILED, + description = "Peer ECDH public key is invalid"}, + invalid_peer_public_key) end. @@ -675,9 +671,10 @@ handle_new_keys(#ssh_msg_newkeys{}, Ssh0) -> {ok, Ssh} catch _C:_Error -> %% TODO: Throw earlier .... - throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Install alg failed", - language = "en"}) + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Install alg failed" + }) end. %% select session id @@ -929,9 +926,9 @@ select_all(CL, SL) when length(CL) + length(SL) < ?MAX_NUM_ALGORITHMS -> lists:map(fun(ALG) -> list_to_atom(ALG) end, (CL -- A)); select_all(CL, SL) -> Err = lists:concat(["Received too many algorithms (",length(CL),"+",length(SL)," >= ",?MAX_NUM_ALGORITHMS,")."]), - throw(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = Err, - language = ""}). + ssh_connection_handler:disconnect( + #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = Err}). select([], []) -> diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index bdc980e65c..440308d1b3 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -361,13 +361,15 @@ get_atoms(L) -> %%% Test case related %%% start_std_daemon(Opts, Config) -> + ct:log("starting std_daemon",[]), {Pid, Host, Port} = ssh_test_lib:std_daemon(Config, Opts), ct:log("started ~p:~p ~p",[Host,Port,Opts]), [{srvr_pid,Pid},{srvr_addr,{Host,Port}} | Config]. start_pubkey_daemon(Opts, Config) -> + ct:log("starting pubkey_daemon",[]), {Pid, Host, Port} = ssh_test_lib:std_daemon1(Config, Opts), - ct:log("started1 ~p:~p ~p",[Host,Port,Opts]), + ct:log("started pubkey_daemon ~p:~p ~p",[Host,Port,Opts]), [{srvr_pid,Pid},{srvr_addr,{Host,Port}} | Config]. diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl index 6e1d18cc95..1f11fee350 100644 --- a/lib/ssh/test/ssh_benchmark_SUITE.erl +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -333,52 +333,64 @@ find_time(accept_to_hello, L) -> [T0,T1] = find([fun(C=#call{mfa = {ssh_acceptor,handle_connection,5}}) -> C#call.t_call end, - fun(C=#call{mfa = {ssh_connection_handler,hello,_}, - args = [socket_control|_]}) -> - C#call.t_return - end + ?LINE, + fun(C=#call{mfa = {ssh_connection_handler,handle_event,5}, + args = [_, {version_exchange,_}, _, {hello,_}, _]}) -> + C#call.t_call + end, + ?LINE ], L, []), {accept_to_hello, now2micro_sec(now_diff(T1,T0)), microsec}; find_time(kex, L) -> - [T0,T1] = find([fun(C=#call{mfa = {ssh_connection_handler,hello,_}, - args = [socket_control|_]}) -> + [T0,T1] = find([fun(C=#call{mfa = {ssh_connection_handler,handle_event,5}, + args = [_, {version_exchange,_}, _, {hello,_}, _]}) -> C#call.t_call end, - ?send(#ssh_msg_newkeys{}) + ?LINE, + ?send(#ssh_msg_newkeys{}), + ?LINE ], L, []), {kex, now2micro_sec(now_diff(T1,T0)), microsec}; find_time(kex_to_auth, L) -> [T0,T1] = find([?send(#ssh_msg_newkeys{}), - ?recv(#ssh_msg_userauth_request{}) + ?LINE, + ?recv(#ssh_msg_userauth_request{}), + ?LINE ], L, []), {kex_to_auth, now2micro_sec(now_diff(T1,T0)), microsec}; find_time(auth, L) -> [T0,T1] = find([?recv(#ssh_msg_userauth_request{}), - ?send(#ssh_msg_userauth_success{}) + ?LINE, + ?send(#ssh_msg_userauth_success{}), + ?LINE ], L, []), {auth, now2micro_sec(now_diff(T1,T0)), microsec}; find_time(to_prompt, L) -> [T0,T1] = find([fun(C=#call{mfa = {ssh_acceptor,handle_connection,5}}) -> C#call.t_call end, - ?recv(#ssh_msg_channel_request{request_type="env"}) + ?LINE, + ?recv(#ssh_msg_channel_request{request_type="env"}), + ?LINE ], L, []), {to_prompt, now2micro_sec(now_diff(T1,T0)), microsec}; find_time(channel_open_close, L) -> [T0,T1] = find([?recv(#ssh_msg_channel_request{request_type="subsystem"}), - ?send(#ssh_msg_channel_close{}) + ?LINE, + ?send(#ssh_msg_channel_close{}), + ?LINE ], L, []), {channel_open_close, now2micro_sec(now_diff(T1,T0)), microsec}. -find([F|Fs], [C|Cs], Acc) when is_function(F,1) -> +find([F,Id|Fs], [C|Cs], Acc) when is_function(F,1) -> try F(C) of T -> find(Fs, Cs, [T|Acc]) catch - _:_ -> find([F|Fs], Cs, Acc) + _:_ -> find([F,Id|Fs], Cs, Acc) end; find([], _, Acc) -> lists:reverse(Acc). @@ -444,7 +456,7 @@ erlang_trace() -> 0 = erlang:trace(new, true, [call,timestamp,{tracer,TracerPid}]), [init_trace(MFA, tp(MFA)) || MFA <- [{ssh_acceptor,handle_connection,5}, - {ssh_connection_handler,hello,2}, +%% {ssh_connection_handler,hello,2}, {ssh_message,encode,1}, {ssh_message,decode,1}, {ssh_transport,select_algorithm,3}, @@ -454,6 +466,10 @@ erlang_trace() -> {ssh_message,decode,1}, {public_key,dh_gex_group,4} % To find dh_gex group size ]], + init_trace({ssh_connection_handler,handle_event,5}, + [{['_', {version_exchange,'_'}, '_', {hello,'_'}, '_'], + [], + [return_trace]}]), {ok, TracerPid}. tp({_M,_F,Arity}) -> diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl index 1d14a16065..4106385d2d 100644 --- a/lib/ssh/test/ssh_options_SUITE.erl +++ b/lib/ssh/test/ssh_options_SUITE.erl @@ -493,7 +493,7 @@ ssh_msg_debug_fun_option_client(Config) -> {user_interaction, false}, {ssh_msg_debug_fun,DbgFun}]), %% Beware, implementation knowledge: - gen_fsm:send_all_state_event(ConnectionRef,{ssh_msg_debug,false,<<"Hello">>,<<>>}), + gen_statem:cast(ConnectionRef,{ssh_msg_debug,false,<<"Hello">>,<<>>}), receive {msg_dbg,X={ConnectionRef,false,<<"Hello">>,<<>>}} -> ct:log("Got expected dbg msg ~p",[X]), @@ -606,7 +606,7 @@ ssh_msg_debug_fun_option_server(Config) -> receive {connection_pid,Server} -> %% Beware, implementation knowledge: - gen_fsm:send_all_state_event(Server,{ssh_msg_debug,false,<<"Hello">>,<<>>}), + gen_statem:cast(Server,{ssh_msg_debug,false,<<"Hello">>,<<>>}), receive {msg_dbg,X={_,false,<<"Hello">>,<<>>}} -> ct:log("Got expected dbg msg ~p",[X]), diff --git a/lib/ssh/test/ssh_renegotiate_SUITE.erl b/lib/ssh/test/ssh_renegotiate_SUITE.erl index 90132becbd..f1a909cbd0 100644 --- a/lib/ssh/test/ssh_renegotiate_SUITE.erl +++ b/lib/ssh/test/ssh_renegotiate_SUITE.erl @@ -33,7 +33,6 @@ suite() -> [{ct_hooks,[ts_install_cth]}, {timetrap,{seconds,40}}]. - all() -> [{group,default_algs}, {group,aes_gcm} ]. @@ -238,7 +237,7 @@ renegotiate2(Config) -> %% get_kex_init - helper function to get key_exchange_init_msg get_kex_init(Conn) -> %% First, validate the key exchange is complete (StateName == connected) - {connected,S} = sys:get_state(Conn), + {{connected,_},S} = sys:get_state(Conn), %% Next, walk through the elements of the #state record looking %% for the #ssh_msg_kexinit record. This method is robust against %% changes to either record. The KEXINIT message contains a cookie diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index cd6c5f82b9..e06b646bba 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -38,7 +38,6 @@ suite() -> [{ct_hooks,[ts_install_cth]}, {timetrap,{seconds,40}}]. - all() -> [{group, not_unicode}, {group, unicode} diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl index 09bef87148..355ce6a8f5 100644 --- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl @@ -39,7 +39,6 @@ suite() -> [{ct_hooks,[ts_install_cth]}, {timetrap,{seconds,40}}]. - all() -> [close_file, quit, diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 4db7d09ccd..69329a5c75 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -57,12 +57,16 @@ daemon(Host, Options) -> daemon(Host, inet_port(), Options). daemon(Host, Port, Options) -> + ct:log("~p:~p Calling ssh:daemon(~p, ~p, ~p)",[?MODULE,?LINE,Host,Port,Options]), case ssh:daemon(Host, Port, Options) of {ok, Pid} when Host == any -> + ct:log("ssh:daemon ok (1)",[]), {Pid, hostname(), Port}; {ok, Pid} -> + ct:log("ssh:daemon ok (2)",[]), {Pid, Host, Port}; Error -> + ct:log("ssh:daemon error ~p",[Error]), Error end. -- cgit v1.2.3 From 9ec2d2fcd17484163296b15315c18ab4509d0629 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 14 Apr 2016 19:35:39 +0200 Subject: ssh: Begin -spec for ssh_connection_handler --- lib/ssh/src/ssh.erl | 5 + lib/ssh/src/ssh.hrl | 4 +- lib/ssh/src/ssh_connect.hrl | 4 +- lib/ssh/src/ssh_connection_handler.erl | 694 ++++++++++++++++++++------------- 4 files changed, 431 insertions(+), 276 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index d0121e73ba..48ef8aad2a 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -36,6 +36,11 @@ shell/1, shell/2, shell/3 ]). +%%% Type exports +-export_type([connection_ref/0, + channel_id/0 + ]). + %%-------------------------------------------------------------------- -spec start() -> ok | {error, term()}. -spec start(permanent | transient | temporary) -> ok | {error, term()}. diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index 73d6e4d2bc..868f3a9181 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -70,8 +70,6 @@ -record(ssh, { - %%state, %% what it's waiting for - role, %% client | server peer, %% string version of peer address @@ -135,8 +133,8 @@ user, service, userauth_quiet_mode, % boolean() - userauth_supported_methods, % string() eg "keyboard-interactive,password" userauth_methods, % list( string() ) eg ["keyboard-interactive", "password"] + userauth_supported_methods, % string() eg "keyboard-interactive,password" kb_tries_left = 0, % integer(), num tries left for "keyboard-interactive" userauth_preference, available_host_keys, diff --git a/lib/ssh/src/ssh_connect.hrl b/lib/ssh/src/ssh_connect.hrl index 397d51de9d..3860bb3202 100644 --- a/lib/ssh/src/ssh_connect.hrl +++ b/lib/ssh/src/ssh_connect.hrl @@ -22,7 +22,9 @@ %%% Description : SSH connection protocol --type channel_id() :: integer(). +-type role() :: client | server . +-type connection_ref() :: pid(). +-type channel_id() :: pos_integer(). -define(DEFAULT_PACKET_SIZE, 65536). -define(DEFAULT_WINDOW_SIZE, 10*?DEFAULT_PACKET_SIZE). diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index d26c586c54..1a2cdb6f87 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -34,26 +34,38 @@ -include("ssh_transport.hrl"). -include("ssh_auth.hrl"). -include("ssh_connect.hrl"). --compile(export_all). --export([start_link/3]). -%%-define(IO_FORMAT(F,A), io:format(F,A)). --define(IO_FORMAT(F,A), ok). +%%==================================================================== +%%% Exports +%%==================================================================== -%% Internal application API --export([open_channel/6, reply_request/3, request/6, request/7, - global_request/4, send/5, send_eof/2, info/1, info/2, - connection_info/2, channel_info/3, - adjust_window/3, close/2, stop/1, renegotiate/1, renegotiate_data/1, +-export([start_link/3, + stop/1 + ]). + +%%% Internal application API +-export([start_connection/4, + open_channel/6, + request/6, request/7, + reply_request/3, + global_request/4, + send/5, + send_eof/2, + info/1, info/2, + connection_info/2, + channel_info/3, + adjust_window/3, close/2, renegotiate/1, renegotiate_data/1, disconnect/1, disconnect/2, - start_connection/4, - get_print_info/1]). + get_print_info/1 + ]). -%% gen_statem callbacks +%%% gen_statem callbacks -export([init/1, handle_event/4, terminate/3, format_status/2, code_change/4]). +%%==================================================================== +%% Process state +%%==================================================================== -record(state, { - client, starter, auth_user, connection_state, @@ -78,11 +90,41 @@ }). %%==================================================================== -%% Internal application API +%% Start / stop %%==================================================================== +%%-------------------------------------------------------------------- +-spec start_link(role(), + inet:socket(), + proplists:proplist() + ) -> {ok, pid()}. +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . +start_link(Role, Socket, Options) -> + {ok, proc_lib:spawn_link(?MODULE, init, [[Role, Socket, Options]])}. + %%-------------------------------------------------------------------- +-spec stop(connection_ref() + ) -> ok | {error, term()}. +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . +stop(ConnectionHandler)-> + case call(ConnectionHandler, stop) of + {error, closed} -> + ok; + Other -> + Other + end. + +%%==================================================================== +%% Internal application API +%%==================================================================== + %%-------------------------------------------------------------------- +-spec start_connection(role(), + inet:socket(), + proplists:proplist(), + timeout() + ) -> {ok, connection_ref()} | {error, term()}. +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . start_connection(client = Role, Socket, Options, Timeout) -> try {ok, Pid} = sshc_sup:start_child([Role, Socket, Options]), @@ -123,91 +165,83 @@ start_connection(server = Role, Socket, Options, Timeout) -> {error, Error} end. -start_the_connection_child(UserPid, Role, Socket, Options) -> - Sups = proplists:get_value(supervisors, Options), - ConnectionSup = proplists:get_value(connection_sup, Sups), - Opts = [{supervisors, Sups}, {user_pid, UserPid} | proplists:get_value(ssh_opts, Options, [])], - {ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]), - {_, Callback, _} = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), - socket_control(Socket, Pid, Callback), - Pid. +%%-------------------------------------------------------------------- +%%% Some other module has decided to disconnect. +-spec disconnect(#ssh_msg_disconnect{}) -> no_return(). +-spec disconnect(#ssh_msg_disconnect{}, iodata()) -> no_return(). +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . +disconnect(Msg = #ssh_msg_disconnect{}) -> + throw({keep_state_and_data, + [{next_event, internal, {disconnect, Msg, Msg#ssh_msg_disconnect.description}}]}). +disconnect(Msg = #ssh_msg_disconnect{}, ExtraInfo) -> + throw({keep_state_and_data, + [{next_event, internal, {disconnect, Msg, {Msg#ssh_msg_disconnect.description,ExtraInfo}}}]}). -start_link(Role, Socket, Options) -> - {ok, proc_lib:spawn_link(?MODULE, init, [[Role, Socket, Options]])}. - -init([Role, Socket, SshOpts]) -> - process_flag(trap_exit, true), - {NumVsn, StrVsn} = ssh_transport:versions(Role, SshOpts), - {Protocol, Callback, CloseTag} = - proplists:get_value(transport, SshOpts, {tcp, gen_tcp, tcp_closed}), - Cache = ssh_channel:cache_create(), - State0 = #state{ - connection_state = #connection{channel_cache = Cache, - channel_id_seed = 0, - port_bindings = [], - requests = [], - options = SshOpts}, - socket = Socket, - decoded_data_buffer = <<>>, - encoded_data_buffer = <<>>, - transport_protocol = Protocol, - transport_cb = Callback, - transport_close_tag = CloseTag, - opts = SshOpts - }, - - State = init_role(Role, State0), - - try init_ssh(Role, NumVsn, StrVsn, SshOpts, Socket) of - Ssh -> - gen_statem:enter_loop(?MODULE, - [], %%[{debug,[trace,log,statistics,debug]} || Role==server], - handle_event_function, - {hello,Role}, - State#state{ssh_params = Ssh}, - []) - catch - _:Error -> - gen_statem:enter_loop(?MODULE, - [], - handle_event_function, - {init_error,Error}, - State, - []) - end. %%-------------------------------------------------------------------- +-spec open_channel(connection_ref(), + string(), + binary(), + pos_integer(), + pos_integer(), + timeout() + ) -> {ok, channel_id()} | {error, term()}. + +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . +open_channel(ConnectionHandler, + ChannelType, ChannelSpecificData, InitialWindowSize, MaxPacketSize, + Timeout) -> + call(ConnectionHandler, + {open, self(), + ChannelType, InitialWindowSize, MaxPacketSize, ChannelSpecificData, + Timeout}). + %%-------------------------------------------------------------------- -open_channel(ConnectionHandler, ChannelType, ChannelSpecificData, - InitialWindowSize, - MaxPacketSize, Timeout) -> - call(ConnectionHandler, {open, self(), ChannelType, - InitialWindowSize, MaxPacketSize, - ChannelSpecificData, - Timeout}). -%%-------------------------------------------------------------------- -%%-------------------------------------------------------------------- +-spec request(connection_ref(), + pid(), + channel_id(), + string(), + boolean(), + iodata(), + timeout() + ) -> success | failure | ok | {error,timeout}. + +-spec request(connection_ref(), + channel_id(), + string(), + boolean(), + iodata(), + timeout() + ) -> success | failure | ok | {error,timeout}. +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . request(ConnectionHandler, ChannelPid, ChannelId, Type, true, Data, Timeout) -> - call(ConnectionHandler, {request, ChannelPid, ChannelId, Type, Data, - Timeout}); + call(ConnectionHandler, {request, ChannelPid, ChannelId, Type, Data, Timeout}); request(ConnectionHandler, ChannelPid, ChannelId, Type, false, Data, _) -> cast(ConnectionHandler, {request, ChannelPid, ChannelId, Type, Data}). -%%-------------------------------------------------------------------- -%%-------------------------------------------------------------------- request(ConnectionHandler, ChannelId, Type, true, Data, Timeout) -> call(ConnectionHandler, {request, ChannelId, Type, Data, Timeout}); request(ConnectionHandler, ChannelId, Type, false, Data, _) -> cast(ConnectionHandler, {request, ChannelId, Type, Data}). %%-------------------------------------------------------------------- -%%-------------------------------------------------------------------- +-spec reply_request(connection_ref(), + success | failure, + channel_id() + ) -> ok. + +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . reply_request(ConnectionHandler, Status, ChannelId) -> cast(ConnectionHandler, {reply_request, Status, ChannelId}). %%-------------------------------------------------------------------- -%%-------------------------------------------------------------------- +-spec global_request(connection_ref(), + string(), + boolean(), + iolist() + ) -> ok | error. +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . global_request(ConnectionHandler, Type, true = Reply, Data) -> case call(ConnectionHandler, {global_request, self(), Type, Reply, Data}) of {ssh_cm, ConnectionHandler, {success, _}} -> @@ -219,44 +253,96 @@ global_request(ConnectionHandler, Type, false = Reply, Data) -> cast(ConnectionHandler, {global_request, self(), Type, Reply, Data}). %%-------------------------------------------------------------------- -%%-------------------------------------------------------------------- +-spec send(connection_ref(), + channel_id(), + non_neg_integer(), + iodata(), + timeout() + ) -> ok | {error, timeout|closed}. +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . send(ConnectionHandler, ChannelId, Type, Data, Timeout) -> call(ConnectionHandler, {data, ChannelId, Type, Data, Timeout}). %%-------------------------------------------------------------------- -%%-------------------------------------------------------------------- +-spec send_eof(connection_ref(), + channel_id() + ) -> ok | {error,closed}. +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . send_eof(ConnectionHandler, ChannelId) -> call(ConnectionHandler, {eof, ChannelId}). %%-------------------------------------------------------------------- +-spec info(connection_ref() + ) -> [ #channel{} ]. + +-spec info(connection_ref(), + pid() + ) -> [ #channel{} ]. +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . +info(ConnectionHandler) -> + info(ConnectionHandler, {info, all}). + +info(ConnectionHandler, ChannelProcess) -> + call(ConnectionHandler, {info, ChannelProcess}). + %%-------------------------------------------------------------------- +-type local_sock_info() :: {inet:ip_address(), non_neg_integer()} | string(). +-type peer_sock_info() :: {inet:ip_address(), non_neg_integer()} | string(). +-type state_info() :: iolist(). + +-spec get_print_info(connection_ref() + ) -> {{local_sock_info(), peer_sock_info()}, + state_info() + }. +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . get_print_info(ConnectionHandler) -> call(ConnectionHandler, get_print_info, 1000). +%%-------------------------------------------------------------------- +-spec connection_info(connection_ref(), + [atom()] + ) -> proplists:proplist(). +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . connection_info(ConnectionHandler, Options) -> call(ConnectionHandler, {connection_info, Options}). %%-------------------------------------------------------------------- -%%-------------------------------------------------------------------- +-spec channel_info(connection_ref(), + channel_id(), + [atom()] + ) -> proplists:proplist(). +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . channel_info(ConnectionHandler, ChannelId, Options) -> call(ConnectionHandler, {channel_info, ChannelId, Options}). %%-------------------------------------------------------------------- -%%-------------------------------------------------------------------- +-spec adjust_window(connection_ref(), + channel_id(), + integer() + ) -> ok. +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . adjust_window(ConnectionHandler, Channel, Bytes) -> cast(ConnectionHandler, {adjust_window, Channel, Bytes}). + %%-------------------------------------------------------------------- -%%-------------------------------------------------------------------- +-spec renegotiate(connection_ref() + ) -> ok. +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . renegotiate(ConnectionHandler) -> cast(ConnectionHandler, renegotiate). %%-------------------------------------------------------------------- -%%-------------------------------------------------------------------- +-spec renegotiate_data(connection_ref() + ) -> ok. +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . renegotiate_data(ConnectionHandler) -> cast(ConnectionHandler, data_size). %%-------------------------------------------------------------------- -%%-------------------------------------------------------------------- +-spec close(connection_ref(), + channel_id() + ) -> ok. +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . close(ConnectionHandler, ChannelId) -> case call(ConnectionHandler, {close, ChannelId}) of ok -> @@ -265,40 +351,73 @@ close(ConnectionHandler, ChannelId) -> ok end. +%%==================================================================== +%% gen_statem callbacks +%%==================================================================== %%-------------------------------------------------------------------- -%%-------------------------------------------------------------------- -stop(ConnectionHandler)-> - case call(ConnectionHandler, stop) of - {error, closed} -> - ok; - Other -> - Other + +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + +init([Role, Socket, SshOpts]) -> + process_flag(trap_exit, true), + {NumVsn, StrVsn} = ssh_transport:versions(Role, SshOpts), + {Protocol, Callback, CloseTag} = + proplists:get_value(transport, SshOpts, {tcp, gen_tcp, tcp_closed}), + Cache = ssh_channel:cache_create(), + State = + init_role(Role, + #state{ + connection_state = #connection{channel_cache = Cache, + channel_id_seed = 0, + port_bindings = [], + requests = [], + options = SshOpts}, + socket = Socket, + decoded_data_buffer = <<>>, + encoded_data_buffer = <<>>, + transport_protocol = Protocol, + transport_cb = Callback, + transport_close_tag = CloseTag, + opts = SshOpts + }), + + try init_ssh_record(Role, NumVsn, StrVsn, SshOpts, Socket) of + Ssh -> + gen_statem:enter_loop(?MODULE, + [], %%[{debug,[trace,log,statistics,debug]} || Role==server], + handle_event_function, + {hello,Role}, + State#state{ssh_params = Ssh}, + []) + catch + _:Error -> + gen_statem:enter_loop(?MODULE, + [], + handle_event_function, + {init_error,Error}, + State, + []) end. -info(ConnectionHandler) -> - info(ConnectionHandler, {info, all}). +%%-------------------------------------------------------------------- -info(ConnectionHandler, ChannelProcess) -> - call(ConnectionHandler, {info, ChannelProcess}). +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -%%==================================================================== -%% gen_statem callbacks -%%==================================================================== +%%% ######## Error in the initialiasation #### -%% Temporary fix for the Nessus error. SYN-> <-SYNACK ACK-> RST-> ? -handle_event(_, _Event, {init_error,Error}, _State) -> - case Error of - {badmatch,{error,enotconn}} -> - %% {error,enotconn} probably from inet:peername in - %% init_ssh(server,..)/5 called from init/1 - {stop, {shutdown,"TCP connenction to server was prematurely closed by the client"}}; - _ -> - {stop, {shutdown,{init,Error}}} - end; +handle_event(_, _Event, {init_error,{badmatch,{error,enotconn}}}, _State) -> + %% Handles the abnormal sequence: + %% SYN-> + %% <-SYNACK + %% ACK-> + %% RST-> + {stop, {shutdown,"TCP connenction to server was prematurely closed by the client"}}; +handle_event(_, _Event, {init_error,OtherError}, _State) -> + {stop, {shutdown,{init,OtherError}}}; -%%% ######## {hello, client|server} #### +%%% ######## {hello, client|server} #### handle_event(_, socket_control, StateName={hello,_}, S=#state{socket=Socket, ssh_params=Ssh}) -> VsnMsg = ssh_transport:hello_version_msg(string_version(Ssh)), @@ -338,6 +457,7 @@ handle_event(_, {version_exchange,Version}, {hello,Role}, S=#state{ssh_params = description = ["Protocol version ",StrVsn," not supported"]}, {next_state, {hello,Role}, S}) end; + %%% ######## {kexinit, client|server, init|renegotiate} #### @@ -356,6 +476,7 @@ handle_event(_, {#ssh_msg_kexinit{} = Kex, Payload}, {kexinit,server,ReNeg}, {ok, Ssh} = ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1), {next_state, {key_exchange,server,ReNeg}, S#state{ssh_params = Ssh}}; + %%% ######## {key_exchange, client|server, init|renegotiate} #### handle_event(_, #ssh_msg_kexdh_init{} = Msg, {key_exchange,server,ReNeg}, @@ -404,6 +525,7 @@ handle_event(_, #ssh_msg_kex_ecdh_reply{} = Msg, {key_exchange,client,ReNeg}, send_bytes(NewKeys, State), {next_state, {new_keys,client,ReNeg}, State#state{ssh_params = Ssh}}; + %%% ######## {key_exchange_dh_gex_init, server, init|renegotiate} #### handle_event(_, #ssh_msg_kex_dh_gex_init{} = Msg, {key_exchange_dh_gex_init,server,ReNeg}, @@ -414,6 +536,7 @@ handle_event(_, #ssh_msg_kex_dh_gex_init{} = Msg, {key_exchange_dh_gex_init,serv send_bytes(NewKeys, State), {next_state, {new_keys,server,ReNeg}, State#state{ssh_params = Ssh}}; + %%% ######## {key_exchange_dh_gex_reply, client, init|renegotiate} #### handle_event(_, #ssh_msg_kex_dh_gex_reply{} = Msg, {key_exchange_dh_gex_reply,client,ReNeg}, @@ -422,6 +545,7 @@ handle_event(_, #ssh_msg_kex_dh_gex_reply{} = Msg, {key_exchange_dh_gex_reply,cl send_bytes(NewKeys, State), {next_state, {new_keys,client,ReNeg}, State#state{ssh_params = Ssh1}}; + %%% ######## {new_keys, client|server} #### handle_event(_, #ssh_msg_newkeys{} = Msg, {new_keys,client,init}, @@ -439,6 +563,7 @@ handle_event(_, #ssh_msg_newkeys{} = Msg, {new_keys,server,init}, handle_event(_, #ssh_msg_newkeys{}, {new_keys,Role,renegotiate}, S) -> {next_state, {connected,Role}, S}; + %%% ######## {service_request, client|server} handle_event(_, #ssh_msg_service_request{name = "ssh-userauth"} = Msg, {service_request,server}, @@ -458,6 +583,7 @@ handle_event(_, #ssh_msg_service_accept{name = "ssh-userauth"}, {service_request send_bytes(Msg, State), {next_state, {userauth,client}, State#state{auth_user = Ssh#ssh.user, ssh_params = Ssh}}; + %%% ######## {userauth, client|server} #### handle_event(_, #ssh_msg_userauth_request{service = "ssh-connection", @@ -465,7 +591,6 @@ handle_event(_, #ssh_msg_userauth_request{service = "ssh-connection", #state{ssh_params = #ssh{session_id = SessionId, service = "ssh-connection"} = Ssh0 } = State) -> -?IO_FORMAT('~p #ssh_msg_userauth_request{ssh-connection,~p}~n',[self(),Msg#ssh_msg_userauth_request.method]), {not_authorized, {_User, _Reason}, {Reply, Ssh}} = ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0), send_bytes(Reply, State), @@ -477,7 +602,6 @@ handle_event(_, #ssh_msg_userauth_request{service = "ssh-connection", service = "ssh-connection", peer = {_, Address}} = Ssh0, opts = Opts, starter = Pid} = State) -> -?IO_FORMAT('~p #ssh_msg_userauth_request{ssh-connection,~p}~n',[self(),Msg#ssh_msg_userauth_request.method]), case lists:member(Method, Ssh0#ssh.userauth_methods) of true -> case ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of @@ -485,23 +609,19 @@ handle_event(_, #ssh_msg_userauth_request{service = "ssh-connection", send_bytes(Reply, State), Pid ! ssh_connected, connected_fun(User, Address, Method, Opts), -?IO_FORMAT('~p CONNECTED!~n',[self()]), {next_state, {connected,server}, State#state{auth_user = User, ssh_params = Ssh#ssh{authenticated = true}}}; {not_authorized, {User, Reason}, {Reply, Ssh}} when Method == "keyboard-interactive" -> retry_fun(User, Address, Reason, Opts), send_bytes(Reply, State), -?IO_FORMAT('~p not_authorized (1)~n',[self()]), {next_state, {userauth_keyboard_interactive,server}, State#state{ssh_params = Ssh}}; {not_authorized, {User, Reason}, {Reply, Ssh}} -> retry_fun(User, Address, Reason, Opts), send_bytes(Reply, State), -?IO_FORMAT('~p not_authorized (2)~n',[self()]), {next_state, StateName, State#state{ssh_params = Ssh}} end; false -> %% At least one non-erlang client does like this. Retry as the next event -?IO_FORMAT('~p bug-fix~n',[self()]), {next_state, StateName, State, [{next_event, internal, Msg#ssh_msg_userauth_request{method="none"}}] } @@ -509,7 +629,6 @@ handle_event(_, #ssh_msg_userauth_request{service = "ssh-connection", handle_event(_, #ssh_msg_userauth_request{service = Service}, {userauth,server}=StateName, State) when Service =/= "ssh-connection" -> -?IO_FORMAT('~p #ssh_msg_userauth_request{~p,...}~n',[self(),Service]), Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, description = "Unknown service"}, disconnect(Msg, StateName, State); @@ -526,7 +645,6 @@ handle_event(_, #ssh_msg_userauth_failure{}, {userauth,client}=StateName, " authentication methods"}, disconnect(Msg, StateName, State); - handle_event(_, #ssh_msg_userauth_failure{authentications = Methods}, StateName={userauth,client}, #state{ssh_params = Ssh0 = #ssh{userauth_methods=AuthMthds}} = State) -> %% The prefered authentication method failed try next method @@ -559,6 +677,7 @@ handle_event(_, #ssh_msg_userauth_banner{message = Msg}, StateName={userauth,cli io:format("~s", [Msg]), {next_state, StateName, State}; + %%% ######## {userauth_keyboard_interactive, client|server} handle_event(_, #ssh_msg_userauth_info_request{} = Msg, {userauth_keyboard_interactive, client}, @@ -583,6 +702,7 @@ handle_event(_, #ssh_msg_userauth_info_response{} = Msg, {userauth_keyboard_inte send_bytes(Reply, State), {next_state, {userauth,server}, State#state{ssh_params = Ssh}} end; + handle_event(_, Msg = #ssh_msg_userauth_failure{}, {userauth_keyboard_interactive, client}, #state{ssh_params = Ssh0 = #ssh{userauth_preference=Prefs0}} = State) -> Prefs = [{Method,M,F,A} || {Method,M,F,A} <- Prefs0, @@ -600,6 +720,7 @@ handle_event(_, Msg=#ssh_msg_userauth_success{}, {userauth_keyboard_interactive_ handle_event(_, Msg=#ssh_msg_userauth_info_request{}, {userauth_keyboard_interactive_info_response, client}, S) -> {next_state, {userauth_keyboard_interactive,client}, S, [{next_event, internal, Msg}]}; + %%% ######## {connected, client|server} #### handle_event(_, {#ssh_msg_kexinit{},_} = Event, {connected,Role}, #state{ssh_params = Ssh0} = State0) -> @@ -703,6 +824,7 @@ handle_event(cast, data_size, {connected,Role}, #state{ssh_params=Ssh0} = State) _ -> {next_state, {connected,Role}, State} end; + handle_event(cast, data_size, StateName, State) -> %% Already in key-exchange so safe to ignore {next_state, StateName, State}; @@ -817,16 +939,14 @@ handle_event({call,_}, _, StateName, State) when StateName /= {connected,server} handle_event({call,From}, {request, ChannelPid, ChannelId, Type, Data, Timeout}, StateName={connected,_}, State0) -> State = handle_request(ChannelPid, ChannelId, Type, Data, true, From, State0), - %% Note reply to channel will happen later when - %% reply is recived from peer on the socket + %% Note reply to channel will happen later when reply is recived from peer on the socket start_timeout(ChannelId, From, Timeout), handle_idle_timeout(State), {next_state, StateName, State}; handle_event({call,From}, {request, ChannelId, Type, Data, Timeout}, StateName={connected,_}, State0) -> State = handle_request(ChannelId, Type, Data, true, From, State0), - %% Note reply to channel will happen later when - %% reply is recived from peer on the socket + %% Note reply to channel will happen later when reply is recived from peer on the socket start_timeout(ChannelId, From, Timeout), handle_idle_timeout(State), {next_state, StateName, State}; @@ -860,11 +980,12 @@ handle_event({call,From}, {eof, ChannelId}, StateName={connected,_}, {next_state, StateName, State0, [{reply,From,{error,closed}}]} end; -handle_event({call,From}, {open, ChannelPid, Type, InitialWindowSize, MaxPacketSize, Data, Timeout}, - StateName={connected,_}, +handle_event({call,From}, + {open, ChannelPid, Type, InitialWindowSize, MaxPacketSize, Data, Timeout}, + StateName = {connected,_}, #state{connection_state = #connection{channel_cache = Cache}} = State0) -> erlang:monitor(process, ChannelPid), - {ChannelId, State1} = new_channel_id(State0), + {ChannelId, State1} = new_channel_id(State0), Msg = ssh_connection:channel_open_msg(Type, ChannelId, InitialWindowSize, MaxPacketSize, Data), @@ -934,7 +1055,6 @@ handle_event(info, {Protocol, Socket, Data}, StateName, State0 = encoded_data_buffer = EncData0, undecoded_packet_length = RemainingSshPacketLen0, ssh_params = Ssh0}) -> -?IO_FORMAT('~p Recv tcp~n',[self()]), Encoded = <>, try ssh_transport:handle_packet_part(DecData0, Encoded, RemainingSshPacketLen0, Ssh0) of @@ -995,10 +1115,8 @@ handle_event(internal, prepare_next_packet, StateName, State) -> Enough = erlang:max(8, State#state.ssh_params#ssh.decrypt_block_size), case size(State#state.encoded_data_buffer) of Sz when Sz >= Enough -> -?IO_FORMAT('~p Send <<>> to self~n',[self()]), self() ! {State#state.transport_protocol, State#state.socket, <<>>}; _ -> -?IO_FORMAT('~p Set active_once~n',[self()]), inet:setopts(State#state.socket, [{active, once}]) end, {next_state, StateName, State}; @@ -1088,62 +1206,45 @@ handle_event(Type, Ev, StateName, State) -> disconnect(Msg, StateName, State) end. + %%-------------------------------------------------------------------- + +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + terminate(normal, StateName, State) -> - ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,normal,StateName]), - normal_termination(StateName, State); + finalize_termination(StateName, State); terminate({shutdown,{init,Reason}}, StateName, State) -> - ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,{shutdown,{init,Reason}},StateName]), error_logger:info_report(io_lib:format("Erlang ssh in connection handler init: ~p~n",[Reason])), - normal_termination(StateName, State); + finalize_termination(StateName, State); -terminate(shutdown, StateName, State) -> +terminate(shutdown, StateName, State0) -> %% Terminated by supervisor - ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,shutdown,StateName]), - normal_termination(StateName, - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, - description = "Application shutdown"}, - State); + State = send_msg(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + description = "Application shutdown"}, + State0), +timer:sleep(400), %% FIXME!!! gen_tcp:shutdown instead + finalize_termination(StateName, State); -%% terminate({shutdown,Msg}, StateName, State) when is_record(Msg,ssh_msg_disconnect)-> -%% ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,{shutdown,Msg},StateName]), -%% normal_termination(StateName, Msg, State); +%% terminate({shutdown,Msg}, StateName, State0) when is_record(Msg,ssh_msg_disconnect)-> +%% State = send_msg(Msg, State0), +%% timer:sleep(400), %% FIXME!!! gen_tcp:shutdown instead +%% finalize_termination(StateName, Msg, State); terminate({shutdown,_R}, StateName, State) -> - ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,{shutdown,_R},StateName]), - normal_termination(StateName, State); + finalize_termination(StateName, State); -terminate(Reason, StateName, State) -> +terminate(Reason, StateName, State0) -> %% Others, e.g undef, {badmatch,_} - ?IO_FORMAT('~p ~p:~p terminate ~p ~p~n',[self(),?MODULE,?LINE,Reason,StateName]), log_error(Reason), - normal_termination(StateName, - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + State = send_msg(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, description = "Internal error"}, - State). + State0), + finalize_termination(StateName, State). +%%-------------------------------------------------------------------- -normal_termination(StateName, Msg, State0) -> - State = send_msg(Msg,State0), -timer:sleep(400), %% FIXME!!! gen_tcp:shutdown instead - normal_termination(StateName, State). - -normal_termination(_StateName, #state{transport_cb = Transport, - connection_state = Connection, - socket = Socket}) -> - ?IO_FORMAT('~p ~p:~p normal_termination in state ~p~n',[self(),?MODULE,?LINE,_StateName]), - terminate_subsystem(Connection), - (catch Transport:close(Socket)), - ok. - - -terminate_subsystem(#connection{system_supervisor = SysSup, - sub_system_supervisor = SubSysSup}) when is_pid(SubSysSup) -> - ssh_system_sup:stop_subsystem(SysSup, SubSysSup); -terminate_subsystem(_) -> - ok. - +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . format_status(normal, [_, _StateName, State]) -> [{data, [{"State", State}]}]; @@ -1176,20 +1277,29 @@ format_status(terminate, [_, _StateName, State]) -> }}]}]. +%%-------------------------------------------------------------------- + +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + code_change(_OldVsn, StateName, State, _Extra) -> {ok, StateName, State}. -%%-------------------------------------------------------------------- -%%% Internal functions -%%-------------------------------------------------------------------- -%% StateName to Role -role({_,Role}) -> Role; -role({_,Role,_}) -> Role. +%%==================================================================== +%% Internal functions +%%==================================================================== -renegotiation({_,_,ReNeg}) -> ReNeg == renegotiation; -renegotiation(_) -> false. +%%-------------------------------------------------------------------- +%% Starting +start_the_connection_child(UserPid, Role, Socket, Options) -> + Sups = proplists:get_value(supervisors, Options), + ConnectionSup = proplists:get_value(connection_sup, Sups), + Opts = [{supervisors, Sups}, {user_pid, UserPid} | proplists:get_value(ssh_opts, Options, [])], + {ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]), + {_, Callback, _} = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), + socket_control(Socket, Pid, Callback), + Pid. init_role(client, #state{opts = Opts} = State0) -> @@ -1200,6 +1310,7 @@ init_role(client, #state{opts = Opts} = State0) -> [self(), data_size]), State0#state{starter = Pid, idle_timer_ref = TimerRef}; + init_role(server, #state{opts = Opts, connection_state = Connection} = State) -> Sups = proplists:get_value(supervisors, Opts), Pid = proplists:get_value(user_pid, Opts), @@ -1209,13 +1320,137 @@ init_role(server, #state{opts = Opts, connection_state = Connection} = State) -> Shell = proplists:get_value(shell, Opts), Exec = proplists:get_value(exec, Opts), CliSpec = proplists:get_value(ssh_cli, Opts, {ssh_cli, [Shell]}), - State#state{starter = Pid, connection_state = Connection#connection{ - cli_spec = CliSpec, - exec = Exec, - system_supervisor = SystemSup, - sub_system_supervisor = SubSystemSup, - connection_supervisor = ConnectionSup - }}. + State#state{starter = Pid, + connection_state = Connection#connection{ + cli_spec = CliSpec, + exec = Exec, + system_supervisor = SystemSup, + sub_system_supervisor = SubSystemSup, + connection_supervisor = ConnectionSup + }}. + + +%% init_ssh_record(client = Role, Vsn, Version, Options, Socket) -> +%% IOCb = case proplists:get_value(user_interaction, Options, true) of +%% true -> +%% ssh_io; +%% false -> +%% ssh_no_io +%% end, + +%% AuthMethods = proplists:get_value(auth_methods, Options, +%% ?SUPPORTED_AUTH_METHODS), +%% {ok, PeerAddr} = inet:peername(Socket), + +%% PeerName = proplists:get_value(host, Options), +%% KeyCb = proplists:get_value(key_cb, Options, ssh_file), + +%% #ssh{role = Role, +%% c_vsn = Vsn, +%% c_version = Version, +%% key_cb = KeyCb, +%% io_cb = IOCb, +%% userauth_quiet_mode = proplists:get_value(quiet_mode, Options, false), +%% opts = Options, +%% userauth_supported_methods = AuthMethods, +%% peer = {PeerName, PeerAddr}, +%% available_host_keys = supported_host_keys(Role, KeyCb, Options), +%% random_length_padding = proplists:get_value(max_random_length_padding, +%% Options, +%% (#ssh{})#ssh.random_length_padding) +%% }; + +%% init_ssh_record(server = Role, Vsn, Version, Options, Socket) -> +%% AuthMethods = proplists:get_value(auth_methods, Options, +%% ?SUPPORTED_AUTH_METHODS), +%% AuthMethodsAsList = string:tokens(AuthMethods, ","), +%% {ok, PeerAddr} = inet:peername(Socket), +%% KeyCb = proplists:get_value(key_cb, Options, ssh_file), + +%% #ssh{role = Role, +%% s_vsn = Vsn, +%% s_version = Version, +%% key_cb = KeyCb, +%% io_cb = proplists:get_value(io_cb, Options, ssh_io), +%% opts = Options, +%% userauth_supported_methods = AuthMethods, +%% userauth_methods = AuthMethodsAsList, +%% kb_tries_left = 3, +%% peer = {undefined, PeerAddr}, +%% available_host_keys = supported_host_keys(Role, KeyCb, Options), +%% random_length_padding = proplists:get_value(max_random_length_padding, +%% Options, +%% (#ssh{})#ssh.random_length_padding) +%% }. + + +init_ssh_record(Role, Vsn, Version, Options, Socket) -> + {ok, PeerAddr} = inet:peername(Socket), + KeyCb = proplists:get_value(key_cb, Options, ssh_file), + AuthMethods = proplists:get_value(auth_methods, Options, ?SUPPORTED_AUTH_METHODS), + + S0 = #ssh{role = Role, + key_cb = KeyCb, + opts = Options, + userauth_supported_methods = AuthMethods, + available_host_keys = supported_host_keys(Role, KeyCb, Options), + random_length_padding = proplists:get_value(max_random_length_padding, + Options, + (#ssh{})#ssh.random_length_padding) + }, + + case Role of + client -> + PeerName = proplists:get_value(host, Options), + S0#ssh{c_vsn = Vsn, + c_version = Version, + io_cb = case proplists:get_value(user_interaction, Options, true) of + true -> ssh_io; + false -> ssh_no_io + end, + userauth_quiet_mode = proplists:get_value(quiet_mode, Options, false), + peer = {PeerName, PeerAddr} + }; + + server -> + S0#ssh{s_vsn = Vsn, + s_version = Version, + io_cb = proplists:get_value(io_cb, Options, ssh_io), + userauth_methods = string:tokens(AuthMethods, ","), + kb_tries_left = 3, + peer = {undefined, PeerAddr} + } + end. + + + +%%-------------------------------------------------------------------- +%% Stopping + +finalize_termination(_StateName, #state{transport_cb = Transport, + connection_state = Connection, + socket = Socket}) -> + case Connection of + #connection{system_supervisor = SysSup, + sub_system_supervisor = SubSysSup} when is_pid(SubSysSup) -> + ssh_system_sup:stop_subsystem(SysSup, SubSysSup); + _ -> + do_nothing + end, + (catch Transport:close(Socket)), + ok. + + + + +%% StateName to Role +role({_,Role}) -> Role; +role({_,Role,_}) -> Role. + + +renegotiation({_,_,ReNeg}) -> ReNeg == renegotiation; +renegotiation(_) -> false. + get_idle_time(SshOptions) -> case proplists:get_value(idle_time, SshOptions) of @@ -1225,59 +1460,6 @@ get_idle_time(SshOptions) -> undefined end. -init_ssh(client = Role, Vsn, Version, Options, Socket) -> - IOCb = case proplists:get_value(user_interaction, Options, true) of - true -> - ssh_io; - false -> - ssh_no_io - end, - - AuthMethods = proplists:get_value(auth_methods, Options, - ?SUPPORTED_AUTH_METHODS), - {ok, PeerAddr} = inet:peername(Socket), - - PeerName = proplists:get_value(host, Options), - KeyCb = proplists:get_value(key_cb, Options, ssh_file), - - #ssh{role = Role, - c_vsn = Vsn, - c_version = Version, - key_cb = KeyCb, - io_cb = IOCb, - userauth_quiet_mode = proplists:get_value(quiet_mode, Options, false), - opts = Options, - userauth_supported_methods = AuthMethods, - peer = {PeerName, PeerAddr}, - available_host_keys = supported_host_keys(Role, KeyCb, Options), - random_length_padding = proplists:get_value(max_random_length_padding, - Options, - (#ssh{})#ssh.random_length_padding) - }; - -init_ssh(server = Role, Vsn, Version, Options, Socket) -> - AuthMethods = proplists:get_value(auth_methods, Options, - ?SUPPORTED_AUTH_METHODS), - AuthMethodsAsList = string:tokens(AuthMethods, ","), - {ok, PeerAddr} = inet:peername(Socket), - KeyCb = proplists:get_value(key_cb, Options, ssh_file), - - #ssh{role = Role, - s_vsn = Vsn, - s_version = Version, - key_cb = KeyCb, - io_cb = proplists:get_value(io_cb, Options, ssh_io), - opts = Options, - userauth_supported_methods = AuthMethods, - userauth_methods = AuthMethodsAsList, - kb_tries_left = 3, - peer = {undefined, PeerAddr}, - available_host_keys = supported_host_keys(Role, KeyCb, Options), - random_length_padding = proplists:get_value(max_random_length_padding, - Options, - (#ssh{})#ssh.random_length_padding) - }. - supported_host_keys(client, _, Options) -> try case proplists:get_value(public_key, @@ -1316,10 +1498,7 @@ send_msg(Msg, State=#state{ssh_params=Ssh0}) when is_tuple(Msg) -> State#state{ssh_params=Ssh}. send_bytes(Bytes, #state{socket = Socket, transport_cb = Transport}) -> - R = Transport:send(Socket, Bytes), -?IO_FORMAT('~p send_bytes ~p~n',[self(),R]), - R. - + Transport:send(Socket, Bytes). handle_version({2, 0} = NumVsn, StrVsn, Ssh0) -> Ssh = counterpart_versions(NumVsn, StrVsn, Ssh0), @@ -1516,38 +1695,9 @@ new_channel_id(#state{connection_state = #connection{channel_id_seed = Id} = {Id, State#state{connection_state = Connection#connection{channel_id_seed = Id + 1}}}. -prepare_for_next_packet(State = #state{transport_protocol = Protocol, - socket = Socket}, - Ssh, EncDataRest) -> - case size(EncDataRest) >= erlang:max(8, Ssh#ssh.decrypt_block_size) of - true -> - %% Enough data from the next packet has been received to - %% decode the length indicator, fake a socket-recive - %% message so that the data will be processed - self() ! {Protocol, Socket, <<>>}; - false -> - inet:setopts(Socket, [{active, once}]) - end, - State#state{ssh_params = - Ssh#ssh{recv_sequence = ssh_transport:next_seqnum(Ssh#ssh.recv_sequence)}, - decoded_data_buffer = <<>>, - undecoded_packet_length = undefined, - encoded_data_buffer = EncDataRest}. - %%%---------------------------------------------------------------- -%%% Some other module has decided to disconnect: -disconnect(Msg = #ssh_msg_disconnect{}) -> - throw({keep_state_and_data, - [{next_event, internal, {disconnect, Msg, Msg#ssh_msg_disconnect.description}}]}). - -disconnect(Msg = #ssh_msg_disconnect{}, ExtraInfo) -> - throw({keep_state_and_data, - [{next_event, internal, {disconnect, Msg, {Msg#ssh_msg_disconnect.description,ExtraInfo}}}]}). - - %% %%% This server/client has decided to disconnect via the state machine: disconnect(Msg=#ssh_msg_disconnect{description=Description}, _StateName, State0) -> - ?IO_FORMAT('~p ~p:~p disconnect ~p ~p~n',[self(),?MODULE,?LINE,Msg,_StateName]), State = send_msg(Msg, State0), disconnect_fun(Description, State#state.opts), timer:sleep(400), @@ -1652,7 +1802,7 @@ send_replies(Repls, State) -> get_repl({connection_reply,Msg}, {CallRepls,S}) -> {CallRepls, send_msg(Msg,S)}; -get_repl({channel_data,undefined,Data}, Acc) -> +get_repl({channel_data,undefined,_Data}, Acc) -> Acc; get_repl({channel_data,Pid,Data}, Acc) -> Pid ! {ssh_cm, self(), Data}, -- cgit v1.2.3 From c37f0b1ccb54fd76311259eaa747424d77e76559 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 15 Apr 2016 10:57:23 +0200 Subject: ssh: refactor connection handler initialization --- lib/ssh/src/ssh_connection_handler.erl | 339 ++++++++++++++------------------- lib/ssh/test/ssh_trpt_test_lib.erl | 9 +- 2 files changed, 150 insertions(+), 198 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 1a2cdb6f87..6d5cd3f262 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -39,6 +39,7 @@ %%% Exports %%==================================================================== +%%% Start and stop -export([start_link/3, stop/1 ]). @@ -54,40 +55,19 @@ info/1, info/2, connection_info/2, channel_info/3, - adjust_window/3, close/2, renegotiate/1, renegotiate_data/1, + adjust_window/3, close/2, disconnect/1, disconnect/2, get_print_info/1 ]). -%%% gen_statem callbacks --export([init/1, handle_event/4, terminate/3, format_status/2, code_change/4]). +%%% Behaviour callbacks +-export([handle_event/4, terminate/3, format_status/2, code_change/4]). -%%==================================================================== -%% Process state -%%==================================================================== --record(state, { - starter, - auth_user, - connection_state, - latest_channel_id = 0, - idle_timer_ref, - transport_protocol, % ex: tcp - transport_cb, - transport_close_tag, - ssh_params, % #ssh{} - from ssh.hrl - socket, % socket() - decoded_data_buffer, % binary() - encoded_data_buffer, % binary() - undecoded_packet_length, % integer() - key_exchange_init_msg, % #ssh_msg_kexinit{} - last_size_rekey = 0, - event_queue = [], - connection_queue, - address, - port, - opts, - recbuf - }). +%%% Exports not intended to be used :) +-export([init_connection_handler/3, % proc_lib:spawn needs this + init_ssh_record/3, % Export intended for low level protocol test suites + renegotiate/1, renegotiate_data/1 % Export intended for test cases + ]). %%==================================================================== %% Start / stop @@ -99,7 +79,7 @@ ) -> {ok, pid()}. %% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . start_link(Role, Socket, Options) -> - {ok, proc_lib:spawn_link(?MODULE, init, [[Role, Socket, Options]])}. + {ok, proc_lib:spawn_link(?MODULE, init_connection_handler, [Role, Socket, Options])}. %%-------------------------------------------------------------------- @@ -352,53 +332,149 @@ close(ConnectionHandler, ChannelId) -> end. %%==================================================================== -%% gen_statem callbacks +%% Internal process state %%==================================================================== -%%-------------------------------------------------------------------- +-record(state, { + starter :: pid(), + auth_user :: string(), + connection_state :: #connection{}, + latest_channel_id = 0 :: non_neg_integer(), + idle_timer_ref :: infinity | reference(), + transport_protocol :: atom(), % ex: tcp + transport_cb :: atom(), % ex: gen_tcp + transport_close_tag :: atom(), % ex: tcp_closed + ssh_params :: #ssh{}, + socket :: inet:socket(), + decoded_data_buffer :: binary(), + encoded_data_buffer :: binary(), + undecoded_packet_length :: non_neg_integer(), + key_exchange_init_msg :: #ssh_msg_kexinit{}, + last_size_rekey = 0 :: non_neg_integer(), + event_queue = [] :: list(), + opts :: proplists:proplist(), + recbuf :: pos_integer() + }). +%%==================================================================== +%% Intitialisation +%%==================================================================== +%%-------------------------------------------------------------------- +-spec init_connection_handler(role(), + inet:socket(), + proplists:proplist() + ) -> no_return(). %% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - -init([Role, Socket, SshOpts]) -> +init_connection_handler(Role, Socket, Opts) -> process_flag(trap_exit, true), - {NumVsn, StrVsn} = ssh_transport:versions(Role, SshOpts), - {Protocol, Callback, CloseTag} = - proplists:get_value(transport, SshOpts, {tcp, gen_tcp, tcp_closed}), - Cache = ssh_channel:cache_create(), - State = - init_role(Role, - #state{ - connection_state = #connection{channel_cache = Cache, - channel_id_seed = 0, - port_bindings = [], - requests = [], - options = SshOpts}, - socket = Socket, - decoded_data_buffer = <<>>, - encoded_data_buffer = <<>>, - transport_protocol = Protocol, - transport_cb = Callback, - transport_close_tag = CloseTag, - opts = SshOpts - }), - - try init_ssh_record(Role, NumVsn, StrVsn, SshOpts, Socket) of - Ssh -> - gen_statem:enter_loop(?MODULE, - [], %%[{debug,[trace,log,statistics,debug]} || Role==server], - handle_event_function, - {hello,Role}, - State#state{ssh_params = Ssh}, - []) + S0 = init_process_state(Role, Socket, Opts), + try + {Protocol, Callback, CloseTag} = + proplists:get_value(transport, Opts, {tcp, gen_tcp, tcp_closed}), + S0#state{ssh_params = init_ssh_record(Role, Socket, Opts), + transport_protocol = Protocol, + transport_cb = Callback, + transport_close_tag = CloseTag + } + of + S -> gen_statem:enter_loop(?MODULE, + [], %%[{debug,[trace,log,statistics,debug]} || Role==server], + handle_event_function, + {hello,Role}, + S, + []) catch - _:Error -> - gen_statem:enter_loop(?MODULE, - [], - handle_event_function, - {init_error,Error}, - State, - []) + _:Error -> init_error(Error, S0) + end. + + +init_error(Error, S) -> + gen_statem:enter_loop(?MODULE, [], handle_event_function, {init_error,Error}, S, []). + + +init_process_state(Role, Socket, Opts) -> + S = #state{connection_state = + C = #connection{channel_cache = ssh_channel:cache_create(), + channel_id_seed = 0, + port_bindings = [], + requests = [], + options = Opts}, + starter = proplists:get_value(user_pid, Opts), + socket = Socket, + decoded_data_buffer = <<>>, + encoded_data_buffer = <<>>, + opts = Opts + }, + case Role of + client -> + TimerRef = get_idle_time(Opts), + timer:apply_after(?REKEY_TIMOUT, gen_statem, cast, [self(), renegotiate]), + timer:apply_after(?REKEY_DATA_TIMOUT, gen_statem, cast, [self(), data_size]), + S#state{idle_timer_ref = TimerRef}; + + server -> + S#state{connection_state = init_connection(Role, C, Opts)} + end. + + +init_connection(server, C = #connection{}, Opts) -> + Sups = proplists:get_value(supervisors, Opts), + SystemSup = proplists:get_value(system_sup, Sups), + SubSystemSup = proplists:get_value(subsystem_sup, Sups), + ConnectionSup = proplists:get_value(connection_sup, Sups), + Shell = proplists:get_value(shell, Opts), + Exec = proplists:get_value(exec, Opts), + CliSpec = proplists:get_value(ssh_cli, Opts, {ssh_cli, [Shell]}), + C#connection{cli_spec = CliSpec, + exec = Exec, + system_supervisor = SystemSup, + sub_system_supervisor = SubSystemSup, + connection_supervisor = ConnectionSup + }. + + +init_ssh_record(Role, Socket, Opts) -> + {ok, PeerAddr} = inet:peername(Socket), + KeyCb = proplists:get_value(key_cb, Opts, ssh_file), + AuthMethods = proplists:get_value(auth_methods, Opts, ?SUPPORTED_AUTH_METHODS), + S0 = #ssh{role = Role, + key_cb = KeyCb, + opts = Opts, + userauth_supported_methods = AuthMethods, + available_host_keys = supported_host_keys(Role, KeyCb, Opts), + random_length_padding = proplists:get_value(max_random_length_padding, + Opts, + (#ssh{})#ssh.random_length_padding) + }, + + {Vsn, Version} = ssh_transport:versions(Role, Opts), + case Role of + client -> + PeerName = proplists:get_value(host, Opts), + S0#ssh{c_vsn = Vsn, + c_version = Version, + io_cb = case proplists:get_value(user_interaction, Opts, true) of + true -> ssh_io; + false -> ssh_no_io + end, + userauth_quiet_mode = proplists:get_value(quiet_mode, Opts, false), + peer = {PeerName, PeerAddr} + }; + + server -> + S0#ssh{s_vsn = Vsn, + s_version = Version, + io_cb = proplists:get_value(io_cb, Opts, ssh_io), + userauth_methods = string:tokens(AuthMethods, ","), + kb_tries_left = 3, + peer = {undefined, PeerAddr} + } end. + + +%%==================================================================== +%% gen_statem callbacks +%%==================================================================== %%-------------------------------------------------------------------- %% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @@ -1301,129 +1377,6 @@ start_the_connection_child(UserPid, Role, Socket, Options) -> socket_control(Socket, Pid, Callback), Pid. - -init_role(client, #state{opts = Opts} = State0) -> - Pid = proplists:get_value(user_pid, Opts), - TimerRef = get_idle_time(Opts), - timer:apply_after(?REKEY_TIMOUT, gen_statem, cast, [self(), renegotiate]), - timer:apply_after(?REKEY_DATA_TIMOUT, gen_statem, cast, - [self(), data_size]), - State0#state{starter = Pid, - idle_timer_ref = TimerRef}; - -init_role(server, #state{opts = Opts, connection_state = Connection} = State) -> - Sups = proplists:get_value(supervisors, Opts), - Pid = proplists:get_value(user_pid, Opts), - SystemSup = proplists:get_value(system_sup, Sups), - SubSystemSup = proplists:get_value(subsystem_sup, Sups), - ConnectionSup = proplists:get_value(connection_sup, Sups), - Shell = proplists:get_value(shell, Opts), - Exec = proplists:get_value(exec, Opts), - CliSpec = proplists:get_value(ssh_cli, Opts, {ssh_cli, [Shell]}), - State#state{starter = Pid, - connection_state = Connection#connection{ - cli_spec = CliSpec, - exec = Exec, - system_supervisor = SystemSup, - sub_system_supervisor = SubSystemSup, - connection_supervisor = ConnectionSup - }}. - - -%% init_ssh_record(client = Role, Vsn, Version, Options, Socket) -> -%% IOCb = case proplists:get_value(user_interaction, Options, true) of -%% true -> -%% ssh_io; -%% false -> -%% ssh_no_io -%% end, - -%% AuthMethods = proplists:get_value(auth_methods, Options, -%% ?SUPPORTED_AUTH_METHODS), -%% {ok, PeerAddr} = inet:peername(Socket), - -%% PeerName = proplists:get_value(host, Options), -%% KeyCb = proplists:get_value(key_cb, Options, ssh_file), - -%% #ssh{role = Role, -%% c_vsn = Vsn, -%% c_version = Version, -%% key_cb = KeyCb, -%% io_cb = IOCb, -%% userauth_quiet_mode = proplists:get_value(quiet_mode, Options, false), -%% opts = Options, -%% userauth_supported_methods = AuthMethods, -%% peer = {PeerName, PeerAddr}, -%% available_host_keys = supported_host_keys(Role, KeyCb, Options), -%% random_length_padding = proplists:get_value(max_random_length_padding, -%% Options, -%% (#ssh{})#ssh.random_length_padding) -%% }; - -%% init_ssh_record(server = Role, Vsn, Version, Options, Socket) -> -%% AuthMethods = proplists:get_value(auth_methods, Options, -%% ?SUPPORTED_AUTH_METHODS), -%% AuthMethodsAsList = string:tokens(AuthMethods, ","), -%% {ok, PeerAddr} = inet:peername(Socket), -%% KeyCb = proplists:get_value(key_cb, Options, ssh_file), - -%% #ssh{role = Role, -%% s_vsn = Vsn, -%% s_version = Version, -%% key_cb = KeyCb, -%% io_cb = proplists:get_value(io_cb, Options, ssh_io), -%% opts = Options, -%% userauth_supported_methods = AuthMethods, -%% userauth_methods = AuthMethodsAsList, -%% kb_tries_left = 3, -%% peer = {undefined, PeerAddr}, -%% available_host_keys = supported_host_keys(Role, KeyCb, Options), -%% random_length_padding = proplists:get_value(max_random_length_padding, -%% Options, -%% (#ssh{})#ssh.random_length_padding) -%% }. - - -init_ssh_record(Role, Vsn, Version, Options, Socket) -> - {ok, PeerAddr} = inet:peername(Socket), - KeyCb = proplists:get_value(key_cb, Options, ssh_file), - AuthMethods = proplists:get_value(auth_methods, Options, ?SUPPORTED_AUTH_METHODS), - - S0 = #ssh{role = Role, - key_cb = KeyCb, - opts = Options, - userauth_supported_methods = AuthMethods, - available_host_keys = supported_host_keys(Role, KeyCb, Options), - random_length_padding = proplists:get_value(max_random_length_padding, - Options, - (#ssh{})#ssh.random_length_padding) - }, - - case Role of - client -> - PeerName = proplists:get_value(host, Options), - S0#ssh{c_vsn = Vsn, - c_version = Version, - io_cb = case proplists:get_value(user_interaction, Options, true) of - true -> ssh_io; - false -> ssh_no_io - end, - userauth_quiet_mode = proplists:get_value(quiet_mode, Options, false), - peer = {PeerName, PeerAddr} - }; - - server -> - S0#ssh{s_vsn = Vsn, - s_version = Version, - io_cb = proplists:get_value(io_cb, Options, ssh_io), - userauth_methods = string:tokens(AuthMethods, ","), - kb_tries_left = 3, - peer = {undefined, PeerAddr} - } - end. - - - %%-------------------------------------------------------------------- %% Stopping diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl index 4269529ae8..e34071af99 100644 --- a/lib/ssh/test/ssh_trpt_test_lib.erl +++ b/lib/ssh/test/ssh_trpt_test_lib.erl @@ -294,12 +294,11 @@ instantiate(X, _S) -> %%%================================================================ %%% init_ssh(Role, Socket, Options0) -> - Options = [{user_interaction,false} + Options = [{user_interaction, false}, + {vsn, {2,0}}, + {id_string, "ErlangTestLib"} | Options0], - ssh_connection_handler:init_ssh(Role, - {2,0}, - lists:concat(["SSH-2.0-ErlangTestLib ",Role]), - Options, Socket). + ssh_connection_handler:init_ssh_record(Role, Socket, Options). mangle_opts(Options) -> SysOpts = [{reuseaddr, true}, -- cgit v1.2.3 From e21bebd0550c46cbb5d207bdbe4624f727191fda Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 15 Apr 2016 14:47:04 +0200 Subject: ssh: change #state to #data --- lib/ssh/src/ssh_connection_handler.erl | 288 ++++++++++++++++----------------- 1 file changed, 144 insertions(+), 144 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 6d5cd3f262..2468791c20 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -334,7 +334,7 @@ close(ConnectionHandler, ChannelId) -> %%==================================================================== %% Internal process state %%==================================================================== --record(state, { +-record(data, { starter :: pid(), auth_user :: string(), connection_state :: #connection{}, @@ -370,7 +370,7 @@ init_connection_handler(Role, Socket, Opts) -> try {Protocol, Callback, CloseTag} = proplists:get_value(transport, Opts, {tcp, gen_tcp, tcp_closed}), - S0#state{ssh_params = init_ssh_record(Role, Socket, Opts), + S0#data{ssh_params = init_ssh_record(Role, Socket, Opts), transport_protocol = Protocol, transport_cb = Callback, transport_close_tag = CloseTag @@ -392,7 +392,7 @@ init_error(Error, S) -> init_process_state(Role, Socket, Opts) -> - S = #state{connection_state = + S = #data{connection_state = C = #connection{channel_cache = ssh_channel:cache_create(), channel_id_seed = 0, port_bindings = [], @@ -409,10 +409,10 @@ init_process_state(Role, Socket, Opts) -> TimerRef = get_idle_time(Opts), timer:apply_after(?REKEY_TIMOUT, gen_statem, cast, [self(), renegotiate]), timer:apply_after(?REKEY_DATA_TIMOUT, gen_statem, cast, [self(), data_size]), - S#state{idle_timer_ref = TimerRef}; + S#data{idle_timer_ref = TimerRef}; server -> - S#state{connection_state = init_connection(Role, C, Opts)} + S#data{connection_state = init_connection(Role, C, Opts)} end. @@ -494,19 +494,19 @@ handle_event(_, _Event, {init_error,OtherError}, _State) -> %%% ######## {hello, client|server} #### -handle_event(_, socket_control, StateName={hello,_}, S=#state{socket=Socket, +handle_event(_, socket_control, StateName={hello,_}, S=#data{socket=Socket, ssh_params=Ssh}) -> VsnMsg = ssh_transport:hello_version_msg(string_version(Ssh)), send_bytes(VsnMsg, S), case getopt(recbuf, Socket) of {ok, Size} -> inet:setopts(Socket, [{packet, line}, {active, once}, {recbuf, ?MAX_PROTO_VERSION}, {nodelay,true}]), - {next_state, StateName, S#state{recbuf=Size}}; + {next_state, StateName, S#data{recbuf=Size}}; {error, Reason} -> {stop, {shutdown,Reason}} end; -handle_event(_, {info_line,_Line}, StateName={hello,client}, S=#state{socket=Socket}) -> +handle_event(_, {info_line,_Line}, StateName={hello,client}, S=#data{socket=Socket}) -> %% The server may send info lines before the version_exchange inet:setopts(Socket, [{active, once}]), {next_state, StateName, S}; @@ -516,7 +516,7 @@ handle_event(_, {info_line,_Line}, {hello,server}, S) -> send_bytes("Protocol mismatch.", S), {stop, {shutdown,"Protocol mismatch in version exchange."}}; -handle_event(_, {version_exchange,Version}, {hello,Role}, S=#state{ssh_params = Ssh0, +handle_event(_, {version_exchange,Version}, {hello,Role}, S=#data{ssh_params = Ssh0, socket = Socket, recbuf = Size}) -> {NumVsn, StrVsn} = ssh_transport:handle_hello_version(Version), @@ -525,7 +525,7 @@ handle_event(_, {version_exchange,Version}, {hello,Role}, S=#state{ssh_params = inet:setopts(Socket, [{packet,0}, {mode,binary}, {active, once}, {recbuf, Size}]), {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh1), send_bytes(SshPacket, S), - {next_state, {kexinit,Role,init}, S#state{ssh_params = Ssh, + {next_state, {kexinit,Role,init}, S#data{ssh_params = Ssh, key_exchange_init_msg = KeyInitMsg}}; not_supported -> disconnect( @@ -538,103 +538,103 @@ handle_event(_, {version_exchange,Version}, {hello,Role}, S=#state{ssh_params = %%% ######## {kexinit, client|server, init|renegotiate} #### handle_event(_, {#ssh_msg_kexinit{} = Kex, Payload}, {kexinit,client,ReNeg}, - S = #state{ssh_params = Ssh0, + S = #data{ssh_params = Ssh0, key_exchange_init_msg = OwnKex}) -> Ssh1 = ssh_transport:key_init(server, Ssh0, Payload), % Yes, *server* {ok, NextKexMsg, Ssh} = ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1), send_bytes(NextKexMsg, S), - {next_state, {key_exchange,client,ReNeg}, S#state{ssh_params = Ssh}}; + {next_state, {key_exchange,client,ReNeg}, S#data{ssh_params = Ssh}}; handle_event(_, {#ssh_msg_kexinit{} = Kex, Payload}, {kexinit,server,ReNeg}, - S = #state{ssh_params = Ssh0, + S = #data{ssh_params = Ssh0, key_exchange_init_msg = OwnKex}) -> Ssh1 = ssh_transport:key_init(client, Ssh0, Payload), % Yes, *client* {ok, Ssh} = ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1), - {next_state, {key_exchange,server,ReNeg}, S#state{ssh_params = Ssh}}; + {next_state, {key_exchange,server,ReNeg}, S#data{ssh_params = Ssh}}; %%% ######## {key_exchange, client|server, init|renegotiate} #### handle_event(_, #ssh_msg_kexdh_init{} = Msg, {key_exchange,server,ReNeg}, - S = #state{ssh_params = Ssh0}) -> + S = #data{ssh_params = Ssh0}) -> {ok, KexdhReply, Ssh1} = ssh_transport:handle_kexdh_init(Msg, Ssh0), send_bytes(KexdhReply, S), {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), send_bytes(NewKeys, S), - {next_state, {new_keys,server,ReNeg}, S#state{ssh_params = Ssh}}; + {next_state, {new_keys,server,ReNeg}, S#data{ssh_params = Ssh}}; handle_event(_, #ssh_msg_kexdh_reply{} = Msg, {key_exchange,client,ReNeg}, - #state{ssh_params=Ssh0} = State) -> + #data{ssh_params=Ssh0} = State) -> {ok, NewKeys, Ssh} = ssh_transport:handle_kexdh_reply(Msg, Ssh0), send_bytes(NewKeys, State), - {next_state, {new_keys,client,ReNeg}, State#state{ssh_params = Ssh}}; + {next_state, {new_keys,client,ReNeg}, State#data{ssh_params = Ssh}}; handle_event(_, #ssh_msg_kex_dh_gex_request{} = Msg, {key_exchange,server,ReNeg}, - #state{ssh_params=Ssh0} = State) -> + #data{ssh_params=Ssh0} = State) -> {ok, GexGroup, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0), send_bytes(GexGroup, State), - {next_state, {key_exchange_dh_gex_init,server,ReNeg}, State#state{ssh_params = Ssh}}; + {next_state, {key_exchange_dh_gex_init,server,ReNeg}, State#data{ssh_params = Ssh}}; handle_event(_, #ssh_msg_kex_dh_gex_request_old{} = Msg, {key_exchange,server,ReNeg}, - #state{ssh_params=Ssh0} = State) -> + #data{ssh_params=Ssh0} = State) -> {ok, GexGroup, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0), send_bytes(GexGroup, State), - {next_state, {key_exchange_dh_gex_init,server,ReNeg}, State#state{ssh_params = Ssh}}; + {next_state, {key_exchange_dh_gex_init,server,ReNeg}, State#data{ssh_params = Ssh}}; handle_event(_, #ssh_msg_kex_dh_gex_group{} = Msg, {key_exchange,client,ReNeg}, - #state{ssh_params=Ssh0} = State) -> + #data{ssh_params=Ssh0} = State) -> {ok, KexGexInit, Ssh} = ssh_transport:handle_kex_dh_gex_group(Msg, Ssh0), send_bytes(KexGexInit, State), - {next_state, {key_exchange_dh_gex_reply,client,ReNeg}, State#state{ssh_params = Ssh}}; + {next_state, {key_exchange_dh_gex_reply,client,ReNeg}, State#data{ssh_params = Ssh}}; handle_event(_, #ssh_msg_kex_ecdh_init{} = Msg, {key_exchange,server,ReNeg}, - #state{ssh_params=Ssh0} = State) -> + #data{ssh_params=Ssh0} = State) -> {ok, KexEcdhReply, Ssh1} = ssh_transport:handle_kex_ecdh_init(Msg, Ssh0), send_bytes(KexEcdhReply, State), {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), send_bytes(NewKeys, State), - {next_state, {new_keys,server,ReNeg}, State#state{ssh_params = Ssh}}; + {next_state, {new_keys,server,ReNeg}, State#data{ssh_params = Ssh}}; handle_event(_, #ssh_msg_kex_ecdh_reply{} = Msg, {key_exchange,client,ReNeg}, - #state{ssh_params=Ssh0} = State) -> + #data{ssh_params=Ssh0} = State) -> {ok, NewKeys, Ssh} = ssh_transport:handle_kex_ecdh_reply(Msg, Ssh0), send_bytes(NewKeys, State), - {next_state, {new_keys,client,ReNeg}, State#state{ssh_params = Ssh}}; + {next_state, {new_keys,client,ReNeg}, State#data{ssh_params = Ssh}}; %%% ######## {key_exchange_dh_gex_init, server, init|renegotiate} #### handle_event(_, #ssh_msg_kex_dh_gex_init{} = Msg, {key_exchange_dh_gex_init,server,ReNeg}, - #state{ssh_params=Ssh0} = State) -> + #data{ssh_params=Ssh0} = State) -> {ok, KexGexReply, Ssh1} = ssh_transport:handle_kex_dh_gex_init(Msg, Ssh0), send_bytes(KexGexReply, State), {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), send_bytes(NewKeys, State), - {next_state, {new_keys,server,ReNeg}, State#state{ssh_params = Ssh}}; + {next_state, {new_keys,server,ReNeg}, State#data{ssh_params = Ssh}}; %%% ######## {key_exchange_dh_gex_reply, client, init|renegotiate} #### handle_event(_, #ssh_msg_kex_dh_gex_reply{} = Msg, {key_exchange_dh_gex_reply,client,ReNeg}, - #state{ssh_params=Ssh0} = State) -> + #data{ssh_params=Ssh0} = State) -> {ok, NewKeys, Ssh1} = ssh_transport:handle_kex_dh_gex_reply(Msg, Ssh0), send_bytes(NewKeys, State), - {next_state, {new_keys,client,ReNeg}, State#state{ssh_params = Ssh1}}; + {next_state, {new_keys,client,ReNeg}, State#data{ssh_params = Ssh1}}; %%% ######## {new_keys, client|server} #### handle_event(_, #ssh_msg_newkeys{} = Msg, {new_keys,client,init}, - #state{ssh_params = Ssh0} = State) -> + #data{ssh_params = Ssh0} = State) -> {ok, Ssh1} = ssh_transport:handle_new_keys(Msg, Ssh0), {MsgReq, Ssh} = ssh_auth:service_request_msg(Ssh1), send_bytes(MsgReq, State), - {next_state, {service_request,client}, State#state{ssh_params=Ssh}}; + {next_state, {service_request,client}, State#data{ssh_params=Ssh}}; handle_event(_, #ssh_msg_newkeys{} = Msg, {new_keys,server,init}, - S = #state{ssh_params = Ssh0}) -> + S = #data{ssh_params = Ssh0}) -> {ok, Ssh} = ssh_transport:handle_new_keys(Msg, Ssh0), - {next_state, {service_request,server}, S#state{ssh_params = Ssh}}; + {next_state, {service_request,server}, S#data{ssh_params = Ssh}}; handle_event(_, #ssh_msg_newkeys{}, {new_keys,Role,renegotiate}, S) -> {next_state, {connected,Role}, S}; @@ -643,10 +643,10 @@ handle_event(_, #ssh_msg_newkeys{}, {new_keys,Role,renegotiate}, S) -> %%% ######## {service_request, client|server} handle_event(_, #ssh_msg_service_request{name = "ssh-userauth"} = Msg, {service_request,server}, - #state{ssh_params = #ssh{session_id=SessionId} = Ssh0} = State) -> + #data{ssh_params = #ssh{session_id=SessionId} = Ssh0} = State) -> {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0), send_bytes(Reply, State), - {next_state, {userauth,server}, State#state{ssh_params = Ssh}}; + {next_state, {userauth,server}, State#data{ssh_params = Ssh}}; handle_event(_, #ssh_msg_service_request{}, {service_request,server}=StateName, State) -> Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, @@ -654,27 +654,27 @@ handle_event(_, #ssh_msg_service_request{}, {service_request,server}=StateName, disconnect(Msg, StateName, State); handle_event(_, #ssh_msg_service_accept{name = "ssh-userauth"}, {service_request,client}, - #state{ssh_params = #ssh{service="ssh-userauth"} = Ssh0} = State) -> + #data{ssh_params = #ssh{service="ssh-userauth"} = Ssh0} = State) -> {Msg, Ssh} = ssh_auth:init_userauth_request_msg(Ssh0), send_bytes(Msg, State), - {next_state, {userauth,client}, State#state{auth_user = Ssh#ssh.user, ssh_params = Ssh}}; + {next_state, {userauth,client}, State#data{auth_user = Ssh#ssh.user, ssh_params = Ssh}}; %%% ######## {userauth, client|server} #### handle_event(_, #ssh_msg_userauth_request{service = "ssh-connection", method = "none"} = Msg, StateName={userauth,server}, - #state{ssh_params = #ssh{session_id = SessionId, + #data{ssh_params = #ssh{session_id = SessionId, service = "ssh-connection"} = Ssh0 } = State) -> {not_authorized, {_User, _Reason}, {Reply, Ssh}} = ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0), send_bytes(Reply, State), - {next_state, StateName, State#state{ssh_params = Ssh}}; + {next_state, StateName, State#data{ssh_params = Ssh}}; handle_event(_, #ssh_msg_userauth_request{service = "ssh-connection", method = Method} = Msg, StateName={userauth,server}, - #state{ssh_params = #ssh{session_id = SessionId, + #data{ssh_params = #ssh{session_id = SessionId, service = "ssh-connection", peer = {_, Address}} = Ssh0, opts = Opts, starter = Pid} = State) -> @@ -686,15 +686,15 @@ handle_event(_, #ssh_msg_userauth_request{service = "ssh-connection", Pid ! ssh_connected, connected_fun(User, Address, Method, Opts), {next_state, {connected,server}, - State#state{auth_user = User, ssh_params = Ssh#ssh{authenticated = true}}}; + State#data{auth_user = User, ssh_params = Ssh#ssh{authenticated = true}}}; {not_authorized, {User, Reason}, {Reply, Ssh}} when Method == "keyboard-interactive" -> retry_fun(User, Address, Reason, Opts), send_bytes(Reply, State), - {next_state, {userauth_keyboard_interactive,server}, State#state{ssh_params = Ssh}}; + {next_state, {userauth_keyboard_interactive,server}, State#data{ssh_params = Ssh}}; {not_authorized, {User, Reason}, {Reply, Ssh}} -> retry_fun(User, Address, Reason, Opts), send_bytes(Reply, State), - {next_state, StateName, State#state{ssh_params = Ssh}} + {next_state, StateName, State#data{ssh_params = Ssh}} end; false -> %% At least one non-erlang client does like this. Retry as the next event @@ -709,20 +709,20 @@ handle_event(_, #ssh_msg_userauth_request{service = Service}, {userauth,server}= description = "Unknown service"}, disconnect(Msg, StateName, State); -handle_event(_, #ssh_msg_userauth_success{}, {userauth,client}, #state{ssh_params = Ssh, +handle_event(_, #ssh_msg_userauth_success{}, {userauth,client}, #data{ssh_params = Ssh, starter = Pid} = State) -> Pid ! ssh_connected, - {next_state, {connected,client}, State#state{ssh_params=Ssh#ssh{authenticated = true}}}; + {next_state, {connected,client}, State#data{ssh_params=Ssh#ssh{authenticated = true}}}; handle_event(_, #ssh_msg_userauth_failure{}, {userauth,client}=StateName, - #state{ssh_params = #ssh{userauth_methods = []}} = State) -> + #data{ssh_params = #ssh{userauth_methods = []}} = State) -> Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE, description = "Unable to connect using the available" " authentication methods"}, disconnect(Msg, StateName, State); handle_event(_, #ssh_msg_userauth_failure{authentications = Methods}, StateName={userauth,client}, - #state{ssh_params = Ssh0 = #ssh{userauth_methods=AuthMthds}} = State) -> + #data{ssh_params = Ssh0 = #ssh{userauth_methods=AuthMthds}} = State) -> %% The prefered authentication method failed try next method Ssh1 = case AuthMthds of none -> @@ -735,21 +735,21 @@ handle_event(_, #ssh_msg_userauth_failure{authentications = Methods}, StateName= case ssh_auth:userauth_request_msg(Ssh1) of {disconnect, DisconnectMsg, {Msg, Ssh}} -> send_bytes(Msg, State), - disconnect(DisconnectMsg, StateName, State#state{ssh_params = Ssh}); + disconnect(DisconnectMsg, StateName, State#data{ssh_params = Ssh}); {"keyboard-interactive", {Msg, Ssh}} -> send_bytes(Msg, State), - {next_state, {userauth_keyboard_interactive,client}, State#state{ssh_params = Ssh}}; + {next_state, {userauth_keyboard_interactive,client}, State#data{ssh_params = Ssh}}; {_Method, {Msg, Ssh}} -> send_bytes(Msg, State), - {next_state, StateName, State#state{ssh_params = Ssh}} + {next_state, StateName, State#data{ssh_params = Ssh}} end; handle_event(_, #ssh_msg_userauth_banner{}, StateName={userauth,client}, - #state{ssh_params = #ssh{userauth_quiet_mode=true}} = State) -> + #data{ssh_params = #ssh{userauth_quiet_mode=true}} = State) -> {next_state, StateName, State}; handle_event(_, #ssh_msg_userauth_banner{message = Msg}, StateName={userauth,client}, - #state{ssh_params = #ssh{userauth_quiet_mode=false}} = State) -> + #data{ssh_params = #ssh{userauth_quiet_mode=false}} = State) -> io:format("~s", [Msg]), {next_state, StateName, State}; @@ -757,13 +757,13 @@ handle_event(_, #ssh_msg_userauth_banner{message = Msg}, StateName={userauth,cli %%% ######## {userauth_keyboard_interactive, client|server} handle_event(_, #ssh_msg_userauth_info_request{} = Msg, {userauth_keyboard_interactive, client}, - #state{ssh_params = #ssh{io_cb=IoCb} = Ssh0} = State) -> + #data{ssh_params = #ssh{io_cb=IoCb} = Ssh0} = State) -> {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_info_request(Msg, IoCb, Ssh0), send_bytes(Reply, State), - {next_state, {userauth_keyboard_interactive_info_response,client}, State#state{ssh_params = Ssh}}; + {next_state, {userauth_keyboard_interactive_info_response,client}, State#data{ssh_params = Ssh}}; handle_event(_, #ssh_msg_userauth_info_response{} = Msg, {userauth_keyboard_interactive, server}, - #state{ssh_params = #ssh{peer = {_,Address}} = Ssh0, + #data{ssh_params = #ssh{peer = {_,Address}} = Ssh0, opts = Opts, starter = Pid} = State) -> case ssh_auth:handle_userauth_info_response(Msg, Ssh0) of @@ -771,20 +771,20 @@ handle_event(_, #ssh_msg_userauth_info_response{} = Msg, {userauth_keyboard_inte send_bytes(Reply, State), Pid ! ssh_connected, connected_fun(User, Address, "keyboard-interactive", Opts), - {next_state, {connected,server}, State#state{auth_user = User, + {next_state, {connected,server}, State#data{auth_user = User, ssh_params = Ssh#ssh{authenticated = true}}}; {not_authorized, {User, Reason}, {Reply, Ssh}} -> retry_fun(User, Address, Reason, Opts), send_bytes(Reply, State), - {next_state, {userauth,server}, State#state{ssh_params = Ssh}} + {next_state, {userauth,server}, State#data{ssh_params = Ssh}} end; handle_event(_, Msg = #ssh_msg_userauth_failure{}, {userauth_keyboard_interactive, client}, - #state{ssh_params = Ssh0 = #ssh{userauth_preference=Prefs0}} = State) -> + #data{ssh_params = Ssh0 = #ssh{userauth_preference=Prefs0}} = State) -> Prefs = [{Method,M,F,A} || {Method,M,F,A} <- Prefs0, Method =/= "keyboard-interactive"], {next_state, {userauth,client}, - State#state{ssh_params = Ssh0#ssh{userauth_preference=Prefs}}, + State#data{ssh_params = Ssh0#ssh{userauth_preference=Prefs}}, [{next_event, internal, Msg}]}; handle_event(_, Msg=#ssh_msg_userauth_failure{}, {userauth_keyboard_interactive_info_response, client}, S) -> @@ -799,19 +799,19 @@ handle_event(_, Msg=#ssh_msg_userauth_info_request{}, {userauth_keyboard_interac %%% ######## {connected, client|server} #### -handle_event(_, {#ssh_msg_kexinit{},_} = Event, {connected,Role}, #state{ssh_params = Ssh0} = State0) -> +handle_event(_, {#ssh_msg_kexinit{},_} = Event, {connected,Role}, #data{ssh_params = Ssh0} = State0) -> {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), - State = State0#state{ssh_params = Ssh, + State = State0#data{ssh_params = Ssh, key_exchange_init_msg = KeyInitMsg}, send_bytes(SshPacket, State), {next_state, {kexinit,Role,renegotiate}, State, [{next_event, internal, Event}]}; handle_event(_, #ssh_msg_disconnect{description=Desc} = Msg, StateName, - State0 = #state{connection_state = Connection0}) -> + State0 = #data{connection_state = Connection0}) -> {disconnect, _, {{replies, Replies}, _Connection}} = ssh_connection:handle_msg(Msg, Connection0, role(StateName)), {Repls,State} = send_replies(Replies, State0), - disconnect_fun(Desc, State#state.opts), + disconnect_fun(Desc, State#data.opts), {stop_and_reply, {shutdown,Desc}, Repls, State}; handle_event(_, #ssh_msg_ignore{}, StateName, State) -> @@ -819,7 +819,7 @@ handle_event(_, #ssh_msg_ignore{}, StateName, State) -> handle_event(_, #ssh_msg_debug{always_display = Display, message = DbgMsg, - language = Lang}, StateName, #state{opts = Opts} = State) -> + language = Lang}, StateName, #data{opts = Opts} = State) -> F = proplists:get_value(ssh_msg_debug_fun, Opts, fun(_ConnRef, _AlwaysDisplay, _Msg, _Language) -> ok end ), @@ -871,12 +871,12 @@ handle_event(internal, Msg=#ssh_msg_channel_success{}, StateName, Stat handle_event(internal, Msg=#ssh_msg_channel_failure{}, StateName, State) -> handle_connection_msg(Msg, StateName, State); -handle_event(cast, renegotiate, {connected,Role}, #state{ssh_params=Ssh0} = State) -> +handle_event(cast, renegotiate, {connected,Role}, #data{ssh_params=Ssh0} = State) -> {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), send_bytes(SshPacket, State), %%% FIXME: timer timer:apply_after(?REKEY_TIMOUT, gen_statem, cast, [self(), renegotiate]), - {next_state, {kexinit,Role,renegotiate}, State#state{ssh_params = Ssh, + {next_state, {kexinit,Role,renegotiate}, State#data{ssh_params = Ssh, key_exchange_init_msg = KeyInitMsg}}; handle_event(cast, renegotiate, StateName, State) -> @@ -884,17 +884,17 @@ handle_event(cast, renegotiate, StateName, State) -> {next_state, StateName, State}; %% Rekey due to sent data limit reached? -handle_event(cast, data_size, {connected,Role}, #state{ssh_params=Ssh0} = State) -> - {ok, [{send_oct,Sent0}]} = inet:getstat(State#state.socket, [send_oct]), - Sent = Sent0 - State#state.last_size_rekey, - MaxSent = proplists:get_value(rekey_limit, State#state.opts, 1024000000), +handle_event(cast, data_size, {connected,Role}, #data{ssh_params=Ssh0} = State) -> + {ok, [{send_oct,Sent0}]} = inet:getstat(State#data.socket, [send_oct]), + Sent = Sent0 - State#data.last_size_rekey, + MaxSent = proplists:get_value(rekey_limit, State#data.opts, 1024000000), %%% FIXME: timer timer:apply_after(?REKEY_DATA_TIMOUT, gen_statem, cast, [self(), data_size]), case Sent >= MaxSent of true -> {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), send_bytes(SshPacket, State), - {next_state, {kexinit,Role,renegotiate}, State#state{ssh_params = Ssh, + {next_state, {kexinit,Role,renegotiate}, State#data{ssh_params = Ssh, key_exchange_init_msg = KeyInitMsg, last_size_rekey = Sent0}}; _ -> @@ -910,7 +910,7 @@ handle_event(cast, _, StateName, State) when StateName /= {connected,server}, {next_state, StateName, State, [postpone]}; handle_event(cast, {adjust_window,ChannelId,Bytes}, StateName={connected,_Role}, - #state{connection_state = + #data{connection_state = #connection{channel_cache = Cache}} = State0) -> case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{recv_window_size = WinSize, @@ -938,7 +938,7 @@ handle_event(cast, {adjust_window,ChannelId,Bytes}, StateName={connected,_Role}, end; handle_event(cast, {reply_request,success,ChannelId}, StateName={connected,_}, - #state{connection_state = + #data{connection_state = #connection{channel_cache = Cache}} = State0) -> case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{remote_id = RemoteId} -> @@ -965,8 +965,8 @@ handle_event(cast, {unknown,Data}, StateName={connected,_}, State) -> handle_event({call,From}, get_print_info, StateName, State) -> Reply = try - {inet:sockname(State#state.socket), - inet:peername(State#state.socket) + {inet:sockname(State#data.socket), + inet:peername(State#data.socket) } of {{ok,Local}, {ok,Remote}} -> {{Local,Remote},io_lib:format("statename=~p",[StateName])}; @@ -981,7 +981,7 @@ handle_event({call,From}, {connection_info, Options}, StateName, State) -> {next_state, StateName, State, [{reply,From,Info}]}; handle_event({call,From}, {channel_info,ChannelId,Options}, StateName, - State=#state{connection_state = #connection{channel_cache = Cache}}) -> + State=#data{connection_state = #connection{channel_cache = Cache}}) -> case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{} = Channel -> Info = ssh_channel_info(Options, Channel, []), @@ -990,7 +990,7 @@ handle_event({call,From}, {channel_info,ChannelId,Options}, StateName, {next_state, StateName, State, [{reply,From,[]}]} end; -handle_event({call,From}, {info, ChannelPid}, StateName, State = #state{connection_state = +handle_event({call,From}, {info, ChannelPid}, StateName, State = #data{connection_state = #connection{channel_cache = Cache}}) -> Result = ssh_channel:cache_foldl( fun(Channel, Acc) when ChannelPid == all; @@ -1001,13 +1001,13 @@ handle_event({call,From}, {info, ChannelPid}, StateName, State = #state{connecti end, [], Cache), {next_state, StateName, State, [{reply, From, {ok,Result}}]}; -handle_event({call,From}, stop, StateName, #state{connection_state = Connection0} = State0) -> +handle_event({call,From}, stop, StateName, #data{connection_state = Connection0} = State0) -> {disconnect, _Reason, {{replies, Replies}, Connection}} = ssh_connection:handle_msg(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, description = "User closed down connection"}, Connection0, role(StateName)), {Repls,State} = send_replies(Replies, State0), - {stop_and_reply, normal, [{reply,From,ok}|Repls], State#state{connection_state=Connection}}; + {stop_and_reply, normal, [{reply,From,ok}|Repls], State#data{connection_state=Connection}}; handle_event({call,_}, _, StateName, State) when StateName /= {connected,server}, StateName /= {connected,client} -> @@ -1028,26 +1028,26 @@ handle_event({call,From}, {request, ChannelId, Type, Data, Timeout}, StateName={ {next_state, StateName, State}; handle_event({call,From}, {global_request, Pid, _, _, _} = Request, StateName={connected,_}, - #state{connection_state = #connection{channel_cache = Cache}} = State0) -> + #data{connection_state = #connection{channel_cache = Cache}} = State0) -> State1 = handle_global_request(Request, State0), Channel = ssh_channel:cache_find(Pid, Cache), State = add_request(true, Channel#channel.local_id, From, State1), {next_state, StateName, State}; handle_event({call,From}, {data, ChannelId, Type, Data, Timeout}, StateName={connected,_}, - #state{connection_state = #connection{channel_cache=_Cache} = Connection0} = State0) -> + #data{connection_state = #connection{channel_cache=_Cache} = Connection0} = State0) -> case ssh_connection:channel_data(ChannelId, Type, Data, Connection0, From) of {{replies, Replies}, Connection} -> - {Repls,State} = send_replies(Replies, State0#state{connection_state = Connection}), + {Repls,State} = send_replies(Replies, State0#data{connection_state = Connection}), start_timeout(ChannelId, From, Timeout), {next_state, StateName, State, Repls}; {noreply, Connection} -> start_timeout(ChannelId, From, Timeout), - {next_state, StateName, State0#state{connection_state = Connection}} + {next_state, StateName, State0#data{connection_state = Connection}} end; handle_event({call,From}, {eof, ChannelId}, StateName={connected,_}, - #state{connection_state = #connection{channel_cache=Cache}} = State0) -> + #data{connection_state = #connection{channel_cache=Cache}} = State0) -> case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{remote_id = Id, sent_close = false} -> State = send_msg(ssh_connection:channel_eof_msg(Id), State0), @@ -1059,7 +1059,7 @@ handle_event({call,From}, {eof, ChannelId}, StateName={connected,_}, handle_event({call,From}, {open, ChannelPid, Type, InitialWindowSize, MaxPacketSize, Data, Timeout}, StateName = {connected,_}, - #state{connection_state = #connection{channel_cache = Cache}} = State0) -> + #data{connection_state = #connection{channel_cache = Cache}} = State0) -> erlang:monitor(process, ChannelPid), {ChannelId, State1} = new_channel_id(State0), Msg = ssh_connection:channel_open_msg(Type, ChannelId, @@ -1080,7 +1080,7 @@ handle_event({call,From}, {next_state, StateName, remove_timer_ref(State)}; handle_event({call,From}, {send_window, ChannelId}, StateName={connected,_}, - #state{connection_state = #connection{channel_cache = Cache}} = State) -> + #data{connection_state = #connection{channel_cache = Cache}} = State) -> Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{send_window_size = WinSize, send_packet_size = Packsize} -> @@ -1091,7 +1091,7 @@ handle_event({call,From}, {send_window, ChannelId}, StateName={connected,_}, {next_state, StateName, State, [{reply,From,Reply}]}; handle_event({call,From}, {recv_window, ChannelId}, StateName={connected,_}, - #state{connection_state = #connection{channel_cache = Cache}} = State) -> + #data{connection_state = #connection{channel_cache = Cache}} = State) -> Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{recv_window_size = WinSize, recv_packet_size = Packsize} -> @@ -1102,7 +1102,7 @@ handle_event({call,From}, {recv_window, ChannelId}, StateName={connected,_}, {next_state, StateName, State, [{reply,From,Reply}]}; handle_event({call,From}, {close, ChannelId}, StateName={connected,_}, - #state{connection_state = + #data{connection_state = #connection{channel_cache = Cache}} = State0) -> case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{remote_id = Id} = Channel -> @@ -1115,17 +1115,17 @@ handle_event({call,From}, {close, ChannelId}, StateName={connected,_}, end; handle_event(info, {Protocol, Socket, "SSH-" ++ _ = Version}, StateName={hello,_}, - State=#state{socket = Socket, + State=#data{socket = Socket, transport_protocol = Protocol}) -> {next_state, StateName, State, [{next_event, internal, {version_exchange,Version}}]}; handle_event(info, {Protocol, Socket, Info}, StateName={hello,_}, - State=#state{socket = Socket, + State=#data{socket = Socket, transport_protocol = Protocol}) -> {next_state, StateName, State, [{next_event, internal, {info_line,Info}}]}; handle_event(info, {Protocol, Socket, Data}, StateName, State0 = - #state{socket = Socket, + #data{socket = Socket, transport_protocol = Protocol, decoded_data_buffer = DecData0, encoded_data_buffer = EncData0, @@ -1135,7 +1135,7 @@ handle_event(info, {Protocol, Socket, Data}, StateName, State0 = try ssh_transport:handle_packet_part(DecData0, Encoded, RemainingSshPacketLen0, Ssh0) of {decoded, Bytes, EncDataRest, Ssh1} -> - State = State0#state{ssh_params = + State = State0#data{ssh_params = Ssh1#ssh{recv_sequence = ssh_transport:next_seqnum(Ssh1#ssh.recv_sequence)}, decoded_data_buffer = <<>>, undecoded_packet_length = undefined, @@ -1162,7 +1162,7 @@ handle_event(info, {Protocol, Socket, Data}, StateName, State0 = {get_more, DecBytes, EncDataRest, RemainingSshPacketLen, Ssh1} -> %% Here we know that there are not enough bytes in EncDataRest to use. Must wait. inet:setopts(Socket, [{active, once}]), - {next_state, StateName, State0#state{encoded_data_buffer = EncDataRest, + {next_state, StateName, State0#data{encoded_data_buffer = EncDataRest, decoded_data_buffer = DecBytes, undecoded_packet_length = RemainingSshPacketLen, ssh_params = Ssh1}}; @@ -1171,7 +1171,7 @@ handle_event(info, {Protocol, Socket, Data}, StateName, State0 = DisconnectMsg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, description = "Bad mac"}, - disconnect(DisconnectMsg, StateName, State0#state{ssh_params=Ssh1}); + disconnect(DisconnectMsg, StateName, State0#data{ssh_params=Ssh1}); {error, {exceeds_max_size,PacketLen}} -> DisconnectMsg = @@ -1188,17 +1188,17 @@ handle_event(info, {Protocol, Socket, Data}, StateName, State0 = end; handle_event(internal, prepare_next_packet, StateName, State) -> - Enough = erlang:max(8, State#state.ssh_params#ssh.decrypt_block_size), - case size(State#state.encoded_data_buffer) of + Enough = erlang:max(8, State#data.ssh_params#ssh.decrypt_block_size), + case size(State#data.encoded_data_buffer) of Sz when Sz >= Enough -> - self() ! {State#state.transport_protocol, State#state.socket, <<>>}; + self() ! {State#data.transport_protocol, State#data.socket, <<>>}; _ -> - inet:setopts(State#state.socket, [{active, once}]) + inet:setopts(State#data.socket, [{active, once}]) end, {next_state, StateName, State}; handle_event(info, {CloseTag,Socket}, StateName, - State=#state{socket = Socket, + State=#data{socket = Socket, transport_close_tag = CloseTag}) -> DisconnectMsg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, @@ -1206,11 +1206,11 @@ handle_event(info, {CloseTag,Socket}, StateName, disconnect(DisconnectMsg, StateName, State); handle_event(info, {timeout, {_, From} = Request}, StateName, - #state{connection_state = #connection{requests = Requests} = Connection} = State) -> + #data{connection_state = #connection{requests = Requests} = Connection} = State) -> case lists:member(Request, Requests) of true -> {next_state, StateName, - State#state{connection_state = + State#data{connection_state = Connection#connection{requests = lists:delete(Request, Requests)}}, [{reply,From,{error,timeout}}]}; @@ -1229,11 +1229,11 @@ handle_event(info, {'EXIT', _Sup, Reason}, _, _) -> {stop, {shutdown, Reason}}; handle_event(info, {check_cache, _ , _}, StateName, - #state{connection_state = #connection{channel_cache=Cache}} = State) -> + #data{connection_state = #connection{channel_cache=Cache}} = State) -> {next_state, StateName, check_cache(State, Cache)}; handle_event(info, UnexpectedMessage, StateName, - State = #state{opts = Opts, + State = #data{opts = Opts, ssh_params = SshParams}) -> case unexpected_fun(UnexpectedMessage, Opts, SshParams) of report -> @@ -1325,7 +1325,7 @@ terminate(Reason, StateName, State0) -> format_status(normal, [_, _StateName, State]) -> [{data, [{"State", State}]}]; format_status(terminate, [_, _StateName, State]) -> - SshParams0 = (State#state.ssh_params), + SshParams0 = (State#data.ssh_params), SshParams = SshParams0#ssh{c_keyinit = "***", s_keyinit = "***", send_mac_key = "***", @@ -1344,7 +1344,7 @@ format_status(terminate, [_, _StateName, State]) -> keyex_key = "***", keyex_info = "***", available_host_keys = "***"}, - [{data, [{"State", State#state{decoded_data_buffer = "***", + [{data, [{"State", State#data{decoded_data_buffer = "***", encoded_data_buffer = "***", key_exchange_init_msg = "***", opts = "***", @@ -1380,7 +1380,7 @@ start_the_connection_child(UserPid, Role, Socket, Options) -> %%-------------------------------------------------------------------- %% Stopping -finalize_termination(_StateName, #state{transport_cb = Transport, +finalize_termination(_StateName, #data{transport_cb = Transport, connection_state = Connection, socket = Socket}) -> case Connection of @@ -1445,12 +1445,12 @@ available_host_key(KeyCb, Alg, Opts) -> element(1, catch KeyCb:host_key(Alg, Opts)) == ok. -send_msg(Msg, State=#state{ssh_params=Ssh0}) when is_tuple(Msg) -> +send_msg(Msg, State=#data{ssh_params=Ssh0}) when is_tuple(Msg) -> {Bytes, Ssh} = ssh_transport:ssh_packet(Msg, Ssh0), send_bytes(Bytes, State), - State#state{ssh_params=Ssh}. + State#data{ssh_params=Ssh}. -send_bytes(Bytes, #state{socket = Socket, transport_cb = Transport}) -> +send_bytes(Bytes, #data{socket = Socket, transport_cb = Transport}) -> Transport:send(Socket, Bytes). handle_version({2, 0} = NumVsn, StrVsn, Ssh0) -> @@ -1490,7 +1490,7 @@ call(FsmPid, Event, Timeout) -> handle_connection_msg(Msg, StateName, State0 = - #state{starter = User, + #data{starter = User, connection_state = Connection0, event_queue = Qev0}) -> Renegotiation = renegotiation(StateName), @@ -1500,28 +1500,28 @@ handle_connection_msg(Msg, StateName, State0 = case StateName of {connected,_} -> {Repls, State} = send_replies(Replies, - State0#state{connection_state=Connection}), + State0#data{connection_state=Connection}), {next_state, StateName, State, Repls}; _ -> {ConnReplies, Replies} = lists:splitwith(fun not_connected_filter/1, Replies), {Repls, State} = send_replies(Replies, - State0#state{event_queue = Qev0 ++ ConnReplies}), + State0#data{event_queue = Qev0 ++ ConnReplies}), {next_state, StateName, State, Repls} end; {noreply, Connection} -> - {next_state, StateName, State0#state{connection_state = Connection}}; + {next_state, StateName, State0#data{connection_state = Connection}}; {disconnect, Reason0, {{replies, Replies}, Connection}} -> - {Repls,State} = send_replies(Replies, State0#state{connection_state = Connection}), + {Repls,State} = send_replies(Replies, State0#data{connection_state = Connection}), case {Reason0,Role} of {{_, Reason}, client} when ((StateName =/= {connected,client}) and (not Renegotiation)) -> User ! {self(), not_connected, Reason}; _ -> ok end, - {stop, {shutdown,normal}, Repls, State#state{connection_state = Connection}} + {stop, {shutdown,normal}, Repls, State#data{connection_state = Connection}} catch _:Error -> @@ -1530,12 +1530,12 @@ handle_connection_msg(Msg, StateName, State0 = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, description = "Internal error"}, Connection0, Role), - {Repls,State} = send_replies(Replies, State0#state{connection_state = Connection}), - {stop, {shutdown,Error}, Repls, State#state{connection_state = Connection}} + {Repls,State} = send_replies(Replies, State0#data{connection_state = Connection}), + {stop, {shutdown,Error}, Repls, State#data{connection_state = Connection}} end. -set_prefix_if_trouble(Msg = <>, #state{ssh_params=SshParams}) +set_prefix_if_trouble(Msg = <>, #data{ssh_params=SshParams}) when Op == 30; Op == 31 -> @@ -1557,7 +1557,7 @@ kex(_) -> undefined. %%%---------------------------------------------------------------- handle_request(ChannelPid, ChannelId, Type, Data, WantReply, From, - #state{connection_state = + #data{connection_state = #connection{channel_cache = Cache}} = State0) -> case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{remote_id = Id} = Channel -> @@ -1570,7 +1570,7 @@ handle_request(ChannelPid, ChannelId, Type, Data, WantReply, From, end. handle_request(ChannelId, Type, Data, WantReply, From, - #state{connection_state = + #data{connection_state = #connection{channel_cache = Cache}} = State0) -> case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{remote_id = Id} -> @@ -1586,7 +1586,7 @@ handle_global_request({global_request, ChannelPid, "tcpip-forward" = Type, WantReply, <> = Data}, - #state{connection_state = + #data{connection_state = #connection{channel_cache = Cache} = Connection0} = State) -> ssh_channel:cache_update(Cache, #channel{user = ChannelPid, @@ -1594,15 +1594,15 @@ handle_global_request({global_request, ChannelPid, sys = none}), Connection = ssh_connection:bind(IP, Port, ChannelPid, Connection0), Msg = ssh_connection:global_request_msg(Type, WantReply, Data), - send_msg(Msg, State#state{connection_state = Connection}); + send_msg(Msg, State#data{connection_state = Connection}); handle_global_request({global_request, _Pid, "cancel-tcpip-forward" = Type, WantReply, <> = Data}, - #state{connection_state = Connection0} = State) -> + #data{connection_state = Connection0} = State) -> Connection = ssh_connection:unbind(IP, Port, Connection0), Msg = ssh_connection:global_request_msg(Type, WantReply, Data), - send_msg(Msg, State#state{connection_state = Connection}); + send_msg(Msg, State#data{connection_state = Connection}); handle_global_request({global_request, _, "cancel-tcpip-forward" = Type, WantReply, Data}, State) -> @@ -1610,7 +1610,7 @@ handle_global_request({global_request, _, "cancel-tcpip-forward" = Type, send_msg(Msg, State). %%%---------------------------------------------------------------- -handle_idle_timeout(#state{opts = Opts}) -> +handle_idle_timeout(#data{opts = Opts}) -> case proplists:get_value(idle_time, Opts, infinity) of infinity -> ok; @@ -1618,7 +1618,7 @@ handle_idle_timeout(#state{opts = Opts}) -> erlang:send_after(IdleTime, self(), {check_cache, [], []}) end. -handle_channel_down(ChannelPid, #state{connection_state = +handle_channel_down(ChannelPid, #data{connection_state = #connection{channel_cache = Cache}} = State) -> ssh_channel:cache_foldl( @@ -1636,23 +1636,23 @@ update_sys(Cache, Channel, Type, ChannelPid) -> Channel#channel{sys = Type, user = ChannelPid}). add_request(false, _ChannelId, _From, State) -> State; -add_request(true, ChannelId, From, #state{connection_state = +add_request(true, ChannelId, From, #data{connection_state = #connection{requests = Requests0} = Connection} = State) -> Requests = [{ChannelId, From} | Requests0], - State#state{connection_state = Connection#connection{requests = Requests}}. + State#data{connection_state = Connection#connection{requests = Requests}}. -new_channel_id(#state{connection_state = #connection{channel_id_seed = Id} = +new_channel_id(#data{connection_state = #connection{channel_id_seed = Id} = Connection} = State) -> - {Id, State#state{connection_state = + {Id, State#data{connection_state = Connection#connection{channel_id_seed = Id + 1}}}. %%%---------------------------------------------------------------- %% %%% This server/client has decided to disconnect via the state machine: disconnect(Msg=#ssh_msg_disconnect{description=Description}, _StateName, State0) -> State = send_msg(Msg, State0), - disconnect_fun(Description, State#state.opts), + disconnect_fun(Description, State#data.opts), timer:sleep(400), {stop, {shutdown,Description}, State}. @@ -1699,19 +1699,19 @@ do_retry_fun(Fun, User, PeerAddr, Reason) -> ssh_info([], _State, Acc) -> Acc; -ssh_info([client_version | Rest], #state{ssh_params = #ssh{c_vsn = IntVsn, +ssh_info([client_version | Rest], #data{ssh_params = #ssh{c_vsn = IntVsn, c_version = StringVsn}} = State, Acc) -> ssh_info(Rest, State, [{client_version, {IntVsn, StringVsn}} | Acc]); -ssh_info([server_version | Rest], #state{ssh_params =#ssh{s_vsn = IntVsn, +ssh_info([server_version | Rest], #data{ssh_params =#ssh{s_vsn = IntVsn, s_version = StringVsn}} = State, Acc) -> ssh_info(Rest, State, [{server_version, {IntVsn, StringVsn}} | Acc]); -ssh_info([peer | Rest], #state{ssh_params = #ssh{peer = Peer}} = State, Acc) -> +ssh_info([peer | Rest], #data{ssh_params = #ssh{peer = Peer}} = State, Acc) -> ssh_info(Rest, State, [{peer, Peer} | Acc]); -ssh_info([sockname | Rest], #state{socket = Socket} = State, Acc) -> +ssh_info([sockname | Rest], #data{socket = Socket} = State, Acc) -> {ok, SockName} = inet:sockname(Socket), ssh_info(Rest, State, [{sockname, SockName}|Acc]); -ssh_info([user | Rest], #state{auth_user = User} = State, Acc) -> +ssh_info([user | Rest], #data{auth_user = User} = State, Acc) -> ssh_info(Rest, State, [{user, User}|Acc]); ssh_info([ _ | Rest], State, Acc) -> ssh_info(Rest, State, Acc). @@ -1796,7 +1796,7 @@ unexpected_fun(UnexpectedMessage, Opts, #ssh{peer={_,Peer}}) -> end. -check_cache(#state{opts = Opts} = State, Cache) -> +check_cache(#data{opts = Opts} = State, Cache) -> %% Check the number of entries in Cache case proplists:get_value(size, ets:info(Cache)) of 0 -> @@ -1810,21 +1810,21 @@ check_cache(#state{opts = Opts} = State, Cache) -> State end. -handle_idle_timer(Time, #state{idle_timer_ref = undefined} = State) -> +handle_idle_timer(Time, #data{idle_timer_ref = undefined} = State) -> TimerRef = erlang:send_after(Time, self(), {'EXIT', [], "Timeout"}), - State#state{idle_timer_ref=TimerRef}; + State#data{idle_timer_ref=TimerRef}; handle_idle_timer(_, State) -> State. remove_timer_ref(State) -> - case State#state.idle_timer_ref of + case State#data.idle_timer_ref of infinity -> %% If the timer is not activated State; undefined -> %% If we already has cancelled the timer State; TimerRef -> %% Timer is active erlang:cancel_timer(TimerRef), - State#state{idle_timer_ref = undefined} + State#data{idle_timer_ref = undefined} end. socket_control(Socket, Pid, Transport) -> -- cgit v1.2.3 From fcaf134960f30f96afd08626c2680be84094e1a9 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 15 Apr 2016 17:38:04 +0200 Subject: ssh: Partly refactor and polish ssh_connection_handler --- lib/ssh/src/ssh_connect.hrl | 2 +- lib/ssh/src/ssh_connection_handler.erl | 1378 +++++++++++++++++--------------- lib/ssh/src/ssh_transport.erl | 4 +- 3 files changed, 719 insertions(+), 665 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connect.hrl b/lib/ssh/src/ssh_connect.hrl index 3860bb3202..47a166dcfd 100644 --- a/lib/ssh/src/ssh_connect.hrl +++ b/lib/ssh/src/ssh_connect.hrl @@ -30,7 +30,7 @@ -define(DEFAULT_WINDOW_SIZE, 10*?DEFAULT_PACKET_SIZE). -define(DEFAULT_TIMEOUT, 5000). --define(MAX_PROTO_VERSION, 255). +-define(MAX_PROTO_VERSION, 255). % Max length of the hello string %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %% diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 2468791c20..b49562db9c 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -65,7 +65,8 @@ %%% Exports not intended to be used :) -export([init_connection_handler/3, % proc_lib:spawn needs this - init_ssh_record/3, % Export intended for low level protocol test suites + init_ssh_record/3, % Export of this internal function + % intended for low-level protocol test suites renegotiate/1, renegotiate_data/1 % Export intended for test cases ]). @@ -304,6 +305,22 @@ channel_info(ConnectionHandler, ChannelId, Options) -> adjust_window(ConnectionHandler, Channel, Bytes) -> cast(ConnectionHandler, {adjust_window, Channel, Bytes}). +%%-------------------------------------------------------------------- +-spec close(connection_ref(), + channel_id() + ) -> ok. +%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . +close(ConnectionHandler, ChannelId) -> + case call(ConnectionHandler, {close, ChannelId}) of + ok -> + ok; + {error, closed} -> + ok + end. + +%%==================================================================== +%% Test support +%%==================================================================== %%-------------------------------------------------------------------- -spec renegotiate(connection_ref() ) -> ok. @@ -318,18 +335,6 @@ renegotiate(ConnectionHandler) -> renegotiate_data(ConnectionHandler) -> cast(ConnectionHandler, data_size). -%%-------------------------------------------------------------------- --spec close(connection_ref(), - channel_id() - ) -> ok. -%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -close(ConnectionHandler, ChannelId) -> - case call(ConnectionHandler, {close, ChannelId}) of - ok -> - ok; - {error, closed} -> - ok - end. %%==================================================================== %% Internal process state @@ -345,14 +350,14 @@ close(ConnectionHandler, ChannelId) -> transport_close_tag :: atom(), % ex: tcp_closed ssh_params :: #ssh{}, socket :: inet:socket(), - decoded_data_buffer :: binary(), - encoded_data_buffer :: binary(), - undecoded_packet_length :: non_neg_integer(), + decrypted_data_buffer :: binary(), + encrypted_data_buffer :: binary(), + undecrypted_packet_length :: non_neg_integer(), key_exchange_init_msg :: #ssh_msg_kexinit{}, last_size_rekey = 0 :: non_neg_integer(), event_queue = [] :: list(), opts :: proplists:proplist(), - recbuf :: pos_integer() + recbuf_size :: pos_integer() }). %%==================================================================== @@ -400,16 +405,16 @@ init_process_state(Role, Socket, Opts) -> options = Opts}, starter = proplists:get_value(user_pid, Opts), socket = Socket, - decoded_data_buffer = <<>>, - encoded_data_buffer = <<>>, + decrypted_data_buffer = <<>>, + encrypted_data_buffer = <<>>, opts = Opts }, case Role of client -> - TimerRef = get_idle_time(Opts), - timer:apply_after(?REKEY_TIMOUT, gen_statem, cast, [self(), renegotiate]), + %% Start the renegotiation timers + timer:apply_after(?REKEY_TIMOUT, gen_statem, cast, [self(), renegotiate]), timer:apply_after(?REKEY_DATA_TIMOUT, gen_statem, cast, [self(), data_size]), - S#data{idle_timer_ref = TimerRef}; + S#data{idle_timer_ref = get_idle_time(Opts)}; server -> S#data{connection_state = init_connection(Role, C, Opts)} @@ -476,255 +481,298 @@ init_ssh_record(Role, Socket, Opts) -> %% gen_statem callbacks %%==================================================================== %%-------------------------------------------------------------------- - +-type event_content() :: any(). + +-type renegotiate_flag() :: init | renegotiate. + +-type state_name() :: + {init_error,any()} + | {hello, role()} + | {kexinit, role(), renegotiate_flag()} + | {key_exchange, role(), renegotiate_flag()} + | {key_exchange_dh_gex_init, server, renegotiate_flag()} + | {key_exchange_dh_gex_reply, client, renegotiate_flag()} + | {new_keys, role()} + | {service_request, role()} + | {userauth, role()} + | {userauth_keyboard_interactive, role()} + | {connected, role()} + . + +-type handle_event_result() :: gen_statem:handle_event_result(). + +-spec handle_event(gen_statem:event_type(), + event_content(), + state_name(), + #data{} + ) -> handle_event_result(). + %% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . %%% ######## Error in the initialiasation #### -handle_event(_, _Event, {init_error,{badmatch,{error,enotconn}}}, _State) -> - %% Handles the abnormal sequence: - %% SYN-> - %% <-SYNACK - %% ACK-> - %% RST-> - {stop, {shutdown,"TCP connenction to server was prematurely closed by the client"}}; - -handle_event(_, _Event, {init_error,OtherError}, _State) -> - {stop, {shutdown,{init,OtherError}}}; +handle_event(_, _Event, {init_error,Error}, _) -> + case Error of + {badmatch,{error,enotconn}} -> + %% Handles the abnormal sequence: + %% SYN-> + %% <-SYNACK + %% ACK-> + %% RST-> + {stop, {shutdown,"TCP connenction to server was prematurely closed by the client"}}; + + OtherError -> + {stop, {shutdown,{init,OtherError}}} + end; %%% ######## {hello, client|server} #### -handle_event(_, socket_control, StateName={hello,_}, S=#data{socket=Socket, - ssh_params=Ssh}) -> - VsnMsg = ssh_transport:hello_version_msg(string_version(Ssh)), - send_bytes(VsnMsg, S), - case getopt(recbuf, Socket) of +%% The very first event that is sent when the we are set as controlling process of Socket +handle_event(_, socket_control, {hello,_}, D) -> + VsnMsg = ssh_transport:hello_version_msg(string_version(D#data.ssh_params)), + ok = send_bytes(VsnMsg, D), + case getopt(recbuf, Socket=D#data.socket) of {ok, Size} -> - inet:setopts(Socket, [{packet, line}, {active, once}, {recbuf, ?MAX_PROTO_VERSION}, {nodelay,true}]), - {next_state, StateName, S#data{recbuf=Size}}; + %% Set the socket to the hello text line handling mode: + inet:setopts(Socket, [{packet, line}, + {active, once}, + % Expecting the version string which might + % be max ?MAX_PROTO_VERSION bytes: + {recbuf, ?MAX_PROTO_VERSION}, + {nodelay,true}]), + {keep_state, D#data{recbuf_size=Size}}; {error, Reason} -> {stop, {shutdown,Reason}} end; -handle_event(_, {info_line,_Line}, StateName={hello,client}, S=#data{socket=Socket}) -> - %% The server may send info lines before the version_exchange - inet:setopts(Socket, [{active, once}]), - {next_state, StateName, S}; - -handle_event(_, {info_line,_Line}, {hello,server}, S) -> - %% as openssh - send_bytes("Protocol mismatch.", S), - {stop, {shutdown,"Protocol mismatch in version exchange."}}; +handle_event(_, {info_line,_Line}, {hello,Role}, D) -> + case Role of + client -> + %% The server may send info lines to the client before the version_exchange + inet:setopts(D#data.socket, [{active, once}]), + keep_state_and_data; + server -> + %% But the client may NOT send them to the server. Openssh answers with cleartext, + %% and so do we + ok = send_bytes("Protocol mismatch.", D), + {stop, {shutdown,"Protocol mismatch in version exchange. Client sent info lines."}} + end; -handle_event(_, {version_exchange,Version}, {hello,Role}, S=#data{ssh_params = Ssh0, - socket = Socket, - recbuf = Size}) -> +handle_event(_, {version_exchange,Version}, {hello,Role}, D) -> {NumVsn, StrVsn} = ssh_transport:handle_hello_version(Version), - case handle_version(NumVsn, StrVsn, Ssh0) of + case handle_version(NumVsn, StrVsn, D#data.ssh_params) of {ok, Ssh1} -> - inet:setopts(Socket, [{packet,0}, {mode,binary}, {active, once}, {recbuf, Size}]), + %% Since the hello part is finnished correctly, we set the + %% socket to the packet handling mode (including recbuf size): + inet:setopts(D#data.socket, [{packet,0}, + {mode,binary}, + {active, once}, + {recbuf, D#data.recbuf_size}]), {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh1), - send_bytes(SshPacket, S), - {next_state, {kexinit,Role,init}, S#data{ssh_params = Ssh, - key_exchange_init_msg = KeyInitMsg}}; + ok = send_bytes(SshPacket, D), + {next_state, {kexinit,Role,init}, D#data{ssh_params = Ssh, + key_exchange_init_msg = KeyInitMsg}}; not_supported -> disconnect( #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED, description = ["Protocol version ",StrVsn," not supported"]}, - {next_state, {hello,Role}, S}) + {next_state, {hello,Role}, D}) end; %%% ######## {kexinit, client|server, init|renegotiate} #### -handle_event(_, {#ssh_msg_kexinit{} = Kex, Payload}, {kexinit,client,ReNeg}, - S = #data{ssh_params = Ssh0, - key_exchange_init_msg = OwnKex}) -> - Ssh1 = ssh_transport:key_init(server, Ssh0, Payload), % Yes, *server* - {ok, NextKexMsg, Ssh} = ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1), - send_bytes(NextKexMsg, S), - {next_state, {key_exchange,client,ReNeg}, S#data{ssh_params = Ssh}}; - -handle_event(_, {#ssh_msg_kexinit{} = Kex, Payload}, {kexinit,server,ReNeg}, - S = #data{ssh_params = Ssh0, - key_exchange_init_msg = OwnKex}) -> - Ssh1 = ssh_transport:key_init(client, Ssh0, Payload), % Yes, *client* - {ok, Ssh} = ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1), - {next_state, {key_exchange,server,ReNeg}, S#data{ssh_params = Ssh}}; +handle_event(_, {#ssh_msg_kexinit{}=Kex, Payload}, {kexinit,Role,ReNeg}, + D = #data{key_exchange_init_msg = OwnKex}) -> + Ssh1 = ssh_transport:key_init(peer_role(Role), D#data.ssh_params, Payload), + Ssh = case ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1) of + {ok, NextKexMsg, Ssh2} when Role==client -> + ok = send_bytes(NextKexMsg, D), + Ssh2; + {ok, Ssh2} when Role==server -> + Ssh2 + end, + {next_state, {key_exchange,Role,ReNeg}, D#data{ssh_params=Ssh}}; %%% ######## {key_exchange, client|server, init|renegotiate} #### -handle_event(_, #ssh_msg_kexdh_init{} = Msg, {key_exchange,server,ReNeg}, - S = #data{ssh_params = Ssh0}) -> - {ok, KexdhReply, Ssh1} = ssh_transport:handle_kexdh_init(Msg, Ssh0), - send_bytes(KexdhReply, S), +%%%---- diffie-hellman +handle_event(_, #ssh_msg_kexdh_init{} = Msg, {key_exchange,server,ReNeg}, D) -> + {ok, KexdhReply, Ssh1} = ssh_transport:handle_kexdh_init(Msg, D#data.ssh_params), + ok = send_bytes(KexdhReply, D), {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), - send_bytes(NewKeys, S), - {next_state, {new_keys,server,ReNeg}, S#data{ssh_params = Ssh}}; - -handle_event(_, #ssh_msg_kexdh_reply{} = Msg, {key_exchange,client,ReNeg}, - #data{ssh_params=Ssh0} = State) -> - {ok, NewKeys, Ssh} = ssh_transport:handle_kexdh_reply(Msg, Ssh0), - send_bytes(NewKeys, State), - {next_state, {new_keys,client,ReNeg}, State#data{ssh_params = Ssh}}; - -handle_event(_, #ssh_msg_kex_dh_gex_request{} = Msg, {key_exchange,server,ReNeg}, - #data{ssh_params=Ssh0} = State) -> - {ok, GexGroup, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0), - send_bytes(GexGroup, State), - {next_state, {key_exchange_dh_gex_init,server,ReNeg}, State#data{ssh_params = Ssh}}; - -handle_event(_, #ssh_msg_kex_dh_gex_request_old{} = Msg, {key_exchange,server,ReNeg}, - #data{ssh_params=Ssh0} = State) -> - {ok, GexGroup, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, Ssh0), - send_bytes(GexGroup, State), - {next_state, {key_exchange_dh_gex_init,server,ReNeg}, State#data{ssh_params = Ssh}}; - -handle_event(_, #ssh_msg_kex_dh_gex_group{} = Msg, {key_exchange,client,ReNeg}, - #data{ssh_params=Ssh0} = State) -> - {ok, KexGexInit, Ssh} = ssh_transport:handle_kex_dh_gex_group(Msg, Ssh0), - send_bytes(KexGexInit, State), - {next_state, {key_exchange_dh_gex_reply,client,ReNeg}, State#data{ssh_params = Ssh}}; - -handle_event(_, #ssh_msg_kex_ecdh_init{} = Msg, {key_exchange,server,ReNeg}, - #data{ssh_params=Ssh0} = State) -> - {ok, KexEcdhReply, Ssh1} = ssh_transport:handle_kex_ecdh_init(Msg, Ssh0), - send_bytes(KexEcdhReply, State), + ok = send_bytes(NewKeys, D), + {next_state, {new_keys,server,ReNeg}, D#data{ssh_params=Ssh}}; + +handle_event(_, #ssh_msg_kexdh_reply{} = Msg, {key_exchange,client,ReNeg}, D) -> + {ok, NewKeys, Ssh} = ssh_transport:handle_kexdh_reply(Msg, D#data.ssh_params), + ok = send_bytes(NewKeys, D), + {next_state, {new_keys,client,ReNeg}, D#data{ssh_params=Ssh}}; + +%%%---- diffie-hellman group exchange +handle_event(_, #ssh_msg_kex_dh_gex_request{} = Msg, {key_exchange,server,ReNeg}, D) -> + {ok, GexGroup, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, D#data.ssh_params), + ok = send_bytes(GexGroup, D), + {next_state, {key_exchange_dh_gex_init,server,ReNeg}, D#data{ssh_params=Ssh}}; + +handle_event(_, #ssh_msg_kex_dh_gex_request_old{} = Msg, {key_exchange,server,ReNeg}, D) -> + {ok, GexGroup, Ssh} = ssh_transport:handle_kex_dh_gex_request(Msg, D#data.ssh_params), + ok = send_bytes(GexGroup, D), + {next_state, {key_exchange_dh_gex_init,server,ReNeg}, D#data{ssh_params=Ssh}}; + +handle_event(_, #ssh_msg_kex_dh_gex_group{} = Msg, {key_exchange,client,ReNeg}, D) -> + {ok, KexGexInit, Ssh} = ssh_transport:handle_kex_dh_gex_group(Msg, D#data.ssh_params), + ok = send_bytes(KexGexInit, D), + {next_state, {key_exchange_dh_gex_reply,client,ReNeg}, D#data{ssh_params=Ssh}}; + +%%%---- elliptic curve diffie-hellman +handle_event(_, #ssh_msg_kex_ecdh_init{} = Msg, {key_exchange,server,ReNeg}, D) -> + {ok, KexEcdhReply, Ssh1} = ssh_transport:handle_kex_ecdh_init(Msg, D#data.ssh_params), + ok = send_bytes(KexEcdhReply, D), {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), - send_bytes(NewKeys, State), - {next_state, {new_keys,server,ReNeg}, State#data{ssh_params = Ssh}}; + ok = send_bytes(NewKeys, D), + {next_state, {new_keys,server,ReNeg}, D#data{ssh_params=Ssh}}; -handle_event(_, #ssh_msg_kex_ecdh_reply{} = Msg, {key_exchange,client,ReNeg}, - #data{ssh_params=Ssh0} = State) -> - {ok, NewKeys, Ssh} = ssh_transport:handle_kex_ecdh_reply(Msg, Ssh0), - send_bytes(NewKeys, State), - {next_state, {new_keys,client,ReNeg}, State#data{ssh_params = Ssh}}; +handle_event(_, #ssh_msg_kex_ecdh_reply{} = Msg, {key_exchange,client,ReNeg}, D) -> + {ok, NewKeys, Ssh} = ssh_transport:handle_kex_ecdh_reply(Msg, D#data.ssh_params), + ok = send_bytes(NewKeys, D), + {next_state, {new_keys,client,ReNeg}, D#data{ssh_params=Ssh}}; %%% ######## {key_exchange_dh_gex_init, server, init|renegotiate} #### -handle_event(_, #ssh_msg_kex_dh_gex_init{} = Msg, {key_exchange_dh_gex_init,server,ReNeg}, - #data{ssh_params=Ssh0} = State) -> - {ok, KexGexReply, Ssh1} = ssh_transport:handle_kex_dh_gex_init(Msg, Ssh0), - send_bytes(KexGexReply, State), +handle_event(_, #ssh_msg_kex_dh_gex_init{} = Msg, {key_exchange_dh_gex_init,server,ReNeg}, D) -> + {ok, KexGexReply, Ssh1} = ssh_transport:handle_kex_dh_gex_init(Msg, D#data.ssh_params), + ok = send_bytes(KexGexReply, D), {ok, NewKeys, Ssh} = ssh_transport:new_keys_message(Ssh1), - send_bytes(NewKeys, State), - {next_state, {new_keys,server,ReNeg}, State#data{ssh_params = Ssh}}; + ok = send_bytes(NewKeys, D), + {next_state, {new_keys,server,ReNeg}, D#data{ssh_params=Ssh}}; %%% ######## {key_exchange_dh_gex_reply, client, init|renegotiate} #### -handle_event(_, #ssh_msg_kex_dh_gex_reply{} = Msg, {key_exchange_dh_gex_reply,client,ReNeg}, - #data{ssh_params=Ssh0} = State) -> - {ok, NewKeys, Ssh1} = ssh_transport:handle_kex_dh_gex_reply(Msg, Ssh0), - send_bytes(NewKeys, State), - {next_state, {new_keys,client,ReNeg}, State#data{ssh_params = Ssh1}}; +handle_event(_, #ssh_msg_kex_dh_gex_reply{} = Msg, {key_exchange_dh_gex_reply,client,ReNeg}, D) -> + {ok, NewKeys, Ssh1} = ssh_transport:handle_kex_dh_gex_reply(Msg, D#data.ssh_params), + ok = send_bytes(NewKeys, D), + {next_state, {new_keys,client,ReNeg}, D#data{ssh_params=Ssh1}}; %%% ######## {new_keys, client|server} #### -handle_event(_, #ssh_msg_newkeys{} = Msg, {new_keys,client,init}, - #data{ssh_params = Ssh0} = State) -> - {ok, Ssh1} = ssh_transport:handle_new_keys(Msg, Ssh0), - {MsgReq, Ssh} = ssh_auth:service_request_msg(Ssh1), - send_bytes(MsgReq, State), - {next_state, {service_request,client}, State#data{ssh_params=Ssh}}; - -handle_event(_, #ssh_msg_newkeys{} = Msg, {new_keys,server,init}, - S = #data{ssh_params = Ssh0}) -> - {ok, Ssh} = ssh_transport:handle_new_keys(Msg, Ssh0), - {next_state, {service_request,server}, S#data{ssh_params = Ssh}}; - -handle_event(_, #ssh_msg_newkeys{}, {new_keys,Role,renegotiate}, S) -> - {next_state, {connected,Role}, S}; - +%% First key exchange round: +handle_event(_, #ssh_msg_newkeys{} = Msg, {new_keys,Role,init}, D) -> + {ok, Ssh1} = ssh_transport:handle_new_keys(Msg, D#data.ssh_params), + Ssh = case Role of + client -> + {MsgReq, Ssh2} = ssh_auth:service_request_msg(Ssh1), + ok = send_bytes(MsgReq, D), + Ssh2; + server -> + Ssh1 + end, + {next_state, {service_request,Role}, D#data{ssh_params=Ssh}}; + +%% Subsequent key exchange rounds (renegotiation): +handle_event(_, #ssh_msg_newkeys{}, {new_keys,Role,renegotiate}, D) -> + {next_state, {connected,Role}, D}; %%% ######## {service_request, client|server} -handle_event(_, #ssh_msg_service_request{name = "ssh-userauth"} = Msg, {service_request,server}, - #data{ssh_params = #ssh{session_id=SessionId} = Ssh0} = State) -> - {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0), - send_bytes(Reply, State), - {next_state, {userauth,server}, State#data{ssh_params = Ssh}}; +handle_event(_, Msg = #ssh_msg_service_request{name=ServiceName}, StateName = {service_request,server}, D) -> + case ServiceName of + "ssh-userauth" -> + Ssh0 = #ssh{session_id=SessionId} = D#data.ssh_params, + {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0), + ok = send_bytes(Reply, D), + {next_state, {userauth,server}, D#data{ssh_params = Ssh}}; -handle_event(_, #ssh_msg_service_request{}, {service_request,server}=StateName, State) -> - Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = "Unknown service"}, - disconnect(Msg, StateName, State); + _ -> + disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "Unknown service"}, + StateName, D) + end; handle_event(_, #ssh_msg_service_accept{name = "ssh-userauth"}, {service_request,client}, #data{ssh_params = #ssh{service="ssh-userauth"} = Ssh0} = State) -> {Msg, Ssh} = ssh_auth:init_userauth_request_msg(Ssh0), - send_bytes(Msg, State), + ok = send_bytes(Msg, State), {next_state, {userauth,client}, State#data{auth_user = Ssh#ssh.user, ssh_params = Ssh}}; %%% ######## {userauth, client|server} #### -handle_event(_, #ssh_msg_userauth_request{service = "ssh-connection", - method = "none"} = Msg, StateName={userauth,server}, - #data{ssh_params = #ssh{session_id = SessionId, - service = "ssh-connection"} = Ssh0 - } = State) -> - {not_authorized, {_User, _Reason}, {Reply, Ssh}} = - ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0), - send_bytes(Reply, State), - {next_state, StateName, State#data{ssh_params = Ssh}}; - -handle_event(_, #ssh_msg_userauth_request{service = "ssh-connection", - method = Method} = Msg, StateName={userauth,server}, - #data{ssh_params = #ssh{session_id = SessionId, - service = "ssh-connection", - peer = {_, Address}} = Ssh0, - opts = Opts, starter = Pid} = State) -> - case lists:member(Method, Ssh0#ssh.userauth_methods) of - true -> - case ssh_auth:handle_userauth_request(Msg, SessionId, Ssh0) of - {authorized, User, {Reply, Ssh}} -> - send_bytes(Reply, State), - Pid ! ssh_connected, - connected_fun(User, Address, Method, Opts), - {next_state, {connected,server}, - State#data{auth_user = User, ssh_params = Ssh#ssh{authenticated = true}}}; - {not_authorized, {User, Reason}, {Reply, Ssh}} when Method == "keyboard-interactive" -> - retry_fun(User, Address, Reason, Opts), - send_bytes(Reply, State), - {next_state, {userauth_keyboard_interactive,server}, State#data{ssh_params = Ssh}}; - {not_authorized, {User, Reason}, {Reply, Ssh}} -> - retry_fun(User, Address, Reason, Opts), - send_bytes(Reply, State), - {next_state, StateName, State#data{ssh_params = Ssh}} +%%---- userauth request to server +handle_event(_, + Msg = #ssh_msg_userauth_request{service = ServiceName, method = Method}, + StateName = {userauth,server}, + D = #data{ssh_params=Ssh0}) -> + + case {ServiceName, Ssh0#ssh.service, Method} of + {"ssh-connection", "ssh-connection", "none"} -> + %% Probably the very first userauth_request but we deny unauthorized login + {not_authorized, _, {Reply,Ssh}} = + ssh_auth:handle_userauth_request(Msg, Ssh0#ssh.session_id, Ssh0), + ok = send_bytes(Reply, D), + {keep_state, D#data{ssh_params = Ssh}}; + + {"ssh-connection", "ssh-connection", Method} -> + %% Userauth request with a method like "password" or so + case lists:member(Method, Ssh0#ssh.userauth_methods) of + true -> + %% Yepp! we support this method + case ssh_auth:handle_userauth_request(Msg, Ssh0#ssh.session_id, Ssh0) of + {authorized, User, {Reply, Ssh}} -> + ok = send_bytes(Reply, D), + D#data.starter ! ssh_connected, + connected_fun(User, Method, D), + {next_state, {connected,server}, + D#data{auth_user = User, + ssh_params = Ssh#ssh{authenticated = true}}}; + {not_authorized, {User, Reason}, {Reply, Ssh}} when Method == "keyboard-interactive" -> + retry_fun(User, Reason, D), + ok = send_bytes(Reply, D), + {next_state, {userauth_keyboard_interactive,server}, D#data{ssh_params = Ssh}}; + {not_authorized, {User, Reason}, {Reply, Ssh}} -> + retry_fun(User, Reason, D), + ok = send_bytes(Reply, D), + {keep_state, D#data{ssh_params = Ssh}} + end; + false -> + %% No we do not support this method (=/= none) + %% At least one non-erlang client does like this. Retry as the next event + {keep_state_and_data, + [{next_event, internal, Msg#ssh_msg_userauth_request{method="none"}}] + } end; - false -> - %% At least one non-erlang client does like this. Retry as the next event - {next_state, StateName, State, - [{next_event, internal, Msg#ssh_msg_userauth_request{method="none"}}] - } - end; -handle_event(_, #ssh_msg_userauth_request{service = Service}, {userauth,server}=StateName, State) - when Service =/= "ssh-connection" -> - Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, - description = "Unknown service"}, - disconnect(Msg, StateName, State); + %% {"ssh-connection", Expected, Method} when Expected =/= ServiceName -> Do what? + %% {ServiceName, Expected, Method} when Expected =/= ServiceName -> Do what? + + {ServiceName, _, _} when ServiceName =/= "ssh-connection" -> + disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, + description = "Unknown service"}, + StateName, D) + end; + +%%---- userauth success to client +handle_event(_, #ssh_msg_userauth_success{}, {userauth,client}, D=#data{ssh_params = Ssh}) -> + D#data.starter ! ssh_connected, + {next_state, {connected,client}, D#data{ssh_params=Ssh#ssh{authenticated = true}}}; -handle_event(_, #ssh_msg_userauth_success{}, {userauth,client}, #data{ssh_params = Ssh, - starter = Pid} = State) -> - Pid ! ssh_connected, - {next_state, {connected,client}, State#data{ssh_params=Ssh#ssh{authenticated = true}}}; +%%---- userauth failure response to client handle_event(_, #ssh_msg_userauth_failure{}, {userauth,client}=StateName, - #data{ssh_params = #ssh{userauth_methods = []}} = State) -> + D = #data{ssh_params = #ssh{userauth_methods = []}}) -> Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE, description = "Unable to connect using the available" " authentication methods"}, - disconnect(Msg, StateName, State); + disconnect(Msg, StateName, D); handle_event(_, #ssh_msg_userauth_failure{authentications = Methods}, StateName={userauth,client}, - #data{ssh_params = Ssh0 = #ssh{userauth_methods=AuthMthds}} = State) -> + D = #data{ssh_params = Ssh0}) -> %% The prefered authentication method failed try next method - Ssh1 = case AuthMthds of + Ssh1 = case Ssh0#ssh.userauth_methods of none -> %% Server tells us which authentication methods that are allowed Ssh0#ssh{userauth_methods = string:tokens(Methods, ",")}; @@ -734,522 +782,501 @@ handle_event(_, #ssh_msg_userauth_failure{authentications = Methods}, StateName= end, case ssh_auth:userauth_request_msg(Ssh1) of {disconnect, DisconnectMsg, {Msg, Ssh}} -> - send_bytes(Msg, State), - disconnect(DisconnectMsg, StateName, State#data{ssh_params = Ssh}); + send_bytes(Msg, D), + disconnect(DisconnectMsg, StateName, D#data{ssh_params = Ssh}); {"keyboard-interactive", {Msg, Ssh}} -> - send_bytes(Msg, State), - {next_state, {userauth_keyboard_interactive,client}, State#data{ssh_params = Ssh}}; + send_bytes(Msg, D), + {next_state, {userauth_keyboard_interactive,client}, D#data{ssh_params = Ssh}}; {_Method, {Msg, Ssh}} -> - send_bytes(Msg, State), - {next_state, StateName, State#data{ssh_params = Ssh}} + send_bytes(Msg, D), + {keep_state, D#data{ssh_params = Ssh}} end; -handle_event(_, #ssh_msg_userauth_banner{}, StateName={userauth,client}, - #data{ssh_params = #ssh{userauth_quiet_mode=true}} = State) -> - {next_state, StateName, State}; - -handle_event(_, #ssh_msg_userauth_banner{message = Msg}, StateName={userauth,client}, - #data{ssh_params = #ssh{userauth_quiet_mode=false}} = State) -> - io:format("~s", [Msg]), - {next_state, StateName, State}; +%%---- banner to client +handle_event(_, #ssh_msg_userauth_banner{message = Msg}, {userauth,client}, D) -> + case D#data.ssh_params#ssh.userauth_quiet_mode of + false -> io:format("~s", [Msg]); + true -> ok + end, + keep_state_and_data; %%% ######## {userauth_keyboard_interactive, client|server} handle_event(_, #ssh_msg_userauth_info_request{} = Msg, {userauth_keyboard_interactive, client}, - #data{ssh_params = #ssh{io_cb=IoCb} = Ssh0} = State) -> - {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_info_request(Msg, IoCb, Ssh0), - send_bytes(Reply, State), - {next_state, {userauth_keyboard_interactive_info_response,client}, State#data{ssh_params = Ssh}}; - -handle_event(_, #ssh_msg_userauth_info_response{} = Msg, {userauth_keyboard_interactive, server}, - #data{ssh_params = #ssh{peer = {_,Address}} = Ssh0, - opts = Opts, - starter = Pid} = State) -> - case ssh_auth:handle_userauth_info_response(Msg, Ssh0) of + #data{ssh_params = Ssh0} = D) -> + {ok, {Reply, Ssh}} = ssh_auth:handle_userauth_info_request(Msg, Ssh0#ssh.io_cb, Ssh0), + send_bytes(Reply, D), + {next_state, {userauth_keyboard_interactive_info_response,client}, D#data{ssh_params = Ssh}}; + +handle_event(_, #ssh_msg_userauth_info_response{} = Msg, {userauth_keyboard_interactive, server}, D) -> + case ssh_auth:handle_userauth_info_response(Msg, D#data.ssh_params) of {authorized, User, {Reply, Ssh}} -> - send_bytes(Reply, State), - Pid ! ssh_connected, - connected_fun(User, Address, "keyboard-interactive", Opts), - {next_state, {connected,server}, State#data{auth_user = User, - ssh_params = Ssh#ssh{authenticated = true}}}; + send_bytes(Reply, D), + D#data.starter ! ssh_connected, + connected_fun(User, "keyboard-interactive", D), + {next_state, {connected,server}, D#data{auth_user = User, + ssh_params = Ssh#ssh{authenticated = true}}}; {not_authorized, {User, Reason}, {Reply, Ssh}} -> - retry_fun(User, Address, Reason, Opts), - send_bytes(Reply, State), - {next_state, {userauth,server}, State#data{ssh_params = Ssh}} + retry_fun(User, Reason, D), + send_bytes(Reply, D), + {next_state, {userauth,server}, D#data{ssh_params = Ssh}} end; handle_event(_, Msg = #ssh_msg_userauth_failure{}, {userauth_keyboard_interactive, client}, - #data{ssh_params = Ssh0 = #ssh{userauth_preference=Prefs0}} = State) -> - Prefs = [{Method,M,F,A} || {Method,M,F,A} <- Prefs0, + #data{ssh_params = Ssh0} = D0) -> + Prefs = [{Method,M,F,A} || {Method,M,F,A} <- Ssh0#ssh.userauth_preference, Method =/= "keyboard-interactive"], - {next_state, {userauth,client}, - State#data{ssh_params = Ssh0#ssh{userauth_preference=Prefs}}, - [{next_event, internal, Msg}]}; + D = D0#data{ssh_params = Ssh0#ssh{userauth_preference=Prefs}}, + {next_state, {userauth,client}, D, [{next_event, internal, Msg}]}; -handle_event(_, Msg=#ssh_msg_userauth_failure{}, {userauth_keyboard_interactive_info_response, client}, S) -> - {next_state, {userauth,client}, S, [{next_event, internal, Msg}]}; +handle_event(_, Msg=#ssh_msg_userauth_failure{}, {userauth_keyboard_interactive_info_response, client}, D) -> + {next_state, {userauth,client}, D, [{next_event, internal, Msg}]}; -handle_event(_, Msg=#ssh_msg_userauth_success{}, {userauth_keyboard_interactive_info_response, client}, S) -> - {next_state, {userauth,client}, S, [{next_event, internal, Msg}]}; +handle_event(_, Msg=#ssh_msg_userauth_success{}, {userauth_keyboard_interactive_info_response, client}, D) -> + {next_state, {userauth,client}, D, [{next_event, internal, Msg}]}; -handle_event(_, Msg=#ssh_msg_userauth_info_request{}, {userauth_keyboard_interactive_info_response, client}, S) -> - {next_state, {userauth_keyboard_interactive,client}, S, [{next_event, internal, Msg}]}; +handle_event(_, Msg=#ssh_msg_userauth_info_request{}, {userauth_keyboard_interactive_info_response, client}, D) -> + {next_state, {userauth_keyboard_interactive,client}, D, [{next_event, internal, Msg}]}; %%% ######## {connected, client|server} #### -handle_event(_, {#ssh_msg_kexinit{},_} = Event, {connected,Role}, #data{ssh_params = Ssh0} = State0) -> - {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), - State = State0#data{ssh_params = Ssh, - key_exchange_init_msg = KeyInitMsg}, - send_bytes(SshPacket, State), - {next_state, {kexinit,Role,renegotiate}, State, [{next_event, internal, Event}]}; +handle_event(_, {#ssh_msg_kexinit{},_} = Event, {connected,Role}, D0) -> + {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(D0#data.ssh_params), + D = D0#data{ssh_params = Ssh, + key_exchange_init_msg = KeyInitMsg}, + send_bytes(SshPacket, D), + {next_state, {kexinit,Role,renegotiate}, D, [{next_event, internal, Event}]}; + +handle_event(_, #ssh_msg_disconnect{description=Desc} = Msg, StateName, D0) -> + {disconnect, _, {{replies,Replies}, _}} = + ssh_connection:handle_msg(Msg, D0#data.connection_state, role(StateName)), + {Actions,D} = send_replies(Replies, D0), + disconnect_fun(Desc, D), + {stop_and_reply, {shutdown,Desc}, Actions, D}; -handle_event(_, #ssh_msg_disconnect{description=Desc} = Msg, StateName, - State0 = #data{connection_state = Connection0}) -> - {disconnect, _, {{replies, Replies}, _Connection}} = - ssh_connection:handle_msg(Msg, Connection0, role(StateName)), - {Repls,State} = send_replies(Replies, State0), - disconnect_fun(Desc, State#data.opts), - {stop_and_reply, {shutdown,Desc}, Repls, State}; +handle_event(_, #ssh_msg_ignore{}, _, _) -> + keep_state_and_data; -handle_event(_, #ssh_msg_ignore{}, StateName, State) -> - {next_state, StateName, State}; +handle_event(_, #ssh_msg_unimplemented{}, _, _) -> + keep_state_and_data; -handle_event(_, #ssh_msg_debug{always_display = Display, - message = DbgMsg, - language = Lang}, StateName, #data{opts = Opts} = State) -> - F = proplists:get_value(ssh_msg_debug_fun, Opts, - fun(_ConnRef, _AlwaysDisplay, _Msg, _Language) -> ok end - ), - catch F(self(), Display, DbgMsg, Lang), - {next_state, StateName, State}; +handle_event(_, #ssh_msg_debug{} = Msg, _, D) -> + debug_fun(Msg, D), + keep_state_and_data; -handle_event(_, #ssh_msg_unimplemented{}, StateName, State) -> - {next_state, StateName, State}; +handle_event(internal, Msg=#ssh_msg_global_request{}, StateName, D) -> + handle_connection_msg(Msg, StateName, D); -handle_event(internal, Msg=#ssh_msg_global_request{}, StateName, State) -> - handle_connection_msg(Msg, StateName, State); +handle_event(internal, Msg=#ssh_msg_request_success{}, StateName, D) -> + handle_connection_msg(Msg, StateName, D); -handle_event(internal, Msg=#ssh_msg_request_success{}, StateName, State) -> - handle_connection_msg(Msg, StateName, State); +handle_event(internal, Msg=#ssh_msg_request_failure{}, StateName, D) -> + handle_connection_msg(Msg, StateName, D); -handle_event(internal, Msg=#ssh_msg_request_failure{}, StateName, State) -> - handle_connection_msg(Msg, StateName, State); +handle_event(internal, Msg=#ssh_msg_channel_open{}, StateName, D) -> + handle_connection_msg(Msg, StateName, D); -handle_event(internal, Msg=#ssh_msg_channel_open{}, StateName, State) -> - handle_connection_msg(Msg, StateName, State); +handle_event(internal, Msg=#ssh_msg_channel_open_confirmation{}, StateName, D) -> + handle_connection_msg(Msg, StateName, D); -handle_event(internal, Msg=#ssh_msg_channel_open_confirmation{}, StateName, State) -> - handle_connection_msg(Msg, StateName, State); +handle_event(internal, Msg=#ssh_msg_channel_open_failure{}, StateName, D) -> + handle_connection_msg(Msg, StateName, D); -handle_event(internal, Msg=#ssh_msg_channel_open_failure{}, StateName, State) -> - handle_connection_msg(Msg, StateName, State); +handle_event(internal, Msg=#ssh_msg_channel_window_adjust{}, StateName, D) -> + handle_connection_msg(Msg, StateName, D); -handle_event(internal, Msg=#ssh_msg_channel_window_adjust{}, StateName, State) -> - handle_connection_msg(Msg, StateName, State); +handle_event(internal, Msg=#ssh_msg_channel_data{}, StateName, D) -> + handle_connection_msg(Msg, StateName, D); -handle_event(internal, Msg=#ssh_msg_channel_data{}, StateName, State) -> - handle_connection_msg(Msg, StateName, State); +handle_event(internal, Msg=#ssh_msg_channel_extended_data{}, StateName, D) -> + handle_connection_msg(Msg, StateName, D); -handle_event(internal, Msg=#ssh_msg_channel_extended_data{}, StateName, State) -> - handle_connection_msg(Msg, StateName, State); +handle_event(internal, Msg=#ssh_msg_channel_eof{}, StateName, D) -> + handle_connection_msg(Msg, StateName, D); -handle_event(internal, Msg=#ssh_msg_channel_eof{}, StateName, State) -> - handle_connection_msg(Msg, StateName, State); +handle_event(internal, Msg=#ssh_msg_channel_close{}, StateName, D) -> + handle_connection_msg(Msg, StateName, D); -handle_event(internal, Msg=#ssh_msg_channel_close{}, StateName, State) -> - handle_connection_msg(Msg, StateName, State); +handle_event(internal, Msg=#ssh_msg_channel_request{}, StateName, D) -> + handle_connection_msg(Msg, StateName, D); -handle_event(internal, Msg=#ssh_msg_channel_request{}, StateName, State) -> - handle_connection_msg(Msg, StateName, State); +handle_event(internal, Msg=#ssh_msg_channel_success{}, StateName, D) -> + handle_connection_msg(Msg, StateName, D); -handle_event(internal, Msg=#ssh_msg_channel_success{}, StateName, State) -> - handle_connection_msg(Msg, StateName, State); +handle_event(internal, Msg=#ssh_msg_channel_failure{}, StateName, D) -> + handle_connection_msg(Msg, StateName, D); -handle_event(internal, Msg=#ssh_msg_channel_failure{}, StateName, State) -> - handle_connection_msg(Msg, StateName, State); -handle_event(cast, renegotiate, {connected,Role}, #data{ssh_params=Ssh0} = State) -> - {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), - send_bytes(SshPacket, State), -%%% FIXME: timer +handle_event(cast, renegotiate, {connected,Role}, D) -> + {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(D#data.ssh_params), + send_bytes(SshPacket, D), timer:apply_after(?REKEY_TIMOUT, gen_statem, cast, [self(), renegotiate]), - {next_state, {kexinit,Role,renegotiate}, State#data{ssh_params = Ssh, - key_exchange_init_msg = KeyInitMsg}}; + {next_state, {kexinit,Role,renegotiate}, D#data{ssh_params = Ssh, + key_exchange_init_msg = KeyInitMsg}}; -handle_event(cast, renegotiate, StateName, State) -> +handle_event(cast, renegotiate, _, _) -> %% Already in key-exchange so safe to ignore - {next_state, StateName, State}; + timer:apply_after(?REKEY_TIMOUT, gen_statem, cast, [self(), renegotiate]), % FIXME: not here in original + keep_state_and_data; + %% Rekey due to sent data limit reached? -handle_event(cast, data_size, {connected,Role}, #data{ssh_params=Ssh0} = State) -> - {ok, [{send_oct,Sent0}]} = inet:getstat(State#data.socket, [send_oct]), - Sent = Sent0 - State#data.last_size_rekey, - MaxSent = proplists:get_value(rekey_limit, State#data.opts, 1024000000), -%%% FIXME: timer +handle_event(cast, data_size, {connected,Role}, D) -> + {ok, [{send_oct,Sent0}]} = inet:getstat(D#data.socket, [send_oct]), + Sent = Sent0 - D#data.last_size_rekey, + MaxSent = proplists:get_value(rekey_limit, D#data.opts, 1024000000), timer:apply_after(?REKEY_DATA_TIMOUT, gen_statem, cast, [self(), data_size]), case Sent >= MaxSent of true -> - {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh0), - send_bytes(SshPacket, State), - {next_state, {kexinit,Role,renegotiate}, State#data{ssh_params = Ssh, - key_exchange_init_msg = KeyInitMsg, - last_size_rekey = Sent0}}; + {KeyInitMsg, SshPacket, Ssh} = + ssh_transport:key_exchange_init_msg(D#data.ssh_params), + send_bytes(SshPacket, D), + {next_state, {kexinit,Role,renegotiate}, D#data{ssh_params = Ssh, + key_exchange_init_msg = KeyInitMsg, + last_size_rekey = Sent0}}; _ -> - {next_state, {connected,Role}, State} + keep_state_and_data end; -handle_event(cast, data_size, StateName, State) -> +handle_event(cast, data_size, _, _) -> %% Already in key-exchange so safe to ignore - {next_state, StateName, State}; + timer:apply_after(?REKEY_DATA_TIMOUT, gen_statem, cast, [self(), data_size]), % FIXME: not here in original + keep_state_and_data; + + -handle_event(cast, _, StateName, State) when StateName /= {connected,server}, - StateName /= {connected,client} -> - {next_state, StateName, State, [postpone]}; +handle_event(cast, _, StateName, _) when StateName /= {connected,server}, + StateName /= {connected,client} -> + {keep_state_and_data, [postpone]}; -handle_event(cast, {adjust_window,ChannelId,Bytes}, StateName={connected,_Role}, - #data{connection_state = - #connection{channel_cache = Cache}} = State0) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of + +handle_event(cast, {adjust_window,ChannelId,Bytes}, {connected,_}, D) -> + case ssh_channel:cache_lookup(cache(D), ChannelId) of #channel{recv_window_size = WinSize, recv_window_pending = Pending, recv_packet_size = PktSize} = Channel when (WinSize-Bytes) >= 2*PktSize -> %% The peer can send at least two more *full* packet, no hurry. - ssh_channel:cache_update(Cache, + ssh_channel:cache_update(cache(D), Channel#channel{recv_window_pending = Pending + Bytes}), - {next_state, StateName, State0}; - + keep_state_and_data; + #channel{recv_window_size = WinSize, recv_window_pending = Pending, remote_id = Id} = Channel -> %% Now we have to update the window - we can't receive so many more pkts - ssh_channel:cache_update(Cache, + ssh_channel:cache_update(cache(D), Channel#channel{recv_window_size = WinSize + Bytes + Pending, recv_window_pending = 0}), Msg = ssh_connection:channel_adjust_window_msg(Id, Bytes + Pending), - {next_state, StateName, send_msg(Msg,State0)}; - + {keep_state, send_msg(Msg,D)}; + undefined -> - {next_state, StateName, State0} + keep_state_and_data end; -handle_event(cast, {reply_request,success,ChannelId}, StateName={connected,_}, - #data{connection_state = - #connection{channel_cache = Cache}} = State0) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of +handle_event(cast, {reply_request,success,ChannelId}, {connected,_}, D) -> + case ssh_channel:cache_lookup(cache(D), ChannelId) of #channel{remote_id = RemoteId} -> Msg = ssh_connection:channel_success_msg(RemoteId), - {next_state, StateName, send_msg(Msg,State0)}; - + {keep_state, send_msg(Msg,D)}; + undefined -> - {next_state, StateName, State0} + keep_state_and_data end; -handle_event(cast, {request,ChannelPid,ChannelId,Type,Data}, StateName={connected,_}, State0) -> - State = handle_request(ChannelPid, ChannelId, Type, Data, false, none, State0), - {next_state, StateName, State}; +handle_event(cast, {request,ChannelPid, ChannelId, Type, Data}, {connected,_}, D) -> + {keep_state, handle_request(ChannelPid, ChannelId, Type, Data, false, none, D)}; -handle_event(cast, {request,ChannelId,Type,Data}, StateName={connected,_}, State0) -> - State = handle_request(ChannelId, Type, Data, false, none, State0), - {next_state, StateName, State}; +handle_event(cast, {request,ChannelId,Type,Data}, {connected,_}, D) -> + {keep_state, handle_request(ChannelId, Type, Data, false, none, D)}; -handle_event(cast, {unknown,Data}, StateName={connected,_}, State) -> +handle_event(cast, {unknown,Data}, {connected,_}, D) -> Msg = #ssh_msg_unimplemented{sequence = Data}, - {next_state, StateName, send_msg(Msg,State)}; + {keep_state, send_msg(Msg,D)}; %%% Previously handle_sync_event began here -handle_event({call,From}, get_print_info, StateName, State) -> +handle_event({call,From}, get_print_info, StateName, D) -> Reply = try - {inet:sockname(State#data.socket), - inet:peername(State#data.socket) + {inet:sockname(D#data.socket), + inet:peername(D#data.socket) } of - {{ok,Local}, {ok,Remote}} -> {{Local,Remote},io_lib:format("statename=~p",[StateName])}; - _ -> {{"-",0},"-"} + {{ok,Local}, {ok,Remote}} -> + {{Local,Remote},io_lib:format("statename=~p",[StateName])}; + _ -> + {{"-",0},"-"} catch - _:_ -> {{"?",0},"?"} + _:_ -> + {{"?",0},"?"} end, - {next_state, StateName, State, [{reply,From,Reply}]}; + {keep_state_and_data, [{reply,From,Reply}]}; -handle_event({call,From}, {connection_info, Options}, StateName, State) -> - Info = ssh_info(Options, State, []), - {next_state, StateName, State, [{reply,From,Info}]}; +handle_event({call,From}, {connection_info, Options}, _, D) -> + Info = ssh_info(Options, D, []), + {keep_state_and_data, [{reply,From,Info}]}; -handle_event({call,From}, {channel_info,ChannelId,Options}, StateName, - State=#data{connection_state = #connection{channel_cache = Cache}}) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{} = Channel -> +handle_event({call,From}, {channel_info,ChannelId,Options}, _, D) -> + case ssh_channel:cache_lookup(cache(D), ChannelId) of + #channel{} = Channel -> Info = ssh_channel_info(Options, Channel, []), - {next_state, StateName, State, [{reply,From,Info}]}; + {keep_state_and_data, [{reply,From,Info}]}; undefined -> - {next_state, StateName, State, [{reply,From,[]}]} + {keep_state_and_data, [{reply,From,[]}]} end; -handle_event({call,From}, {info, ChannelPid}, StateName, State = #data{connection_state = - #connection{channel_cache = Cache}}) -> +handle_event({call,From}, {info, ChannelPid}, _, D) -> Result = ssh_channel:cache_foldl( fun(Channel, Acc) when ChannelPid == all; Channel#channel.user == ChannelPid -> [Channel | Acc]; (_, Acc) -> Acc - end, [], Cache), - {next_state, StateName, State, [{reply, From, {ok,Result}}]}; + end, [], cache(D)), + {keep_state_and_data, [{reply, From, {ok,Result}}]}; -handle_event({call,From}, stop, StateName, #data{connection_state = Connection0} = State0) -> +handle_event({call,From}, stop, StateName, D0) -> {disconnect, _Reason, {{replies, Replies}, Connection}} = ssh_connection:handle_msg(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, description = "User closed down connection"}, - Connection0, role(StateName)), - {Repls,State} = send_replies(Replies, State0), - {stop_and_reply, normal, [{reply,From,ok}|Repls], State#data{connection_state=Connection}}; + D0#data.connection_state, + role(StateName)), + {Repls,D} = send_replies(Replies, D0), + {stop_and_reply, normal, [{reply,From,ok}|Repls], D#data{connection_state=Connection}}; -handle_event({call,_}, _, StateName, State) when StateName /= {connected,server}, - StateName /= {connected,client} -> - {next_state, StateName, State, [postpone]}; +handle_event({call,_}, _, StateName, _) when StateName /= {connected,server}, + StateName /= {connected,client} -> + {keep_state_and_data, [postpone]}; -handle_event({call,From}, {request, ChannelPid, ChannelId, Type, Data, Timeout}, StateName={connected,_}, State0) -> - State = handle_request(ChannelPid, ChannelId, Type, Data, true, From, State0), +handle_event({call,From}, {request, ChannelPid, ChannelId, Type, Data, Timeout}, {connected,_}, D0) -> + D = handle_request(ChannelPid, ChannelId, Type, Data, true, From, D0), %% Note reply to channel will happen later when reply is recived from peer on the socket start_timeout(ChannelId, From, Timeout), - handle_idle_timeout(State), - {next_state, StateName, State}; + handle_idle_timeout(D), + {keep_state, D}; -handle_event({call,From}, {request, ChannelId, Type, Data, Timeout}, StateName={connected,_}, State0) -> - State = handle_request(ChannelId, Type, Data, true, From, State0), +handle_event({call,From}, {request, ChannelId, Type, Data, Timeout}, {connected,_}, D0) -> + D = handle_request(ChannelId, Type, Data, true, From, D0), %% Note reply to channel will happen later when reply is recived from peer on the socket start_timeout(ChannelId, From, Timeout), - handle_idle_timeout(State), - {next_state, StateName, State}; - -handle_event({call,From}, {global_request, Pid, _, _, _} = Request, StateName={connected,_}, - #data{connection_state = #connection{channel_cache = Cache}} = State0) -> - State1 = handle_global_request(Request, State0), - Channel = ssh_channel:cache_find(Pid, Cache), - State = add_request(true, Channel#channel.local_id, From, State1), - {next_state, StateName, State}; - -handle_event({call,From}, {data, ChannelId, Type, Data, Timeout}, StateName={connected,_}, - #data{connection_state = #connection{channel_cache=_Cache} = Connection0} = State0) -> - case ssh_connection:channel_data(ChannelId, Type, Data, Connection0, From) of + handle_idle_timeout(D), + {keep_state, D}; + +handle_event({call,From}, {global_request, Pid, _, _, _} = Request, {connected,_}, D0) -> + D1 = handle_global_request(Request, D0), + Channel = ssh_channel:cache_find(Pid, cache(D1)), + D = add_request(true, Channel#channel.local_id, From, D1), + {keep_state, D}; + +handle_event({call,From}, {data, ChannelId, Type, Data, Timeout}, {connected,_}, D0) -> + case ssh_connection:channel_data(ChannelId, Type, Data, D0#data.connection_state, From) of {{replies, Replies}, Connection} -> - {Repls,State} = send_replies(Replies, State0#data{connection_state = Connection}), + {Repls,D} = send_replies(Replies, D0#data{connection_state = Connection}), start_timeout(ChannelId, From, Timeout), - {next_state, StateName, State, Repls}; + {keep_state, D, Repls}; {noreply, Connection} -> start_timeout(ChannelId, From, Timeout), - {next_state, StateName, State0#data{connection_state = Connection}} + {keep_state, D0#data{connection_state = Connection}} end; -handle_event({call,From}, {eof, ChannelId}, StateName={connected,_}, - #data{connection_state = #connection{channel_cache=Cache}} = State0) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of +handle_event({call,From}, {eof, ChannelId}, {connected,_}, D0) -> + case ssh_channel:cache_lookup(cache(D0), ChannelId) of #channel{remote_id = Id, sent_close = false} -> - State = send_msg(ssh_connection:channel_eof_msg(Id), State0), - {next_state, StateName, State, [{reply,From,ok}]}; + D = send_msg(ssh_connection:channel_eof_msg(Id), D0), + {keep_state, D, [{reply,From,ok}]}; _ -> - {next_state, StateName, State0, [{reply,From,{error,closed}}]} + {keep_state, D0, [{reply,From,{error,closed}}]} end; handle_event({call,From}, {open, ChannelPid, Type, InitialWindowSize, MaxPacketSize, Data, Timeout}, - StateName = {connected,_}, - #data{connection_state = #connection{channel_cache = Cache}} = State0) -> + {connected,_}, + D0) -> erlang:monitor(process, ChannelPid), - {ChannelId, State1} = new_channel_id(State0), - Msg = ssh_connection:channel_open_msg(Type, ChannelId, - InitialWindowSize, - MaxPacketSize, Data), - State2 = send_msg(Msg, State1), - Channel = #channel{type = Type, - sys = "none", - user = ChannelPid, - local_id = ChannelId, - recv_window_size = InitialWindowSize, - recv_packet_size = MaxPacketSize, - send_buf = queue:new() - }, - ssh_channel:cache_update(Cache, Channel), - State = add_request(true, ChannelId, From, State2), + {ChannelId, D1} = new_channel_id(D0), + D2 = send_msg(ssh_connection:channel_open_msg(Type, ChannelId, + InitialWindowSize, + MaxPacketSize, Data), + D1), + ssh_channel:cache_update(cache(D2), + #channel{type = Type, + sys = "none", + user = ChannelPid, + local_id = ChannelId, + recv_window_size = InitialWindowSize, + recv_packet_size = MaxPacketSize, + send_buf = queue:new() + }), + D = add_request(true, ChannelId, From, D2), start_timeout(ChannelId, From, Timeout), - {next_state, StateName, remove_timer_ref(State)}; + {keep_state, remove_timer_ref(D)}; -handle_event({call,From}, {send_window, ChannelId}, StateName={connected,_}, - #data{connection_state = #connection{channel_cache = Cache}} = State) -> - Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of +handle_event({call,From}, {send_window, ChannelId}, {connected,_}, D) -> + Reply = case ssh_channel:cache_lookup(cache(D), ChannelId) of #channel{send_window_size = WinSize, send_packet_size = Packsize} -> {ok, {WinSize, Packsize}}; undefined -> {error, einval} end, - {next_state, StateName, State, [{reply,From,Reply}]}; + {keep_state_and_data, [{reply,From,Reply}]}; -handle_event({call,From}, {recv_window, ChannelId}, StateName={connected,_}, - #data{connection_state = #connection{channel_cache = Cache}} = State) -> - Reply = case ssh_channel:cache_lookup(Cache, ChannelId) of +handle_event({call,From}, {recv_window, ChannelId}, {connected,_}, D) -> + Reply = case ssh_channel:cache_lookup(cache(D), ChannelId) of #channel{recv_window_size = WinSize, recv_packet_size = Packsize} -> {ok, {WinSize, Packsize}}; undefined -> {error, einval} end, - {next_state, StateName, State, [{reply,From,Reply}]}; + {keep_state_and_data, [{reply,From,Reply}]}; -handle_event({call,From}, {close, ChannelId}, StateName={connected,_}, - #data{connection_state = - #connection{channel_cache = Cache}} = State0) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of +handle_event({call,From}, {close, ChannelId}, {connected,_}, D0) -> + case ssh_channel:cache_lookup(cache(D0), ChannelId) of #channel{remote_id = Id} = Channel -> - State1 = send_msg(ssh_connection:channel_close_msg(Id), State0), - ssh_channel:cache_update(Cache, Channel#channel{sent_close = true}), - handle_idle_timeout(State1), - {next_state, StateName, State1, [{reply,From,ok}]}; + D1 = send_msg(ssh_connection:channel_close_msg(Id), D0), + ssh_channel:cache_update(cache(D1), Channel#channel{sent_close = true}), + handle_idle_timeout(D1), + {keep_state, D1, [{reply,From,ok}]}; undefined -> - {next_state, StateName, State0, [{reply,From,ok}]} + {keep_state_and_data, [{reply,From,ok}]} end; -handle_event(info, {Protocol, Socket, "SSH-" ++ _ = Version}, StateName={hello,_}, - State=#data{socket = Socket, - transport_protocol = Protocol}) -> - {next_state, StateName, State, [{next_event, internal, {version_exchange,Version}}]}; - -handle_event(info, {Protocol, Socket, Info}, StateName={hello,_}, - State=#data{socket = Socket, - transport_protocol = Protocol}) -> - {next_state, StateName, State, [{next_event, internal, {info_line,Info}}]}; - -handle_event(info, {Protocol, Socket, Data}, StateName, State0 = - #data{socket = Socket, - transport_protocol = Protocol, - decoded_data_buffer = DecData0, - encoded_data_buffer = EncData0, - undecoded_packet_length = RemainingSshPacketLen0, - ssh_params = Ssh0}) -> - Encoded = <>, - try ssh_transport:handle_packet_part(DecData0, Encoded, RemainingSshPacketLen0, Ssh0) + +%%===== Reception of encrypted bytes, decryption and framing +handle_event(info, {Protocol, Socket, "SSH-" ++ _ = Version}, {hello,_}, + #data{socket = Socket, + transport_protocol = Protocol}) -> + {keep_state_and_data, [{next_event, internal, {version_exchange,Version}}]}; + +handle_event(info, {Protocol, Socket, Info}, {hello,_}, + #data{socket = Socket, + transport_protocol = Protocol}) -> + {keep_state_and_data, [{next_event, internal, {info_line,Info}}]}; + +handle_event(info, {Protocol, Socket, NewData}, StateName, + D0 = #data{socket = Socket, + transport_protocol = Protocol}) -> + try ssh_transport:handle_packet_part( + D0#data.decrypted_data_buffer, + <<(D0#data.encrypted_data_buffer)/binary, NewData/binary>>, + D0#data.undecrypted_packet_length, + D0#data.ssh_params) of - {decoded, Bytes, EncDataRest, Ssh1} -> - State = State0#data{ssh_params = - Ssh1#ssh{recv_sequence = ssh_transport:next_seqnum(Ssh1#ssh.recv_sequence)}, - decoded_data_buffer = <<>>, - undecoded_packet_length = undefined, - encoded_data_buffer = EncDataRest}, + {packet_decrypted, DecryptedBytes, EncryptedDataRest, Ssh1} -> + D = D0#data{ssh_params = + Ssh1#ssh{recv_sequence = ssh_transport:next_seqnum(Ssh1#ssh.recv_sequence)}, + decrypted_data_buffer = <<>>, + undecrypted_packet_length = undefined, + encrypted_data_buffer = EncryptedDataRest}, try - ssh_message:decode(set_prefix_if_trouble(Bytes,State)) + ssh_message:decode(set_prefix_if_trouble(DecryptedBytes,D)) of Msg = #ssh_msg_kexinit{} -> - {next_state, StateName, State, [{next_event, internal, {Msg,Bytes}}, - {next_event, internal, prepare_next_packet} - ]}; + {keep_state, D, [{next_event, internal, {Msg,DecryptedBytes}}, + {next_event, internal, prepare_next_packet} + ]}; Msg -> - {next_state, StateName, State, [{next_event, internal, Msg}, - {next_event, internal, prepare_next_packet} - ]} + {keep_state, D, [{next_event, internal, Msg}, + {next_event, internal, prepare_next_packet} + ]} catch _C:_E -> - DisconnectMsg = - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Encountered unexpected input"}, - disconnect(DisconnectMsg, StateName, State) + disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Encountered unexpected input"}, + StateName, D) end; - {get_more, DecBytes, EncDataRest, RemainingSshPacketLen, Ssh1} -> - %% Here we know that there are not enough bytes in EncDataRest to use. Must wait. + {get_more, DecryptedBytes, EncryptedDataRest, RemainingSshPacketLen, Ssh1} -> + %% Here we know that there are not enough bytes in + %% EncryptedDataRest to use. We must wait for more. inet:setopts(Socket, [{active, once}]), - {next_state, StateName, State0#data{encoded_data_buffer = EncDataRest, - decoded_data_buffer = DecBytes, - undecoded_packet_length = RemainingSshPacketLen, - ssh_params = Ssh1}}; + {keep_state, D0#data{encrypted_data_buffer = EncryptedDataRest, + decrypted_data_buffer = DecryptedBytes, + undecrypted_packet_length = RemainingSshPacketLen, + ssh_params = Ssh1}}; {bad_mac, Ssh1} -> - DisconnectMsg = - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad mac"}, - disconnect(DisconnectMsg, StateName, State0#data{ssh_params=Ssh1}); + disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Bad mac"}, + StateName, D0#data{ssh_params=Ssh1}); {error, {exceeds_max_size,PacketLen}} -> - DisconnectMsg = - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad packet length " - ++ integer_to_list(PacketLen)}, - disconnect(DisconnectMsg, StateName, State0) + disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Bad packet length " + ++ integer_to_list(PacketLen)}, + StateName, D0) catch _C:_E -> - DisconnectMsg = - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Bad packet"}, - disconnect(DisconnectMsg, StateName, State0) + disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = "Bad packet"}, + StateName, D0) end; -handle_event(internal, prepare_next_packet, StateName, State) -> - Enough = erlang:max(8, State#data.ssh_params#ssh.decrypt_block_size), - case size(State#data.encoded_data_buffer) of + +%%%==== +handle_event(internal, prepare_next_packet, _, D) -> + Enough = erlang:max(8, D#data.ssh_params#ssh.decrypt_block_size), + case size(D#data.encrypted_data_buffer) of Sz when Sz >= Enough -> - self() ! {State#data.transport_protocol, State#data.socket, <<>>}; + self() ! {D#data.transport_protocol, D#data.socket, <<>>}; _ -> - inet:setopts(State#data.socket, [{active, once}]) + inet:setopts(D#data.socket, [{active, once}]) end, - {next_state, StateName, State}; + keep_state_and_data; handle_event(info, {CloseTag,Socket}, StateName, - State=#data{socket = Socket, - transport_close_tag = CloseTag}) -> - DisconnectMsg = - #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, - description = "Connection closed"}, - disconnect(DisconnectMsg, StateName, State); - -handle_event(info, {timeout, {_, From} = Request}, StateName, - #data{connection_state = #connection{requests = Requests} = Connection} = State) -> + D = #data{socket = Socket, + transport_close_tag = CloseTag}) -> + disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, + description = "Connection closed"}, + StateName, D); + +handle_event(info, {timeout, {_, From} = Request}, _, + #data{connection_state = #connection{requests = Requests} = C0} = D) -> case lists:member(Request, Requests) of true -> - {next_state, StateName, - State#data{connection_state = - Connection#connection{requests = - lists:delete(Request, Requests)}}, - [{reply,From,{error,timeout}}]}; + C = C0#connection{requests = lists:delete(Request, Requests)}, + {keep_state, D#data{connection_state=C}, [{reply,From,{error,timeout}}]}; false -> - {next_state, StateName, State} + keep_state_and_data end; %%% Handle that ssh channels user process goes down -handle_event(info, {'DOWN', _Ref, process, ChannelPid, _Reason}, StateName, State0) -> - {{replies, Replies}, State1} = handle_channel_down(ChannelPid, State0), - {Repls, State} = send_replies(Replies, State1), - {next_state, StateName, State, Repls}; +handle_event(info, {'DOWN', _Ref, process, ChannelPid, _Reason}, _, D0) -> + {{replies, Replies}, D1} = handle_channel_down(ChannelPid, D0), + {Repls, D} = send_replies(Replies, D1), + {keep_state, D, Repls}; %%% So that terminate will be run when supervisor is shutdown handle_event(info, {'EXIT', _Sup, Reason}, _, _) -> {stop, {shutdown, Reason}}; -handle_event(info, {check_cache, _ , _}, StateName, - #data{connection_state = #connection{channel_cache=Cache}} = State) -> - {next_state, StateName, check_cache(State, Cache)}; +handle_event(info, {check_cache, _ , _}, _, D) -> + {keep_state, check_cache(D)}; -handle_event(info, UnexpectedMessage, StateName, - State = #data{opts = Opts, - ssh_params = SshParams}) -> - case unexpected_fun(UnexpectedMessage, Opts, SshParams) of +handle_event(info, UnexpectedMessage, StateName, D = #data{ssh_params = Ssh}) -> + case unexpected_fun(UnexpectedMessage, D) of report -> Msg = lists:flatten( io_lib:format( "Unexpected message '~p' received in state '~p'\n" "Role: ~p\n" "Peer: ~p\n" - "Local Address: ~p\n", [UnexpectedMessage, StateName, - SshParams#ssh.role, SshParams#ssh.peer, - proplists:get_value(address, SshParams#ssh.opts)])), + "Local Address: ~p\n", [UnexpectedMessage, + StateName, + Ssh#ssh.role, + Ssh#ssh.peer, + proplists:get_value(address, Ssh#ssh.opts)])), error_logger:info_report(Msg), - {next_state, StateName, State}; + keep_state_and_data; skip -> - {next_state, StateName, State}; + keep_state_and_data; Other -> Msg = lists:flatten( @@ -1258,33 +1285,38 @@ handle_event(info, UnexpectedMessage, StateName, "Message: ~p\n" "Role: ~p\n" "Peer: ~p\n" - "Local Address: ~p\n", [Other, UnexpectedMessage, - SshParams#ssh.role, - element(2,SshParams#ssh.peer), - proplists:get_value(address, SshParams#ssh.opts)] + "Local Address: ~p\n", [Other, + UnexpectedMessage, + Ssh#ssh.role, + element(2,Ssh#ssh.peer), + proplists:get_value(address, Ssh#ssh.opts)] )), error_logger:error_report(Msg), - {next_state, StateName, State} + keep_state_and_data end; -handle_event(internal, {disconnect,Msg,_Reason}, StateName, State) -> - disconnect(Msg, StateName, State); +handle_event(internal, {disconnect,Msg,_Reason}, StateName, D) -> + disconnect(Msg, StateName, D); -handle_event(Type, Ev, StateName, State) -> - case catch atom_to_list(element(1,Ev)) of - "ssh_msg_" ++_ when Type==internal -> - Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Message in wrong state"}, - disconnect(Msg, StateName, State); - _ -> - Msg = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, - description = "Internal error"}, - disconnect(Msg, StateName, State) - end. +handle_event(Type, Ev, StateName, D) -> + Descr = + case catch atom_to_list(element(1,Ev)) of + "ssh_msg_" ++_ when Type==internal -> + "Message in wrong state"; + _ -> + "Internal error" + end, + disconnect(#ssh_msg_disconnect{code = ?SSH_DISCONNECT_PROTOCOL_ERROR, + description = Descr}, + StateName, D). %%-------------------------------------------------------------------- - +-spec terminate(any(), + state_name(), + #data{} + ) -> finalize_termination_result() . + %% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . terminate(normal, StateName, State) -> @@ -1325,35 +1357,40 @@ terminate(Reason, StateName, State0) -> format_status(normal, [_, _StateName, State]) -> [{data, [{"State", State}]}]; format_status(terminate, [_, _StateName, State]) -> - SshParams0 = (State#data.ssh_params), - SshParams = SshParams0#ssh{c_keyinit = "***", - s_keyinit = "***", - send_mac_key = "***", - send_mac_size = "***", - recv_mac_key = "***", - recv_mac_size = "***", - encrypt_keys = "***", - encrypt_ctx = "***", - decrypt_keys = "***", - decrypt_ctx = "***", - compress_ctx = "***", - decompress_ctx = "***", - shared_secret = "***", - exchanged_hash = "***", - session_id = "***", - keyex_key = "***", - keyex_info = "***", - available_host_keys = "***"}, - [{data, [{"State", State#data{decoded_data_buffer = "***", - encoded_data_buffer = "***", - key_exchange_init_msg = "***", - opts = "***", - recbuf = "***", - ssh_params = SshParams - }}]}]. + Ssh0 = (State#data.ssh_params), + Ssh = Ssh0#ssh{c_keyinit = "***", + s_keyinit = "***", + send_mac_key = "***", + send_mac_size = "***", + recv_mac_key = "***", + recv_mac_size = "***", + encrypt_keys = "***", + encrypt_ctx = "***", + decrypt_keys = "***", + decrypt_ctx = "***", + compress_ctx = "***", + decompress_ctx = "***", + shared_secret = "***", + exchanged_hash = "***", + session_id = "***", + keyex_key = "***", + keyex_info = "***", + available_host_keys = "***"}, + [{data, [{"State", State#data{decrypted_data_buffer = "***", + encrypted_data_buffer = "***", + key_exchange_init_msg = "***", + opts = "***", + recbuf_size = "***", + ssh_params = Ssh + }}]}]. %%-------------------------------------------------------------------- +-spec code_change(term(), + state_name(), + #data{}, + term() + ) -> {ok, state_name(), #data{}}. %% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @@ -1379,10 +1416,11 @@ start_the_connection_child(UserPid, Role, Socket, Options) -> %%-------------------------------------------------------------------- %% Stopping +-type finalize_termination_result() :: ok . finalize_termination(_StateName, #data{transport_cb = Transport, - connection_state = Connection, - socket = Socket}) -> + connection_state = Connection, + socket = Socket}) -> case Connection of #connection{system_supervisor = SysSup, sub_system_supervisor = SubSysSup} when is_pid(SubSysSup) -> @@ -1393,23 +1431,27 @@ finalize_termination(_StateName, #data{transport_cb = Transport, (catch Transport:close(Socket)), ok. +%%-------------------------------------------------------------------- +%% "Invert" the Role +peer_role(client) -> server; +peer_role(server) -> client. - - +%%-------------------------------------------------------------------- %% StateName to Role role({_,Role}) -> Role; role({_,Role,_}) -> Role. - +%%-------------------------------------------------------------------- +%% Check the StateName to see if we are in the renegotiation phase renegotiation({_,_,ReNeg}) -> ReNeg == renegotiation; renegotiation(_) -> false. - +%%-------------------------------------------------------------------- get_idle_time(SshOptions) -> case proplists:get_value(idle_time, SshOptions) of infinity -> infinity; - _IdleTime -> %% We dont want to set the timeout on first connect + _IdleTime -> %% We dont want to set the timeout on first connect undefined end. @@ -1491,8 +1533,8 @@ call(FsmPid, Event, Timeout) -> handle_connection_msg(Msg, StateName, State0 = #data{starter = User, - connection_state = Connection0, - event_queue = Qev0}) -> + connection_state = Connection0, + event_queue = Qev0}) -> Renegotiation = renegotiation(StateName), Role = role(StateName), try ssh_connection:handle_msg(Msg, Connection0, Role) of @@ -1501,17 +1543,17 @@ handle_connection_msg(Msg, StateName, State0 = {connected,_} -> {Repls, State} = send_replies(Replies, State0#data{connection_state=Connection}), - {next_state, StateName, State, Repls}; + {keep_state, State, Repls}; _ -> {ConnReplies, Replies} = lists:splitwith(fun not_connected_filter/1, Replies), {Repls, State} = send_replies(Replies, State0#data{event_queue = Qev0 ++ ConnReplies}), - {next_state, StateName, State, Repls} + {keep_state, State, Repls} end; {noreply, Connection} -> - {next_state, StateName, State0#data{connection_state = Connection}}; + {keep_state, State0#data{connection_state = Connection}}; {disconnect, Reason0, {{replies, Replies}, Connection}} -> {Repls,State} = send_replies(Replies, State0#data{connection_state = Connection}), @@ -1555,46 +1597,42 @@ set_prefix_if_trouble(Msg, _) -> kex(#ssh{algorithms=#alg{kex=Kex}}) -> Kex; kex(_) -> undefined. +cache(#data{connection_state=C}) -> C#connection.channel_cache. + + %%%---------------------------------------------------------------- -handle_request(ChannelPid, ChannelId, Type, Data, WantReply, From, - #data{connection_state = - #connection{channel_cache = Cache}} = State0) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of +handle_request(ChannelPid, ChannelId, Type, Data, WantReply, From, D) -> + case ssh_channel:cache_lookup(cache(D), ChannelId) of #channel{remote_id = Id} = Channel -> - update_sys(Cache, Channel, Type, ChannelPid), - Msg = ssh_connection:channel_request_msg(Id, Type, - WantReply, Data), - send_msg(Msg, add_request(WantReply, ChannelId, From, State0)); + update_sys(cache(D), Channel, Type, ChannelPid), + send_msg(ssh_connection:channel_request_msg(Id, Type, WantReply, Data), + add_request(WantReply, ChannelId, From, D)); undefined -> - State0 + D end. -handle_request(ChannelId, Type, Data, WantReply, From, - #data{connection_state = - #connection{channel_cache = Cache}} = State0) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of - #channel{remote_id = Id} -> - Msg = ssh_connection:channel_request_msg(Id, Type, - WantReply, Data), - send_msg(Msg, add_request(WantReply, ChannelId, From, State0)); +handle_request(ChannelId, Type, Data, WantReply, From, D) -> + case ssh_channel:cache_lookup(cache(D), ChannelId) of + #channel{remote_id = Id} -> + send_msg(ssh_connection:channel_request_msg(Id, Type, WantReply, Data), + add_request(WantReply, ChannelId, From, D)); undefined -> - State0 + D end. %%%---------------------------------------------------------------- handle_global_request({global_request, ChannelPid, "tcpip-forward" = Type, WantReply, - <> = Data}, - #data{connection_state = - #connection{channel_cache = Cache} - = Connection0} = State) -> - ssh_channel:cache_update(Cache, #channel{user = ChannelPid, - type = "forwarded-tcpip", - sys = none}), - Connection = ssh_connection:bind(IP, Port, ChannelPid, Connection0), + <> = Data + }, + D) -> + ssh_channel:cache_update(cache(D), + #channel{user = ChannelPid, + type = "forwarded-tcpip", + sys = none}), + Connection = ssh_connection:bind(IP, Port, ChannelPid, D#data.connection_state), Msg = ssh_connection:global_request_msg(Type, WantReply, Data), - send_msg(Msg, State#data{connection_state = Connection}); + send_msg(Msg, D#data{connection_state = Connection}); handle_global_request({global_request, _Pid, "cancel-tcpip-forward" = Type, WantReply, < erlang:send_after(IdleTime, self(), {check_cache, [], []}) end. -handle_channel_down(ChannelPid, #data{connection_state = - #connection{channel_cache = Cache}} = - State) -> +handle_channel_down(ChannelPid, D) -> ssh_channel:cache_foldl( fun(Channel, Acc) when Channel#channel.user == ChannelPid -> - ssh_channel:cache_delete(Cache, + ssh_channel:cache_delete(cache(D), Channel#channel.local_id), Acc; (_,Acc) -> Acc - end, [], Cache), - {{replies, []}, check_cache(State, Cache)}. + end, [], cache(D)), + {{replies, []}, check_cache(D)}. + update_sys(Cache, Channel, Type, ChannelPid) -> ssh_channel:cache_update(Cache, Channel#channel{sys = Type, user = ChannelPid}). + add_request(false, _ChannelId, _From, State) -> State; add_request(true, ChannelId, From, #data{connection_state = - #connection{requests = Requests0} = - Connection} = State) -> + #connection{requests = Requests0} = + Connection} = State) -> Requests = [{ChannelId, From} | Requests0], State#data{connection_state = Connection#connection{requests = Requests}}. new_channel_id(#data{connection_state = #connection{channel_id_seed = Id} = - Connection} + Connection} = State) -> {Id, State#data{connection_state = - Connection#connection{channel_id_seed = Id + 1}}}. + Connection#connection{channel_id_seed = Id + 1}}}. %%%---------------------------------------------------------------- %% %%% This server/client has decided to disconnect via the state machine: disconnect(Msg=#ssh_msg_disconnect{description=Description}, _StateName, State0) -> State = send_msg(Msg, State0), - disconnect_fun(Description, State#data.opts), + disconnect_fun(Description, State), timer:sleep(400), {stop, {shutdown,Description}, State}. @@ -1662,41 +1700,42 @@ counterpart_versions(NumVsn, StrVsn, #ssh{role = server} = Ssh) -> counterpart_versions(NumVsn, StrVsn, #ssh{role = client} = Ssh) -> Ssh#ssh{s_vsn = NumVsn , s_version = StrVsn}. -connected_fun(User, PeerAddr, Method, Opts) -> +connected_fun(User, Method, #data{ssh_params = #ssh{peer = {_,Peer}}, + opts = Opts}) -> case proplists:get_value(connectfun, Opts) of undefined -> ok; Fun -> - catch Fun(User, PeerAddr, Method) + catch Fun(User, Peer, Method) end. -retry_fun(_, _, undefined, _) -> +retry_fun(_, undefined, _) -> ok; - -retry_fun(User, PeerAddr, {error, Reason}, Opts) -> - case proplists:get_value(failfun, Opts) of - undefined -> - ok; - Fun -> - do_retry_fun(Fun, User, PeerAddr, Reason) - end; - -retry_fun(User, PeerAddr, Reason, Opts) -> - case proplists:get_value(infofun, Opts) of - undefined -> - ok; - Fun -> - do_retry_fun(Fun, User, PeerAddr, Reason) - end. - -do_retry_fun(Fun, User, PeerAddr, Reason) -> - case erlang:fun_info(Fun, arity) of +retry_fun(User, Reason, #data{ssh_params = #ssh{opts = Opts, + peer = {_,Peer} + }}) -> + {Tag,Info} = + case Reason of + {error, Error} -> + {failfun, Error}; + _ -> + {infofun, Reason} + end, + Fun = proplists:get_value(Tag, Opts, fun(_,_)-> ok end), + try erlang:fun_info(Fun, arity) + of {arity, 2} -> %% Backwards compatible - catch Fun(User, Reason); + catch Fun(User, Info); {arity, 3} -> - catch Fun(User, PeerAddr, Reason) + catch Fun(User, Peer, Info); + _ -> + ok + catch + _:_ -> + ok end. + ssh_info([], _State, Acc) -> Acc; ssh_info([client_version | Rest], #data{ssh_params = #ssh{c_vsn = IntVsn, @@ -1775,11 +1814,11 @@ get_repl(X, Acc) -> %%%---------------------------------------------------------------- -disconnect_fun({disconnect,Msg}, Opts) -> - disconnect_fun(Msg, Opts); -disconnect_fun(_, undefined) -> - ok; -disconnect_fun(Reason, Opts) -> +disconnect_fun({disconnect,Msg}, D) -> + disconnect_fun(Msg, D); +%% disconnect_fun(_, undefined) -> +%% ok; +disconnect_fun(Reason, #data{opts=Opts}) -> case proplists:get_value(disconnectfun, Opts) of undefined -> ok; @@ -1787,7 +1826,9 @@ disconnect_fun(Reason, Opts) -> catch Fun(Reason) end. -unexpected_fun(UnexpectedMessage, Opts, #ssh{peer={_,Peer}}) -> +unexpected_fun(UnexpectedMessage, #data{opts = Opts, + ssh_params = #ssh{peer = {_,Peer} } + } ) -> case proplists:get_value(unexpectedfun, Opts) of undefined -> report; @@ -1796,18 +1837,31 @@ unexpected_fun(UnexpectedMessage, Opts, #ssh{peer={_,Peer}}) -> end. -check_cache(#data{opts = Opts} = State, Cache) -> +debug_fun(#ssh_msg_debug{always_display = Display, + message = DbgMsg, + language = Lang}, + #data{opts = Opts}) -> + case proplists:get_value(ssh_msg_debug_fun, Opts) of + undefined -> + ok; + Fun -> + catch Fun(self(), Display, DbgMsg, Lang) + end. + + + +check_cache(D) -> %% Check the number of entries in Cache - case proplists:get_value(size, ets:info(Cache)) of + case proplists:get_value(size, ets:info(cache(D))) of 0 -> - case proplists:get_value(idle_time, Opts, infinity) of + case proplists:get_value(idle_time, D#data.opts, infinity) of infinity -> - State; + D; Time -> - handle_idle_timer(Time, State) + handle_idle_timer(Time, D) end; _ -> - State + D end. handle_idle_timer(Time, #data{idle_timer_ref = undefined} = State) -> diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 83e75eb8c6..7cb3b75ac0 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -1039,7 +1039,7 @@ handle_packet_part(DecryptedPfx, EncryptedBuffer, TotalNeeded, {bad_mac, Ssh1}; true -> {Ssh, DecompressedPayload} = decompress(Ssh1, payload(DecryptedPacket)), - {decoded, DecompressedPayload, NextPacketBytes, Ssh} + {packet_decrypted, DecompressedPayload, NextPacketBytes, Ssh} end; aead -> PacketLenBin = DecryptedPfx, @@ -1049,7 +1049,7 @@ handle_packet_part(DecryptedPfx, EncryptedBuffer, TotalNeeded, {Ssh1, DecryptedSfx} -> DecryptedPacket = <>, {Ssh, DecompressedPayload} = decompress(Ssh1, payload(DecryptedPacket)), - {decoded, DecompressedPayload, NextPacketBytes, Ssh} + {packet_decrypted, DecompressedPayload, NextPacketBytes, Ssh} end end. -- cgit v1.2.3 From 0594459c07da22dd527d06ad694f30bbdd443c6e Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 20 Apr 2016 12:36:28 +0200 Subject: ssh: fix dialyzer warnings and errors --- lib/ssh/src/ssh_connection.erl | 15 +-- lib/ssh/src/ssh_connection_handler.erl | 218 ++++++++++++++++++--------------- lib/ssh/src/ssh_info.erl | 2 +- 3 files changed, 118 insertions(+), 117 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index 6ca6ed6d77..25d552240a 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -306,22 +306,11 @@ l2b([]) -> channel_data(ChannelId, DataType, Data, Connection, From) when is_list(Data)-> - channel_data(ChannelId, DataType, -%% list_to_binary(Data), Connection, From); - l2b(Data), Connection, From); - %% try list_to_binary(Data) - %% of - %% B -> B - %% catch - %% _:_ -> io:format('BAD BINARY: ~p~n',[Data]), - %% unicode:characters_to_binary(Data) - %% end, - %% Connection, From); + channel_data(ChannelId, DataType, l2b(Data), Connection, From); channel_data(ChannelId, DataType, Data, #connection{channel_cache = Cache} = Connection, From) -> - case ssh_channel:cache_lookup(Cache, ChannelId) of #channel{remote_id = Id, sent_close = false} = Channel0 -> {SendList, Channel} = @@ -338,8 +327,6 @@ channel_data(ChannelId, DataType, Data, {{replies, Replies ++ FlowCtrlMsgs}, Connection}; _ -> {{replies,[{channel_request_reply,From,{error,closed}}]}, Connection} - %% gen_fsm:reply(From, {error, closed}), - %% {noreply, Connection} end. handle_msg(#ssh_msg_channel_open_confirmation{recipient_channel = ChannelId, diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index b49562db9c..f2545c93df 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -163,18 +163,19 @@ disconnect(Msg = #ssh_msg_disconnect{}, ExtraInfo) -> %%-------------------------------------------------------------------- -spec open_channel(connection_ref(), string(), - binary(), + iodata(), pos_integer(), pos_integer(), timeout() - ) -> {ok, channel_id()} | {error, term()}. + ) -> {open, channel_id()} | {error, term()}. %% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . open_channel(ConnectionHandler, ChannelType, ChannelSpecificData, InitialWindowSize, MaxPacketSize, Timeout) -> call(ConnectionHandler, - {open, self(), + {open, + self(), ChannelType, InitialWindowSize, MaxPacketSize, ChannelSpecificData, Timeout}). @@ -254,14 +255,14 @@ send_eof(ConnectionHandler, ChannelId) -> %%-------------------------------------------------------------------- -spec info(connection_ref() - ) -> [ #channel{} ]. + ) -> {ok, [#channel{}]} . -spec info(connection_ref(), - pid() - ) -> [ #channel{} ]. + pid() | all + ) -> {ok, [#channel{}]} . %% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . info(ConnectionHandler) -> - info(ConnectionHandler, {info, all}). + info(ConnectionHandler, all). info(ConnectionHandler, ChannelProcess) -> call(ConnectionHandler, {info, ChannelProcess}). @@ -340,24 +341,30 @@ renegotiate_data(ConnectionHandler) -> %% Internal process state %%==================================================================== -record(data, { - starter :: pid(), - auth_user :: string(), - connection_state :: #connection{}, - latest_channel_id = 0 :: non_neg_integer(), - idle_timer_ref :: infinity | reference(), - transport_protocol :: atom(), % ex: tcp - transport_cb :: atom(), % ex: gen_tcp - transport_close_tag :: atom(), % ex: tcp_closed - ssh_params :: #ssh{}, - socket :: inet:socket(), - decrypted_data_buffer :: binary(), - encrypted_data_buffer :: binary(), - undecrypted_packet_length :: non_neg_integer(), - key_exchange_init_msg :: #ssh_msg_kexinit{}, - last_size_rekey = 0 :: non_neg_integer(), - event_queue = [] :: list(), - opts :: proplists:proplist(), - recbuf_size :: pos_integer() + starter :: pid(), + auth_user :: string() + | undefined, + connection_state :: #connection{}, + latest_channel_id = 0 :: non_neg_integer(), + idle_timer_ref :: undefined + | infinity + | reference(), + transport_protocol :: atom(), % ex: tcp + transport_cb :: atom(), % ex: gen_tcp + transport_close_tag :: atom(), % ex: tcp_closed + ssh_params :: #ssh{} + | undefined, + socket :: inet:socket(), + decrypted_data_buffer = <<>> :: binary(), + encrypted_data_buffer = <<>> :: binary(), + undecrypted_packet_length :: undefined | non_neg_integer(), + key_exchange_init_msg :: #ssh_msg_kexinit{} + | undefined, + last_size_rekey = 0 :: non_neg_integer(), + event_queue = [] :: list(), + opts :: proplists:proplist(), + inet_initial_recbuf_size :: pos_integer() + | undefined }). %%==================================================================== @@ -381,21 +388,22 @@ init_connection_handler(Role, Socket, Opts) -> transport_close_tag = CloseTag } of - S -> gen_statem:enter_loop(?MODULE, - [], %%[{debug,[trace,log,statistics,debug]} || Role==server], - handle_event_function, - {hello,Role}, - S, - []) + S -> + gen_statem:enter_loop(?MODULE, + [], %%[{debug,[trace,log,statistics,debug]} || Role==server], + handle_event_function, + {hello,Role}, + S) catch - _:Error -> init_error(Error, S0) + _:Error -> + gen_statem:enter_loop(?MODULE, + [], + handle_event_function, + {init_error,Error}, + S0) end. -init_error(Error, S) -> - gen_statem:enter_loop(?MODULE, [], handle_event_function, {init_error,Error}, S, []). - - init_process_state(Role, Socket, Opts) -> S = #data{connection_state = C = #connection{channel_cache = ssh_channel:cache_create(), @@ -405,8 +413,6 @@ init_process_state(Role, Socket, Opts) -> options = Opts}, starter = proplists:get_value(user_pid, Opts), socket = Socket, - decrypted_data_buffer = <<>>, - encrypted_data_buffer = <<>>, opts = Opts }, case Role of @@ -509,7 +515,7 @@ init_ssh_record(Role, Socket, Opts) -> %% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -%%% ######## Error in the initialiasation #### +%%% ######## Error in the initialisation #### handle_event(_, _Event, {init_error,Error}, _) -> case Error of @@ -540,7 +546,7 @@ handle_event(_, socket_control, {hello,_}, D) -> % be max ?MAX_PROTO_VERSION bytes: {recbuf, ?MAX_PROTO_VERSION}, {nodelay,true}]), - {keep_state, D#data{recbuf_size=Size}}; + {keep_state, D#data{inet_initial_recbuf_size=Size}}; {error, Reason} -> {stop, {shutdown,Reason}} end; @@ -567,7 +573,7 @@ handle_event(_, {version_exchange,Version}, {hello,Role}, D) -> inet:setopts(D#data.socket, [{packet,0}, {mode,binary}, {active, once}, - {recbuf, D#data.recbuf_size}]), + {recbuf, D#data.inet_initial_recbuf_size}]), {KeyInitMsg, SshPacket, Ssh} = ssh_transport:key_exchange_init_msg(Ssh1), ok = send_bytes(SshPacket, D), {next_state, {kexinit,Role,init}, D#data{ssh_params = Ssh, @@ -1029,10 +1035,17 @@ handle_event({call,From}, {channel_info,ChannelId,Options}, _, D) -> {keep_state_and_data, [{reply,From,[]}]} end; + +handle_event({call,From}, {info, all}, _, D) -> + Result = ssh_channel:cache_foldl(fun(Channel, Acc) -> + [Channel | Acc] + end, + [], cache(D)), + {keep_state_and_data, [{reply, From, {ok,Result}}]}; + handle_event({call,From}, {info, ChannelPid}, _, D) -> Result = ssh_channel:cache_foldl( - fun(Channel, Acc) when ChannelPid == all; - Channel#channel.user == ChannelPid -> + fun(Channel, Acc) when Channel#channel.user == ChannelPid -> [Channel | Acc]; (_, Acc) -> Acc @@ -1073,15 +1086,11 @@ handle_event({call,From}, {global_request, Pid, _, _, _} = Request, {connected,_ {keep_state, D}; handle_event({call,From}, {data, ChannelId, Type, Data, Timeout}, {connected,_}, D0) -> - case ssh_connection:channel_data(ChannelId, Type, Data, D0#data.connection_state, From) of - {{replies, Replies}, Connection} -> - {Repls,D} = send_replies(Replies, D0#data{connection_state = Connection}), - start_timeout(ChannelId, From, Timeout), - {keep_state, D, Repls}; - {noreply, Connection} -> - start_timeout(ChannelId, From, Timeout), - {keep_state, D0#data{connection_state = Connection}} - end; + {{replies, Replies}, Connection} = + ssh_connection:channel_data(ChannelId, Type, Data, D0#data.connection_state, From), + {Repls,D} = send_replies(Replies, D0#data{connection_state = Connection}), + start_timeout(ChannelId, From, Timeout), + {keep_state, D, Repls}; handle_event({call,From}, {eof, ChannelId}, {connected,_}, D0) -> case ssh_channel:cache_lookup(cache(D0), ChannelId) of @@ -1148,19 +1157,17 @@ handle_event({call,From}, {close, ChannelId}, {connected,_}, D0) -> %%===== Reception of encrypted bytes, decryption and framing -handle_event(info, {Protocol, Socket, "SSH-" ++ _ = Version}, {hello,_}, - #data{socket = Socket, - transport_protocol = Protocol}) -> - {keep_state_and_data, [{next_event, internal, {version_exchange,Version}}]}; - -handle_event(info, {Protocol, Socket, Info}, {hello,_}, - #data{socket = Socket, - transport_protocol = Protocol}) -> - {keep_state_and_data, [{next_event, internal, {info_line,Info}}]}; - -handle_event(info, {Protocol, Socket, NewData}, StateName, - D0 = #data{socket = Socket, - transport_protocol = Protocol}) -> +handle_event(info, {Proto, Sock, Info}, {hello,_}, #data{socket = Sock, + transport_protocol = Proto}) -> + case Info of + "SSH-" ++ _ -> + {keep_state_and_data, [{next_event, internal, {version_exchange,Info}}]}; + _ -> + {keep_state_and_data, [{next_event, internal, {info_line,Info}}]} + end; + +handle_event(info, {Proto, Sock, NewData}, StateName, D0 = #data{socket = Sock, + transport_protocol = Proto}) -> try ssh_transport:handle_packet_part( D0#data.decrypted_data_buffer, <<(D0#data.encrypted_data_buffer)/binary, NewData/binary>>, @@ -1174,7 +1181,7 @@ handle_event(info, {Protocol, Socket, NewData}, StateName, undecrypted_packet_length = undefined, encrypted_data_buffer = EncryptedDataRest}, try - ssh_message:decode(set_prefix_if_trouble(DecryptedBytes,D)) + ssh_message:decode(set_kex_overload_prefix(DecryptedBytes,D)) of Msg = #ssh_msg_kexinit{} -> {keep_state, D, [{next_event, internal, {Msg,DecryptedBytes}}, @@ -1194,7 +1201,7 @@ handle_event(info, {Protocol, Socket, NewData}, StateName, {get_more, DecryptedBytes, EncryptedDataRest, RemainingSshPacketLen, Ssh1} -> %% Here we know that there are not enough bytes in %% EncryptedDataRest to use. We must wait for more. - inet:setopts(Socket, [{active, once}]), + inet:setopts(Sock, [{active, once}]), {keep_state, D0#data{encrypted_data_buffer = EncryptedDataRest, decrypted_data_buffer = DecryptedBytes, undecrypted_packet_length = RemainingSshPacketLen, @@ -1354,48 +1361,55 @@ terminate(Reason, StateName, State0) -> %% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -format_status(normal, [_, _StateName, State]) -> - [{data, [{"State", State}]}]; -format_status(terminate, [_, _StateName, State]) -> - Ssh0 = (State#data.ssh_params), - Ssh = Ssh0#ssh{c_keyinit = "***", - s_keyinit = "***", - send_mac_key = "***", - send_mac_size = "***", - recv_mac_key = "***", - recv_mac_size = "***", - encrypt_keys = "***", - encrypt_ctx = "***", - decrypt_keys = "***", - decrypt_ctx = "***", - compress_ctx = "***", - decompress_ctx = "***", - shared_secret = "***", - exchanged_hash = "***", - session_id = "***", - keyex_key = "***", - keyex_info = "***", - available_host_keys = "***"}, - [{data, [{"State", State#data{decrypted_data_buffer = "***", - encrypted_data_buffer = "***", - key_exchange_init_msg = "***", - opts = "***", - recbuf_size = "***", - ssh_params = Ssh - }}]}]. - +format_status(normal, [_, _StateName, D]) -> + [{data, [{"State", D}]}]; +format_status(terminate, [_, _StateName, D]) -> + DataPropList0 = fmt_stat_rec(record_info(fields, data), D, + [decrypted_data_buffer, + encrypted_data_buffer, + key_exchange_init_msg, + opts, + inet_initial_recbuf_size]), + SshPropList = fmt_stat_rec(record_info(fields, ssh), D#data.ssh_params, + [c_keyinit, + s_keyinit, + send_mac_key, + send_mac_size, + recv_mac_key, + recv_mac_size, + encrypt_keys, + encrypt_ctx, + decrypt_keys, + decrypt_ctx, + compress_ctx, + decompress_ctx, + shared_secret, + exchanged_hash, + session_id, + keyex_key, + keyex_info, + available_host_keys]), + DataPropList = lists:keyreplace(ssh_params, 1, DataPropList0, + {ssh_params,SshPropList}), + [{data, [{"State", DataPropList}]}]. + + +fmt_stat_rec(FieldNames, Rec, Exclude) -> + Values = tl(tuple_to_list(Rec)), + [P || {K,_} = P <- lists:zip(FieldNames, Values), + not lists:member(K, Exclude)]. %%-------------------------------------------------------------------- --spec code_change(term(), +-spec code_change(term() | {down,term()}, state_name(), #data{}, term() - ) -> {ok, state_name(), #data{}}. + ) -> {gen_statem:callback_mode(), state_name(), #data{}}. %% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . code_change(_OldVsn, StateName, State, _Extra) -> - {ok, StateName, State}. + {handle_event_function, StateName, State}. %%==================================================================== @@ -1577,7 +1591,7 @@ handle_connection_msg(Msg, StateName, State0 = end. -set_prefix_if_trouble(Msg = <>, #data{ssh_params=SshParams}) +set_kex_overload_prefix(Msg = <>, #data{ssh_params=SshParams}) when Op == 30; Op == 31 -> @@ -1591,7 +1605,7 @@ set_prefix_if_trouble(Msg = <>, #data{ssh_params=SshParams}) _ -> Msg end; -set_prefix_if_trouble(Msg, _) -> +set_kex_overload_prefix(Msg, _) -> Msg. kex(#ssh{algorithms=#alg{kex=Kex}}) -> Kex; diff --git a/lib/ssh/src/ssh_info.erl b/lib/ssh/src/ssh_info.erl index 67130d5eac..0c24c09887 100644 --- a/lib/ssh/src/ssh_info.erl +++ b/lib/ssh/src/ssh_info.erl @@ -37,7 +37,7 @@ print() -> io:format("~s", [string()]). print(File) when is_list(File) -> - {ok,D} = file:open(File, write), + {ok,D} = file:open(File, [write]), print(D), file:close(D); print(D) -> -- cgit v1.2.3 From 73f90b506c5ceff51cd8a6f264dc8fe20dd9351d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 26 Apr 2016 13:02:39 +0200 Subject: ssh: remove user_passwords from dumped state --- lib/ssh/src/ssh_connection_handler.erl | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index f2545c93df..46c45b6f68 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1368,6 +1368,7 @@ format_status(terminate, [_, _StateName, D]) -> [decrypted_data_buffer, encrypted_data_buffer, key_exchange_init_msg, + user_passwords, opts, inet_initial_recbuf_size]), SshPropList = fmt_stat_rec(record_info(fields, ssh), D#data.ssh_params, -- cgit v1.2.3 From bbf8fb6e42e730a4037485c3313e63733d8c100b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 26 Apr 2016 12:45:49 +0200 Subject: ssh: Idle-timer refactoring and some cosmetics and inlineing --- lib/ssh/src/ssh.erl | 9 +-- lib/ssh/src/ssh_channel.erl | 5 +- lib/ssh/src/ssh_connection_handler.erl | 135 +++++++++++++++++---------------- 3 files changed, 73 insertions(+), 76 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 48ef8aad2a..2eae897ce2 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -86,7 +86,7 @@ connect(Host, Port, Options, Timeout) -> ConnectionTimeout = proplists:get_value(connect_timeout, Options, infinity), try Transport:connect(Host, Port, [ {active, false} | SocketOptions], ConnectionTimeout) of {ok, Socket} -> - Opts = [{user_pid, self()}, {host, Host} | fix_idle_time(SshOptions)], + Opts = [{user_pid,self()}, {host,Host} | SshOptions], ssh_connection_handler:start_connection(client, Socket, Opts, Timeout); {error, Reason} -> {error, Reason} @@ -228,13 +228,6 @@ default_algorithms() -> %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- -fix_idle_time(SshOptions) -> - case proplists:get_value(idle_time, SshOptions) of - undefined -> - [{idle_time, infinity}|SshOptions]; - _ -> - SshOptions - end. start_daemon(Host, Port, Options, Inet) -> case handle_options(Options) of {error, _Reason} = Error -> diff --git a/lib/ssh/src/ssh_channel.erl b/lib/ssh/src/ssh_channel.erl index de6908bb38..a8e6ebde16 100644 --- a/lib/ssh/src/ssh_channel.erl +++ b/lib/ssh/src/ssh_channel.erl @@ -68,7 +68,7 @@ %% Internal application API -export([cache_create/0, cache_lookup/2, cache_update/2, cache_delete/1, cache_delete/2, cache_foldl/3, - cache_find/2, + cache_info/2, cache_find/2, get_print_info/1]). -record(state, { @@ -335,6 +335,9 @@ cache_delete(Cache) -> cache_foldl(Fun, Acc, Cache) -> ets:foldl(Fun, Acc, Cache). +cache_info(num_entries, Cache) -> + proplists:get_value(size, ets:info(Cache)). + cache_find(ChannelPid, Cache) -> case ets:match_object(Cache, #channel{user = ChannelPid}) of [] -> diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 46c45b6f68..6f9b2b3e22 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -349,6 +349,8 @@ renegotiate_data(ConnectionHandler) -> idle_timer_ref :: undefined | infinity | reference(), + idle_timer_value = infinity :: infinity + | pos_integer(), transport_protocol :: atom(), % ex: tcp transport_cb :: atom(), % ex: gen_tcp transport_close_tag :: atom(), % ex: tcp_closed @@ -405,7 +407,7 @@ init_connection_handler(Role, Socket, Opts) -> init_process_state(Role, Socket, Opts) -> - S = #data{connection_state = + D = #data{connection_state = C = #connection{channel_cache = ssh_channel:cache_create(), channel_id_seed = 0, port_bindings = [], @@ -420,10 +422,9 @@ init_process_state(Role, Socket, Opts) -> %% Start the renegotiation timers timer:apply_after(?REKEY_TIMOUT, gen_statem, cast, [self(), renegotiate]), timer:apply_after(?REKEY_DATA_TIMOUT, gen_statem, cast, [self(), data_size]), - S#data{idle_timer_ref = get_idle_time(Opts)}; - + cache_init_idle_timer(D); server -> - S#data{connection_state = init_connection(Role, C, Opts)} + D#data{connection_state = init_connection(Role, C, Opts)} end. @@ -537,8 +538,8 @@ handle_event(_, _Event, {init_error,Error}, _) -> handle_event(_, socket_control, {hello,_}, D) -> VsnMsg = ssh_transport:hello_version_msg(string_version(D#data.ssh_params)), ok = send_bytes(VsnMsg, D), - case getopt(recbuf, Socket=D#data.socket) of - {ok, Size} -> + case inet:getopts(Socket=D#data.socket, [recbuf]) of + {ok, [{recbuf,Size}]} -> %% Set the socket to the hello text line handling mode: inet:setopts(Socket, [{packet, line}, {active, once}, @@ -547,8 +548,9 @@ handle_event(_, socket_control, {hello,_}, D) -> {recbuf, ?MAX_PROTO_VERSION}, {nodelay,true}]), {keep_state, D#data{inet_initial_recbuf_size=Size}}; - {error, Reason} -> - {stop, {shutdown,Reason}} + + Other -> + {stop, {shutdown,{unexpected_getopts_return, Other}}} end; handle_event(_, {info_line,_Line}, {hello,Role}, D) -> @@ -1069,15 +1071,13 @@ handle_event({call,From}, {request, ChannelPid, ChannelId, Type, Data, Timeout}, D = handle_request(ChannelPid, ChannelId, Type, Data, true, From, D0), %% Note reply to channel will happen later when reply is recived from peer on the socket start_timeout(ChannelId, From, Timeout), - handle_idle_timeout(D), - {keep_state, D}; + {keep_state, cache_request_idle_timer_check(D)}; handle_event({call,From}, {request, ChannelId, Type, Data, Timeout}, {connected,_}, D0) -> D = handle_request(ChannelId, Type, Data, true, From, D0), %% Note reply to channel will happen later when reply is recived from peer on the socket start_timeout(ChannelId, From, Timeout), - handle_idle_timeout(D), - {keep_state, D}; + {keep_state, cache_request_idle_timer_check(D)}; handle_event({call,From}, {global_request, Pid, _, _, _} = Request, {connected,_}, D0) -> D1 = handle_global_request(Request, D0), @@ -1122,7 +1122,7 @@ handle_event({call,From}, }), D = add_request(true, ChannelId, From, D2), start_timeout(ChannelId, From, Timeout), - {keep_state, remove_timer_ref(D)}; + {keep_state, cache_cancel_idle_timer(D)}; handle_event({call,From}, {send_window, ChannelId}, {connected,_}, D) -> Reply = case ssh_channel:cache_lookup(cache(D), ChannelId) of @@ -1149,8 +1149,7 @@ handle_event({call,From}, {close, ChannelId}, {connected,_}, D0) -> #channel{remote_id = Id} = Channel -> D1 = send_msg(ssh_connection:channel_close_msg(Id), D0), ssh_channel:cache_update(cache(D1), Channel#channel{sent_close = true}), - handle_idle_timeout(D1), - {keep_state, D1, [{reply,From,ok}]}; + {keep_state, cache_request_idle_timer_check(D1), [{reply,From,ok}]}; undefined -> {keep_state_and_data, [{reply,From,ok}]} end; @@ -1263,8 +1262,8 @@ handle_event(info, {'DOWN', _Ref, process, ChannelPid, _Reason}, _, D0) -> handle_event(info, {'EXIT', _Sup, Reason}, _, _) -> {stop, {shutdown, Reason}}; -handle_event(info, {check_cache, _ , _}, _, D) -> - {keep_state, check_cache(D)}; +handle_event(info, check_cache, _, D) -> + {keep_state, cache_check_set_idle_timer(D)}; handle_event(info, UnexpectedMessage, StateName, D = #data{ssh_params = Ssh}) -> case unexpected_fun(UnexpectedMessage, D) of @@ -1462,14 +1461,6 @@ renegotiation({_,_,ReNeg}) -> ReNeg == renegotiation; renegotiation(_) -> false. %%-------------------------------------------------------------------- -get_idle_time(SshOptions) -> - case proplists:get_value(idle_time, SshOptions) of - infinity -> - infinity; - _IdleTime -> %% We dont want to set the timeout on first connect - undefined - end. - supported_host_keys(client, _, Options) -> try case proplists:get_value(public_key, @@ -1663,14 +1654,6 @@ handle_global_request({global_request, _, "cancel-tcpip-forward" = Type, send_msg(Msg, State). %%%---------------------------------------------------------------- -handle_idle_timeout(#data{opts = Opts}) -> - case proplists:get_value(idle_time, Opts, infinity) of - infinity -> - ok; - IdleTime -> - erlang:send_after(IdleTime, self(), {check_cache, [], []}) - end. - handle_channel_down(ChannelPid, D) -> ssh_channel:cache_foldl( fun(Channel, Acc) when Channel#channel.user == ChannelPid -> @@ -1680,7 +1663,7 @@ handle_channel_down(ChannelPid, D) -> (_,Acc) -> Acc end, [], cache(D)), - {{replies, []}, check_cache(D)}. + {{replies, []}, cache_check_set_idle_timer(D)}. update_sys(Cache, Channel, Type, ChannelPid) -> @@ -1826,8 +1809,6 @@ get_repl(noreply, Acc) -> get_repl(X, Acc) -> exit({get_repl,X,Acc}). - - %%%---------------------------------------------------------------- disconnect_fun({disconnect,Msg}, D) -> disconnect_fun(Msg, D); @@ -1864,38 +1845,65 @@ debug_fun(#ssh_msg_debug{always_display = Display, end. +%%%---------------------------------------------------------------- +%%% Cache idle timer that closes the connection if there are no +%%% channels open for a while. + +cache_init_idle_timer(D) -> + case proplists:get_value(idle_time, D#data.opts, infinity) of + infinity -> + D#data{idle_timer_value = infinity, + idle_timer_ref = infinity % A flag used later... + }; + IdleTime -> + %% We dont want to set the timeout on first connect + D#data{idle_timer_value = IdleTime} + end. + -check_cache(D) -> - %% Check the number of entries in Cache - case proplists:get_value(size, ets:info(cache(D))) of +cache_check_set_idle_timer(D = #data{idle_timer_ref = undefined, + idle_timer_value = IdleTime}) -> + %% No timer set - shall we set one? + case ssh_channel:cache_info(num_entries, cache(D)) of + 0 when IdleTime == infinity -> + %% No. Meaningless to set a timer that fires in an infinite time... + D; 0 -> - case proplists:get_value(idle_time, D#data.opts, infinity) of - infinity -> - D; - Time -> - handle_idle_timer(Time, D) - end; + %% Yes, we'll set one since the cache is empty and it should not + %% be that for a specified time + D#data{idle_timer_ref = + erlang:send_after(IdleTime, self(), {'EXIT',[],"Timeout"})}; _ -> + %% No - there are entries in the cache D - end. + end; +cache_check_set_idle_timer(D) -> + %% There is already a timer set or the timeout time is infinite + D. + -handle_idle_timer(Time, #data{idle_timer_ref = undefined} = State) -> - TimerRef = erlang:send_after(Time, self(), {'EXIT', [], "Timeout"}), - State#data{idle_timer_ref=TimerRef}; -handle_idle_timer(_, State) -> - State. - -remove_timer_ref(State) -> - case State#data.idle_timer_ref of - infinity -> %% If the timer is not activated - State; - undefined -> %% If we already has cancelled the timer - State; - TimerRef -> %% Timer is active +cache_cancel_idle_timer(D) -> + case D#data.idle_timer_ref of + infinity -> + %% The timer is not activated + D; + undefined -> + %% The timer is already cancelled + D; + TimerRef -> + %% The timer is active erlang:cancel_timer(TimerRef), - State#data{idle_timer_ref = undefined} + D#data{idle_timer_ref = undefined} end. + +cache_request_idle_timer_check(D = #data{idle_timer_value = infinity}) -> + D; +cache_request_idle_timer_check(D = #data{idle_timer_value = IdleTime}) -> + erlang:send_after(IdleTime, self(), check_cache), + D. + +%%%---------------------------------------------------------------- socket_control(Socket, Pid, Transport) -> case Transport:controlling_process(Socket, Pid) of ok -> @@ -1933,10 +1941,3 @@ start_timeout(_,_, infinity) -> start_timeout(Channel, From, Time) -> erlang:send_after(Time, self(), {timeout, {Channel, From}}). -getopt(Opt, Socket) -> - case inet:getopts(Socket, [Opt]) of - {ok, [{Opt, Value}]} -> - {ok, Value}; - Other -> - {error, {unexpected_getopts_return, Other}} - end. -- cgit v1.2.3 From b7f81aa55ffa161be01929b8d156e40bf751de17 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 26 Apr 2016 15:52:51 +0200 Subject: ssh: Channel request timer refactoring --- lib/ssh/src/ssh_connection_handler.erl | 121 +++++++++++++++++---------------- 1 file changed, 62 insertions(+), 59 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 6f9b2b3e22..e5229eb954 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -63,7 +63,7 @@ %%% Behaviour callbacks -export([handle_event/4, terminate/3, format_status/2, code_change/4]). -%%% Exports not intended to be used :) +%%% Exports not intended to be used :). They are used for spawning and tests -export([init_connection_handler/3, % proc_lib:spawn needs this init_ssh_record/3, % Export of this internal function % intended for low-level protocol test suites @@ -99,6 +99,8 @@ stop(ConnectionHandler)-> %% Internal application API %%==================================================================== +-define(DefaultTransport, {tcp, gen_tcp, tcp_closed} ). + %%-------------------------------------------------------------------- -spec start_connection(role(), inet:socket(), @@ -109,11 +111,8 @@ stop(ConnectionHandler)-> start_connection(client = Role, Socket, Options, Timeout) -> try {ok, Pid} = sshc_sup:start_child([Role, Socket, Options]), - {_, Callback, _} = - proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), - ok = socket_control(Socket, Pid, Callback), - Ref = erlang:monitor(process, Pid), - handshake(Pid, Ref, Timeout) + ok = socket_control(Socket, Pid, Options), + handshake(Pid, erlang:monitor(process,Pid), Timeout) catch exit:{noproc, _} -> {error, ssh_not_started}; @@ -383,7 +382,7 @@ init_connection_handler(Role, Socket, Opts) -> S0 = init_process_state(Role, Socket, Opts), try {Protocol, Callback, CloseTag} = - proplists:get_value(transport, Opts, {tcp, gen_tcp, tcp_closed}), + proplists:get_value(transport, Opts, ?DefaultTransport), S0#data{ssh_params = init_ssh_record(Role, Socket, Opts), transport_protocol = Protocol, transport_cb = Callback, @@ -1070,13 +1069,13 @@ handle_event({call,_}, _, StateName, _) when StateName /= {connected,server}, handle_event({call,From}, {request, ChannelPid, ChannelId, Type, Data, Timeout}, {connected,_}, D0) -> D = handle_request(ChannelPid, ChannelId, Type, Data, true, From, D0), %% Note reply to channel will happen later when reply is recived from peer on the socket - start_timeout(ChannelId, From, Timeout), + start_channel_request_timer(ChannelId, From, Timeout), {keep_state, cache_request_idle_timer_check(D)}; handle_event({call,From}, {request, ChannelId, Type, Data, Timeout}, {connected,_}, D0) -> D = handle_request(ChannelId, Type, Data, true, From, D0), %% Note reply to channel will happen later when reply is recived from peer on the socket - start_timeout(ChannelId, From, Timeout), + start_channel_request_timer(ChannelId, From, Timeout), {keep_state, cache_request_idle_timer_check(D)}; handle_event({call,From}, {global_request, Pid, _, _, _} = Request, {connected,_}, D0) -> @@ -1089,7 +1088,7 @@ handle_event({call,From}, {data, ChannelId, Type, Data, Timeout}, {connected,_}, {{replies, Replies}, Connection} = ssh_connection:channel_data(ChannelId, Type, Data, D0#data.connection_state, From), {Repls,D} = send_replies(Replies, D0#data{connection_state = Connection}), - start_timeout(ChannelId, From, Timeout), + start_channel_request_timer(ChannelId, From, Timeout), % FIXME: No message exchange so why? {keep_state, D, Repls}; handle_event({call,From}, {eof, ChannelId}, {connected,_}, D0) -> @@ -1121,7 +1120,7 @@ handle_event({call,From}, send_buf = queue:new() }), D = add_request(true, ChannelId, From, D2), - start_timeout(ChannelId, From, Timeout), + start_channel_request_timer(ChannelId, From, Timeout), {keep_state, cache_cancel_idle_timer(D)}; handle_event({call,From}, {send_window, ChannelId}, {connected,_}, D) -> @@ -1243,12 +1242,15 @@ handle_event(info, {CloseTag,Socket}, StateName, StateName, D); handle_event(info, {timeout, {_, From} = Request}, _, - #data{connection_state = #connection{requests = Requests} = C0} = D) -> + #data{connection_state = #connection{requests = Requests} = C0} = D) -> case lists:member(Request, Requests) of true -> + %% A channel request is not answered in time. Answer {error,timeout} + %% to the caller C = C0#connection{requests = lists:delete(Request, Requests)}, {keep_state, D#data{connection_state=C}, [{reply,From,{error,timeout}}]}; false -> + %% The request is answered - just ignore the timeout keep_state_and_data end; @@ -1424,8 +1426,7 @@ start_the_connection_child(UserPid, Role, Socket, Options) -> ConnectionSup = proplists:get_value(connection_sup, Sups), Opts = [{supervisors, Sups}, {user_pid, UserPid} | proplists:get_value(ssh_opts, Options, [])], {ok, Pid} = ssh_connection_sup:start_child(ConnectionSup, [Role, Socket, Opts]), - {_, Callback, _} = proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}), - socket_control(Socket, Pid, Callback), + ok = socket_control(Socket, Pid, Options), Pid. %%-------------------------------------------------------------------- @@ -1698,42 +1699,6 @@ counterpart_versions(NumVsn, StrVsn, #ssh{role = server} = Ssh) -> counterpart_versions(NumVsn, StrVsn, #ssh{role = client} = Ssh) -> Ssh#ssh{s_vsn = NumVsn , s_version = StrVsn}. -connected_fun(User, Method, #data{ssh_params = #ssh{peer = {_,Peer}}, - opts = Opts}) -> - case proplists:get_value(connectfun, Opts) of - undefined -> - ok; - Fun -> - catch Fun(User, Peer, Method) - end. - -retry_fun(_, undefined, _) -> - ok; -retry_fun(User, Reason, #data{ssh_params = #ssh{opts = Opts, - peer = {_,Peer} - }}) -> - {Tag,Info} = - case Reason of - {error, Error} -> - {failfun, Error}; - _ -> - {infofun, Reason} - end, - Fun = proplists:get_value(Tag, Opts, fun(_,_)-> ok end), - try erlang:fun_info(Fun, arity) - of - {arity, 2} -> %% Backwards compatible - catch Fun(User, Info); - {arity, 3} -> - catch Fun(User, Peer, Info); - _ -> - ok - catch - _:_ -> - ok - end. - - ssh_info([], _State, Acc) -> Acc; ssh_info([client_version | Rest], #data{ssh_params = #ssh{c_vsn = IntVsn, @@ -1812,8 +1777,6 @@ get_repl(X, Acc) -> %%%---------------------------------------------------------------- disconnect_fun({disconnect,Msg}, D) -> disconnect_fun(Msg, D); -%% disconnect_fun(_, undefined) -> -%% ok; disconnect_fun(Reason, #data{opts=Opts}) -> case proplists:get_value(disconnectfun, Opts) of undefined -> @@ -1845,6 +1808,41 @@ debug_fun(#ssh_msg_debug{always_display = Display, end. +connected_fun(User, Method, #data{ssh_params = #ssh{peer = {_,Peer}}, + opts = Opts}) -> + case proplists:get_value(connectfun, Opts) of + undefined -> + ok; + Fun -> + catch Fun(User, Peer, Method) + end. + +retry_fun(_, undefined, _) -> + ok; +retry_fun(User, Reason, #data{ssh_params = #ssh{opts = Opts, + peer = {_,Peer} + }}) -> + {Tag,Info} = + case Reason of + {error, Error} -> + {failfun, Error}; + _ -> + {infofun, Reason} + end, + Fun = proplists:get_value(Tag, Opts, fun(_,_)-> ok end), + try erlang:fun_info(Fun, arity) + of + {arity, 2} -> %% Backwards compatible + catch Fun(User, Info); + {arity, 3} -> + catch Fun(User, Peer, Info); + _ -> + ok + catch + _:_ -> + ok + end. + %%%---------------------------------------------------------------- %%% Cache idle timer that closes the connection if there are no %%% channels open for a while. @@ -1904,8 +1902,18 @@ cache_request_idle_timer_check(D = #data{idle_timer_value = IdleTime}) -> D. %%%---------------------------------------------------------------- -socket_control(Socket, Pid, Transport) -> - case Transport:controlling_process(Socket, Pid) of +start_channel_request_timer(_,_, infinity) -> + ok; +start_channel_request_timer(Channel, From, Time) -> + erlang:send_after(Time, self(), {timeout, {Channel, From}}). + +%%%---------------------------------------------------------------- +%%% Connection start and initalization helpers + +socket_control(Socket, Pid, Options) -> + {_, TransportCallback, _} = % For example {_,gen_tcp,_} + proplists:get_value(transport, Options, ?DefaultTransport), + case TransportCallback:controlling_process(Socket, Pid) of ok -> gen_statem:cast(Pid, socket_control); {error, Reason} -> @@ -1936,8 +1944,3 @@ handshake(Pid, Ref, Timeout) -> {error, timeout} end. -start_timeout(_,_, infinity) -> - ok; -start_timeout(Channel, From, Time) -> - erlang:send_after(Time, self(), {timeout, {Channel, From}}). - -- cgit v1.2.3 From 23d5014870cf54e6602fb470e9eb37ee6415eca5 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 28 Apr 2016 09:53:33 +0200 Subject: ssh: Update version --- lib/ssh/vsn.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/vsn.mk b/lib/ssh/vsn.mk index 41b42d454b..b165928877 100644 --- a/lib/ssh/vsn.mk +++ b/lib/ssh/vsn.mk @@ -1,5 +1,5 @@ #-*-makefile-*- ; force emacs to enter makefile-mode -SSH_VSN = 4.2.2 +SSH_VSN = 4.3 APP_VSN = "ssh-$(SSH_VSN)" -- cgit v1.2.3 From a63116928a95d0a49196331d978c62dcd4941549 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 28 Apr 2016 09:53:56 +0200 Subject: ssh: Update app-file --- lib/ssh/src/ssh.app.src | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.app.src b/lib/ssh/src/ssh.app.src index c67350bf72..3245ba5197 100644 --- a/lib/ssh/src/ssh.app.src +++ b/lib/ssh/src/ssh.app.src @@ -40,7 +40,12 @@ {applications, [kernel, stdlib, crypto, public_key]}, {env, []}, {mod, {ssh_app, []}}, - {runtime_dependencies, ["stdlib-2.3","public_key-0.22","kernel-3.0", - "erts-6.0","crypto-3.3"]}]}. + {runtime_dependencies, [ + "crypto-3.3", + "erts-6.0", + "kernel-3.0", + "public_key-1.1", + "stdlib-3.0" + ]}]}. -- cgit v1.2.3 From 1b3495077db1e60db472283352dd175cd6dd962e Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 31 Mar 2016 15:42:33 +0200 Subject: ssh: Speeded up ssh_options_SUITE a couple of minutes --- lib/ssh/test/ssh_options_SUITE.erl | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl index 1d14a16065..124c72846b 100644 --- a/lib/ssh/test/ssh_options_SUITE.erl +++ b/lib/ssh/test/ssh_options_SUITE.erl @@ -51,9 +51,7 @@ ssh_connect_arg4_timeout/1, ssh_connect_negtimeout_parallel/1, ssh_connect_negtimeout_sequential/1, - ssh_connect_nonegtimeout_connected_parallel/0, ssh_connect_nonegtimeout_connected_parallel/1, - ssh_connect_nonegtimeout_connected_sequential/0, ssh_connect_nonegtimeout_connected_sequential/1, ssh_connect_timeout/1, connect/4, ssh_daemon_minimal_remote_max_packet_size_option/1, @@ -82,7 +80,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{seconds,40}}]. + {timetrap,{seconds,30}}]. all() -> [connectfun_disconnectfun_server, @@ -982,16 +980,10 @@ ssh_connect_negtimeout(Config, Parallel) -> %%-------------------------------------------------------------------- %%% Test that ssh connection does not timeout if the connection is established (parallel) - -ssh_connect_nonegtimeout_connected_parallel() -> [{timetrap,{seconds,90}}]. - ssh_connect_nonegtimeout_connected_parallel(Config) -> ssh_connect_nonegtimeout_connected(Config, true). %%% Test that ssh connection does not timeout if the connection is established (non-parallel) - -ssh_connect_nonegtimeout_connected_sequential() -> [{timetrap,{seconds,90}}]. - ssh_connect_nonegtimeout_connected_sequential(Config) -> ssh_connect_nonegtimeout_connected(Config, false). @@ -1000,7 +992,7 @@ ssh_connect_nonegtimeout_connected(Config, Parallel) -> process_flag(trap_exit, true), SystemDir = filename:join(?config(priv_dir, Config), system), UserDir = ?config(priv_dir, Config), - NegTimeOut = 20000, % ms + NegTimeOut = 2000, % ms ct:log("Parallel: ~p",[Parallel]), {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, -- cgit v1.2.3 From 20b5ece81105525f89a936921ff363b24f4396ed Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 31 Mar 2016 12:45:15 +0200 Subject: ssh: Repeated try until ssh_options_SUITE:max_sessions succedes (or timeout) The supervisor tree need some time to count down number of workers when one dies. With a fixed waiting time in the test, there will be spurious errors. There will also be unnecessarily long waits on some machines. --- lib/ssh/test/ssh_options_SUITE.erl | 45 +++++++++++++++++++++++++------------- 1 file changed, 30 insertions(+), 15 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl index 124c72846b..272e961bf8 100644 --- a/lib/ssh/test/ssh_options_SUITE.erl +++ b/lib/ssh/test/ssh_options_SUITE.erl @@ -1123,21 +1123,7 @@ max_sessions(Config, ParallelLogin, Connect0) when is_function(Connect0,2) -> %% This is expected %% Now stop one connection and try to open one more ok = ssh:close(hd(Connections)), - receive after 250 -> ok end, % sleep so the supervisor has time to count down. Not nice... - try Connect(Host,Port) - of - _ConnectionRef1 -> - %% Step 3 ok: could set up one more connection after killing one - %% Thats good. - ssh:stop_daemon(Pid), - ok - catch - error:{badmatch,{error,"Connection closed"}} -> - %% Bad indeed. Could not set up one more connection even after killing - %% one existing. Very bad. - ssh:stop_daemon(Pid), - {fail,"Does not decrease # active sessions"} - end + try_to_connect(Connect, Host, Port, Pid) end catch error:{badmatch,{error,"Connection closed"}} -> @@ -1145,6 +1131,35 @@ max_sessions(Config, ParallelLogin, Connect0) when is_function(Connect0,2) -> {fail,"Too few connections accepted"} end. + +try_to_connect(Connect, Host, Port, Pid) -> + {ok,Tref} = timer:send_after(3000, timeout_no_connection), % give the supervisors some time... + try_to_connect(Connect, Host, Port, Pid, Tref, 1). % will take max 3300 ms after 11 tries + +try_to_connect(Connect, Host, Port, Pid, Tref, N) -> + try Connect(Host,Port) + of + _ConnectionRef1 -> + %% Step 3 ok: could set up one more connection after killing one + %% Thats good. + timer:cancel(Tref), + ssh:stop_daemon(Pid), + receive % flush. + timeout_no_connection -> ok + after 0 -> ok + end + catch + error:{badmatch,{error,"Connection closed"}} -> + %% Could not set up one more connection. Try again until timeout. + receive + timeout_no_connection -> + ssh:stop_daemon(Pid), + {fail,"Does not decrease # active sessions"} + after N*50 -> % retry after this time + try_to_connect(Connect, Host, Port, Pid, Tref, N+1) + end + end. + %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- -- cgit v1.2.3 From 8d1ac35a52f9eded2afafe3e1a1cd3474e2f4142 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 5 Apr 2016 13:44:27 +0200 Subject: ssh: polish max_channels_option test case Removed pty alloc from the test since it does not work on all test targets. Also added a final check that the upper limit of channels still holds. --- lib/ssh/test/ssh_connection_SUITE.erl | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index a5f424f863..fd1b2e4f8e 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -655,15 +655,21 @@ max_channels_option(Config) when is_list(Config) -> {user_interaction, true}, {user_dir, UserDir}]), + %% Allocate a number of ChannelId:s to play with. (This operation is not + %% counted by the max_channel option). {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), {ok, ChannelId1} = ssh_connection:session_channel(ConnectionRef, infinity), {ok, ChannelId2} = ssh_connection:session_channel(ConnectionRef, infinity), {ok, ChannelId3} = ssh_connection:session_channel(ConnectionRef, infinity), {ok, ChannelId4} = ssh_connection:session_channel(ConnectionRef, infinity), {ok, ChannelId5} = ssh_connection:session_channel(ConnectionRef, infinity), - {ok, _ChannelId6} = ssh_connection:session_channel(ConnectionRef, infinity), + {ok, ChannelId6} = ssh_connection:session_channel(ConnectionRef, infinity), + {ok, _ChannelId7} = ssh_connection:session_channel(ConnectionRef, infinity), - %%%---- shell + %% Now start to open the channels (this is counted my max_channels) to check that + %% it gives a failure at right place + + %%%---- Channel 1(3): shell ok = ssh_connection:shell(ConnectionRef,ChannelId0), receive {ssh_cm,ConnectionRef, {data, ChannelId0, 0, <<"Eshell",_/binary>>}} -> @@ -672,10 +678,10 @@ max_channels_option(Config) when is_list(Config) -> ct:fail("CLI Timeout") end, - %%%---- subsystem "echo_n" + %%%---- Channel 2(3): subsystem "echo_n" success = ssh_connection:subsystem(ConnectionRef, ChannelId1, "echo_n", infinity), - %%%---- exec #1 + %%%---- Channel 3(3): exec. This closes itself. success = ssh_connection:exec(ConnectionRef, ChannelId2, "testing1.\n", infinity), receive {ssh_cm, ConnectionRef, {data, ChannelId2, 0, <<"testing1",_/binary>>}} -> @@ -684,13 +690,13 @@ max_channels_option(Config) when is_list(Config) -> ct:fail("Exec #1 Timeout") end, - %%%---- ptty - success = ssh_connection:ptty_alloc(ConnectionRef, ChannelId3, []), + %%%---- Channel 3(3): subsystem "echo_n" (Note that ChannelId2 should be closed now) + success = ssh_connection:subsystem(ConnectionRef, ChannelId3, "echo_n", infinity), - %%%---- exec #2 + %%%---- Channel 4(3) !: exec This should fail failure = ssh_connection:exec(ConnectionRef, ChannelId4, "testing2.\n", infinity), - %%%---- close the shell + %%%---- close the shell (Frees one channel) ok = ssh_connection:send(ConnectionRef, ChannelId0, "exit().\n", 5000), %%%---- wait for the subsystem to terminate @@ -703,14 +709,11 @@ max_channels_option(Config) when is_list(Config) -> ct:fail("exit Timeout",[]) end, - %%%---- exec #3 - success = ssh_connection:exec(ConnectionRef, ChannelId5, "testing3.\n", infinity), - receive - {ssh_cm, ConnectionRef, {data, ChannelId5, 0, <<"testing3",_/binary>>}} -> - ok - after 5000 -> - ct:fail("Exec #3 Timeout") - end, + %%---- Try that we can open one channel instead of the closed one + success = ssh_connection:subsystem(ConnectionRef, ChannelId5, "echo_n", infinity), + + %%---- But not a fourth one... + failure = ssh_connection:subsystem(ConnectionRef, ChannelId6, "echo_n", infinity), ssh:close(ConnectionRef), ssh:stop_daemon(Pid). -- cgit v1.2.3 From 62191b31521560e37e1096c697fdc2f7a5378c60 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 6 Apr 2016 12:24:12 +0200 Subject: ssh: remove brain-dead ssh_test_lib:connect without port arg --- lib/ssh/test/ssh_test_lib.erl | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 4db7d09ccd..06fddb8dc8 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -32,15 +32,8 @@ -define(TIMEOUT, 50000). -connect(Options) -> - connect(hostname(), inet_port(), Options). - connect(Port, Options) when is_integer(Port) -> - connect(hostname(), Port, Options); -connect(any, Options) -> - connect(hostname(), inet_port(), Options); -connect(Host, Options) -> - connect(Host, inet_port(), Options). + connect(hostname(), Port, Options). connect(any, Port, Options) -> connect(hostname(), Port, Options); -- cgit v1.2.3 From 7f77b87176fad5f7518d3a5588c89e414bc5030f Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 6 Apr 2016 15:06:09 +0200 Subject: ssh: wait until supervisors has understood that process died. (test case) --- lib/ssh/test/ssh_sup_SUITE.erl | 109 ++++++++++++++++++++++++++--------------- 1 file changed, 70 insertions(+), 39 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_sup_SUITE.erl b/lib/ssh/test/ssh_sup_SUITE.erl index f800ea806d..d43a9cb425 100644 --- a/lib/ssh/test/ssh_sup_SUITE.erl +++ b/lib/ssh/test/ssh_sup_SUITE.erl @@ -36,7 +36,7 @@ suite() -> [{ct_hooks,[ts_install_cth]}, - {timetrap,{seconds,40}}]. + {timetrap,{seconds,100}}]. all() -> [default_tree, sshc_subtree, sshd_subtree, sshd_subtree_profile]. @@ -79,6 +79,29 @@ end_per_testcase(sshc_subtree, Config) -> end_per_testcase(_, _Config) -> ssh:stop(). +%%------------------------------------------------------------------------- +%% Help macro +%%------------------------------------------------------------------------- +-define(wait_match(Pattern, FunctionCall, Bind), + Bind = + (fun() -> + F = fun(N, F1) -> + case FunctionCall of + Pattern -> Bind; + _ when N>0 -> + ct:pal("Must sleep ~p ms at ~p:~p",[?WAIT_FOR_SHUTDOWN,?MODULE,?LINE]), + timer:sleep(?WAIT_FOR_SHUTDOWN), + F1(N-1, F1); + Other -> + ct:fail("Unexpected ~p:~p ~p",[?MODULE,?LINE,Other]) + end + end, + F((5000 div ?WAIT_FOR_SHUTDOWN), F) + end)() + ). + +-define(wait_match(Pattern, FunctionCall), ?wait_match(Pattern, FunctionCall, ok)). + %%------------------------------------------------------------------------- %% Test cases %%------------------------------------------------------------------------- @@ -92,8 +115,8 @@ default_tree(Config) when is_list(Config) -> lists:keysearch(sshc_sup, 1, TopSupChildren), {value, {sshd_sup, _,supervisor,[sshd_sup]}} = lists:keysearch(sshd_sup, 1, TopSupChildren), - [] = supervisor:which_children(sshc_sup), - [] = supervisor:which_children(sshd_sup). + ?wait_match([], supervisor:which_children(sshc_sup)), + ?wait_match([], supervisor:which_children(sshd_sup)). sshc_subtree() -> [{doc, "Make sure the sshc subtree is correct"}]. @@ -101,24 +124,26 @@ sshc_subtree(Config) when is_list(Config) -> {_Pid, Host, Port} = ?config(server, Config), UserDir = ?config(userdir, Config), - [] = supervisor:which_children(sshc_sup), + ?wait_match([], supervisor:which_children(sshc_sup)), + {ok, Pid1} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, {user_interaction, false}, {user, ?USER}, {password, ?PASSWD},{user_dir, UserDir}]), - [{_, _,supervisor,[ssh_connection_handler]}] = - supervisor:which_children(sshc_sup), + ?wait_match([{_, _,supervisor,[ssh_connection_handler]}], + supervisor:which_children(sshc_sup)), + {ok, Pid2} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, {user_interaction, false}, {user, ?USER}, {password, ?PASSWD}, {user_dir, UserDir}]), - [{_,_,supervisor,[ssh_connection_handler]}, - {_,_,supervisor,[ssh_connection_handler]}] = - supervisor:which_children(sshc_sup), + ?wait_match([{_,_,supervisor,[ssh_connection_handler]}, + {_,_,supervisor,[ssh_connection_handler]}], + supervisor:which_children(sshc_sup)), + ssh:close(Pid1), - [{_,_,supervisor,[ssh_connection_handler]}] = - supervisor:which_children(sshc_sup), + ?wait_match([{_,_,supervisor,[ssh_connection_handler]}], + supervisor:which_children(sshc_sup)), ssh:close(Pid2), - ct:sleep(?WAIT_FOR_SHUTDOWN), - [] = supervisor:which_children(sshc_sup). + ?wait_match([], supervisor:which_children(sshc_sup)). sshd_subtree() -> [{doc, "Make sure the sshd subtree is correct"}]. @@ -130,14 +155,16 @@ sshd_subtree(Config) when is_list(Config) -> {failfun, fun ssh_test_lib:failfun/2}, {user_passwords, [{?USER, ?PASSWD}]}]), - [{{server,ssh_system_sup, HostIP, Port, ?DEFAULT_PROFILE}, - Daemon, supervisor, - [ssh_system_sup]}] = - supervisor:which_children(sshd_sup), + + ?wait_match([{{server,ssh_system_sup, HostIP, Port, ?DEFAULT_PROFILE}, + Daemon, supervisor, + [ssh_system_sup]}], + supervisor:which_children(sshd_sup), + Daemon), check_sshd_system_tree(Daemon, Config), ssh:stop_daemon(HostIP, Port), ct:sleep(?WAIT_FOR_SHUTDOWN), - [] = supervisor:which_children(sshd_sup). + ?wait_match([], supervisor:which_children(sshd_sup)). sshd_subtree_profile() -> [{doc, "Make sure the sshd subtree using profile option is correct"}]. @@ -152,14 +179,15 @@ sshd_subtree_profile(Config) when is_list(Config) -> {user_passwords, [{?USER, ?PASSWD}]}, {profile, Profile}]), - [{{server,ssh_system_sup, HostIP,Port,Profile}, - Daemon, supervisor, - [ssh_system_sup]}] = - supervisor:which_children(sshd_sup), + ?wait_match([{{server,ssh_system_sup, HostIP,Port,Profile}, + Daemon, supervisor, + [ssh_system_sup]}], + supervisor:which_children(sshd_sup), + Daemon), check_sshd_system_tree(Daemon, Config), ssh:stop_daemon(HostIP, Port, Profile), ct:sleep(?WAIT_FOR_SHUTDOWN), - [] = supervisor:which_children(sshd_sup). + ?wait_match([], supervisor:which_children(sshd_sup)). check_sshd_system_tree(Daemon, Config) -> @@ -170,28 +198,31 @@ check_sshd_system_tree(Daemon, Config) -> {user_interaction, false}, {user, ?USER}, {password, ?PASSWD},{user_dir, UserDir}]), - [{_,SubSysSup, supervisor,[ssh_subsystem_sup]}, - {{ssh_acceptor_sup,_,_,_}, AccSup, supervisor,[ssh_acceptor_sup]}] - = supervisor:which_children(Daemon), + ?wait_match([{_,SubSysSup, supervisor,[ssh_subsystem_sup]}, + {{ssh_acceptor_sup,_,_,_}, AccSup, supervisor,[ssh_acceptor_sup]}], + supervisor:which_children(Daemon), + [SubSysSup,AccSup]), - [{{server,ssh_connection_sup, _,_}, - ConnectionSup, supervisor, - [ssh_connection_sup]}, - {{server,ssh_channel_sup,_ ,_}, - ChannelSup,supervisor, - [ssh_channel_sup]}] = supervisor:which_children(SubSysSup), + ?wait_match([{{server,ssh_connection_sup, _,_}, + ConnectionSup, supervisor, + [ssh_connection_sup]}, + {{server,ssh_channel_sup,_ ,_}, + ChannelSup,supervisor, + [ssh_channel_sup]}], + supervisor:which_children(SubSysSup), + [ConnectionSup,ChannelSup]), - [{{ssh_acceptor_sup,_,_,_},_,worker,[ssh_acceptor]}] = - supervisor:which_children(AccSup), + ?wait_match([{{ssh_acceptor_sup,_,_,_},_,worker,[ssh_acceptor]}], + supervisor:which_children(AccSup)), - [{_, _, worker,[ssh_connection_handler]}] = - supervisor:which_children(ConnectionSup), + ?wait_match([{_, _, worker,[ssh_connection_handler]}], + supervisor:which_children(ConnectionSup)), - [] = supervisor:which_children(ChannelSup), + ?wait_match([], supervisor:which_children(ChannelSup)), ssh_sftp:start_channel(Client), - [{_, _,worker,[ssh_channel]}] = - supervisor:which_children(ChannelSup), + ?wait_match([{_, _,worker,[ssh_channel]}], + supervisor:which_children(ChannelSup)), ssh:close(Client). -- cgit v1.2.3 From b90f22861404f2a2cdd305055c786bb73464af01 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 7 Apr 2016 16:30:35 +0200 Subject: ssh: make ssh:daemon choose port when Port=0 in the arguments --- lib/ssh/doc/src/ssh.xml | 15 ++++++- lib/ssh/src/ssh.erl | 85 +++++++++++++++++++++++++++++++--------- lib/ssh/src/ssh_acceptor.erl | 45 +++++++++++++++++---- lib/ssh/src/ssh_acceptor_sup.erl | 5 +-- lib/ssh/src/ssh_system_sup.erl | 9 +++-- 5 files changed, 124 insertions(+), 35 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 850557444d..a9e843c36c 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -359,7 +359,8 @@

Starts a server listening for SSH connections on the given - port.

+ port. If the Port is 0, a random free port is selected. See + daemon_info/1 about how to find the selected port number.

Options:

@@ -679,6 +680,18 @@ + + daemon_info(Daemon) -> {ok, [{port,Port}]} | {error,Error} + Get info about a daemon + + Port = integer() + Error = bad_daemon_ref + + +

Returns a key-value list with information about the daemon. For now, only the listening port is returned. This is intended for the case the daemon is started with the port set to 0.

+ + + default_algorithms() -> algs_list() Get a list declaring the supported algorithms diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index d0121e73ba..5c5d59481f 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -30,6 +30,7 @@ -export([start/0, start/1, stop/0, connect/3, connect/4, close/1, connection_info/2, channel_info/3, daemon/1, daemon/2, daemon/3, + daemon_info/1, default_algorithms/0, stop_listener/1, stop_listener/2, stop_listener/3, stop_daemon/1, stop_daemon/2, stop_daemon/3, @@ -152,6 +153,19 @@ daemon(HostAddr, Port, Options0) -> end, start_daemon(Host, Port, Options, Inet). +%%-------------------------------------------------------------------- +daemon_info(Pid) -> + case catch ssh_system_sup:acceptor_supervisor(Pid) of + AsupPid when is_pid(AsupPid) -> + [Port] = + [Prt || {{ssh_acceptor_sup,any,Prt,default}, + _WorkerPid,worker,[ssh_acceptor]} <- supervisor:which_children(AsupPid)], + {ok, [{port,Port}]}; + + _ -> + {error,bad_daemon_ref} + end. + %%-------------------------------------------------------------------- -spec stop_listener(pid()) -> ok. -spec stop_listener(inet:ip_address(), integer()) -> ok. @@ -243,32 +257,52 @@ start_daemon(Host, Port, Options, Inet) -> end end. -do_start_daemon(Host0, Port0, Options, SocketOptions) -> - {Host,Port} = try - case proplists:get_value(fd, SocketOptions) of - undefined -> - {Host0,Port0}; - Fd when Port0==0 -> - find_hostport(Fd); - _ -> - {Host0,Port0} - end - catch - _:_ -> throw(bad_fd) - end, - Profile = proplists:get_value(profile, Options, ?DEFAULT_PROFILE), +do_start_daemon(Host0, Port0, SshOptions, SocketOptions) -> + {Host,Port1} = + try + case proplists:get_value(fd, SocketOptions) of + undefined -> + {Host0,Port0}; + Fd when Port0==0 -> + find_hostport(Fd); + _ -> + {Host0,Port0} + end + catch + _:_ -> throw(bad_fd) + end, + Profile = proplists:get_value(profile, SshOptions, ?DEFAULT_PROFILE), + {Port, WaitRequestControl, Opts} = + case Port1 of + 0 -> %% Allocate the socket here to get the port number... + {_, Callback, _} = + proplists:get_value(transport, SshOptions, {tcp, gen_tcp, tcp_closed}), + {ok,LSock} = ssh_acceptor:callback_listen(Callback, 0, SocketOptions), + {ok,{_,LPort}} = inet:sockname(LSock), + {LPort, + {LSock,Callback}, + [{lsocket,LSock},{lsock_owner,self()}] + }; + _ -> + {Port1, false, []} + end, case ssh_system_sup:system_supervisor(Host, Port, Profile) of undefined -> %% It would proably make more sense to call the %% address option host but that is a too big change at the %% monent. The name is a legacy name! try sshd_sup:start_child([{address, Host}, - {port, Port}, {role, server}, + {port, Port}, + {role, server}, {socket_opts, SocketOptions}, - {ssh_opts, Options}]) of + {ssh_opts, SshOptions} + | Opts]) of {error, {already_started, _}} -> {error, eaddrinuse}; - Result = {Code, _} when (Code == ok) or (Code == error) -> + Result = {ok,_} -> + sync_request_control(WaitRequestControl), + Result; + Result = {error, _} -> Result catch exit:{noproc, _} -> @@ -277,18 +311,31 @@ do_start_daemon(Host0, Port0, Options, SocketOptions) -> Sup -> AccPid = ssh_system_sup:acceptor_supervisor(Sup), case ssh_acceptor_sup:start_child(AccPid, [{address, Host}, - {port, Port}, {role, server}, + {port, Port}, + {role, server}, {socket_opts, SocketOptions}, - {ssh_opts, Options}]) of + {ssh_opts, SshOptions} + | Opts]) of {error, {already_started, _}} -> {error, eaddrinuse}; {ok, _} -> + sync_request_control(WaitRequestControl), {ok, Sup}; Other -> Other end end. +sync_request_control(false) -> + ok; +sync_request_control({LSock,Callback}) -> + receive + {request_control,LSock,ReqPid} -> + ok = Callback:controlling_process(LSock, ReqPid), + ReqPid ! {its_yours,LSock}, + ok + end. + find_hostport(Fd) -> %% Using internal functions inet:open/8 and inet:close/0. %% Don't try this at home unless you know what you are doing! diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index d94dedf1bf..90fd951dcd 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -26,7 +26,8 @@ %% Internal application API -export([start_link/5, - number_of_connections/1]). + number_of_connections/1, + callback_listen/3]). %% spawn export -export([acceptor_init/6, acceptor_loop/6]). @@ -46,15 +47,39 @@ start_link(Port, Address, SockOpts, Opts, AcceptTimeout) -> acceptor_init(Parent, Port, Address, SockOpts, Opts, AcceptTimeout) -> {_, Callback, _} = proplists:get_value(transport, Opts, {tcp, gen_tcp, tcp_closed}), - case (catch do_socket_listen(Callback, Port, [{active, false} | SockOpts])) of - {ok, ListenSocket} -> + + SockOwner = proplists:get_value(lsock_owner, Opts), + LSock = proplists:get_value(lsocket, Opts), + UseExistingSocket = + case catch inet:sockname(LSock) of + {ok,{_,Port}} -> is_pid(SockOwner); + _ -> false + end, + + case UseExistingSocket of + true -> proc_lib:init_ack(Parent, {ok, self()}), - acceptor_loop(Callback, - Port, Address, Opts, ListenSocket, AcceptTimeout); - Error -> - proc_lib:init_ack(Parent, Error), - error + request_ownership(LSock, SockOwner), + acceptor_loop(Callback, Port, Address, Opts, LSock, AcceptTimeout); + + false -> + case (catch do_socket_listen(Callback, Port, SockOpts)) of + {ok, ListenSocket} -> + proc_lib:init_ack(Parent, {ok, self()}), + acceptor_loop(Callback, + Port, Address, Opts, ListenSocket, AcceptTimeout); + Error -> + proc_lib:init_ack(Parent, Error), + error + end end. + +request_ownership(LSock, SockOwner) -> + SockOwner ! {request_control,LSock,self()}, + receive + {its_yours,LSock} -> ok + end. + do_socket_listen(Callback, Port0, Opts) -> Port = @@ -62,6 +87,10 @@ do_socket_listen(Callback, Port0, Opts) -> undefined -> Port0; _ -> 0 end, + callback_listen(Callback, Port, Opts). + +callback_listen(Callback, Port, Opts0) -> + Opts = [{active, false}, {reuseaddr,true} | Opts0], case Callback:listen(Port, Opts) of {error, nxdomain} -> Callback:listen(Port, lists:delete(inet6, Opts)); diff --git a/lib/ssh/src/ssh_acceptor_sup.erl b/lib/ssh/src/ssh_acceptor_sup.erl index b2f489a971..4f76dbe6f0 100644 --- a/lib/ssh/src/ssh_acceptor_sup.erl +++ b/lib/ssh/src/ssh_acceptor_sup.erl @@ -85,10 +85,7 @@ child_spec(ServerOpts) -> Profile = proplists:get_value(profile, proplists:get_value(ssh_opts, ServerOpts), ?DEFAULT_PROFILE), Name = id(Address, Port, Profile), SocketOpts = proplists:get_value(socket_opts, ServerOpts), - StartFunc = {ssh_acceptor, start_link, [Port, Address, - [{active, false}, - {reuseaddr, true}] ++ SocketOpts, - ServerOpts, Timeout]}, + StartFunc = {ssh_acceptor, start_link, [Port, Address, SocketOpts, ServerOpts, Timeout]}, Restart = transient, Shutdown = brutal_kill, Modules = [ssh_acceptor], diff --git a/lib/ssh/src/ssh_system_sup.erl b/lib/ssh/src/ssh_system_sup.erl index 6314671f0d..9a9786a914 100644 --- a/lib/ssh/src/ssh_system_sup.erl +++ b/lib/ssh/src/ssh_system_sup.erl @@ -192,6 +192,9 @@ stop_acceptor(Sup) -> [{Name, AcceptorSup}] = [{SupName, ASup} || {SupName, ASup, _, [ssh_acceptor_sup]} <- supervisor:which_children(Sup)], - supervisor:terminate_child(AcceptorSup, Name). - - + case supervisor:terminate_child(AcceptorSup, Name) of + ok -> + supervisor:delete_child(AcceptorSup, Name); + Error -> + Error + end. -- cgit v1.2.3 From 6282a81eca93e015445e04d09be9ac7854bb96d6 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 7 Apr 2016 18:03:42 +0200 Subject: ssh: test cases changed for port 0 as arg to ssh:daemon --- lib/ssh/test/ssh_sftpd_SUITE.erl | 7 ++++--- lib/ssh/test/ssh_test_lib.erl | 16 ++++++++++++---- 2 files changed, 16 insertions(+), 7 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl index fb1a9687af..9385bd127d 100644 --- a/lib/ssh/test/ssh_sftpd_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_SUITE.erl @@ -105,7 +105,6 @@ init_per_testcase(TestCase, Config) -> ClientUserDir = filename:join(PrivDir, nopubkey), SystemDir = filename:join(?config(priv_dir, Config), system), - Port = ssh_test_lib:inet_port(node()), Options = [{system_dir, SystemDir}, {user_dir, PrivDir}, {user_passwords,[{?USER, ?PASSWD}]}, @@ -113,11 +112,13 @@ init_per_testcase(TestCase, Config) -> {ok, Sftpd} = case TestCase of ver6_basic -> SubSystems = [ssh_sftpd:subsystem_spec([{sftpd_vsn, 6}])], - ssh:daemon(Port, [{subsystems, SubSystems}|Options]); + ssh:daemon(0, [{subsystems, SubSystems}|Options]); _ -> SubSystems = [ssh_sftpd:subsystem_spec([])], - ssh:daemon(Port, [{subsystems, SubSystems}|Options]) + ssh:daemon(0, [{subsystems, SubSystems}|Options]) end, + {ok,Dinf} = ssh:daemon_info(Sftpd), + Port = proplists:get_value(port, Dinf), Cm = ssh_test_lib:connect(Port, [{user_dir, ClientUserDir}, diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 4db7d09ccd..0e3500e0c1 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -49,23 +49,31 @@ connect(Host, Port, Options) -> ConnectionRef. daemon(Options) -> - daemon(any, inet_port(), Options). + daemon(any, 0, Options). daemon(Port, Options) when is_integer(Port) -> daemon(any, Port, Options); daemon(Host, Options) -> - daemon(Host, inet_port(), Options). + daemon(Host, 0, Options). + daemon(Host, Port, Options) -> case ssh:daemon(Host, Port, Options) of {ok, Pid} when Host == any -> - {Pid, hostname(), Port}; + ct:log("ssh:daemon ok (1)",[]), + {Pid, hostname(), daemon_port(Port,Pid)}; {ok, Pid} -> - {Pid, Host, Port}; + ct:log("ssh:daemon ok (2)",[]), + {Pid, Host, daemon_port(Port,Pid)}; Error -> Error end. +daemon_port(0, Pid) -> {ok,Dinf} = ssh:daemon_info(Pid), + proplists:get_value(port, Dinf); +daemon_port(Port, _) -> Port. + + std_daemon(Config, ExtraOpts) -> PrivDir = ?config(priv_dir, Config), -- cgit v1.2.3 From 5fa07312d27a7ff6826bf943e3b9d6575be3acf1 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 29 Apr 2016 10:29:21 +0200 Subject: ssh: remove dialyzer 'no-local-return' warnings --- lib/ssh/src/ssh_no_io.erl | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_no_io.erl b/lib/ssh/src/ssh_no_io.erl index 2358560a26..1da257ed99 100644 --- a/lib/ssh/src/ssh_no_io.erl +++ b/lib/ssh/src/ssh_no_io.erl @@ -27,24 +27,36 @@ -export([yes_no/2, read_password/2, read_line/2, format/2]). + +-spec yes_no(any(), any()) -> no_return(). + yes_no(_, _) -> ssh_connection_handler:disconnect( #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, description = "User interaction is not allowed"}, {no_io_allowed, yes_no}). + +-spec read_password(any(), any()) -> no_return(). + read_password(_, _) -> ssh_connection_handler:disconnect( #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, description = "User interaction is not allowed"}, {no_io_allowed, read_password}). + +-spec read_line(any(), any()) -> no_return(). + read_line(_, _) -> ssh_connection_handler:disconnect( #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, description = "User interaction is not allowed"}, {no_io_allowed, read_line}). + +-spec format(any(), any()) -> no_return(). + format(_, _) -> ssh_connection_handler:disconnect( #ssh_msg_disconnect{code = ?SSH_DISCONNECT_SERVICE_NOT_AVAILABLE, -- cgit v1.2.3 From 10a57ef14bba621310bdb83faa5404300a2b92f5 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 6 Apr 2016 16:26:34 +0200 Subject: ssh: added ok= in front of misc calls in ssh_sftp_SUITE --- lib/ssh/test/ssh_sftp_SUITE.erl | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index cd6c5f82b9..ae0a6f670d 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -301,9 +301,9 @@ end_per_testcase(_, Config) -> end_per_testcase(Config) -> {Sftp, Connection} = ?config(sftp, Config), - ssh_sftp:stop_channel(Sftp), + ok = ssh_sftp:stop_channel(Sftp), catch ssh_sftp:stop_channel(?config(channel_pid2, Config)), - ssh:close(Connection). + ok = ssh:close(Connection). %%-------------------------------------------------------------------- %% Test Cases -------------------------------------------------------- @@ -365,7 +365,7 @@ write_file(Config) when is_list(Config) -> {Sftp, _} = ?config(sftp, Config), Data = list_to_binary("Hej hopp!"), - ssh_sftp:write_file(Sftp, FileName, [Data]), + ok = ssh_sftp:write_file(Sftp, FileName, [Data]), {ok, Data} = file:read_file(FileName). %%-------------------------------------------------------------------- @@ -378,7 +378,7 @@ write_file_iolist(Config) when is_list(Config) -> Data = list_to_binary("Hej hopp!"), lists:foreach( fun(D) -> - ssh_sftp:write_file(Sftp, FileName, [D]), + ok = ssh_sftp:write_file(Sftp, FileName, [D]), Expected = if is_binary(D) -> D; is_list(D) -> list_to_binary(D) end, @@ -397,7 +397,7 @@ write_big_file(Config) when is_list(Config) -> {Sftp, _} = ?config(sftp, Config), Data = list_to_binary(lists:duplicate(750000,"a")), - ssh_sftp:write_file(Sftp, FileName, [Data]), + ok = ssh_sftp:write_file(Sftp, FileName, [Data]), {ok, Data} = file:read_file(FileName). %%-------------------------------------------------------------------- @@ -409,7 +409,7 @@ sftp_read_big_file(Config) when is_list(Config) -> Data = list_to_binary(lists:duplicate(750000,"a")), ct:log("Data size to write is ~p bytes",[size(Data)]), - ssh_sftp:write_file(Sftp, FileName, [Data]), + ok = ssh_sftp:write_file(Sftp, FileName, [Data]), {ok, Data} = ssh_sftp:read_file(Sftp, FileName). %%-------------------------------------------------------------------- @@ -500,7 +500,7 @@ set_attributes(Config) when is_list(Config) -> io:put_chars(Fd,"foo"), ok = ssh_sftp:write_file_info(Sftp, FileName, #file_info{mode=8#400}), {error, eacces} = file:write_file(FileName, "hello again"), - ssh_sftp:write_file_info(Sftp, FileName, #file_info{mode=8#600}), + ok = ssh_sftp:write_file_info(Sftp, FileName, #file_info{mode=8#600}), ok = file:write_file(FileName, "hello again"). %%-------------------------------------------------------------------- @@ -549,7 +549,7 @@ position(Config) when is_list(Config) -> {Sftp, _} = ?config(sftp, Config), Data = list_to_binary("1234567890"), - ssh_sftp:write_file(Sftp, FileName, [Data]), + ok = ssh_sftp:write_file(Sftp, FileName, [Data]), {ok, Handle} = ssh_sftp:open(Sftp, FileName, [read]), {ok, 3} = ssh_sftp:position(Sftp, Handle, {bof, 3}), @@ -577,7 +577,7 @@ pos_read(Config) when is_list(Config) -> FileName = ?config(testfile, Config), {Sftp, _} = ?config(sftp, Config), Data = list_to_binary("Hej hopp!"), - ssh_sftp:write_file(Sftp, FileName, [Data]), + ok = ssh_sftp:write_file(Sftp, FileName, [Data]), {ok, Handle} = ssh_sftp:open(Sftp, FileName, [read]), {async, Ref} = ssh_sftp:apread(Sftp, Handle, {bof, 5}, 4), @@ -607,7 +607,7 @@ pos_write(Config) when is_list(Config) -> {ok, Handle} = ssh_sftp:open(Sftp, FileName, [write]), Data = list_to_binary("Bye,"), - ssh_sftp:write_file(Sftp, FileName, [Data]), + ok = ssh_sftp:write_file(Sftp, FileName, [Data]), NewData = list_to_binary(" see you tomorrow"), {async, Ref} = ssh_sftp:apwrite(Sftp, Handle, {bof, 4}, NewData), -- cgit v1.2.3 From c806547ce48744319ffc84d99e4635af83d6ebf9 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 12 Apr 2016 15:56:35 +0200 Subject: ssh: make rsa as companion to dsa test in ssh_to_openssh_SUITE Dsa is outdated and not supported by modern OpenSSH --- lib/ssh/test/ssh_to_openssh_SUITE.erl | 22 ++++++++++++++++++---- .../ssh_to_openssh_SUITE_data/ssh_host_rsa_key | 16 ++++++++++++++++ .../ssh_to_openssh_SUITE_data/ssh_host_rsa_key.pub | 5 +++++ 3 files changed, 39 insertions(+), 4 deletions(-) create mode 100644 lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_rsa_key create mode 100644 lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_rsa_key.pub (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 5b65edc32f..3d3215a600 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -50,13 +50,15 @@ groups() -> [{erlang_client, [], [erlang_shell_client_openssh_server, erlang_client_openssh_server_exec_compressed, erlang_client_openssh_server_setenv, - erlang_client_openssh_server_publickey_rsa, erlang_client_openssh_server_publickey_dsa, + erlang_client_openssh_server_publickey_rsa, erlang_client_openssh_server_password, erlang_client_openssh_server_kexs, erlang_client_openssh_server_nonexistent_subsystem ]}, - {erlang_server, [], [erlang_server_openssh_client_public_key_dsa]} + {erlang_server, [], [erlang_server_openssh_client_public_key_dsa, + erlang_server_openssh_client_public_key_rsa + ]} ]. init_per_suite(Config) -> @@ -74,6 +76,7 @@ init_per_group(erlang_server, Config) -> DataDir = ?config(data_dir, Config), UserDir = ?config(priv_dir, Config), ssh_test_lib:setup_dsa_known_host(DataDir, UserDir), + ssh_test_lib:setup_rsa_known_host(DataDir, UserDir), Config; init_per_group(erlang_client, Config) -> CommonAlgs = ssh_test_lib:algo_intersection( @@ -86,6 +89,7 @@ init_per_group(_, Config) -> end_per_group(erlang_server, Config) -> UserDir = ?config(priv_dir, Config), ssh_test_lib:clean_dsa(UserDir), + ssh_test_lib:clean_rsa(UserDir), Config; end_per_group(_, Config) -> Config. @@ -93,6 +97,8 @@ end_per_group(_, Config) -> init_per_testcase(erlang_server_openssh_client_public_key_dsa, Config) -> chk_key(sshc, 'ssh-dss', ".ssh/id_dsa", Config); +init_per_testcase(erlang_server_openssh_client_public_key_rsa, Config) -> + chk_key(sshc, 'ssh-rsa', ".ssh/id_rsa", Config); init_per_testcase(erlang_client_openssh_server_publickey_dsa, Config) -> chk_key(sshd, 'ssh-dss', ".ssh/id_dsa", Config); init_per_testcase(_TestCase, Config) -> @@ -349,12 +355,20 @@ erlang_client_openssh_server_publickey_dsa(Config) when is_list(Config) -> erlang_server_openssh_client_public_key_dsa() -> [{doc, "Validate using dsa publickey."}]. erlang_server_openssh_client_public_key_dsa(Config) when is_list(Config) -> + erlang_server_openssh_client_public_key_X(Config, ssh_dsa). + +erlang_server_openssh_client_public_key_rsa() -> + [{doc, "Validate using rsa publickey."}]. +erlang_server_openssh_client_public_key_rsa(Config) when is_list(Config) -> + erlang_server_openssh_client_public_key_X(Config, ssh_rsa). + + +erlang_server_openssh_client_public_key_X(Config, PubKeyAlg) -> SystemDir = ?config(data_dir, Config), PrivDir = ?config(priv_dir, Config), KnownHosts = filename:join(PrivDir, "known_hosts"), - {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, - {public_key_alg, ssh_dsa}, + {public_key_alg, PubKeyAlg}, {failfun, fun ssh_test_lib:failfun/2}]), ct:sleep(500), diff --git a/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_rsa_key b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_rsa_key new file mode 100644 index 0000000000..79968bdd7d --- /dev/null +++ b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_rsa_key @@ -0,0 +1,16 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8semM4q843337 +zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RWRWzjaxSB +6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4QIDAQAB +AoGANmvJzJO5hkLuvyDZHKfAnGTtpifcR1wtSa9DjdKUyn8vhKF0mIimnbnYQEmW +NUUb3gXCZLi9PvkpRSVRrASDOZwcjoU/Kvww163vBUVb2cOZfFhyn6o2Sk88Tt++ +udH3hdjpf9i7jTtUkUe+QYPsia+wgvvrmn4QrahLAH86+kECQQDx5gFeXTME3cnW +WMpFz3PPumduzjqgqMMWEccX4FtQkMX/gyGa5UC7OHFyh0N/gSWvPbRHa8A6YgIt +n8DO+fh5AkEAzbqX4DOn8NY6xJIi42q7l/2jIA0RkB6P7YugW5NblhqBZ0XDnpA5 +sMt+rz+K07u9XZtxgh1xi7mNfwY6lEAMqQJBAJBEauCKmRj35Z6OyeQku59SPsnY ++SJEREVvSNw2lH9SOKQQ4wPsYlTGbvKtNVZgAcen91L5MmYfeckYE/fdIZECQQCt +64zxsTnM1I8iFxj/gP/OYlJBikrKt8udWmjaghzvLMEw+T2DExJyb9ZNeT53+UMB +m6O+B/4xzU/djvp+0hbhAkAemIt+rA5kTmYlFndhpvzkSSM8a2EXsO4XIPgGWCTT +tQKS/tTly0ADMjN/TVy11+9d6zcqadNVuHXHGtR4W0GR +-----END RSA PRIVATE KEY----- + diff --git a/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_rsa_key.pub b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_rsa_key.pub new file mode 100644 index 0000000000..75d2025c71 --- /dev/null +++ b/lib/ssh/test/ssh_to_openssh_SUITE_data/ssh_host_rsa_key.pub @@ -0,0 +1,5 @@ +---- BEGIN SSH2 PUBLIC KEY ---- +AAAAB3NzaC1yc2EAAAADAQABAAAAgQDCZX+4FBDwZIh9y/Uxee1VJnEXlowpz2yDKwj8 +semM4q843337zbNfxHmladB1lpz2NqyxI175xMIJuDxogyZdsOxGnFAzAnthR4dqL/RW +RWzjaxSB6IAO9SPYVVlrpZ+1hsjLW79fwXK/yc8VdhRuWTeQiRgYY2ek8+OKbOqz4Q== +---- END SSH2 PUBLIC KEY ---- -- cgit v1.2.3 From 076cdc73631cc46b250f69cedd30fcabaec3d044 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 14 Apr 2016 14:00:24 +0200 Subject: ssh: force publickey in some tests in ssh_algoritms_SUITE --- lib/ssh/test/ssh_algorithms_SUITE.erl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index bdc980e65c..90527cc8ed 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -365,7 +365,8 @@ start_std_daemon(Opts, Config) -> ct:log("started ~p:~p ~p",[Host,Port,Opts]), [{srvr_pid,Pid},{srvr_addr,{Host,Port}} | Config]. -start_pubkey_daemon(Opts, Config) -> +start_pubkey_daemon(Opts0, Config) -> + Opts = [{auth_methods,"publickey"}|Opts0], {Pid, Host, Port} = ssh_test_lib:std_daemon1(Config, Opts), ct:log("started1 ~p:~p ~p",[Host,Port,Opts]), [{srvr_pid,Pid},{srvr_addr,{Host,Port}} | Config]. -- cgit v1.2.3 From f6f2e1dd44b8de44f9a6420ab9ca8b358674caee Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 14 Apr 2016 13:52:03 +0200 Subject: ssh: disable StrictHostKeyChecking in sshc_simple_exec test case The lack of this caused problems on some Windows machines --- lib/ssh/test/ssh_algorithms_SUITE.erl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 90527cc8ed..2e43399a5b 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -226,7 +226,9 @@ sshc_simple_exec(Config) -> KnownHosts = filename:join(PrivDir, "known_hosts"), {Host,Port} = ?config(srvr_addr, Config), Cmd = lists:concat(["ssh -p ",Port, - " -C -o UserKnownHostsFile=",KnownHosts, + " -C", + " -o UserKnownHostsFile=",KnownHosts, + " -o StrictHostKeyChecking=no", " ",Host," 1+1."]), ct:log("~p",[Cmd]), SshPort = open_port({spawn, Cmd}, [binary]), -- cgit v1.2.3 From 0977a597432d018ff0edb3895a32f78a08647b85 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 13 Apr 2016 12:44:27 +0200 Subject: ssh: adjusted timetrap values in ssh_to_openssh_SUITE --- lib/ssh/test/ssh_algorithms_SUITE.erl | 2 +- lib/ssh/test/ssh_to_openssh_SUITE.erl | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 2e43399a5b..e6fc7662f9 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -192,7 +192,7 @@ simple_exec_groups_no_match_too_large(Config) -> %%-------------------------------------------------------------------- %% Testing all default groups -simple_exec_groups() -> [{timetrap,{seconds,180}}]. +simple_exec_groups() -> [{timetrap,{minutes,5}}]. simple_exec_groups(Config) -> Sizes = interpolate( public_key:dh_gex_group_sizes() ), diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 3d3215a600..6132ff399e 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -34,7 +34,7 @@ %%-------------------------------------------------------------------- suite() -> - [{timetrap,{seconds,40}}]. + [{timetrap,{seconds,20}}]. all() -> case os:find_executable("ssh") of @@ -353,12 +353,14 @@ erlang_client_openssh_server_publickey_dsa(Config) when is_list(Config) -> %%-------------------------------------------------------------------- erlang_server_openssh_client_public_key_dsa() -> - [{doc, "Validate using dsa publickey."}]. + [{timetrap, {seconds,(?TIMEOUT div 1000)+10}}, + {doc, "Validate using dsa publickey."}]. erlang_server_openssh_client_public_key_dsa(Config) when is_list(Config) -> erlang_server_openssh_client_public_key_X(Config, ssh_dsa). erlang_server_openssh_client_public_key_rsa() -> - [{doc, "Validate using rsa publickey."}]. + [{timetrap, {seconds,(?TIMEOUT div 1000)+10}}, + {doc, "Validate using rsa publickey."}]. erlang_server_openssh_client_public_key_rsa(Config) when is_list(Config) -> erlang_server_openssh_client_public_key_X(Config, ssh_rsa). -- cgit v1.2.3 From 223b123f576e726c18bcd38fa2b866d23f1a14a3 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 14 Apr 2016 10:28:04 +0200 Subject: ssh: breakout rcv_expected to ssh_test_lib.erl --- lib/ssh/test/ssh_algorithms_SUITE.erl | 23 ++++------------------- lib/ssh/test/ssh_test_lib.erl | 18 ++++++++++++++++++ lib/ssh/test/ssh_to_openssh_SUITE.erl | 11 +---------- 3 files changed, 23 insertions(+), 29 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index e6fc7662f9..3a8eec46a8 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -231,25 +231,10 @@ sshc_simple_exec(Config) -> " -o StrictHostKeyChecking=no", " ",Host," 1+1."]), ct:log("~p",[Cmd]), - SshPort = open_port({spawn, Cmd}, [binary]), - Expect = <<"2\n">>, - rcv_expected(SshPort, Expect). - - -rcv_expected(SshPort, Expect) -> - receive - {SshPort, {data,Expect}} -> - ct:log("Got expected ~p from ~p",[Expect,SshPort]), - catch port_close(SshPort), - ok; - Other -> - ct:log("Got UNEXPECTED ~p",[Other]), - rcv_expected(SshPort, Expect) - - after ?TIMEOUT -> - catch port_close(SshPort), - ct:fail("Did not receive answer") - end. + SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout, + overlapped_io %only affects windows + ]), + ssh_test_lib:rcv_expected({data,<<"2\n">>}, SshPort, ?TIMEOUT). %%-------------------------------------------------------------------- %% Connect to the ssh server of the OS diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 06fddb8dc8..15f10fa1ae 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -194,6 +194,24 @@ reply(TestCase, Result) -> %%ct:log("reply ~p sending ~p ! ~p",[self(), TestCase, Result]), TestCase ! Result. + + +rcv_expected(Expect, SshPort, Timeout) -> + receive + {SshPort, Expect} -> + ct:log("Got expected ~p from ~p",[Expect,SshPort]), + catch port_close(SshPort), + ok; + Other -> + ct:log("Got UNEXPECTED ~p",[Other]), + rcv_expected(SshPort, Expect, Timeout) + + after Timeout -> + catch port_close(SshPort), + ct:fail("Did not receive answer") + end. + + receive_exec_result(Msg) -> ct:log("Expect data! ~p", [Msg]), receive diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 6132ff399e..ea057ed8a5 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -380,16 +380,7 @@ erlang_server_openssh_client_public_key_X(Config, PubKeyAlg) -> " " ++ Host ++ " 1+1.", SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), - receive - {SshPort,{data, <<"2\n">>}} -> - ok - after ?TIMEOUT -> - receive - X -> ct:fail("Received: ~p",[X]) - after 0 -> - ct:fail("Did not receive answer") - end - end, + ssh_test_lib:rcv_expected({data,<<"2\n">>}, SshPort, ?TIMEOUT), ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- -- cgit v1.2.3 From 020e62c9619b518620d216cf0caef55fe129d4c3 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 13 Apr 2016 13:19:10 +0200 Subject: ssh: centralize and adjust port spawning for test_suites into ssh_test_lib --- lib/ssh/test/ssh_algorithms_SUITE.erl | 6 ++---- lib/ssh/test/ssh_test_cli.erl | 9 +++++---- lib/ssh/test/ssh_test_lib.erl | 35 ++++++++++++++++++++++++++++++----- lib/ssh/test/ssh_to_openssh_SUITE.erl | 5 ++--- 4 files changed, 39 insertions(+), 16 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 3a8eec46a8..7965561c22 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -231,10 +231,8 @@ sshc_simple_exec(Config) -> " -o StrictHostKeyChecking=no", " ",Host," 1+1."]), ct:log("~p",[Cmd]), - SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout, - overlapped_io %only affects windows - ]), - ssh_test_lib:rcv_expected({data,<<"2\n">>}, SshPort, ?TIMEOUT). + OpenSsh = ssh_test_lib:open_port({spawn, Cmd}, [eof,exit_status]), + ssh_test_lib:rcv_expected({data,<<"2\n">>}, OpenSsh, ?TIMEOUT). %%-------------------------------------------------------------------- %% Connect to the ssh server of the OS diff --git a/lib/ssh/test/ssh_test_cli.erl b/lib/ssh/test/ssh_test_cli.erl index 697ddb730d..f96b9967d2 100644 --- a/lib/ssh/test/ssh_test_cli.erl +++ b/lib/ssh/test/ssh_test_cli.erl @@ -75,10 +75,11 @@ terminate(_Why, _S) -> run_portprog(User, cli, TmpDir) -> Pty_bin = os:find_executable("cat"), - open_port({spawn_executable, Pty_bin}, - [stream, {cd, TmpDir}, {env, [{"USER", User}]}, - {args, []}, binary, - exit_status, use_stdio, stderr_to_stdout]). + ssh_test_lib:open_port({spawn_executable, Pty_bin}, + [stream, + {cd, TmpDir}, + {env, [{"USER", User}]}, + {args, []}]). get_ssh_user(Ref) -> [{user, User}] = ssh:connection_info(Ref, [user]), diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index 15f10fa1ae..927c9343d1 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -201,16 +201,27 @@ rcv_expected(Expect, SshPort, Timeout) -> {SshPort, Expect} -> ct:log("Got expected ~p from ~p",[Expect,SshPort]), catch port_close(SshPort), - ok; + rcv_lingering(50); Other -> - ct:log("Got UNEXPECTED ~p",[Other]), - rcv_expected(SshPort, Expect, Timeout) + ct:log("Got UNEXPECTED ~p~nExpect ~p",[Other, {SshPort,Expect}]), + rcv_expected(Expect, SshPort, Timeout) after Timeout -> catch port_close(SshPort), ct:fail("Did not receive answer") end. +rcv_lingering(Timeout) -> + receive + Msg -> + ct:log("Got LINGERING ~p",[Msg]), + rcv_lingering(Timeout) + + after Timeout -> + ct:log("No more lingering messages",[]), + ok + end. + receive_exec_result(Msg) -> ct:log("Expect data! ~p", [Msg]), @@ -481,8 +492,9 @@ openssh_supports(ClientOrServer, Tag, Alg) when ClientOrServer == sshc ; %% Check if we have a "newer" ssh client that supports these test cases ssh_client_supports_Q() -> - ErlPort = open_port({spawn, "ssh -Q cipher"}, [exit_status, stderr_to_stdout]), - 0 == check_ssh_client_support2(ErlPort). + 0 == check_ssh_client_support2( + ?MODULE:open_port({spawn, "ssh -Q cipher"}) + ). check_ssh_client_support2(P) -> receive @@ -701,3 +713,16 @@ has_inet6_address() -> catch throw:6 -> true end. + +%%%---------------------------------------------------------------- +open_port(Arg1) -> + ?MODULE:open_port(Arg1, []). + +open_port(Arg1, ExtraOpts) -> + erlang:open_port(Arg1, + [binary, + stderr_to_stdout, + exit_status, + use_stdio, + overlapped_io, hide %only affects windows + | ExtraOpts]). diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index ea057ed8a5..2be75fd7f3 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -378,9 +378,8 @@ erlang_server_openssh_client_public_key_X(Config, PubKeyAlg) -> Cmd = "ssh -p " ++ integer_to_list(Port) ++ " -o UserKnownHostsFile=" ++ KnownHosts ++ " " ++ Host ++ " 1+1.", - SshPort = open_port({spawn, Cmd}, [binary, stderr_to_stdout]), - - ssh_test_lib:rcv_expected({data,<<"2\n">>}, SshPort, ?TIMEOUT), + OpenSsh = ssh_test_lib:open_port({spawn, Cmd}), + ssh_test_lib:rcv_expected({data,<<"2\n">>}, OpenSsh, ?TIMEOUT), ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- -- cgit v1.2.3 From 8bfcd11948895164d1841c0c00450b0e26cb9927 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 13 Apr 2016 15:35:41 +0200 Subject: ssh: break out test macro ?wait_match into new ssh_test_lib.hrl --- lib/ssh/test/Makefile | 1 + lib/ssh/test/ssh_connection_SUITE.erl | 5 +++-- lib/ssh/test/ssh_sup_SUITE.erl | 27 +++------------------------ lib/ssh/test/ssh_test_lib.hrl | 27 +++++++++++++++++++++++++++ 4 files changed, 34 insertions(+), 26 deletions(-) create mode 100644 lib/ssh/test/ssh_test_lib.hrl (limited to 'lib/ssh') diff --git a/lib/ssh/test/Makefile b/lib/ssh/test/Makefile index 4ecc662c13..6ce6d6f537 100644 --- a/lib/ssh/test/Makefile +++ b/lib/ssh/test/Makefile @@ -55,6 +55,7 @@ MODULES= \ ssh_relay HRL_FILES_NEEDED_IN_TEST= \ + $(ERL_TOP)/lib/ssh/test/ssh_test_lib.hrl \ $(ERL_TOP)/lib/ssh/src/ssh.hrl \ $(ERL_TOP)/lib/ssh/src/ssh_xfer.hrl diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index fd1b2e4f8e..0f757a0322 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -23,6 +23,7 @@ -include_lib("common_test/include/ct.hrl"). -include_lib("ssh/src/ssh_connect.hrl"). +-include("ssh_test_lib.hrl"). -compile(export_all). @@ -691,7 +692,7 @@ max_channels_option(Config) when is_list(Config) -> end, %%%---- Channel 3(3): subsystem "echo_n" (Note that ChannelId2 should be closed now) - success = ssh_connection:subsystem(ConnectionRef, ChannelId3, "echo_n", infinity), + ?wait_match(success, ssh_connection:subsystem(ConnectionRef, ChannelId3, "echo_n", infinity)), %%%---- Channel 4(3) !: exec This should fail failure = ssh_connection:exec(ConnectionRef, ChannelId4, "testing2.\n", infinity), @@ -710,7 +711,7 @@ max_channels_option(Config) when is_list(Config) -> end, %%---- Try that we can open one channel instead of the closed one - success = ssh_connection:subsystem(ConnectionRef, ChannelId5, "echo_n", infinity), + ?wait_match(success, ssh_connection:subsystem(ConnectionRef, ChannelId5, "echo_n", infinity)), %%---- But not a fourth one... failure = ssh_connection:subsystem(ConnectionRef, ChannelId6, "echo_n", infinity), diff --git a/lib/ssh/test/ssh_sup_SUITE.erl b/lib/ssh/test/ssh_sup_SUITE.erl index d43a9cb425..2dc4263603 100644 --- a/lib/ssh/test/ssh_sup_SUITE.erl +++ b/lib/ssh/test/ssh_sup_SUITE.erl @@ -22,14 +22,16 @@ -module(ssh_sup_SUITE). -include_lib("common_test/include/ct.hrl"). -include_lib("ssh/src/ssh.hrl"). +-include("ssh_test_lib.hrl"). %% Note: This directive should only be used in test suites. -compile(export_all). --define(WAIT_FOR_SHUTDOWN, 500). -define(USER, "Alladin"). -define(PASSWD, "Sesame"). +-define(WAIT_FOR_SHUTDOWN, 500). + %%-------------------------------------------------------------------- %% Common Test interface functions ----------------------------------- %%-------------------------------------------------------------------- @@ -79,29 +81,6 @@ end_per_testcase(sshc_subtree, Config) -> end_per_testcase(_, _Config) -> ssh:stop(). -%%------------------------------------------------------------------------- -%% Help macro -%%------------------------------------------------------------------------- --define(wait_match(Pattern, FunctionCall, Bind), - Bind = - (fun() -> - F = fun(N, F1) -> - case FunctionCall of - Pattern -> Bind; - _ when N>0 -> - ct:pal("Must sleep ~p ms at ~p:~p",[?WAIT_FOR_SHUTDOWN,?MODULE,?LINE]), - timer:sleep(?WAIT_FOR_SHUTDOWN), - F1(N-1, F1); - Other -> - ct:fail("Unexpected ~p:~p ~p",[?MODULE,?LINE,Other]) - end - end, - F((5000 div ?WAIT_FOR_SHUTDOWN), F) - end)() - ). - --define(wait_match(Pattern, FunctionCall), ?wait_match(Pattern, FunctionCall, ok)). - %%------------------------------------------------------------------------- %% Test cases %%------------------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_test_lib.hrl b/lib/ssh/test/ssh_test_lib.hrl new file mode 100644 index 0000000000..7cb7edeaa8 --- /dev/null +++ b/lib/ssh/test/ssh_test_lib.hrl @@ -0,0 +1,27 @@ +%%------------------------------------------------------------------------- +%% Help macro +%%------------------------------------------------------------------------- +-define(wait_match(Pattern, FunctionCall, Bind, Timeout, Ntries), + Bind = + (fun() -> + F = fun(N, F1) -> + case FunctionCall of + Pattern -> Bind; + _ when N>0 -> + ct:pal("Must sleep ~p ms at ~p:~p",[Timeout,?MODULE,?LINE]), + timer:sleep(Timeout), + F1(N-1, F1); + Other -> + ct:fail("Unexpected ~p:~p ~p",[?MODULE,?LINE,Other]) + end + end, + F(Ntries, F) + end)() + ). + +-define(wait_match(Pattern, FunctionCall, Timeout, Ntries), ?wait_match(Pattern, FunctionCall, ok, Timeout, Ntries)). + +-define(wait_match(Pattern, FunctionCall, Bind), ?wait_match(Pattern, FunctionCall, Bind, 500, 10) ). + +-define(wait_match(Pattern, FunctionCall), ?wait_match(Pattern, FunctionCall, ok) ). + -- cgit v1.2.3 From 7efc9c9460baa78dba0bc63e300890df5a97812f Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 28 Apr 2016 16:35:23 +0200 Subject: ssh: undocumented, untestesd and experimental tcpip_forward code removed --- lib/ssh/src/ssh_connect.hrl | 2 +- lib/ssh/src/ssh_connection.erl | 133 +-------------------------------- lib/ssh/src/ssh_connection_handler.erl | 51 ------------- 3 files changed, 3 insertions(+), 183 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connect.hrl b/lib/ssh/src/ssh_connect.hrl index 47a166dcfd..4fb6bc39f3 100644 --- a/lib/ssh/src/ssh_connect.hrl +++ b/lib/ssh/src/ssh_connect.hrl @@ -243,7 +243,7 @@ -record(channel, { - type, %% "session", "x11", "forwarded-tcpip", "direct-tcpip" + type, %% "session" sys, %% "none", "shell", "exec" "subsystem" user, %% "user" process id (default to cm user) flow_control, diff --git a/lib/ssh/src/ssh_connection.erl b/lib/ssh/src/ssh_connection.erl index 25d552240a..d0f2d54c06 100644 --- a/lib/ssh/src/ssh_connection.erl +++ b/lib/ssh/src/ssh_connection.erl @@ -38,8 +38,7 @@ %% Potential API currently unsupported and not tested -export([window_change/4, window_change/6, - direct_tcpip/6, direct_tcpip/8, tcpip_forward/3, - cancel_tcpip_forward/3, signal/3, exit_status/3]). + signal/3, exit_status/3]). %% Internal application API -export([channel_data/5, handle_msg/3, channel_eof_msg/1, @@ -48,7 +47,7 @@ channel_adjust_window_msg/2, channel_data_msg/3, channel_open_msg/5, channel_open_confirmation_msg/4, channel_open_failure_msg/4, channel_request_msg/4, - global_request_msg/3, request_failure_msg/0, + request_failure_msg/0, request_success_msg/1, bind/4, unbind/3, unbind_channel/2, bound_channel/3, encode_ip/1]). @@ -232,58 +231,6 @@ exit_status(ConnectionHandler, Channel, Status) -> ssh_connection_handler:request(ConnectionHandler, Channel, "exit-status", false, [?uint32(Status)], 0). -%% The client wants the server to make a tcp connection on behalf of -%% the client -direct_tcpip(ConnectionHandler, RemoteHost, - RemotePort, OrigIP, OrigPort, Timeout) -> - direct_tcpip(ConnectionHandler, RemoteHost, RemotePort, OrigIP, OrigPort, - ?DEFAULT_WINDOW_SIZE, ?DEFAULT_PACKET_SIZE, Timeout). - -direct_tcpip(ConnectionHandler, RemoteIP, RemotePort, OrigIP, OrigPort, - InitialWindowSize, MaxPacketSize, Timeout) -> - case {encode_ip(RemoteIP), encode_ip(OrigIP)} of - {false, _} -> - {error, einval}; - {_, false} -> - {error, einval}; - {RIP, OIP} -> - ssh_connection_handler:open_channel(ConnectionHandler, - "direct-tcpip", - [?string(RIP), - ?uint32(RemotePort), - ?string(OIP), - ?uint32(OrigPort)], - InitialWindowSize, - MaxPacketSize, - Timeout) - end. - -%% The client wants the server to listen on BindIP:BindPort for tcp -%% connections. When there is a tcp connect (SYN) to that pair on the -%% server, the server sends a #ssh_msg_channel_open{"forwarded-tcpip"} -%% back to the client for each new tcp connection -tcpip_forward(ConnectionHandler, BindIP, BindPort) -> - case encode_ip(BindIP) of - false -> - {error, einval}; - IPStr -> - ssh_connection_handler:global_request(ConnectionHandler, - "tcpip-forward", true, - [?string(IPStr), - ?uint32(BindPort)]) - end. - -cancel_tcpip_forward(ConnectionHandler, BindIP, Port) -> - case encode_ip(BindIP) of - false -> - {error, einval}; - IPStr -> - ssh_connection_handler:global_request(ConnectionHandler, - "cancel-tcpip-forward", true, - [?string(IPStr), - ?uint32(Port)]) - end. - %%-------------------------------------------------------------------- %%% Internal API %%-------------------------------------------------------------------- @@ -504,73 +451,6 @@ handle_msg(#ssh_msg_channel_open{channel_type = "session", {{replies, [{connection_reply, FailMsg}]}, Connection}; -handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip" = Type, - sender_channel = RemoteId, - initial_window_size = RWindowSz, - maximum_packet_size = RPacketSz, - data = Data}, - #connection{channel_cache = Cache, options = SSHopts} = Connection0, - server) -> - <> = Data, - - MinAcceptedPackSz = proplists:get_value(minimal_remote_max_packet_size, SSHopts, 0), - - if - MinAcceptedPackSz =< RPacketSz -> - case bound_channel(Address, Port, Connection0) of - undefined -> - FailMsg = channel_open_failure_msg(RemoteId, - ?SSH_OPEN_CONNECT_FAILED, - "Connection refused", "en"), - {{replies, - [{connection_reply, FailMsg}]}, Connection0}; - ChannelPid -> - {ChannelId, Connection1} = new_channel_id(Connection0), - LWindowSz = ?DEFAULT_WINDOW_SIZE, - LPacketSz = ?DEFAULT_PACKET_SIZE, - Channel = #channel{type = Type, - sys = "none", - user = ChannelPid, - local_id = ChannelId, - recv_window_size = LWindowSz, - recv_packet_size = LPacketSz, - send_window_size = RWindowSz, - send_packet_size = RPacketSz, - send_buf = queue:new() - }, - ssh_channel:cache_update(Cache, Channel), - OpenConfMsg = channel_open_confirmation_msg(RemoteId, ChannelId, - LWindowSz, LPacketSz), - {OpenMsg, Connection} = - reply_msg(Channel, Connection1, - {open, Channel, {forwarded_tcpip, - decode_ip(Address), Port, - decode_ip(Orig), OrigPort}}), - {{replies, [{connection_reply, OpenConfMsg}, - OpenMsg]}, Connection} - end; - - MinAcceptedPackSz > RPacketSz -> - FailMsg = channel_open_failure_msg(RemoteId, - ?SSH_OPEN_ADMINISTRATIVELY_PROHIBITED, - lists:concat(["Maximum packet size below ",MinAcceptedPackSz, - " not supported"]), "en"), - {{replies, [{connection_reply, FailMsg}]}, Connection0} - end; - - -handle_msg(#ssh_msg_channel_open{channel_type = "forwarded-tcpip", - sender_channel = RemoteId}, - Connection, client) -> - %% Client implementations SHOULD reject direct TCP/IP open requests for - %% security reasons. See RFC 4254 7.2. - FailMsg = channel_open_failure_msg(RemoteId, - ?SSH_OPEN_CONNECT_FAILED, - "Connection refused", "en"), - {{replies, [{connection_reply, FailMsg}]}, Connection}; - - handle_msg(#ssh_msg_channel_open{sender_channel = RemoteId}, Connection, _) -> FailMsg = channel_open_failure_msg(RemoteId, ?SSH_OPEN_ADMINISTRATIVELY_PROHIBITED, @@ -881,10 +761,6 @@ channel_request_msg(ChannelId, Type, WantReply, Data) -> want_reply = WantReply, data = Data}. -global_request_msg(Type, WantReply, Data) -> - #ssh_msg_global_request{name = Type, - want_reply = WantReply, - data = Data}. request_failure_msg() -> #ssh_msg_request_failure{}. @@ -1346,11 +1222,6 @@ decode_pty_opts2(<>) -> end, [{Op, Value} | decode_pty_opts2(Tail)]. -decode_ip(Addr) when is_binary(Addr) -> - case inet_parse:address(binary_to_list(Addr)) of - {error,_} -> Addr; - {ok,A} -> A - end. backwards_compatible([], Acc) -> Acc; diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index e5229eb954..0327a72c12 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -49,7 +49,6 @@ open_channel/6, request/6, request/7, reply_request/3, - global_request/4, send/5, send_eof/2, info/1, info/2, @@ -216,23 +215,6 @@ request(ConnectionHandler, ChannelId, Type, false, Data, _) -> reply_request(ConnectionHandler, Status, ChannelId) -> cast(ConnectionHandler, {reply_request, Status, ChannelId}). -%%-------------------------------------------------------------------- --spec global_request(connection_ref(), - string(), - boolean(), - iolist() - ) -> ok | error. -%% . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . -global_request(ConnectionHandler, Type, true = Reply, Data) -> - case call(ConnectionHandler, {global_request, self(), Type, Reply, Data}) of - {ssh_cm, ConnectionHandler, {success, _}} -> - ok; - {ssh_cm, ConnectionHandler, {failure, _}} -> - error - end; -global_request(ConnectionHandler, Type, false = Reply, Data) -> - cast(ConnectionHandler, {global_request, self(), Type, Reply, Data}). - %%-------------------------------------------------------------------- -spec send(connection_ref(), channel_id(), @@ -1078,12 +1060,6 @@ handle_event({call,From}, {request, ChannelId, Type, Data, Timeout}, {connected, start_channel_request_timer(ChannelId, From, Timeout), {keep_state, cache_request_idle_timer_check(D)}; -handle_event({call,From}, {global_request, Pid, _, _, _} = Request, {connected,_}, D0) -> - D1 = handle_global_request(Request, D0), - Channel = ssh_channel:cache_find(Pid, cache(D1)), - D = add_request(true, Channel#channel.local_id, From, D1), - {keep_state, D}; - handle_event({call,From}, {data, ChannelId, Type, Data, Timeout}, {connected,_}, D0) -> {{replies, Replies}, Connection} = ssh_connection:channel_data(ChannelId, Type, Data, D0#data.connection_state, From), @@ -1627,33 +1603,6 @@ handle_request(ChannelId, Type, Data, WantReply, From, D) -> D end. -%%%---------------------------------------------------------------- -handle_global_request({global_request, ChannelPid, - "tcpip-forward" = Type, WantReply, - <> = Data - }, - D) -> - ssh_channel:cache_update(cache(D), - #channel{user = ChannelPid, - type = "forwarded-tcpip", - sys = none}), - Connection = ssh_connection:bind(IP, Port, ChannelPid, D#data.connection_state), - Msg = ssh_connection:global_request_msg(Type, WantReply, Data), - send_msg(Msg, D#data{connection_state = Connection}); - -handle_global_request({global_request, _Pid, "cancel-tcpip-forward" = Type, - WantReply, <> = Data}, - #data{connection_state = Connection0} = State) -> - Connection = ssh_connection:unbind(IP, Port, Connection0), - Msg = ssh_connection:global_request_msg(Type, WantReply, Data), - send_msg(Msg, State#data{connection_state = Connection}); - -handle_global_request({global_request, _, "cancel-tcpip-forward" = Type, - WantReply, Data}, State) -> - Msg = ssh_connection:global_request_msg(Type, WantReply, Data), - send_msg(Msg, State). - %%%---------------------------------------------------------------- handle_channel_down(ChannelPid, D) -> ssh_channel:cache_foldl( -- cgit v1.2.3 From 9e5a6c7e1a2ce2c8a4c089237f1ecc657598c953 Mon Sep 17 00:00:00 2001 From: Lukas Larsson Date: Fri, 29 Apr 2016 15:56:09 +0200 Subject: ssh: sshc_sup to use worker for ssh_con_handler --- lib/ssh/src/sshc_sup.erl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/sshc_sup.erl b/lib/ssh/src/sshc_sup.erl index 5667fd2aec..71b5c2c46a 100644 --- a/lib/ssh/src/sshc_sup.erl +++ b/lib/ssh/src/sshc_sup.erl @@ -64,7 +64,7 @@ child_spec(_) -> Name = undefined, % As simple_one_for_one is used. StartFunc = {ssh_connection_handler, start_link, []}, Restart = temporary, - Shutdown = infinity, + Shutdown = 4000, Modules = [ssh_connection_handler], - Type = supervisor, + Type = worker, {Name, StartFunc, Restart, Shutdown, Type, Modules}. -- cgit v1.2.3 From b5dfe717cca9ae3d86af6112cedf1d0918a83027 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 2 May 2016 10:38:22 +0200 Subject: ssh: Update the ssh_sup_SUITE test Conflicts: lib/ssh/test/ssh_sup_SUITE.erl --- lib/ssh/test/ssh_sup_SUITE.erl | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_sup_SUITE.erl b/lib/ssh/test/ssh_sup_SUITE.erl index 2dc4263603..f8929b30ff 100644 --- a/lib/ssh/test/ssh_sup_SUITE.erl +++ b/lib/ssh/test/ssh_sup_SUITE.erl @@ -108,18 +108,19 @@ sshc_subtree(Config) when is_list(Config) -> {ok, Pid1} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, {user_interaction, false}, {user, ?USER}, {password, ?PASSWD},{user_dir, UserDir}]), - ?wait_match([{_, _,supervisor,[ssh_connection_handler]}], + + ?wait_match([{_, _,worker,[ssh_connection_handler]}], supervisor:which_children(sshc_sup)), {ok, Pid2} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, {user_interaction, false}, {user, ?USER}, {password, ?PASSWD}, {user_dir, UserDir}]), - ?wait_match([{_,_,supervisor,[ssh_connection_handler]}, - {_,_,supervisor,[ssh_connection_handler]}], + ?wait_match([{_,_,worker,[ssh_connection_handler]}, + {_,_,worker,[ssh_connection_handler]}], supervisor:which_children(sshc_sup)), ssh:close(Pid1), - ?wait_match([{_,_,supervisor,[ssh_connection_handler]}], + ?wait_match([{_,_,worker,[ssh_connection_handler]}], supervisor:which_children(sshc_sup)), ssh:close(Pid2), ?wait_match([], supervisor:which_children(sshc_sup)). -- cgit v1.2.3 From 4009859d6a10cd73ba55d49f1f033459d2b99c89 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 3 May 2016 13:56:03 +0200 Subject: ssh: ssh_upgrade_SUITE --- lib/ssh/test/ssh_upgrade_SUITE.erl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_upgrade_SUITE.erl b/lib/ssh/test/ssh_upgrade_SUITE.erl index 5c7ec17dac..06bef2455e 100644 --- a/lib/ssh/test/ssh_upgrade_SUITE.erl +++ b/lib/ssh/test/ssh_upgrade_SUITE.erl @@ -146,7 +146,8 @@ setup_server_client(#state{config=Config} = State) -> SFTP = ssh_sftpd:subsystem_spec([{root,FtpRootDir},{cwd,FtpRootDir}]), - {Server,Host,Port} = ssh_test_lib:daemon([{system_dir,DataDir}, + {Server,Host,Port} = ssh_test_lib:daemon(ssh_test_lib:inet_port(), % when lower rel is 18.x + [{system_dir,DataDir}, {user_passwords,[{"hej","hopp"}]}, {subsystems,[SFTP]}]), -- cgit v1.2.3 From 5762a0299f9b55ab313b78bb6cecdad083e7ec7a Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 3 May 2016 15:34:46 +0200 Subject: ssh: update ssh_benchmark_SUITE to new ssh_connection_handler --- lib/ssh/test/ssh_benchmark_SUITE.erl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl index 1f11fee350..d9be1a32b7 100644 --- a/lib/ssh/test/ssh_benchmark_SUITE.erl +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -334,16 +334,16 @@ find_time(accept_to_hello, L) -> C#call.t_call end, ?LINE, - fun(C=#call{mfa = {ssh_connection_handler,handle_event,5}, - args = [_, {version_exchange,_}, _, {hello,_}, _]}) -> + fun(C=#call{mfa = {ssh_connection_handler,handle_event,4}, + args = [_, {version_exchange,_}, {hello,_}, _]}) -> C#call.t_call end, ?LINE ], L, []), {accept_to_hello, now2micro_sec(now_diff(T1,T0)), microsec}; find_time(kex, L) -> - [T0,T1] = find([fun(C=#call{mfa = {ssh_connection_handler,handle_event,5}, - args = [_, {version_exchange,_}, _, {hello,_}, _]}) -> + [T0,T1] = find([fun(C=#call{mfa = {ssh_connection_handler,handle_event,4}, + args = [_, {version_exchange,_}, {hello,_}, _]}) -> C#call.t_call end, ?LINE, @@ -466,8 +466,8 @@ erlang_trace() -> {ssh_message,decode,1}, {public_key,dh_gex_group,4} % To find dh_gex group size ]], - init_trace({ssh_connection_handler,handle_event,5}, - [{['_', {version_exchange,'_'}, '_', {hello,'_'}, '_'], + init_trace({ssh_connection_handler,handle_event,4}, + [{['_', {version_exchange,'_'}, {hello,'_'}, '_'], [], [return_trace]}]), {ok, TracerPid}. -- cgit v1.2.3 From f5e152a96c5ad957f3732a3f0cee09034c7c727d Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 3 May 2016 12:45:03 +0200 Subject: ssh: -spec added for behaviours --- lib/ssh/src/ssh_acceptor_sup.erl | 2 ++ lib/ssh/src/ssh_channel_sup.erl | 2 ++ lib/ssh/src/ssh_cli.erl | 15 +++++++++++++++ lib/ssh/src/ssh_client_key_api.erl | 24 ++++++++++++++++++------ lib/ssh/src/ssh_connection_sup.erl | 2 ++ lib/ssh/src/ssh_file.erl | 23 ++++++++++++++++++++++- lib/ssh/src/ssh_server_key_api.erl | 15 +++++++++++---- lib/ssh/src/ssh_sftpd.erl | 16 ++++++++++++++++ lib/ssh/src/ssh_shell.erl | 15 +++++++++++++++ lib/ssh/src/ssh_subsystem_sup.erl | 2 ++ lib/ssh/src/ssh_sup.erl | 2 ++ lib/ssh/src/ssh_system_sup.erl | 2 ++ lib/ssh/src/sshc_sup.erl | 2 ++ lib/ssh/src/sshd_sup.erl | 2 ++ 14 files changed, 113 insertions(+), 11 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_acceptor_sup.erl b/lib/ssh/src/ssh_acceptor_sup.erl index 4f76dbe6f0..129f85a3e0 100644 --- a/lib/ssh/src/ssh_acceptor_sup.erl +++ b/lib/ssh/src/ssh_acceptor_sup.erl @@ -36,6 +36,8 @@ -define(DEFAULT_TIMEOUT, 50000). +-spec init( [term()] ) -> {ok,{supervisor:sup_flags(),[supervisor:child_spec()]}} | ignore . + %%%========================================================================= %%% API %%%========================================================================= diff --git a/lib/ssh/src/ssh_channel_sup.erl b/lib/ssh/src/ssh_channel_sup.erl index 8eaa85f795..6b01dc334d 100644 --- a/lib/ssh/src/ssh_channel_sup.erl +++ b/lib/ssh/src/ssh_channel_sup.erl @@ -43,6 +43,8 @@ start_child(Sup, ChildSpec) -> %%%========================================================================= %%% Supervisor callback %%%========================================================================= +-spec init( [term()] ) -> {ok,{supervisor:sup_flags(),[supervisor:child_spec()]}} | ignore . + init(_Args) -> RestartStrategy = one_for_one, MaxR = 10, diff --git a/lib/ssh/src/ssh_cli.erl b/lib/ssh/src/ssh_cli.erl index 2d60008de6..74cd2e081a 100644 --- a/lib/ssh/src/ssh_cli.erl +++ b/lib/ssh/src/ssh_cli.erl @@ -47,6 +47,21 @@ %%==================================================================== %% ssh_channel callbacks %%==================================================================== +-spec init(Args :: term()) -> + {ok, State :: term()} | {ok, State :: term(), timeout() | hibernate} | + {stop, Reason :: term()} | ignore. + +-spec terminate(Reason :: (normal | shutdown | {shutdown, term()} | + term()), + State :: term()) -> + term(). + +-spec handle_msg(Msg ::term(), State :: term()) -> + {ok, State::term()} | {stop, ChannelId::integer(), State::term()}. +-spec handle_ssh_msg({ssh_cm, ConnectionRef::term(), SshMsg::term()}, + State::term()) -> {ok, State::term()} | + {stop, ChannelId::integer(), + State::term()}. %%-------------------------------------------------------------------- %% Function: init(Args) -> {ok, State} diff --git a/lib/ssh/src/ssh_client_key_api.erl b/lib/ssh/src/ssh_client_key_api.erl index 039a7dea9b..6e994ff292 100644 --- a/lib/ssh/src/ssh_client_key_api.erl +++ b/lib/ssh/src/ssh_client_key_api.erl @@ -23,14 +23,26 @@ -include_lib("public_key/include/public_key.hrl"). -include("ssh.hrl"). --callback is_host_key(PublicKey :: #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term() , Host :: string(), - Algorithm :: 'ssh-rsa'| 'ssh-dss'| atom(), ConnectOptions :: proplists:proplist()) -> +-export_type([algorithm/0]). + +-type algorithm() :: 'ssh-rsa' + | 'ssh-dss' + | 'ecdsa-sha2-nistp256' + | 'ecdsa-sha2-nistp384' + | 'ecdsa-sha2-nistp521' + . + +-callback is_host_key(PublicKey :: public_key:public_key(), + Host :: string(), + Algorithm :: algorithm(), + ConnectOptions :: proplists:proplist()) -> boolean(). --callback user_key(Algorithm :: 'ssh-rsa'| 'ssh-dss'| atom(), ConnectOptions :: proplists:proplist()) -> - {ok, PrivateKey :: #'RSAPrivateKey'{}| #'DSAPrivateKey'{} | term()} | {error, string()}. +-callback user_key(Algorithm :: algorithm(), + ConnectOptions :: proplists:proplist()) -> + {ok, PrivateKey::public_key:private_key()} | {error, term()}. --callback add_host_key(Host :: string(), PublicKey :: #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term(), - Options :: list()) -> +-callback add_host_key(Host :: string(), PublicKey :: public_key:public_key(), + Options :: proplists:proplist()) -> ok | {error, Error::term()}. diff --git a/lib/ssh/src/ssh_connection_sup.erl b/lib/ssh/src/ssh_connection_sup.erl index 8c7628e909..0f54053f52 100644 --- a/lib/ssh/src/ssh_connection_sup.erl +++ b/lib/ssh/src/ssh_connection_sup.erl @@ -45,6 +45,8 @@ start_child(Sup, Args) -> %%%========================================================================= %%% Supervisor callback %%%========================================================================= +-spec init( [term()] ) -> {ok,{supervisor:sup_flags(),[supervisor:child_spec()]}} | ignore . + init(_) -> RestartStrategy = simple_one_for_one, MaxR = 0, diff --git a/lib/ssh/src/ssh_file.erl b/lib/ssh/src/ssh_file.erl index 4486d36fe4..216f65f33a 100644 --- a/lib/ssh/src/ssh_file.erl +++ b/lib/ssh/src/ssh_file.erl @@ -43,7 +43,28 @@ -define(PERM_644, 8#644). -%% API +%%% API + +%%% client +-spec add_host_key(string(), + public_key:public_key(), + proplists:proplist()) -> ok | {error,term()}. + +-spec is_host_key(public_key:public_key(), + string(), + ssh_client_key_api:algorithm(), + proplists:proplist()) -> boolean(). + +-spec user_key(ssh_client_key_api:algorithm(), + proplists:proplist()) -> {ok, public_key:private_key()} | {error,term()}. + +%%% server +-spec host_key(ssh_server_key_api:algorithm(), + proplists:proplist()) -> {ok, public_key:private_key()} | {error,term()}. + +-spec is_auth_key(public_key:public_key(), + string(), proplists:proplist()) -> boolean(). + %% Used by server host_key(Algorithm, Opts) -> diff --git a/lib/ssh/src/ssh_server_key_api.erl b/lib/ssh/src/ssh_server_key_api.erl index c1d43a486c..3f1b886fa7 100644 --- a/lib/ssh/src/ssh_server_key_api.erl +++ b/lib/ssh/src/ssh_server_key_api.erl @@ -23,9 +23,16 @@ -include_lib("public_key/include/public_key.hrl"). -include("ssh.hrl"). --callback host_key(Algorithm :: 'ssh-rsa'| 'ssh-dss'| atom(), DaemonOptions :: proplists:proplist()) -> - {ok, PrivateKey :: #'RSAPrivateKey'{}| #'DSAPrivateKey'{} | term()} | {error, string()}. +-export_type([algorithm/0]). --callback is_auth_key(PublicKey :: #'RSAPublicKey'{}| {integer(), #'Dss-Parms'{}}| term(), - User :: string(), DaemonOptions :: proplists:proplist()) -> +-type algorithm() :: ssh_client_key_api:algorithm(). + + +-callback host_key(Algorithm :: algorithm(), + DaemonOptions :: proplists:proplist()) -> + {ok, PrivateKey :: public_key:private_key()} | {error, term()}. + +-callback is_auth_key(PublicKey :: public_key:public_key(), + User :: string(), + DaemonOptions :: proplists:proplist()) -> boolean(). diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl index 819cba697e..dca018f20f 100644 --- a/lib/ssh/src/ssh_sftpd.erl +++ b/lib/ssh/src/ssh_sftpd.erl @@ -57,6 +57,22 @@ %%==================================================================== %% API %%==================================================================== +-spec init(Args :: term()) -> + {ok, State :: term()} | {ok, State :: term(), timeout() | hibernate} | + {stop, Reason :: term()} | ignore. + +-spec terminate(Reason :: (normal | shutdown | {shutdown, term()} | + term()), + State :: term()) -> + term(). + +-spec handle_msg(Msg ::term(), State :: term()) -> + {ok, State::term()} | {stop, ChannelId::integer(), State::term()}. +-spec handle_ssh_msg({ssh_cm, ConnectionRef::term(), SshMsg::term()}, + State::term()) -> {ok, State::term()} | + {stop, ChannelId::integer(), + State::term()}. + subsystem_spec(Options) -> {"sftp", {?MODULE, Options}}. diff --git a/lib/ssh/src/ssh_shell.erl b/lib/ssh/src/ssh_shell.erl index d31d5a297d..17224b6ef4 100644 --- a/lib/ssh/src/ssh_shell.erl +++ b/lib/ssh/src/ssh_shell.erl @@ -45,6 +45,21 @@ %%==================================================================== %% ssh_channel callbacks %%==================================================================== +-spec init(Args :: term()) -> + {ok, State :: term()} | {ok, State :: term(), timeout() | hibernate} | + {stop, Reason :: term()} | ignore. + +-spec terminate(Reason :: (normal | shutdown | {shutdown, term()} | + term()), + State :: term()) -> + term(). + +-spec handle_msg(Msg ::term(), State :: term()) -> + {ok, State::term()} | {stop, ChannelId::integer(), State::term()}. +-spec handle_ssh_msg({ssh_cm, ConnectionRef::term(), SshMsg::term()}, + State::term()) -> {ok, State::term()} | + {stop, ChannelId::integer(), + State::term()}. %%-------------------------------------------------------------------- %% Function: init(Args) -> {ok, State} diff --git a/lib/ssh/src/ssh_subsystem_sup.erl b/lib/ssh/src/ssh_subsystem_sup.erl index 11e02491c4..637f5f398f 100644 --- a/lib/ssh/src/ssh_subsystem_sup.erl +++ b/lib/ssh/src/ssh_subsystem_sup.erl @@ -51,6 +51,8 @@ channel_supervisor(SupPid) -> %%%========================================================================= %%% Supervisor callback %%%========================================================================= +-spec init( [term()] ) -> {ok,{supervisor:sup_flags(),[supervisor:child_spec()]}} | ignore . + init([Opts]) -> RestartStrategy = one_for_all, MaxR = 0, diff --git a/lib/ssh/src/ssh_sup.erl b/lib/ssh/src/ssh_sup.erl index f827594717..8b57387589 100644 --- a/lib/ssh/src/ssh_sup.erl +++ b/lib/ssh/src/ssh_sup.erl @@ -31,6 +31,8 @@ %%%========================================================================= %%% Supervisor callback %%%========================================================================= +-spec init( [term()] ) -> {ok,{supervisor:sup_flags(),[supervisor:child_spec()]}} | ignore . + init([]) -> SupFlags = {one_for_one, 10, 3600}, Children = children(), diff --git a/lib/ssh/src/ssh_system_sup.erl b/lib/ssh/src/ssh_system_sup.erl index 9a9786a914..5035bc8f80 100644 --- a/lib/ssh/src/ssh_system_sup.erl +++ b/lib/ssh/src/ssh_system_sup.erl @@ -125,6 +125,8 @@ restart_acceptor(Address, Port, Profile) -> %%%========================================================================= %%% Supervisor callback %%%========================================================================= +-spec init( [term()] ) -> {ok,{supervisor:sup_flags(),[supervisor:child_spec()]}} | ignore . + init([ServerOpts]) -> RestartStrategy = one_for_one, MaxR = 0, diff --git a/lib/ssh/src/sshc_sup.erl b/lib/ssh/src/sshc_sup.erl index 71b5c2c46a..15858f36e1 100644 --- a/lib/ssh/src/sshc_sup.erl +++ b/lib/ssh/src/sshc_sup.erl @@ -51,6 +51,8 @@ stop_child(Client) -> %%%========================================================================= %%% Supervisor callback %%%========================================================================= +-spec init( [term()] ) -> {ok,{supervisor:sup_flags(),[supervisor:child_spec()]}} | ignore . + init(Args) -> RestartStrategy = simple_one_for_one, MaxR = 0, diff --git a/lib/ssh/src/sshd_sup.erl b/lib/ssh/src/sshd_sup.erl index ac9e232b3a..04d2df30f7 100644 --- a/lib/ssh/src/sshd_sup.erl +++ b/lib/ssh/src/sshd_sup.erl @@ -75,6 +75,8 @@ system_name(SysSup) -> %%%========================================================================= %%% Supervisor callback %%%========================================================================= +-spec init( [term()] ) -> {ok,{supervisor:sup_flags(),[supervisor:child_spec()]}} | ignore . + init([Servers]) -> RestartStrategy = one_for_one, MaxR = 10, -- cgit v1.2.3 From 42265970b989ce130cf62e79574ce533cec2a4e9 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 4 May 2016 16:58:17 +0200 Subject: ssh: correct bad stop return value tag --- lib/ssh/src/ssh_connection_handler.erl | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 0327a72c12..946adcf384 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1520,7 +1520,7 @@ handle_connection_msg(Msg, StateName, State0 = event_queue = Qev0}) -> Renegotiation = renegotiation(StateName), Role = role(StateName), - try ssh_connection:handle_msg(Msg, Connection0, Role) of + try ssh_connection:handle_msg(Msg, Connection0, Role) of {{replies, Replies}, Connection} -> case StateName of {connected,_} -> @@ -1539,14 +1539,14 @@ handle_connection_msg(Msg, StateName, State0 = {keep_state, State0#data{connection_state = Connection}}; {disconnect, Reason0, {{replies, Replies}, Connection}} -> - {Repls,State} = send_replies(Replies, State0#data{connection_state = Connection}), - case {Reason0,Role} of - {{_, Reason}, client} when ((StateName =/= {connected,client}) and (not Renegotiation)) -> - User ! {self(), not_connected, Reason}; - _ -> - ok - end, - {stop, {shutdown,normal}, Repls, State#data{connection_state = Connection}} + {Repls,State} = send_replies(Replies, State0#data{connection_state = Connection}), + case {Reason0,Role} of + {{_, Reason}, client} when ((StateName =/= {connected,client}) and (not Renegotiation)) -> + User ! {self(), not_connected, Reason}; + _ -> + ok + end, + {stop_and_reply, {shutdown,normal}, Repls, State#data{connection_state = Connection}} catch _:Error -> @@ -1556,7 +1556,7 @@ handle_connection_msg(Msg, StateName, State0 = description = "Internal error"}, Connection0, Role), {Repls,State} = send_replies(Replies, State0#data{connection_state = Connection}), - {stop, {shutdown,Error}, Repls, State#data{connection_state = Connection}} + {stop_and_reply, {shutdown,Error}, Repls, State#data{connection_state = Connection}} end. -- cgit v1.2.3 From 8aedb4e5405af6b4c80a71ff579c9bcf5143ef1c Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 9 May 2016 15:13:14 +0200 Subject: ssh: monitor os:cmd to avoid hanging on baal --- lib/ssh/test/ssh_test_lib.erl | 53 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 42 insertions(+), 11 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index c6541461a1..a1291146e4 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -655,17 +655,48 @@ sshc(Tag) -> ). ssh_type() -> - case os:find_executable("ssh") of - false -> not_found; - _ -> - case os:cmd("ssh -V") of - "OpenSSH" ++ _ -> - openSSH; - Str -> - ct:log("ssh client ~p is unknown",[Str]), - unknown - end - end. + Parent = self(), + Pid = spawn(fun() -> + Parent ! {ssh_type,self(),ssh_type1()} + end), + MonitorRef = monitor(process, Pid), + receive + {ssh_type, Pid, Result} -> + demonitor(MonitorRef), + Result; + {'DOWN', MonitorRef, process, Pid, _Info} -> + ct:log("~p:~p Process DOWN",[?MODULE,?LINE]), + not_found + after + 10000 -> + ct:log("~p:~p Timeout",[?MODULE,?LINE]), + demonitor(MonitorRef), + not_found + end. + + +ssh_type1() -> + try + case os:find_executable("ssh") of + false -> + ct:log("~p:~p Executable \"ssh\" not found",[?MODULE,?LINE]), + not_found; + _ -> + case os:cmd("ssh -V") of + "OpenSSH" ++ _ -> + openSSH; + Str -> + ct:log("ssh client ~p is unknown",[Str]), + unknown + end + end + catch + Class:Exception -> + ct:log("~p:~p Exception ~p:~p",[?MODULE,?LINE,Class,Exception]), + not_found + end. + + algo_intersection([], _) -> []; algo_intersection(_, []) -> []; -- cgit v1.2.3 From 2d19c1c0102781c570b80a900fe161c99997b95c Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 9 May 2016 15:21:36 +0200 Subject: ssh: polish test log (ssh_algorithms_SUITE) --- lib/ssh/test/ssh_algorithms_SUITE.erl | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 9910b8f1d7..f7d186646d 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -70,10 +70,10 @@ two_way_tags() -> [cipher,mac,compression]. %%-------------------------------------------------------------------- init_per_suite(Config) -> - ct:log("os:getenv(\"HOME\") = ~p~n" - "init:get_argument(home) = ~p", - [os:getenv("HOME"), init:get_argument(home)]), - ct:log("~n~n" + ct:log("~n" + "Environment:~n============~n" + "os:getenv(\"HOME\") = ~p~n" + "init:get_argument(home) = ~p~n~n~n" "OS ssh:~n=======~n~p~n~n~n" "Erl ssh:~n========~n~p~n~n~n" "Installed ssh client:~n=====================~n~p~n~n~n" @@ -82,7 +82,9 @@ init_per_suite(Config) -> " -- Default dh group exchange parameters ({min,def,max}): ~p~n" " -- dh_default_groups: ~p~n" " -- Max num algorithms: ~p~n" - ,[os:cmd("ssh -V"), + ,[os:getenv("HOME"), + init:get_argument(home), + os:cmd("ssh -V"), ssh:default_algorithms(), ssh_test_lib:default_algorithms(sshc), ssh_test_lib:default_algorithms(sshd), -- cgit v1.2.3 From 9105cb1cef1de09c2a43a1ac8c166d8ab8be41fe Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 10 May 2016 13:03:47 +0200 Subject: ssh: New test for utf8 in ssh_sftp_SUITE --- lib/ssh/test/ssh_sftp_SUITE.erl | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index f6d7be41d6..26df346c7f 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -106,8 +106,10 @@ init_per_group(not_unicode, Config) -> | Config]; init_per_group(unicode, Config) -> - case file:native_name_encoding() of - utf8 -> + case (file:native_name_encoding() == utf8) + andalso ("å››" == [22235]) + of + true -> ct:comment("Begin ~p",[grps(Config)]), DataDir = ?config(data_dir, Config), PrivDir = ?config(priv_dir, Config), -- cgit v1.2.3 From bd64ad8e15d66e48b36dbe3584315dd5cfc8b59a Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Wed, 11 May 2016 17:22:23 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 64 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 96bc50c689..bab0c39b99 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,70 @@ notes.xml
+
Ssh 4.3 + +
Improvements and New Features + + +

+ Some time optimization mainly in message encoding.

+

+ Own Id: OTP-13131

+ + +

+ Optimized the sftp client time by setting new packet and + window sizes.

+

+ Own Id: OTP-13175

+ + +

+ The ssh_connection_handler module in SSH is + changed and now uses the new behaviour gen_statem.

+

+ The module can be used as an example of a + gen_statem callback module but with a warning: + This commit of ssh is just a straightforward port from + gen_fsm to gen_statem with some code cleaning. Since the + state machine and the state callbacks are almost + unchanged the ssh module does not demonstrate the full + potential of the new behaviour.

+

+ The "new" state machine uses compund states. The ssh + server and client state machines are quite similar but + differences exist. With gen_fsm there were flags + in the user data which in fact implemented "substates". + Now with gen_statem those are made explicit in the + state names, eg the state userauth and the binary + role-flag becomes the two state names + {userauth, server} and {userauth, client}.

+

+ Own Id: OTP-13267

+ + +

+ The {error, Reason} tuples returned from + ssh_sftp api functions are described.

+

+ Own Id: OTP-13347 Aux Id: ERL-86

+ + +

+ It is now possible to call ssh:daemon/{1,2,3} with + Port=0. This makes the daemon select a free + listening tcp port before opening it. To find this port + number after the call, use the new function + ssh:daemon_info/1. See the reference manual for + details.

+

+ Own Id: OTP-13527

+ + +
+ +
+
Ssh 4.2.2
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 663e847459686604ea051f036a0e4caff18cea6f Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Thu, 12 May 2016 12:04:14 +0200 Subject: Revert "Prepare release" This reverts commit bd64ad8e15d66e48b36dbe3584315dd5cfc8b59a. --- lib/ssh/doc/src/notes.xml | 64 ----------------------------------------------- 1 file changed, 64 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index bab0c39b99..96bc50c689 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,70 +30,6 @@ notes.xml -
Ssh 4.3 - -
Improvements and New Features - - -

- Some time optimization mainly in message encoding.

-

- Own Id: OTP-13131

- - -

- Optimized the sftp client time by setting new packet and - window sizes.

-

- Own Id: OTP-13175

- - -

- The ssh_connection_handler module in SSH is - changed and now uses the new behaviour gen_statem.

-

- The module can be used as an example of a - gen_statem callback module but with a warning: - This commit of ssh is just a straightforward port from - gen_fsm to gen_statem with some code cleaning. Since the - state machine and the state callbacks are almost - unchanged the ssh module does not demonstrate the full - potential of the new behaviour.

-

- The "new" state machine uses compund states. The ssh - server and client state machines are quite similar but - differences exist. With gen_fsm there were flags - in the user data which in fact implemented "substates". - Now with gen_statem those are made explicit in the - state names, eg the state userauth and the binary - role-flag becomes the two state names - {userauth, server} and {userauth, client}.

-

- Own Id: OTP-13267

- - -

- The {error, Reason} tuples returned from - ssh_sftp api functions are described.

-

- Own Id: OTP-13347 Aux Id: ERL-86

- - -

- It is now possible to call ssh:daemon/{1,2,3} with - Port=0. This makes the daemon select a free - listening tcp port before opening it. To find this port - number after the call, use the new function - ssh:daemon_info/1. See the reference manual for - details.

-

- Own Id: OTP-13527

- - -
- -
-
Ssh 4.2.2
Fixed Bugs and Malfunctions -- cgit v1.2.3 From 40570e5b0829c5b6c189a4b4660bb937f2d85592 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 13 May 2016 15:37:20 +0200 Subject: ssh: badmatch in connection_handler (badly renamed variable) --- lib/ssh/src/ssh_connection_handler.erl | 40 +++++++++++++++------------------- 1 file changed, 18 insertions(+), 22 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 946adcf384..e952a333ff 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1514,39 +1514,35 @@ call(FsmPid, Event, Timeout) -> end. -handle_connection_msg(Msg, StateName, State0 = - #data{starter = User, - connection_state = Connection0, - event_queue = Qev0}) -> +handle_connection_msg(Msg, StateName, D0 = #data{starter = User, + connection_state = Connection0, + event_queue = Qev0}) -> Renegotiation = renegotiation(StateName), Role = role(StateName), - try ssh_connection:handle_msg(Msg, Connection0, Role) of + try ssh_connection:handle_msg(Msg, Connection0, Role) of {{replies, Replies}, Connection} -> - case StateName of - {connected,_} -> - {Repls, State} = send_replies(Replies, - State0#data{connection_state=Connection}), - {keep_state, State, Repls}; - _ -> - {ConnReplies, Replies} = - lists:splitwith(fun not_connected_filter/1, Replies), - {Repls, State} = send_replies(Replies, - State0#data{event_queue = Qev0 ++ ConnReplies}), - {keep_state, State, Repls} - end; + {Repls, D} = + case StateName of + {connected,_} -> + send_replies(Replies, D0#data{connection_state=Connection}); + _ -> + {ConnReplies, NonConnReplies} = lists:splitwith(fun not_connected_filter/1, Replies), + send_replies(NonConnReplies, D0#data{event_queue = Qev0 ++ ConnReplies}) + end, + {keep_state, D, Repls}; {noreply, Connection} -> - {keep_state, State0#data{connection_state = Connection}}; + {keep_state, D0#data{connection_state = Connection}}; {disconnect, Reason0, {{replies, Replies}, Connection}} -> - {Repls,State} = send_replies(Replies, State0#data{connection_state = Connection}), + {Repls, D} = send_replies(Replies, D0#data{connection_state = Connection}), case {Reason0,Role} of {{_, Reason}, client} when ((StateName =/= {connected,client}) and (not Renegotiation)) -> User ! {self(), not_connected, Reason}; _ -> ok end, - {stop_and_reply, {shutdown,normal}, Repls, State#data{connection_state = Connection}} + {stop_and_reply, {shutdown,normal}, Repls, D#data{connection_state = Connection}} catch _:Error -> @@ -1555,8 +1551,8 @@ handle_connection_msg(Msg, StateName, State0 = #ssh_msg_disconnect{code = ?SSH_DISCONNECT_BY_APPLICATION, description = "Internal error"}, Connection0, Role), - {Repls,State} = send_replies(Replies, State0#data{connection_state = Connection}), - {stop_and_reply, {shutdown,Error}, Repls, State#data{connection_state = Connection}} + {Repls, D} = send_replies(Replies, D0#data{connection_state = Connection}), + {stop_and_reply, {shutdown,Error}, Repls, D#data{connection_state = Connection}} end. -- cgit v1.2.3 From 5e236d05879260d3a2465dcb4cd6cf044f214161 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 18 May 2016 17:21:31 +0200 Subject: ssh: Benchmark suite timeouts were to short --- lib/ssh/test/ssh_benchmark_SUITE.erl | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl index d9be1a32b7..5d8c94be73 100644 --- a/lib/ssh/test/ssh_benchmark_SUITE.erl +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -184,7 +184,7 @@ openssh_client_shell(Config, Options) -> end, Times), ssh:stop_daemon(ServerPid), ok - after 10000 -> + after 60*1000 -> ssh:stop_daemon(ServerPid), exit(SlavePid, kill), {fail, timeout} @@ -215,6 +215,7 @@ openssh_client_sftp(Config, Options) -> {root, SftpSrcDir}])]}, {failfun, fun ssh_test_lib:failfun/2} | Options]), + ct:pal("ServerPid = ~p",[ServerPid]), ct:sleep(500), Cmd = lists:concat(["sftp", " -b -", @@ -231,7 +232,7 @@ openssh_client_sftp(Config, Options) -> end), receive {SlavePid, _ClientResponse} -> - ct:pal("ClientResponse = ~p",[_ClientResponse]), + ct:pal("ClientResponse = ~p~nServerPid = ~p",[_ClientResponse,ServerPid]), {ok, List} = get_trace_list(TracerPid), %%ct:pal("List=~p",[List]), Times = find_times(List, [channel_open_close]), @@ -260,7 +261,7 @@ openssh_client_sftp(Config, Options) -> end, Times), ssh:stop_daemon(ServerPid), ok - after 10000 -> + after 2*60*1000 -> ssh:stop_daemon(ServerPid), exit(SlavePid, kill), {fail, timeout} @@ -445,10 +446,18 @@ increment({Alg,Sz,T},[]) -> %%% API for the traceing %%% get_trace_list(TracerPid) -> + MonRef = monitor(process, TracerPid), TracerPid ! {get_trace_list,self()}, receive - {trace_list,L} -> {ok, pair_events(lists:reverse(L))} - after 5000 -> {error,no_reply} + {trace_list,L} -> + demonitor(MonRef), + {ok, pair_events(lists:reverse(L))}; + {'DOWN', MonRef, process, TracerPid, Info} -> + {error, {tracer_down,Info}} + + after 3*60*1000 -> + demonitor(MonRef), + {error,no_reply} end. erlang_trace() -> -- cgit v1.2.3 From 537cfadcead996010d848c0f3d8dda147f2a78c3 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 19 May 2016 14:10:04 +0200 Subject: ssh: No erlang port in ssh_algorithms_SUITE --- lib/ssh/test/ssh_algorithms_SUITE.erl | 51 ++++++++++++++++++++++++++++++----- 1 file changed, 45 insertions(+), 6 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index f7d186646d..826555f6ab 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -138,14 +138,25 @@ end_per_group(_Alg, Config) -> -init_per_testcase(sshc_simple_exec, Config) -> +init_per_testcase(sshc_simple_exec_port, Config) -> + start_pubkey_daemon([?config(pref_algs,Config)], Config); + +init_per_testcase(sshc_simple_exec_os_cmd, Config) -> start_pubkey_daemon([?config(pref_algs,Config)], Config); init_per_testcase(_TC, Config) -> Config. -end_per_testcase(sshc_simple_exec, Config) -> +end_per_testcase(sshc_simple_exec_port, Config) -> + case ?config(srvr_pid,Config) of + Pid when is_pid(Pid) -> + ssh:stop_daemon(Pid), + ct:log("stopped ~p",[?config(srvr_addr,Config)]); + _ -> + ok + end; +end_per_testcase(sshc_simple_exec_os_cmd, Config) -> case ?config(srvr_pid,Config) of Pid when is_pid(Pid) -> ssh:stop_daemon(Pid), @@ -156,7 +167,6 @@ end_per_testcase(sshc_simple_exec, Config) -> end_per_testcase(_TC, Config) -> Config. - %%-------------------------------------------------------------------- %% Test Cases -------------------------------------------------------- %%-------------------------------------------------------------------- @@ -223,7 +233,7 @@ interpolate(Is) -> %%-------------------------------------------------------------------- %% Use the ssh client of the OS to connect -sshc_simple_exec(Config) -> +sshc_simple_exec_port(Config) -> PrivDir = ?config(priv_dir, Config), KnownHosts = filename:join(PrivDir, "known_hosts"), {Host,Port} = ?config(srvr_addr, Config), @@ -232,10 +242,38 @@ sshc_simple_exec(Config) -> " -o UserKnownHostsFile=",KnownHosts, " -o StrictHostKeyChecking=no", " ",Host," 1+1."]), - ct:log("~p",[Cmd]), OpenSsh = ssh_test_lib:open_port({spawn, Cmd}, [eof,exit_status]), ssh_test_lib:rcv_expected({data,<<"2\n">>}, OpenSsh, ?TIMEOUT). +sshc_simple_exec_os_cmd(Config) -> + PrivDir = ?config(priv_dir, Config), + KnownHosts = filename:join(PrivDir, "known_hosts"), + {Host,Port} = ?config(srvr_addr, Config), + Parent = self(), + Client = spawn( + fun() -> + Cmd = lists:concat(["ssh -p ",Port, + " -C" + " -o UserKnownHostsFile=",KnownHosts, + " -o StrictHostKeyChecking=no" + " ",Host," 1+1."]), + Result = os:cmd(Cmd), + ct:log("~p~n = ~p",[Cmd, Result]), + Parent ! {result, self(), Result, "2\n"} + end), + receive + {result, Client, Result, Expect} -> + case Result of + Expect -> + ok; + _ -> + ct:log("Bad result: ~p~nExpected: ~p", [Result,Expect]), + {fail, "Bad result"} + end + after ?TIMEOUT -> + ct:fail("Did not receive answer") + end. + %%-------------------------------------------------------------------- %% Connect to the ssh server of the OS sshd_simple_exec(_Config) -> @@ -301,7 +339,8 @@ specific_test_cases(Tag, Alg, SshcAlgos, SshdAlgos) -> true -> case ssh_test_lib:ssh_type() of openSSH -> - [sshc_simple_exec]; + [sshc_simple_exec_os_cmd, + sshc_simple_exec_port]; _ -> [] end; -- cgit v1.2.3 From 221055de07c793f2e037816ad3e2c336b1b2dd92 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 20 May 2016 10:37:50 +0200 Subject: ssh: split result line in test --- lib/ssh/test/ssh_algorithms_SUITE.erl | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 826555f6ab..95fe23a461 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -259,15 +259,17 @@ sshc_simple_exec_os_cmd(Config) -> " ",Host," 1+1."]), Result = os:cmd(Cmd), ct:log("~p~n = ~p",[Cmd, Result]), - Parent ! {result, self(), Result, "2\n"} + Parent ! {result, self(), Result, "2"} end), receive - {result, Client, Result, Expect} -> - case Result of - Expect -> + {result, Client, RawResult, Expect} -> + Lines = string:tokens(RawResult, "\r\n"), + case lists:any(fun(Line) -> Line==Expect end, + Lines) of + true -> ok; - _ -> - ct:log("Bad result: ~p~nExpected: ~p", [Result,Expect]), + false -> + ct:log("Bad result: ~p~nExpected: ~p~nMangled result: ~p", [RawResult,Expect,Lines]), {fail, "Bad result"} end after ?TIMEOUT -> -- cgit v1.2.3 From 2564fd11065cfa926cc28a44b0502bf4a32cc9f4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 20 May 2016 12:44:51 +0200 Subject: ssh: New 'prepare' function in ssh_sftp_SUITE --- lib/ssh/test/ssh_sftp_SUITE.erl | 80 +++++++++++++++++++++++++++-------------- 1 file changed, 54 insertions(+), 26 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 26df346c7f..26fe0935e1 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -1,4 +1,4 @@ -%% +% %% %CopyrightBegin% %% %% Copyright Ericsson AB 2005-2016. All Rights Reserved. @@ -93,15 +93,14 @@ groups() -> init_per_group(not_unicode, Config) -> ct:comment("Begin ~p",[grps(Config)]), DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), [{user, "Alladin"}, {passwd, "Sesame"}, {data, <<"Hello world!">>}, - {filename, filename:join(PrivDir, "sftp.txt")}, - {testfile, filename:join(PrivDir, "test.txt")}, - {linktest, filename:join(PrivDir, "link_test.txt")}, - {tar_filename, filename:join(PrivDir, "sftp_tar_test.tar")}, - {tar_F1_txt, "f1.txt"}, + {filename, "sftp.txt"}, + {testfile, "test.txt"}, + {linktest, "link_test.txt"}, + {tar_filename, "sftp_tar_test.tar"}, + {tar_F1_txt, "f1.txt"}, {datadir_tar, filename:join(DataDir,"sftp_tar_test_data")} | Config]; @@ -112,18 +111,17 @@ init_per_group(unicode, Config) -> true -> ct:comment("Begin ~p",[grps(Config)]), DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), NewConfig = [{user, "Ã¥ke高兴"}, {passwd, "ärlig日本ã˜ã‚“"}, {data, <<"foobar Ã¥ 一二三四ã„ã¡ã«ã•ã‚“ã¡">>}, - {filename, filename:join(PrivDir, "sftp瑞点.txt")}, - {testfile, filename:join(PrivDir, "testãƒãƒ³ã‚¹.txt")}, - {linktest, filename:join(PrivDir, "link_test語.txt")}, - {tar_filename, filename:join(PrivDir, "sftp_tar_test一二三.tar")}, - {tar_F1_txt, "F一.txt"}, - {tar_F3_txt, "f3.txt"}, - {tar_F4_txt, "gå››.txt"}, + {filename, "sftp瑞点.txt"}, + {testfile, "testãƒãƒ³ã‚¹.txt"}, + {linktest, "link_test語.txt"}, + {tar_filename, "sftp_tar_test一二三.tar"}, + {tar_F1_txt, "F一.txt"}, + {tar_F3_txt, "f3.txt"}, + {tar_F4_txt, "gå››.txt"}, {datadir_tar, filename:join(DataDir,"sftp_tar_test_data_高兴")} | lists:foldl(fun(K,Cf) -> lists:keydelete(K,1,Cf) end, Config, @@ -230,8 +228,8 @@ init_per_testcase(sftp_nonexistent_subsystem, Config) -> ]), [{sftpd, Sftpd} | Config]; -init_per_testcase(version_option, Config) -> - prep(Config), +init_per_testcase(version_option, Config0) -> + Config = prepare(Config0), TmpConfig0 = lists:keydelete(watchdog, 1, Config), TmpConfig = lists:keydelete(sftp, 1, TmpConfig0), Dog = ct:timetrap(?default_timeout), @@ -248,8 +246,8 @@ init_per_testcase(version_option, Config) -> Sftp = {ChannelPid, Connection}, [{sftp,Sftp}, {watchdog, Dog} | TmpConfig]; -init_per_testcase(Case, Config0) -> - prep(Config0), +init_per_testcase(Case, Config00) -> + Config0 = prepare(Config00), Config1 = lists:keydelete(watchdog, 1, Config0), Config2 = lists:keydelete(sftp, 1, Config1), Dog = ct:timetrap(2 * ?default_timeout), @@ -281,7 +279,7 @@ init_per_testcase(Case, Config0) -> [{sftp, Sftp}, {watchdog, Dog} | Config2] end, - case catch ?config(remote_tar,Config) of + case catch proplists:get_value(remote_tar,Config) of %% The 'catch' is for the case of Config={skip,...} true -> %% Provide a ChannelPid independent of the sftp-channel already opened. @@ -331,7 +329,7 @@ open_close_file(Server, File, Mode) -> open_close_dir() -> [{doc, "Test API functions opendir/2 and close/2"}]. open_close_dir(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = ?config(sftp_priv_dir, Config), {Sftp, _} = ?config(sftp, Config), FileName = ?config(filename, Config), @@ -353,7 +351,7 @@ read_file(Config) when is_list(Config) -> read_dir() -> [{doc,"Test API function list_dir/2"}]. read_dir(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = ?config(sftp_priv_dir, Config), {Sftp, _} = ?config(sftp, Config), {ok, Files} = ssh_sftp:list_dir(Sftp, PrivDir), ct:log("sftp list dir: ~p~n", [Files]). @@ -417,7 +415,7 @@ sftp_read_big_file(Config) when is_list(Config) -> remove_file() -> [{doc,"Test API function delete/2"}]. remove_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = ?config(sftp_priv_dir, Config), FileName = ?config(filename, Config), {Sftp, _} = ?config(sftp, Config), @@ -431,7 +429,7 @@ remove_file(Config) when is_list(Config) -> rename_file() -> [{doc, "Test API function rename_file/2"}]. rename_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = ?config(sftp_priv_dir, Config), FileName = ?config(filename, Config), NewFileName = ?config(testfile, Config), @@ -451,7 +449,7 @@ rename_file(Config) when is_list(Config) -> mk_rm_dir() -> [{doc,"Test API functions make_dir/2, del_dir/2"}]. mk_rm_dir(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = ?config(sftp_priv_dir, Config), {Sftp, _} = ?config(sftp, Config), DirName = filename:join(PrivDir, "test"), @@ -947,7 +945,7 @@ aes_ctr_stream_crypto_tar(Config) -> %%-------------------------------------------------------------------- %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- -prep(Config) -> +oldprep(Config) -> DataDir = ?config(data_dir, Config), TestFile = ?config(filename, Config), TestFile1 = ?config(testfile, Config), @@ -967,6 +965,36 @@ prep(Config) -> ok = file:write_file_info(TestFile, FileInfo#file_info{mode = Mode}). +prepare(Config0) -> + PrivDir = proplists:get_value(priv_dir, Config0), + Dir = filename:join(PrivDir, random_chars(10)), + file:make_dir(Dir), + Keys = [filename, + testfile, + linktest, + tar_filename], + Config1 = foldl_keydelete(Keys, Config0), + Config2 = lists:foldl(fun({Key,Name}, ConfAcc) -> + [{Key, filename:join(Dir,Name)} | ConfAcc] + end, + Config1, + lists:zip(Keys, [proplists:get_value(K,Config0) || K<-Keys])), + + DataDir = proplists:get_value(data_dir, Config2), + FilenameSrc = filename:join(DataDir, "sftp.txt"), + FilenameDst = proplists:get_value(filename, Config2), + {ok,_} = file:copy(FilenameSrc, FilenameDst), + [{sftp_priv_dir,Dir} | Config2]. + + +random_chars(N) -> [crypto:rand_uniform($a,$z) || _<-lists:duplicate(N,x)]. + +foldl_keydelete(Keys, L) -> + lists:foldl(fun(K,E) -> lists:keydelete(K,1,E) end, + L, + Keys). + + chk_tar(Items, Config) -> chk_tar(Items, Config, []). -- cgit v1.2.3 From af9c92b28fcee395fbbb51bc3891dc4360760583 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 20 May 2016 13:07:36 +0200 Subject: ssh: tc renaming --- lib/ssh/test/ssh_algorithms_SUITE.erl | 26 +------------------------- 1 file changed, 1 insertion(+), 25 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 95fe23a461..7b551a7f18 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -138,9 +138,6 @@ end_per_group(_Alg, Config) -> -init_per_testcase(sshc_simple_exec_port, Config) -> - start_pubkey_daemon([?config(pref_algs,Config)], Config); - init_per_testcase(sshc_simple_exec_os_cmd, Config) -> start_pubkey_daemon([?config(pref_algs,Config)], Config); @@ -148,14 +145,6 @@ init_per_testcase(_TC, Config) -> Config. -end_per_testcase(sshc_simple_exec_port, Config) -> - case ?config(srvr_pid,Config) of - Pid when is_pid(Pid) -> - ssh:stop_daemon(Pid), - ct:log("stopped ~p",[?config(srvr_addr,Config)]); - _ -> - ok - end; end_per_testcase(sshc_simple_exec_os_cmd, Config) -> case ?config(srvr_pid,Config) of Pid when is_pid(Pid) -> @@ -233,18 +222,6 @@ interpolate(Is) -> %%-------------------------------------------------------------------- %% Use the ssh client of the OS to connect -sshc_simple_exec_port(Config) -> - PrivDir = ?config(priv_dir, Config), - KnownHosts = filename:join(PrivDir, "known_hosts"), - {Host,Port} = ?config(srvr_addr, Config), - Cmd = lists:concat(["ssh -p ",Port, - " -C", - " -o UserKnownHostsFile=",KnownHosts, - " -o StrictHostKeyChecking=no", - " ",Host," 1+1."]), - OpenSsh = ssh_test_lib:open_port({spawn, Cmd}, [eof,exit_status]), - ssh_test_lib:rcv_expected({data,<<"2\n">>}, OpenSsh, ?TIMEOUT). - sshc_simple_exec_os_cmd(Config) -> PrivDir = ?config(priv_dir, Config), KnownHosts = filename:join(PrivDir, "known_hosts"), @@ -341,8 +318,7 @@ specific_test_cases(Tag, Alg, SshcAlgos, SshdAlgos) -> true -> case ssh_test_lib:ssh_type() of openSSH -> - [sshc_simple_exec_os_cmd, - sshc_simple_exec_port]; + [sshc_simple_exec_os_cmd]; _ -> [] end; -- cgit v1.2.3 From dde2c0136a4091be04239808ea186821846f0343 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 20 May 2016 14:27:12 +0200 Subject: ssh: handle ssh_message binary decode errors --- lib/ssh/src/ssh_message.erl | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_message.erl b/lib/ssh/src/ssh_message.erl index db80d4c9e3..562f040477 100644 --- a/lib/ssh/src/ssh_message.erl +++ b/lib/ssh/src/ssh_message.erl @@ -50,7 +50,15 @@ -define(Empint(X), (ssh_bits:mpint(X))/binary ). -define(Ebinary(X), ?STRING(X) ). --define(unicode_list(B), unicode:characters_to_list(B)). +ucl(B) -> + try unicode:characters_to_list(B) of + L when is_list(L) -> L; + {error,_Matched,Rest} -> throw({error,{bad_unicode,Rest}}) + catch + _:_ -> throw({error,bad_unicode}) + end. + +-define(unicode_list(B), ucl(B)). encode(#ssh_msg_global_request{ name = Name, -- cgit v1.2.3 From 95a9fbfd026a548c1e62da678f254feb8cc6cc90 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 24 May 2016 15:23:30 +0200 Subject: ssh: Longer timeout for ssh client tests --- lib/ssh/test/ssh_algorithms_SUITE.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 7b551a7f18..6894f83547 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -28,7 +28,7 @@ %% Note: This directive should only be used in test suites. -compile(export_all). --define(TIMEOUT, 10000). +-define(TIMEOUT, 35000). %%-------------------------------------------------------------------- %% Common Test interface functions ----------------------------------- -- cgit v1.2.3 From 84051a76ee4c07f7453ba2bf24fe32c8cf8c7b48 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 26 May 2016 15:33:18 +0200 Subject: ssh: ssh:connect, ssh:shell and ssh_sftp:start_subsystem supports client tcp-socket as input --- lib/ssh/doc/src/ssh.xml | 8 +++- lib/ssh/doc/src/ssh_sftp.xml | 14 ++++-- lib/ssh/src/ssh.erl | 85 +++++++++++++++++++++++++++-------- lib/ssh/src/ssh_sftp.erl | 23 ++++++++++ lib/ssh/test/ssh_connection_SUITE.erl | 64 ++++++++++++++++++++++++++ lib/ssh/test/ssh_sftp_SUITE.erl | 55 ++++++++++++++++++++++- 6 files changed, 224 insertions(+), 25 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index ff2d6e082a..bd330e479f 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -124,9 +124,11 @@ + connect(TcpSocket, Options) -> + connect(TcpSocket, Options, Timeout) -> connect(Host, Port, Options) -> - connect(Host, Port, Options, Timeout) -> {ok, - ssh_connection_ref()} | {error, Reason} + connect(Host, Port, Options, Timeout) -> + {ok, ssh_connection_ref()} | {error, Reason} Connects to an SSH server. Host = string() @@ -137,6 +139,8 @@ Timeout = infinity | integer() Negotiation time-out in milli-seconds. The default value is infinity. For connection time-out, use option {connect_timeout, timeout()}. + TcpSocket = port() + The socket is supposed to be from gen_tcp:connect with option {active,false}

Connects to an SSH server. No channel is started. This is done diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index 071d46ec57..67531b7d99 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -526,16 +526,24 @@ + start_channel(TcpSocket) -> + start_channel(TcpSocket, Options) -> + {ok, Pid, ConnectionRef} | {error, reason()|term()} + start_channel(ConnectionRef) -> - start_channel(ConnectionRef, Options) -> + start_channel(ConnectionRef, Options) -> + {ok, Pid} | {error, reason()|term()} + start_channel(Host, Options) -> - start_channel(Host, Port, Options) -> {ok, Pid} | {ok, Pid, ConnectionRef} | - {error, reason()|term()} + start_channel(Host, Port, Options) -> + {ok, Pid, ConnectionRef} | {error, reason()|term()} Starts an SFTP client. Host = string() ConnectionRef = ssh_connection_ref() Port = integer() + TcpSocket = port() + The socket is supposed to be from gen_tcp:connect with option {active,false} Options = [{Option, Value}] diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 09b07b7a2a..50dfe55798 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -27,7 +27,9 @@ -include_lib("public_key/include/public_key.hrl"). -include_lib("kernel/include/file.hrl"). --export([start/0, start/1, stop/0, connect/3, connect/4, close/1, connection_info/2, +-export([start/0, start/1, stop/0, + connect/2, connect/3, connect/4, + close/1, connection_info/2, channel_info/3, daemon/1, daemon/2, daemon/3, daemon_info/1, @@ -70,13 +72,46 @@ stop() -> application:stop(ssh). %%-------------------------------------------------------------------- --spec connect(string(), integer(), proplists:proplist()) -> {ok, pid()} | {error, term()}. +-spec connect(port(), proplists:proplist()) -> {ok, pid()} | {error, term()}. + +-spec connect(port(), proplists:proplist(), timeout()) -> {ok, pid()} | {error, term()} + ; (string(), integer(), proplists:proplist()) -> {ok, pid()} | {error, term()}. + -spec connect(string(), integer(), proplists:proplist(), timeout()) -> {ok, pid()} | {error, term()}. %% %% Description: Starts an ssh connection. %%-------------------------------------------------------------------- -connect(Host, Port, Options) -> +connect(Socket, Options) -> + connect(Socket, Options, infinity). + +connect(Socket, Options, Timeout) when is_port(Socket) -> + case handle_options(Options) of + {error, _Reason} = Error -> + Error; + {_SocketOptions, SshOptions} -> + case proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}) of + {tcp,_,_} -> + %% Is the socket a valid tcp socket? + case {{ok,[]} =/= inet:getopts(Socket, [delay_send]), + {ok,[{active,false}]} == inet:getopts(Socket, [active]) + } + of + {true, true} -> + {ok, {Host,_Port}} = inet:sockname(Socket), + Opts = [{user_pid,self()}, {host,fmt_host(Host)} | SshOptions], + ssh_connection_handler:start_connection(client, Socket, Opts, Timeout); + {true, false} -> + {error, not_passive_mode}; + _ -> + {error, not_tcp_socket} + end; + {L4,_,_} -> + {error, {unsupported,L4}} + end + end; +connect(Host, Port, Options) when is_integer(Port), Port>0 -> connect(Host, Port, Options, infinity). + connect(Host, Port, Options, Timeout) -> case handle_options(Options) of {error, _Reason} = Error -> @@ -199,8 +234,8 @@ stop_daemon(Address, Port) -> stop_daemon(Address, Port, Profile) -> ssh_system_sup:stop_system(Address, Port, Profile). %%-------------------------------------------------------------------- --spec shell(string()) -> _. --spec shell(string(), proplists:proplist()) -> _. +-spec shell(port() | string()) -> _. +-spec shell(port() | string(), proplists:proplist()) -> _. -spec shell(string(), integer(), proplists:proplist()) -> _. %% Host = string() @@ -212,27 +247,34 @@ stop_daemon(Address, Port, Profile) -> %% and will not return until the remote shell is ended.(e.g. on %% exit from the shell) %%-------------------------------------------------------------------- +shell(Socket) when is_port(Socket) -> + shell(Socket, []); shell(Host) -> shell(Host, ?SSH_DEFAULT_PORT, []). + +shell(Socket, Options) when is_port(Socket) -> + start_shell( connect(Socket, Options) ); shell(Host, Options) -> shell(Host, ?SSH_DEFAULT_PORT, Options). + shell(Host, Port, Options) -> - case connect(Host, Port, Options) of - {ok, ConnectionRef} -> - case ssh_connection:session_channel(ConnectionRef, infinity) of - {ok,ChannelId} -> - success = ssh_connection:ptty_alloc(ConnectionRef, ChannelId, []), - Args = [{channel_cb, ssh_shell}, - {init_args,[ConnectionRef, ChannelId]}, - {cm, ConnectionRef}, {channel_id, ChannelId}], - {ok, State} = ssh_channel:init([Args]), - ssh_channel:enter_loop(State); - Error -> - Error - end; + start_shell( connect(Host, Port, Options) ). + + +start_shell({ok, ConnectionRef}) -> + case ssh_connection:session_channel(ConnectionRef, infinity) of + {ok,ChannelId} -> + success = ssh_connection:ptty_alloc(ConnectionRef, ChannelId, []), + Args = [{channel_cb, ssh_shell}, + {init_args,[ConnectionRef, ChannelId]}, + {cm, ConnectionRef}, {channel_id, ChannelId}], + {ok, State} = ssh_channel:init([Args]), + ssh_channel:enter_loop(State); Error -> Error - end. + end; +start_shell(Error) -> + Error. %%-------------------------------------------------------------------- %%-------------------------------------------------------------------- @@ -835,3 +877,8 @@ handle_user_pref_pubkey_algs([H|T], Acc) -> false -> false end. + +fmt_host({A,B,C,D}) -> + lists:concat([A,".",B,".",C,".",D]); +fmt_host(T={_,_,_,_,_,_,_,_}) -> + lists:flatten(string:join([io_lib:format("~.16B",[A]) || A <- tuple_to_list(T)], ":")). diff --git a/lib/ssh/src/ssh_sftp.erl b/lib/ssh/src/ssh_sftp.erl index b03652a136..afc2fb88ff 100644 --- a/lib/ssh/src/ssh_sftp.erl +++ b/lib/ssh/src/ssh_sftp.erl @@ -95,8 +95,31 @@ %%==================================================================== start_channel(Cm) when is_pid(Cm) -> start_channel(Cm, []); +start_channel(Socket) when is_port(Socket) -> + start_channel(Socket, []); start_channel(Host) when is_list(Host) -> start_channel(Host, []). + +start_channel(Socket, Options) when is_port(Socket) -> + Timeout = + %% A mixture of ssh:connect and ssh_sftp:start_channel: + case proplists:get_value(connect_timeout, Options, undefined) of + undefined -> + proplists:get_value(timeout, Options, infinity); + TO -> + TO + end, + case ssh:connect(Socket, Options, Timeout) of + {ok,Cm} -> + case start_channel(Cm, Options) of + {ok, Pid} -> + {ok, Pid, Cm}; + Error -> + Error + end; + Error -> + Error + end; start_channel(Cm, Opts) when is_pid(Cm) -> Timeout = proplists:get_value(timeout, Opts, infinity), {_, ChanOpts, SftpOpts} = handle_options(Opts, [], [], []), diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 0f757a0322..97dcb8570d 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -47,6 +47,7 @@ all() -> start_shell, start_shell_exec, start_shell_exec_fun, + start_shell_sock_exec_fun, gracefull_invalid_version, gracefull_invalid_start, gracefull_invalid_long_start, @@ -60,6 +61,9 @@ groups() -> payload() -> [simple_exec, + simple_exec_sock, + connect_sock_not_tcp, + connect_sock_not_passive, small_cat, big_cat, send_after_exit]. @@ -111,6 +115,18 @@ simple_exec() -> simple_exec(Config) when is_list(Config) -> ConnectionRef = ssh_test_lib:connect(?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, {user_interaction, false}]), + do_simple_exec(ConnectionRef). + + +simple_exec_sock(Config) -> + {ok, Sock} = gen_tcp:connect("localhost", ?SSH_DEFAULT_PORT, [{active,false}]), + {ok, ConnectionRef} = ssh:connect(Sock, [{silently_accept_hosts, true}, + {user_interaction, false}]), + do_simple_exec(ConnectionRef). + + + +do_simple_exec(ConnectionRef) -> {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), success = ssh_connection:exec(ConnectionRef, ChannelId0, "echo testing", infinity), @@ -142,6 +158,18 @@ simple_exec(Config) when is_list(Config) -> 10000 -> ct:fail("timeout ~p:~p",[?MODULE,?LINE]) end. +%%-------------------------------------------------------------------- +connect_sock_not_tcp(Config) -> + {ok,Sock} = gen_udp:open(0, []), + {error, not_tcp_socket} = ssh:connect(Sock, []), + gen_udp:close(Sock). + +%%-------------------------------------------------------------------- +connect_sock_not_passive(Config) -> + {ok,Sock} = gen_tcp:connect("localhost", ?SSH_DEFAULT_PORT, []), + {error, not_passive_mode} = ssh:connect(Sock, []), + gen_tcp:close(Sock). + %%-------------------------------------------------------------------- small_cat() -> [{doc, "Use 'cat' to echo small data block back to us."}]. @@ -455,6 +483,42 @@ start_shell_exec_fun(Config) when is_list(Config) -> ssh:close(ConnectionRef), ssh:stop_daemon(Pid). +%%-------------------------------------------------------------------- +start_shell_sock_exec_fun() -> + [{doc, "start shell on tcp-socket to exec command"}]. + +start_shell_sock_exec_fun(Config) when is_list(Config) -> + PrivDir = proplists:get_value(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = proplists:get_value(data_dir, Config), + {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {exec, fun ssh_exec/1}]), + + {ok, Sock} = gen_tcp:connect(Host, Port, [{active,false}]), + {ok,ConnectionRef} = ssh:connect(Sock, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, true}, + {user_dir, UserDir}]), + + {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), + + success = ssh_connection:exec(ConnectionRef, ChannelId0, + "testing", infinity), + + receive + {ssh_cm, ConnectionRef, {data, _ChannelId, 0, <<"testing\r\n">>}} -> + ok + after 5000 -> + ct:fail("Exec Timeout") + end, + + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid). + %%-------------------------------------------------------------------- gracefull_invalid_version(Config) when is_list(Config) -> diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 26fe0935e1..46db85c1be 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -86,7 +86,8 @@ groups() -> write_file, write_file_iolist, write_big_file, sftp_read_big_file, rename_file, mk_rm_dir, remove_file, links, retrieve_attributes, set_attributes, async_read, - async_write, position, pos_read, pos_write + async_write, position, pos_read, pos_write, + start_channel_sock ]} ]. @@ -624,6 +625,58 @@ pos_write(Config) when is_list(Config) -> NewData1 = list_to_binary("Bye, see you tomorrow!"), {ok, NewData1} = ssh_sftp:read_file(Sftp, FileName). +%%-------------------------------------------------------------------- +start_channel_sock(Config) -> + LoginOpts = + case proplists:get_value(group,Config) of + erlang_server -> + [{user, proplists:get_value(user, Config)}, + {password, proplists:get_value(passwd, Config)}]; + openssh_server -> + [] % Use public key + end, + + Opts = [{user_interaction, false}, + {silently_accept_hosts, true} + | LoginOpts], + + {Host,Port} = proplists:get_value(peer, Config), + + %% Get a tcp socket + {ok, Sock} = gen_tcp:connect(Host, Port, [{active,false}]), + + %% and open one channel on one new Connection + {ok, ChPid1, Conn} = ssh_sftp:start_channel(Sock, Opts), + + %% Test that the channel is usable + FileName = proplists:get_value(filename, Config), + ok = open_close_file(ChPid1, FileName, [read]), + ok = open_close_file(ChPid1, FileName, [write]), + + %% Try to open a second channel on the Connection + {ok, ChPid2} = ssh_sftp:start_channel(Conn, Opts), + ok = open_close_file(ChPid1, FileName, [read]), + ok = open_close_file(ChPid2, FileName, [read]), + + %% Test that the second channel still works after closing the first one + ok = ssh_sftp:stop_channel(ChPid1), + ok = open_close_file(ChPid2, FileName, [write]), + + %% Test the Connection survives that all channels are closed + ok = ssh_sftp:stop_channel(ChPid2), + {ok, ChPid3} = ssh_sftp:start_channel(Conn, Opts), + ok = open_close_file(ChPid3, FileName, [write]), + + %% Test that a closed channel really is closed + {error, closed} = ssh_sftp:open(ChPid2, FileName, [write]), + ok = ssh_sftp:stop_channel(ChPid3), + + %% Test that the socket is closed when the Connection closes + ok = ssh:close(Conn), + {error,einval} = inet:getopts(Sock, [active]), + + ok. + %%-------------------------------------------------------------------- sftp_nonexistent_subsystem() -> [{doc, "Try to execute sftp subsystem on a server that does not support it"}]. -- cgit v1.2.3 From 69d3a7c1ef38a3730edd93c6805bc2d2bc9bf68e Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 25 May 2016 13:07:20 +0200 Subject: ssh: replace ?config in tests OTP-13565 --- lib/ssh/test/ssh_algorithms_SUITE.erl | 23 ++- lib/ssh/test/ssh_basic_SUITE.erl | 178 ++++++++++----------- lib/ssh/test/ssh_benchmark_SUITE.erl | 22 +-- lib/ssh/test/ssh_connection_SUITE.erl | 44 ++--- lib/ssh/test/ssh_options_SUITE.erl | 78 ++++----- lib/ssh/test/ssh_property_test_SUITE.erl | 2 +- lib/ssh/test/ssh_protocol_SUITE.erl | 14 +- lib/ssh/test/ssh_renegotiate_SUITE.erl | 12 +- lib/ssh/test/ssh_sftp_SUITE.erl | 248 ++++++++++++++--------------- lib/ssh/test/ssh_sftpd_SUITE.erl | 88 +++++----- lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl | 42 ++--- lib/ssh/test/ssh_sup_SUITE.erl | 30 ++-- lib/ssh/test/ssh_test_lib.erl | 8 +- lib/ssh/test/ssh_to_openssh_SUITE.erl | 14 +- lib/ssh/test/ssh_upgrade_SUITE.erl | 6 +- 15 files changed, 404 insertions(+), 405 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 6894f83547..ed9e7aacaa 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -111,7 +111,7 @@ init_per_group(Group, Config) -> false -> %% An algorithm group Tag = proplists:get_value(name, - hd(?config(tc_group_path, Config))), + hd(proplists:get_value(tc_group_path, Config))), Alg = Group, PA = case split(Alg) of @@ -128,10 +128,10 @@ init_per_group(Group, Config) -> end. end_per_group(_Alg, Config) -> - case ?config(srvr_pid,Config) of + case proplists:get_value(srvr_pid,Config) of Pid when is_pid(Pid) -> ssh:stop_daemon(Pid), - ct:log("stopped ~p",[?config(srvr_addr,Config)]); + ct:log("stopped ~p",[proplists:get_value(srvr_addr,Config)]); _ -> ok end. @@ -139,17 +139,16 @@ end_per_group(_Alg, Config) -> init_per_testcase(sshc_simple_exec_os_cmd, Config) -> - start_pubkey_daemon([?config(pref_algs,Config)], Config); - + start_pubkey_daemon([proplists:get_value(pref_algs,Config)], Config); init_per_testcase(_TC, Config) -> Config. end_per_testcase(sshc_simple_exec_os_cmd, Config) -> - case ?config(srvr_pid,Config) of + case proplists:get_value(srvr_pid,Config) of Pid when is_pid(Pid) -> ssh:stop_daemon(Pid), - ct:log("stopped ~p",[?config(srvr_addr,Config)]); + ct:log("stopped ~p",[proplists:get_value(srvr_addr,Config)]); _ -> ok end; @@ -161,13 +160,13 @@ end_per_testcase(_TC, Config) -> %%-------------------------------------------------------------------- %% A simple sftp transfer simple_sftp(Config) -> - {Host,Port} = ?config(srvr_addr, Config), + {Host,Port} = proplists:get_value(srvr_addr, Config), ssh_test_lib:std_simple_sftp(Host, Port, Config). %%-------------------------------------------------------------------- %% A simple exec call simple_exec(Config) -> - {Host,Port} = ?config(srvr_addr, Config), + {Host,Port} = proplists:get_value(srvr_addr, Config), ssh_test_lib:std_simple_exec(Host, Port, Config). %%-------------------------------------------------------------------- @@ -378,8 +377,8 @@ start_pubkey_daemon(Opts0, Config) -> setup_pubkey(Config) -> - DataDir = ?config(data_dir, Config), - UserDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_dsa(DataDir, UserDir), ssh_test_lib:setup_rsa(DataDir, UserDir), ssh_test_lib:setup_ecdsa("256", DataDir, UserDir), @@ -389,7 +388,7 @@ setup_pubkey(Config) -> simple_exec_group(I, Config) when is_integer(I) -> simple_exec_group({I,I,I}, Config); simple_exec_group({Min,I,Max}, Config) -> - {Host,Port} = ?config(srvr_addr, Config), + {Host,Port} = proplists:get_value(srvr_addr, Config), ssh_test_lib:std_simple_exec(Host, Port, Config, [{dh_gex_limits,{Min,I,Max}}]). diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 0fa44ded4f..4991816850 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -137,21 +137,21 @@ end_per_suite(_Config) -> %%-------------------------------------------------------------------- init_per_group(dsa_key, Config) -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_dsa(DataDir, PrivDir), Config; init_per_group(rsa_key, Config) -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_rsa(DataDir, PrivDir), Config; init_per_group(ecdsa_sha2_nistp256_key, Config) -> case lists:member('ecdsa-sha2-nistp256', ssh_transport:default_algorithms(public_key)) of true -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_ecdsa("256", DataDir, PrivDir), Config; false -> @@ -161,8 +161,8 @@ init_per_group(ecdsa_sha2_nistp384_key, Config) -> case lists:member('ecdsa-sha2-nistp384', ssh_transport:default_algorithms(public_key)) of true -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_ecdsa("384", DataDir, PrivDir), Config; false -> @@ -172,28 +172,28 @@ init_per_group(ecdsa_sha2_nistp521_key, Config) -> case lists:member('ecdsa-sha2-nistp521', ssh_transport:default_algorithms(public_key)) of true -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_ecdsa("521", DataDir, PrivDir), Config; false -> {skip, unsupported_pub_key} end; init_per_group(rsa_pass_key, Config) -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_rsa_pass_pharse(DataDir, PrivDir, "Password"), [{pass_phrase, {rsa_pass_phrase, "Password"}}| Config]; init_per_group(dsa_pass_key, Config) -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_dsa_pass_pharse(DataDir, PrivDir, "Password"), [{pass_phrase, {dsa_pass_phrase, "Password"}}| Config]; init_per_group(host_user_key_differs, Config) -> - Data = ?config(data_dir, Config), - Sys = filename:join(?config(priv_dir, Config), system_rsa), + Data = proplists:get_value(data_dir, Config), + Sys = filename:join(proplists:get_value(priv_dir, Config), system_rsa), SysUsr = filename:join(Sys, user), - Usr = filename:join(?config(priv_dir, Config), user_ecdsa_256), + Usr = filename:join(proplists:get_value(priv_dir, Config), user_ecdsa_256), file:make_dir(Sys), file:make_dir(SysUsr), file:make_dir(Usr), @@ -205,18 +205,18 @@ init_per_group(host_user_key_differs, Config) -> ssh_test_lib:setup_rsa_known_host(Sys, Usr), Config; init_per_group(key_cb, Config) -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_dsa(DataDir, PrivDir), Config; init_per_group(internal_error, Config) -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_dsa(DataDir, PrivDir), file:delete(filename:join(PrivDir, "system/ssh_host_dsa_key")), Config; init_per_group(dir_options, Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), %% Make unreadable dir: Dir_unreadable = filename:join(PrivDir, "unread"), ok = file:make_dir(Dir_unreadable), @@ -261,27 +261,27 @@ init_per_group(_, Config) -> Config. end_per_group(dsa_key, Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:clean_dsa(PrivDir), Config; end_per_group(rsa_key, Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:clean_rsa(PrivDir), Config; end_per_group(dsa_pass_key, Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:clean_dsa(PrivDir), Config; end_per_group(rsa_pass_key, Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:clean_rsa(PrivDir), Config; end_per_group(key_cb, Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:clean_dsa(PrivDir), Config; end_per_group(internal_error, Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:clean_dsa(PrivDir), Config; @@ -290,9 +290,9 @@ end_per_group(_, Config) -> %%-------------------------------------------------------------------- init_per_testcase(TC, Config) when TC==shell_no_unicode ; TC==shell_unicode_string -> - PrivDir = ?config(priv_dir, Config), - UserDir = ?config(priv_dir, Config), - SysDir = ?config(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), + SysDir = proplists:get_value(data_dir, Config), ssh:start(), Sftpd = {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, @@ -321,12 +321,12 @@ init_per_testcase(_TestCase, Config) -> end_per_testcase(TestCase, Config) when TestCase == server_password_option; TestCase == server_userpassword_option -> - UserDir = filename:join(?config(priv_dir, Config), nopubkey), + UserDir = filename:join(proplists:get_value(priv_dir, Config), nopubkey), ssh_test_lib:del_dirs(UserDir), end_per_testcase(Config); end_per_testcase(TC, Config) when TC==shell_no_unicode ; TC==shell_unicode_string -> - case ?config(sftpd, Config) of + case proplists:get_value(sftpd, Config) of {Pid, _, _} -> ssh:stop_daemon(Pid), ssh:stop(); @@ -355,8 +355,8 @@ appup_test(Config) when is_list(Config) -> %%% some options not yet present are not decided if we should support or %%% if they need thier own test case. misc_ssh_options(Config) when is_list(Config) -> - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), CMiscOpt0 = [{connect_timeout, 1000}, {user_dir, UserDir}], CMiscOpt1 = [{connect_timeout, infinity}, {user_dir, UserDir}], @@ -369,8 +369,8 @@ misc_ssh_options(Config) when is_list(Config) -> %%-------------------------------------------------------------------- %%% Test configuring IPv4 inet_option(Config) when is_list(Config) -> - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), ClientOpts = [{silently_accept_hosts, true}, {user_dir, UserDir}, @@ -385,8 +385,8 @@ inet_option(Config) when is_list(Config) -> %%-------------------------------------------------------------------- %%% Test configuring IPv6 inet6_option(Config) when is_list(Config) -> - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), ClientOpts = [{silently_accept_hosts, true}, {user_dir, UserDir}, @@ -402,8 +402,8 @@ inet6_option(Config) when is_list(Config) -> %%% Test api function ssh_connection:exec exec(Config) when is_list(Config) -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, UserDir}, @@ -449,8 +449,8 @@ exec_compressed(Config) when is_list(Config) -> true -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, {preferred_algorithms,[{compression, [zlib]}]}, @@ -478,8 +478,8 @@ exec_compressed(Config) when is_list(Config) -> %%-------------------------------------------------------------------- %%% Idle timeout test idle_time(Config) -> - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, UserDir}, @@ -501,8 +501,8 @@ idle_time(Config) -> %%% Test that ssh:shell/2 works shell(Config) when is_list(Config) -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir},{user_dir, UserDir}, {failfun, fun ssh_test_lib:failfun/2}]), @@ -536,9 +536,9 @@ exec_key_differs(Config, UserPKAlgs) -> of [] -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system_rsa), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system_rsa), SystemUserDir = filename:join(SystemDir, user), - UserDir = filename:join(?config(priv_dir, Config), user_ecdsa_256), + UserDir = filename:join(proplists:get_value(priv_dir, Config), user_ecdsa_256), {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, SystemUserDir}, @@ -570,9 +570,9 @@ exec_key_differs(Config, UserPKAlgs) -> %%-------------------------------------------------------------------- exec_key_differs_fail(Config) when is_list(Config) -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system_rsa), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system_rsa), SystemUserDir = filename:join(SystemDir, user), - UserDir = filename:join(?config(priv_dir, Config), user_ecdsa_256), + UserDir = filename:join(proplists:get_value(priv_dir, Config), user_ecdsa_256), {_Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, SystemUserDir}, @@ -597,10 +597,10 @@ exec_key_differs_fail(Config) when is_list(Config) -> %%-------------------------------------------------------------------- cli(Config) when is_list(Config) -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), - TmpDir = filename:join(?config(priv_dir,Config), "tmp"), + TmpDir = filename:join(proplists:get_value(priv_dir,Config), "tmp"), ok = ssh_test_lib:del_dirs(TmpDir), ok = file:make_dir(TmpDir), @@ -639,8 +639,8 @@ cli(Config) when is_list(Config) -> %%% Test that get correct error message if you try to start a daemon %%% on an adress that already runs a daemon see also seq10667 daemon_already_started(Config) when is_list(Config) -> - SystemDir = ?config(data_dir, Config), - UserDir = ?config(priv_dir, Config), + SystemDir = proplists:get_value(data_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), {Pid, _Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, UserDir}, @@ -654,8 +654,8 @@ daemon_already_started(Config) when is_list(Config) -> %%-------------------------------------------------------------------- %%% check that known_hosts is updated correctly known_hosts(Config) when is_list(Config) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + SystemDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{user_dir, PrivDir},{system_dir, SystemDir}, {failfun, fun ssh_test_lib:failfun/2}]), @@ -681,9 +681,9 @@ known_hosts(Config) when is_list(Config) -> %%% Test that we can use keyes protected by pass phrases pass_phrase(Config) when is_list(Config) -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), - PhraseArg = ?config(pass_phrase, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), + PhraseArg = proplists:get_value(pass_phrase, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, UserDir}, @@ -700,8 +700,8 @@ pass_phrase(Config) when is_list(Config) -> %%% Test that we can use key callback key_callback(Config) when is_list(Config) -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), NoPubKeyDir = filename:join(UserDir, "nopubkey"), file:make_dir(NoPubKeyDir), @@ -724,8 +724,8 @@ key_callback(Config) when is_list(Config) -> %%% Test that we can use key callback with callback options key_callback_options(Config) when is_list(Config) -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), NoPubKeyDir = filename:join(UserDir, "nopubkey"), file:make_dir(NoPubKeyDir), @@ -751,8 +751,8 @@ key_callback_options(Config) when is_list(Config) -> %%% Test that client does not hang if disconnects due to internal error internal_error(Config) when is_list(Config) -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, UserDir}, @@ -768,8 +768,8 @@ internal_error(Config) when is_list(Config) -> %%% Test ssh_connection:send/3 send(Config) when is_list(Config) -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, UserDir}, @@ -788,8 +788,8 @@ send(Config) when is_list(Config) -> %%% Test ssh:connection_info([peername, sockname]) peername_sockname(Config) when is_list(Config) -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, UserDir}, @@ -838,8 +838,8 @@ ips(Name) when is_list(Name) -> %%% Client receives close when server closes close(Config) when is_list(Config) -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), {Server, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, UserDir}, @@ -861,8 +861,8 @@ close(Config) when is_list(Config) -> %%-------------------------------------------------------------------- %%% Simulate that we try to close an already closed connection double_close(Config) when is_list(Config) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + SystemDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), @@ -881,8 +881,8 @@ double_close(Config) when is_list(Config) -> %%-------------------------------------------------------------------- daemon_opt_fd(Config) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + SystemDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), @@ -908,8 +908,8 @@ daemon_opt_fd(Config) -> %%-------------------------------------------------------------------- multi_daemon_opt_fd(Config) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + SystemDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), @@ -943,8 +943,8 @@ multi_daemon_opt_fd(Config) -> %%-------------------------------------------------------------------- packet_size_zero(Config) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + SystemDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), @@ -974,7 +974,7 @@ packet_size_zero(Config) -> %%-------------------------------------------------------------------- shell_no_unicode(Config) -> - new_do_shell(?config(io,Config), + new_do_shell(proplists:get_value(io,Config), [new_prompt, {type,"io:format(\"hej ~p~n\",[42])."}, {expect,"hej 42"}, @@ -985,7 +985,7 @@ shell_no_unicode(Config) -> %%-------------------------------------------------------------------- shell_unicode_string(Config) -> - new_do_shell(?config(io,Config), + new_do_shell(proplists:get_value(io,Config), [new_prompt, {type,"io:format(\"ã“ã«ã¡ã‚~ts~n\",[\"四二\"])."}, {expect,"ã“ã«ã¡ã‚四二"}, @@ -1002,8 +1002,8 @@ openssh_zlib_basic_test(Config) -> {skip, io_lib:format("~p compression is not supported",[L])}; true -> - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {user_dir, UserDir}, @@ -1023,11 +1023,11 @@ openssh_zlib_basic_test(Config) -> %%-------------------------------------------------------------------- ssh_info_print(Config) -> %% Just check that ssh_print:info() crashes - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), PrintFile = filename:join(PrivDir,info), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), Parent = self(), UnexpFun = fun(Msg,_Peer) -> @@ -1103,8 +1103,8 @@ check_error(Error) -> ct:fail(Error). basic_test(Config) -> - ClientOpts = ?config(client_opts, Config), - ServerOpts = ?config(server_opts, Config), + ClientOpts = proplists:get_value(client_opts, Config), + ServerOpts = proplists:get_value(server_opts, Config), {Pid, Host, Port} = ssh_test_lib:daemon(ServerOpts), {ok, CM} = ssh:connect(Host, Port, ClientOpts), diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl index 5d8c94be73..0e925ee19b 100644 --- a/lib/ssh/test/ssh_benchmark_SUITE.erl +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -63,8 +63,8 @@ end_per_suite(_Config) -> init_per_group(opensshc_erld, Config) -> case ssh_test_lib:ssh_type() of openSSH -> - DataDir = ?config(data_dir, Config), - UserDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_dsa(DataDir, UserDir), ssh_test_lib:setup_rsa(DataDir, UserDir), ssh_test_lib:setup_ecdsa("256", DataDir, UserDir), @@ -97,7 +97,7 @@ end_per_testcase(_Func, _Conf) -> init_sftp_dirs(Config) -> - UserDir = ?config(priv_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), SrcDir = filename:join(UserDir, "sftp_src"), ok = file:make_dir(SrcDir), SrcFile = "big_data", @@ -127,8 +127,8 @@ openssh_client_shell(Config) -> openssh_client_shell(Config, Options) -> - SystemDir = ?config(data_dir, Config), - UserDir = ?config(priv_dir, Config), + SystemDir = proplists:get_value(data_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), KnownHosts = filename:join(UserDir, "known_hosts"), {ok, TracerPid} = erlang_trace(), @@ -200,11 +200,11 @@ openssh_client_sftp(Config) -> openssh_client_sftp(Config, Options) -> - SystemDir = ?config(data_dir, Config), - UserDir = ?config(priv_dir, Config), - SftpSrcDir = ?config(sftp_src_dir, Config), - SrcFile = ?config(src_file, Config), - SrcSize = ?config(sftp_size, Config), + SystemDir = proplists:get_value(data_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), + SftpSrcDir = proplists:get_value(sftp_src_dir, Config), + SrcFile = proplists:get_value(src_file, Config), + SrcSize = proplists:get_value(sftp_size, Config), KnownHosts = filename:join(UserDir, "known_hosts"), {ok, TracerPid} = erlang_trace(), @@ -275,7 +275,7 @@ variants(Tag, Config) -> [A|_] when is_atom(A) -> two_way end, [ [{Tag,tag_value(TagType,Alg)}] - || Alg <- proplists:get_value(Tag, ?config(common_algs,Config)) + || Alg <- proplists:get_value(Tag, proplists:get_value(common_algs,Config)) ]. tag_value(two_way, Alg) -> [Alg]; diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 97dcb8570d..c9a321fbbd 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -344,10 +344,10 @@ ptty_alloc_pixel(Config) when is_list(Config) -> %%-------------------------------------------------------------------- interrupted_send(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, {password, "morot"}, @@ -387,10 +387,10 @@ start_shell() -> [{doc, "Start a shell"}]. start_shell(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, {password, "morot"}, @@ -419,10 +419,10 @@ start_shell_exec() -> [{doc, "start shell to exec command"}]. start_shell_exec(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, {password, "morot"}, @@ -453,10 +453,10 @@ start_shell_exec_fun() -> [{doc, "start shell to exec command"}]. start_shell_exec_fun(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, {password, "morot"}, @@ -522,10 +522,10 @@ start_shell_sock_exec_fun(Config) when is_list(Config) -> %%-------------------------------------------------------------------- gracefull_invalid_version(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, @@ -545,10 +545,10 @@ gracefull_invalid_version(Config) when is_list(Config) -> end. gracefull_invalid_start(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, {password, "morot"}]), @@ -567,10 +567,10 @@ gracefull_invalid_start(Config) when is_list(Config) -> end. gracefull_invalid_long_start(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, {password, "morot"}]), @@ -590,10 +590,10 @@ gracefull_invalid_long_start(Config) when is_list(Config) -> gracefull_invalid_long_start_no_nl(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), {_Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, {password, "morot"}]), @@ -615,10 +615,10 @@ stop_listener() -> [{doc, "start ssh daemon, setup connections, stop listener, restart listner"}]. stop_listener(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), {Pid0, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, @@ -674,10 +674,10 @@ stop_listener(Config) when is_list(Config) -> end. start_subsystem_on_closed_channel(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, {password, "morot"}, @@ -703,10 +703,10 @@ max_channels_option() -> [{doc, "Test max_channels option"}]. max_channels_option(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, {password, "morot"}, diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl index 4ca6a473fa..d1e3d6cb0e 100644 --- a/lib/ssh/test/ssh_options_SUITE.erl +++ b/lib/ssh/test/ssh_options_SUITE.erl @@ -133,12 +133,12 @@ end_per_suite(_Config) -> %%-------------------------------------------------------------------- init_per_group(hardening_tests, Config) -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_dsa(DataDir, PrivDir), Config; init_per_group(dir_options, Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), %% Make unreadable dir: Dir_unreadable = filename:join(PrivDir, "unread"), ok = file:make_dir(Dir_unreadable), @@ -193,7 +193,7 @@ end_per_testcase(TestCase, Config) when TestCase == server_password_option; TestCase == server_userpassword_option; TestCase == server_pwdfun_option; TestCase == server_pwdfun_4_option -> - UserDir = filename:join(?config(priv_dir, Config), nopubkey), + UserDir = filename:join(proplists:get_value(priv_dir, Config), nopubkey), ssh_test_lib:del_dirs(UserDir), end_per_testcase(Config); end_per_testcase(_TestCase, Config) -> @@ -210,10 +210,10 @@ end_per_testcase(_Config) -> %%% validate to server that uses the 'password' option server_password_option(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, {password, "morot"}]), @@ -243,10 +243,10 @@ server_password_option(Config) when is_list(Config) -> %%% validate to server that uses the 'password' option server_userpassword_option(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, PrivDir}, {user_passwords, [{"vego", "morot"}]}]), @@ -278,10 +278,10 @@ server_userpassword_option(Config) when is_list(Config) -> %%-------------------------------------------------------------------- %%% validate to server that uses the 'pwdfun' option server_pwdfun_option(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), CHKPWD = fun("foo",Pwd) -> Pwd=="bar"; (_,_) -> false end, @@ -316,10 +316,10 @@ server_pwdfun_option(Config) -> %%-------------------------------------------------------------------- %%% validate to server that uses the 'pwdfun/4' option server_pwdfun_4_option(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), PWDFUN = fun("foo",Pwd,{_,_},undefined) -> Pwd=="bar"; ("fie",Pwd,{_,_},undefined) -> {Pwd=="bar",new_state}; ("bandit",_,_,_) -> disconnect; @@ -376,10 +376,10 @@ server_pwdfun_4_option(Config) -> %%-------------------------------------------------------------------- server_pwdfun_4_option_repeat(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), %% Test that the state works Parent = self(), PWDFUN = fun("foo",P="bar",_,S) -> Parent!{P,S},true; @@ -471,10 +471,10 @@ user_dir_option(Config) -> %%-------------------------------------------------------------------- %%% validate client that uses the 'ssh_msg_debug_fun' option ssh_msg_debug_fun_option_client(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, @@ -511,10 +511,10 @@ ssh_msg_debug_fun_option_client(Config) -> %%-------------------------------------------------------------------- connectfun_disconnectfun_server(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), Parent = self(), Ref = make_ref(), @@ -549,10 +549,10 @@ connectfun_disconnectfun_server(Config) -> %%-------------------------------------------------------------------- connectfun_disconnectfun_client(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), Parent = self(), Ref = make_ref(), @@ -580,10 +580,10 @@ connectfun_disconnectfun_client(Config) -> %%-------------------------------------------------------------------- %%% validate client that uses the 'ssh_msg_debug_fun' option ssh_msg_debug_fun_option_server(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), Parent = self(), DbgFun = fun(ConnRef,Displ,Msg,Lang) -> Parent ! {msg_dbg,{ConnRef,Displ,Msg,Lang}} end, @@ -624,10 +624,10 @@ ssh_msg_debug_fun_option_server(Config) -> %%-------------------------------------------------------------------- disconnectfun_option_server(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), Parent = self(), DisConnFun = fun(Reason) -> Parent ! {disconnect,Reason} end, @@ -659,10 +659,10 @@ disconnectfun_option_server(Config) -> %%-------------------------------------------------------------------- disconnectfun_option_client(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), Parent = self(), DisConnFun = fun(Reason) -> Parent ! {disconnect,Reason} end, @@ -693,10 +693,10 @@ disconnectfun_option_client(Config) -> %%-------------------------------------------------------------------- unexpectedfun_option_server(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), Parent = self(), ConnFun = fun(_,_,_) -> Parent ! {connection_pid,self()} end, @@ -736,10 +736,10 @@ unexpectedfun_option_server(Config) -> %%-------------------------------------------------------------------- unexpectedfun_option_client(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), - SysDir = ?config(data_dir, Config), + SysDir = proplists:get_value(data_dir, Config), Parent = self(), UnexpFun = fun(Msg,Peer) -> @@ -859,8 +859,8 @@ ms_passed(T0) -> %%-------------------------------------------------------------------- ssh_daemon_minimal_remote_max_packet_size_option(Config) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + SystemDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), @@ -957,8 +957,8 @@ ssh_connect_negtimeout_sequential(Config) -> ssh_connect_negtimeout(Config,false ssh_connect_negtimeout(Config, Parallel) -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), NegTimeOut = 2000, % ms ct:log("Parallel: ~p",[Parallel]), @@ -990,8 +990,8 @@ ssh_connect_nonegtimeout_connected_sequential(Config) -> ssh_connect_nonegtimeout_connected(Config, Parallel) -> process_flag(trap_exit, true), - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), NegTimeOut = 2000, % ms ct:log("Parallel: ~p",[Parallel]), @@ -1067,7 +1067,7 @@ connect_fun(ssh__connect, Config) -> fun(Host,Port) -> ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, - {user_dir, ?config(priv_dir,Config)}, + {user_dir, proplists:get_value(priv_dir,Config)}, {user_interaction, false}, {user, "carni"}, {password, "meat"} @@ -1092,8 +1092,8 @@ max_sessions(Config, ParallelLogin, Connect0) when is_function(Connect0,2) -> ct:log("Connect(~p,~p) -> ~p",[Host,Port,R]), R end, - SystemDir = filename:join(?config(priv_dir, Config), system), - UserDir = ?config(priv_dir, Config), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), + UserDir = proplists:get_value(priv_dir, Config), MaxSessions = 5, {Pid, Host, Port} = ssh_test_lib:daemon([ {system_dir, SystemDir}, diff --git a/lib/ssh/test/ssh_property_test_SUITE.erl b/lib/ssh/test/ssh_property_test_SUITE.erl index c5cc36c45e..c8aabcedb7 100644 --- a/lib/ssh/test/ssh_property_test_SUITE.erl +++ b/lib/ssh/test/ssh_property_test_SUITE.erl @@ -57,7 +57,7 @@ init_per_suite(Config) -> %%% One group in this suite happens to support only QuickCheck, so skip it %%% if we run proper. init_per_group(client_server, Config) -> - case ?config(property_test_tool,Config) of + case proplists:get_value(property_test_tool,Config) of eqc -> Config; X -> {skip, lists:concat([X," is not supported"])} end; diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 57404f40db..41faf951e1 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -107,11 +107,11 @@ init_per_testcase(TC, Config) when TC == gex_client_init_option_groups ; gex_client_init_option_groups -> [{dh_gex_groups, [{2345, 3, 41}]}]; gex_client_init_option_groups_file -> - DataDir = ?config(data_dir, Config), + DataDir = proplists:get_value(data_dir, Config), F = filename:join(DataDir, "dh_group_test"), [{dh_gex_groups, {file,F}}]; gex_client_init_option_groups_moduli_file -> - DataDir = ?config(data_dir, Config), + DataDir = proplists:get_value(data_dir, Config), F = filename:join(DataDir, "dh_group_test.moduli"), [{dh_gex_groups, {ssh_moduli_file,F}}]; _ when TC == gex_server_gex_limit ; @@ -589,21 +589,21 @@ stop_apps(_Config) -> setup_dirs(Config) -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_rsa(DataDir, PrivDir), Config. -system_dir(Config) -> filename:join(?config(priv_dir, Config), system). +system_dir(Config) -> filename:join(proplists:get_value(priv_dir, Config), system). -user_dir(Config) -> ?config(priv_dir, Config). +user_dir(Config) -> proplists:get_value(priv_dir, Config). %%%---------------------------------------------------------------- start_std_daemon(Config) -> start_std_daemon(Config, []). start_std_daemon(Config, ExtraOpts) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), UserPasswords = [{"user1","pwd1"}], diff --git a/lib/ssh/test/ssh_renegotiate_SUITE.erl b/lib/ssh/test/ssh_renegotiate_SUITE.erl index f1a909cbd0..300816276a 100644 --- a/lib/ssh/test/ssh_renegotiate_SUITE.erl +++ b/lib/ssh/test/ssh_renegotiate_SUITE.erl @@ -108,10 +108,10 @@ rekey(Config) -> rekey_limit() -> [{timetrap,{seconds,400}}]. rekey_limit(Config) -> - UserDir = ?config(priv_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), DataFile = filename:join(UserDir, "rekey.data"), - Algs = ?config(preferred_algorithms, Config), + Algs = proplists:get_value(preferred_algorithms, Config), {Pid, Host, Port} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}, {preferred_algorithms,Algs}]), @@ -154,10 +154,10 @@ rekey_limit(Config) -> %%% Test rekeying with simulataneous send request renegotiate1(Config) -> - UserDir = ?config(priv_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), DataFile = filename:join(UserDir, "renegotiate1.data"), - Algs = ?config(preferred_algorithms, Config), + Algs = proplists:get_value(preferred_algorithms, Config), {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}, {preferred_algorithms,Algs}]), @@ -194,10 +194,10 @@ renegotiate1(Config) -> %%% Test rekeying with inflight messages from peer renegotiate2(Config) -> - UserDir = ?config(priv_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), DataFile = filename:join(UserDir, "renegotiate2.data"), - Algs = ?config(preferred_algorithms, Config), + Algs = proplists:get_value(preferred_algorithms, Config), {Pid, Host, DPort} = ssh_test_lib:std_daemon(Config,[{max_random_length_padding,0}, {preferred_algorithms,Algs}]), diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 46db85c1be..4d40b4647c 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -93,7 +93,7 @@ groups() -> init_per_group(not_unicode, Config) -> ct:comment("Begin ~p",[grps(Config)]), - DataDir = ?config(data_dir, Config), + DataDir = proplists:get_value(data_dir, Config), [{user, "Alladin"}, {passwd, "Sesame"}, {data, <<"Hello world!">>}, @@ -111,7 +111,7 @@ init_per_group(unicode, Config) -> of true -> ct:comment("Begin ~p",[grps(Config)]), - DataDir = ?config(data_dir, Config), + DataDir = proplists:get_value(data_dir, Config), NewConfig = [{user, "Ã¥ke高兴"}, {passwd, "ärlig日本ã˜ã‚“"}, @@ -132,7 +132,7 @@ init_per_group(unicode, Config) -> ] ) ], - FN = fn(?config(tar_F1_txt,NewConfig), NewConfig), + FN = fn(proplists:get_value(tar_F1_txt,NewConfig), NewConfig), case catch file:read_file(FN) of {ok,FN_contents} -> ct:log("Readable file:read_file(~tp) ->~n~tp",[FN,FN_contents]), @@ -148,10 +148,10 @@ init_per_group(unicode, Config) -> init_per_group(erlang_server, Config) -> ct:comment("Begin ~p",[grps(Config)]), - PrivDir = ?config(priv_dir, Config), - SysDir = ?config(data_dir, Config), - User = ?config(user, Config), - Passwd = ?config(passwd, Config), + PrivDir = proplists:get_value(priv_dir, Config), + SysDir = proplists:get_value(data_dir, Config), + User = proplists:get_value(user, Config), + Passwd = proplists:get_value(passwd, Config), Sftpd = {_, HostX, PortX} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, PrivDir}, @@ -177,12 +177,12 @@ init_per_group(openssh_server, Config) -> init_per_group(remote_tar, Config) -> ct:comment("Begin ~p",[grps(Config)]), - {Host,Port} = ?config(peer, Config), - ct:log("Server (~p) at ~p:~p",[?config(group,Config),Host,Port]), - User = ?config(user, Config), - Passwd = ?config(passwd, Config), + {Host,Port} = proplists:get_value(peer, Config), + ct:log("Server (~p) at ~p:~p",[proplists:get_value(group,Config),Host,Port]), + User = proplists:get_value(user, Config), + Passwd = proplists:get_value(passwd, Config), {ok, Connection} = - case ?config(group, Config) of + case proplists:get_value(group, Config) of erlang_server -> ssh:connect(Host, Port, [{user, User}, @@ -217,10 +217,10 @@ end_per_group(_, Config) -> %%-------------------------------------------------------------------- init_per_testcase(sftp_nonexistent_subsystem, Config) -> - PrivDir = ?config(priv_dir, Config), - SysDir = ?config(data_dir, Config), - User = ?config(user, Config), - Passwd = ?config(passwd, Config), + PrivDir = proplists:get_value(priv_dir, Config), + SysDir = proplists:get_value(data_dir, Config), + User = proplists:get_value(user, Config), + Passwd = proplists:get_value(passwd, Config), Sftpd = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, PrivDir}, {subsystems, []}, @@ -234,9 +234,9 @@ init_per_testcase(version_option, Config0) -> TmpConfig0 = lists:keydelete(watchdog, 1, Config), TmpConfig = lists:keydelete(sftp, 1, TmpConfig0), Dog = ct:timetrap(?default_timeout), - {_,Host, Port} = ?config(sftpd, Config), - User = ?config(user, Config), - Passwd = ?config(passwd, Config), + {_,Host, Port} = proplists:get_value(sftpd, Config), + User = proplists:get_value(user, Config), + Passwd = proplists:get_value(passwd, Config), {ok, ChannelPid, Connection} = ssh_sftp:start_channel(Host, Port, [{sftp_vsn, 3}, @@ -252,13 +252,13 @@ init_per_testcase(Case, Config00) -> Config1 = lists:keydelete(watchdog, 1, Config0), Config2 = lists:keydelete(sftp, 1, Config1), Dog = ct:timetrap(2 * ?default_timeout), - User = ?config(user, Config0), - Passwd = ?config(passwd, Config0), + User = proplists:get_value(user, Config0), + Passwd = proplists:get_value(passwd, Config0), Config = - case ?config(group,Config2) of + case proplists:get_value(group,Config2) of erlang_server -> - {_,Host, Port} = ?config(sftpd, Config2), + {_,Host, Port} = proplists:get_value(sftpd, Config2), {ok, ChannelPid, Connection} = ssh_sftp:start_channel(Host, Port, [{user, User}, @@ -284,7 +284,7 @@ init_per_testcase(Case, Config00) -> %% The 'catch' is for the case of Config={skip,...} true -> %% Provide a ChannelPid independent of the sftp-channel already opened. - {ok,ChPid2} = ssh_sftp:start_channel(?config(connection,Config)), + {ok,ChPid2} = ssh_sftp:start_channel(proplists:get_value(connection,Config)), [{channel_pid2,ChPid2} | Config]; _ -> Config @@ -293,16 +293,16 @@ init_per_testcase(Case, Config00) -> end_per_testcase(sftp_nonexistent_subsystem, Config) -> Config; end_per_testcase(rename_file, Config) -> - NewFileName = ?config(testfile, Config), + NewFileName = proplists:get_value(testfile, Config), file:delete(NewFileName), end_per_testcase(Config); end_per_testcase(_, Config) -> end_per_testcase(Config). end_per_testcase(Config) -> - {Sftp, Connection} = ?config(sftp, Config), + {Sftp, Connection} = proplists:get_value(sftp, Config), ok = ssh_sftp:stop_channel(Sftp), - catch ssh_sftp:stop_channel(?config(channel_pid2, Config)), + catch ssh_sftp:stop_channel(proplists:get_value(channel_pid2, Config)), ok = ssh:close(Connection). %%-------------------------------------------------------------------- @@ -311,9 +311,9 @@ end_per_testcase(Config) -> open_close_file() -> [{doc, "Test API functions open/3 and close/2"}]. open_close_file(Config) when is_list(Config) -> - FileName = ?config(filename, Config), + FileName = proplists:get_value(filename, Config), - {Sftp, _} = ?config(sftp, Config), + {Sftp, _} = proplists:get_value(sftp, Config), ok = open_close_file(Sftp, FileName, [read]), ok = open_close_file(Sftp, FileName, [write]), @@ -330,9 +330,9 @@ open_close_file(Server, File, Mode) -> open_close_dir() -> [{doc, "Test API functions opendir/2 and close/2"}]. open_close_dir(Config) when is_list(Config) -> - PrivDir = ?config(sftp_priv_dir, Config), - {Sftp, _} = ?config(sftp, Config), - FileName = ?config(filename, Config), + PrivDir = proplists:get_value(sftp_priv_dir, Config), + {Sftp, _} = proplists:get_value(sftp, Config), + FileName = proplists:get_value(filename, Config), {ok, Handle} = ssh_sftp:opendir(Sftp, PrivDir), ok = ssh_sftp:close(Sftp, Handle), @@ -342,8 +342,8 @@ open_close_dir(Config) when is_list(Config) -> read_file() -> [{doc, "Test API funtion read_file/2"}]. read_file(Config) when is_list(Config) -> - FileName = ?config(filename, Config), - {Sftp, _} = ?config(sftp, Config), + FileName = proplists:get_value(filename, Config), + {Sftp, _} = proplists:get_value(sftp, Config), {ok, Data} = ssh_sftp:read_file(Sftp, FileName), {ok, Data} = ssh_sftp:read_file(Sftp, FileName), {ok, Data} = file:read_file(FileName). @@ -352,8 +352,8 @@ read_file(Config) when is_list(Config) -> read_dir() -> [{doc,"Test API function list_dir/2"}]. read_dir(Config) when is_list(Config) -> - PrivDir = ?config(sftp_priv_dir, Config), - {Sftp, _} = ?config(sftp, Config), + PrivDir = proplists:get_value(sftp_priv_dir, Config), + {Sftp, _} = proplists:get_value(sftp, Config), {ok, Files} = ssh_sftp:list_dir(Sftp, PrivDir), ct:log("sftp list dir: ~p~n", [Files]). @@ -361,8 +361,8 @@ read_dir(Config) when is_list(Config) -> write_file() -> [{doc, "Test API function write_file/2"}]. write_file(Config) when is_list(Config) -> - FileName = ?config(filename, Config), - {Sftp, _} = ?config(sftp, Config), + FileName = proplists:get_value(filename, Config), + {Sftp, _} = proplists:get_value(sftp, Config), Data = list_to_binary("Hej hopp!"), ok = ssh_sftp:write_file(Sftp, FileName, [Data]), @@ -372,8 +372,8 @@ write_file(Config) when is_list(Config) -> write_file_iolist() -> [{doc, "Test API function write_file/2 with iolists"}]. write_file_iolist(Config) when is_list(Config) -> - FileName = ?config(filename, Config), - {Sftp, _} = ?config(sftp, Config), + FileName = proplists:get_value(filename, Config), + {Sftp, _} = proplists:get_value(sftp, Config), Data = list_to_binary("Hej hopp!"), lists:foreach( @@ -393,8 +393,8 @@ write_file_iolist(Config) when is_list(Config) -> write_big_file() -> [{doc, "Test API function write_file/2 with big data"}]. write_big_file(Config) when is_list(Config) -> - FileName = ?config(filename, Config), - {Sftp, _} = ?config(sftp, Config), + FileName = proplists:get_value(filename, Config), + {Sftp, _} = proplists:get_value(sftp, Config), Data = list_to_binary(lists:duplicate(750000,"a")), ok = ssh_sftp:write_file(Sftp, FileName, [Data]), @@ -404,8 +404,8 @@ write_big_file(Config) when is_list(Config) -> sftp_read_big_file() -> [{doc, "Test API function read_file/2 with big data"}]. sftp_read_big_file(Config) when is_list(Config) -> - FileName = ?config(filename, Config), - {Sftp, _} = ?config(sftp, Config), + FileName = proplists:get_value(filename, Config), + {Sftp, _} = proplists:get_value(sftp, Config), Data = list_to_binary(lists:duplicate(750000,"a")), ct:log("Data size to write is ~p bytes",[size(Data)]), @@ -416,9 +416,9 @@ sftp_read_big_file(Config) when is_list(Config) -> remove_file() -> [{doc,"Test API function delete/2"}]. remove_file(Config) when is_list(Config) -> - PrivDir = ?config(sftp_priv_dir, Config), - FileName = ?config(filename, Config), - {Sftp, _} = ?config(sftp, Config), + PrivDir = proplists:get_value(sftp_priv_dir, Config), + FileName = proplists:get_value(filename, Config), + {Sftp, _} = proplists:get_value(sftp, Config), {ok, Files} = ssh_sftp:list_dir(Sftp, PrivDir), true = lists:member(filename:basename(FileName), Files), @@ -430,11 +430,11 @@ remove_file(Config) when is_list(Config) -> rename_file() -> [{doc, "Test API function rename_file/2"}]. rename_file(Config) when is_list(Config) -> - PrivDir = ?config(sftp_priv_dir, Config), - FileName = ?config(filename, Config), - NewFileName = ?config(testfile, Config), + PrivDir = proplists:get_value(sftp_priv_dir, Config), + FileName = proplists:get_value(filename, Config), + NewFileName = proplists:get_value(testfile, Config), - {Sftp, _} = ?config(sftp, Config), + {Sftp, _} = proplists:get_value(sftp, Config), {ok, Files} = ssh_sftp:list_dir(Sftp, PrivDir), ct:log("FileName: ~p, Files: ~p~n", [FileName, Files]), true = lists:member(filename:basename(FileName), Files), @@ -450,8 +450,8 @@ rename_file(Config) when is_list(Config) -> mk_rm_dir() -> [{doc,"Test API functions make_dir/2, del_dir/2"}]. mk_rm_dir(Config) when is_list(Config) -> - PrivDir = ?config(sftp_priv_dir, Config), - {Sftp, _} = ?config(sftp, Config), + PrivDir = proplists:get_value(sftp_priv_dir, Config), + {Sftp, _} = proplists:get_value(sftp, Config), DirName = filename:join(PrivDir, "test"), ok = ssh_sftp:make_dir(Sftp, DirName), @@ -468,9 +468,9 @@ links(Config) when is_list(Config) -> {win32, _} -> {skip, "Links are not fully supported by windows"}; _ -> - {Sftp, _} = ?config(sftp, Config), - FileName = ?config(filename, Config), - LinkFileName = ?config(linktest, Config), + {Sftp, _} = proplists:get_value(sftp, Config), + FileName = proplists:get_value(filename, Config), + LinkFileName = proplists:get_value(linktest, Config), ok = ssh_sftp:make_symlink(Sftp, LinkFileName, FileName), {ok, FileName} = ssh_sftp:read_link(Sftp, LinkFileName) @@ -480,9 +480,9 @@ links(Config) when is_list(Config) -> retrieve_attributes() -> [{doc, "Test API function read_file_info/3"}]. retrieve_attributes(Config) when is_list(Config) -> - FileName = ?config(filename, Config), + FileName = proplists:get_value(filename, Config), - {Sftp, _} = ?config(sftp, Config), + {Sftp, _} = proplists:get_value(sftp, Config), {ok, FileInfo} = ssh_sftp:read_file_info(Sftp, FileName), {ok, NewFileInfo} = file:read_file_info(FileName), @@ -493,9 +493,9 @@ retrieve_attributes(Config) when is_list(Config) -> set_attributes() -> [{doc,"Test API function write_file_info/3"}]. set_attributes(Config) when is_list(Config) -> - FileName = ?config(testfile, Config), + FileName = proplists:get_value(testfile, Config), - {Sftp, _} = ?config(sftp, Config), + {Sftp, _} = proplists:get_value(sftp, Config), {ok,Fd} = file:open(FileName, write), io:put_chars(Fd,"foo"), ok = ssh_sftp:write_file_info(Sftp, FileName, #file_info{mode=8#400}), @@ -508,9 +508,9 @@ set_attributes(Config) when is_list(Config) -> async_read() -> [{doc,"Test API aread/3"}]. async_read(Config) when is_list(Config) -> - {Sftp, _} = ?config(sftp, Config), + {Sftp, _} = proplists:get_value(sftp, Config), - FileName = ?config(filename, Config), + FileName = proplists:get_value(filename, Config), {ok, Handle} = ssh_sftp:open(Sftp, FileName, [read]), {async, Ref} = ssh_sftp:aread(Sftp, Handle, 20), @@ -527,8 +527,8 @@ async_read(Config) when is_list(Config) -> async_write() -> [{doc,"Test API awrite/3"}]. async_write(Config) when is_list(Config) -> - {Sftp, _} = ?config(sftp, Config), - FileName = ?config(testfile, Config), + {Sftp, _} = proplists:get_value(sftp, Config), + FileName = proplists:get_value(testfile, Config), {ok, Handle} = ssh_sftp:open(Sftp, FileName, [write]), Data = list_to_binary("foobar"), {async, Ref} = ssh_sftp:awrite(Sftp, Handle, Data), @@ -545,8 +545,8 @@ async_write(Config) when is_list(Config) -> position() -> [{doc, "Test API functions position/3"}]. position(Config) when is_list(Config) -> - FileName = ?config(testfile, Config), - {Sftp, _} = ?config(sftp, Config), + FileName = proplists:get_value(testfile, Config), + {Sftp, _} = proplists:get_value(sftp, Config), Data = list_to_binary("1234567890"), ok = ssh_sftp:write_file(Sftp, FileName, [Data]), @@ -574,8 +574,8 @@ position(Config) when is_list(Config) -> pos_read() -> [{doc,"Test API functions pread/3 and apread/3"}]. pos_read(Config) when is_list(Config) -> - FileName = ?config(testfile, Config), - {Sftp, _} = ?config(sftp, Config), + FileName = proplists:get_value(testfile, Config), + {Sftp, _} = proplists:get_value(sftp, Config), Data = list_to_binary("Hej hopp!"), ok = ssh_sftp:write_file(Sftp, FileName, [Data]), @@ -601,8 +601,8 @@ pos_read(Config) when is_list(Config) -> pos_write() -> [{doc,"Test API functions pwrite/4 and apwrite/4"}]. pos_write(Config) when is_list(Config) -> - FileName = ?config(testfile, Config), - {Sftp, _} = ?config(sftp, Config), + FileName = proplists:get_value(testfile, Config), + {Sftp, _} = proplists:get_value(sftp, Config), {ok, Handle} = ssh_sftp:open(Sftp, FileName, [write]), @@ -681,9 +681,9 @@ start_channel_sock(Config) -> sftp_nonexistent_subsystem() -> [{doc, "Try to execute sftp subsystem on a server that does not support it"}]. sftp_nonexistent_subsystem(Config) when is_list(Config) -> - {_,Host, Port} = ?config(sftpd, Config), - User = ?config(user, Config), - Passwd = ?config(passwd, Config), + {_,Host, Port} = proplists:get_value(sftpd, Config), + User = proplists:get_value(user, Config), + Passwd = proplists:get_value(passwd, Config), {error,"server failed to start sftp subsystem"} = ssh_sftp:start_channel(Host, Port, [{user_interaction, false}, @@ -699,20 +699,20 @@ version_option(Config) when is_list(Config) -> %%-------------------------------------------------------------------- create_empty_tar(Config) -> - ChPid2 = ?config(channel_pid2, Config), - TarFileName = ?config(tar_filename, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), erl_tar:close(Handle), - {ChPid,_} = ?config(sftp,Config), + {ChPid,_} = proplists:get_value(sftp,Config), {ok, #file_info{type=regular}} = ssh_sftp:read_file_info(ChPid, TarFileName). %%-------------------------------------------------------------------- files_to_tar(Config) -> - ChPid2 = ?config(channel_pid2, Config), - TarFileName = ?config(tar_filename, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), - F1 = ?config(tar_F1_txt, Config), + F1 = proplists:get_value(tar_F1_txt, Config), ok = erl_tar:add(Handle, fn(F1,Config), F1, [verbose]), ok = erl_tar:add(Handle, fn("f2.txt",Config), "f2.txt", [verbose]), ok = erl_tar:close(Handle), @@ -720,8 +720,8 @@ files_to_tar(Config) -> %%-------------------------------------------------------------------- ascii_filename_ascii_contents_to_tar(Config) -> - ChPid2 = ?config(channel_pid2, Config), - TarFileName = ?config(tar_filename, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), ok = erl_tar:add(Handle, fn("f2.txt",Config), "f2.txt", [verbose]), ok = erl_tar:close(Handle), @@ -729,12 +729,12 @@ ascii_filename_ascii_contents_to_tar(Config) -> %%-------------------------------------------------------------------- ascii_filename_unicode_contents_to_tar(Config) -> - case ?config(tar_F3_txt, Config) of + case proplists:get_value(tar_F3_txt, Config) of undefined -> {skip, "Unicode test"}; Fn -> - ChPid2 = ?config(channel_pid2, Config), - TarFileName = ?config(tar_filename, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), ok = erl_tar:add(Handle, fn(Fn,Config), Fn, [verbose]), ok = erl_tar:close(Handle), @@ -743,12 +743,12 @@ ascii_filename_unicode_contents_to_tar(Config) -> %%-------------------------------------------------------------------- unicode_filename_ascii_contents_to_tar(Config) -> - case ?config(tar_F4_txt, Config) of + case proplists:get_value(tar_F4_txt, Config) of undefined -> {skip, "Unicode test"}; Fn -> - ChPid2 = ?config(channel_pid2, Config), - TarFileName = ?config(tar_filename, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), ok = erl_tar:add(Handle, fn(Fn,Config), Fn, [verbose]), ok = erl_tar:close(Handle), @@ -757,8 +757,8 @@ unicode_filename_ascii_contents_to_tar(Config) -> %%-------------------------------------------------------------------- big_file_to_tar(Config) -> - ChPid2 = ?config(channel_pid2, Config), - TarFileName = ?config(tar_filename, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), ok = erl_tar:add(Handle, fn("big.txt",Config), "big.txt", [verbose]), ok = erl_tar:close(Handle), @@ -767,18 +767,18 @@ big_file_to_tar(Config) -> %%-------------------------------------------------------------------- files_chunked_to_tar(Config) -> - ChPid2 = ?config(channel_pid2, Config), - TarFileName = ?config(tar_filename, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), - F1 = ?config(tar_F1_txt, Config), + F1 = proplists:get_value(tar_F1_txt, Config), ok = erl_tar:add(Handle, fn(F1,Config), F1, [verbose,{chunks,2}]), ok = erl_tar:close(Handle), chk_tar([F1], Config). %%-------------------------------------------------------------------- directory_to_tar(Config) -> - ChPid2 = ?config(channel_pid2, Config), - TarFileName = ?config(tar_filename, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), ok = erl_tar:add(Handle, fn("d1",Config), "d1", [verbose]), ok = erl_tar:close(Handle), @@ -786,8 +786,8 @@ directory_to_tar(Config) -> %%-------------------------------------------------------------------- binaries_to_tar(Config) -> - ChPid2 = ?config(channel_pid2, Config), - TarFileName = ?config(tar_filename, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), Bin = <<"A binary">>, ok = erl_tar:add(Handle, Bin, "b1", [verbose]), @@ -796,15 +796,15 @@ binaries_to_tar(Config) -> %%-------------------------------------------------------------------- null_crypto_tar(Config) -> - ChPid2 = ?config(channel_pid2, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), Cinit = fun() -> {ok, no_state, _SendSize=5} end, Cenc = fun(Bin,CState) -> {ok,Bin,CState,_SendSize=5} end, Cend = fun(Bin,_CState) -> {ok,Bin} end, C = {Cinit,Cenc,Cend}, - TarFileName = ?config(tar_filename, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write,{crypto,C}]), Bin = <<"A binary">>, - F1 = ?config(tar_F1_txt, Config), + F1 = proplists:get_value(tar_F1_txt, Config), ok = erl_tar:add(Handle, Bin, "b1", [verbose]), ok = erl_tar:add(Handle, fn(F1,Config), F1, [verbose,{chunks,2}]), ok = erl_tar:add(Handle, fn("big.txt",Config), "big.txt", [verbose,{chunks,15000}]), @@ -813,16 +813,16 @@ null_crypto_tar(Config) -> %%-------------------------------------------------------------------- simple_crypto_tar_small(Config) -> - ChPid2 = ?config(channel_pid2, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), Cinit = fun() -> {ok, no_state, _Size=6} end, Cenc = fun(Bin,CState) -> {ok,stuff(Bin),CState,_SendSize=5} end, Cdec = fun(Bin,CState) -> {ok,unstuff(Bin),CState,_Size=4} end, Cend = fun(Bin,_CState) -> {ok,stuff(Bin)} end, C = {Cinit,Cenc,Cend}, - TarFileName = ?config(tar_filename, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write,{crypto,C}]), Bin = <<"A binary">>, - F1 = ?config(tar_F1_txt, Config), + F1 = proplists:get_value(tar_F1_txt, Config), ok = erl_tar:add(Handle, Bin, "b1", [verbose]), ok = erl_tar:add(Handle, fn(F1,Config), F1, [verbose,{chunks,2}]), ok = erl_tar:close(Handle), @@ -830,16 +830,16 @@ simple_crypto_tar_small(Config) -> %%-------------------------------------------------------------------- simple_crypto_tar_big(Config) -> - ChPid2 = ?config(channel_pid2, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), Cinit = fun() -> {ok, no_state, _SendSize=6} end, Cenc = fun(Bin,CState) -> {ok,stuff(Bin),CState,_SendSize=5} end, Cdec = fun(Bin,CState) -> {ok,unstuff(Bin),CState,_SendSize=4} end, Cend = fun(Bin,_CState) -> {ok,stuff(Bin)} end, C = {Cinit,Cenc,Cend}, - TarFileName = ?config(tar_filename, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,Handle} = ssh_sftp:open_tar(ChPid2, TarFileName, [write,{crypto,C}]), Bin = <<"A binary">>, - F1 = ?config(tar_F1_txt, Config), + F1 = proplists:get_value(tar_F1_txt, Config), ok = erl_tar:add(Handle, Bin, "b1", [verbose]), ok = erl_tar:add(Handle, fn(F1,Config), F1, [verbose,{chunks,2}]), ok = erl_tar:add(Handle, fn("big.txt",Config), "big.txt", [verbose,{chunks,15000}]), @@ -852,12 +852,12 @@ unstuff(Bin) -> << <> || <> <= Bin >>. %%-------------------------------------------------------------------- read_tar(Config) -> - ChPid2 = ?config(channel_pid2, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), NameBins = lists:sort( [{"b1",<<"A binary">>}, {"b2",list_to_binary(lists:duplicate(750000,"a"))} ]), - TarFileName = ?config(tar_filename, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, TarFileName, [write]), [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) || {Name,Bin} <- NameBins], @@ -867,7 +867,7 @@ read_tar(Config) -> %%-------------------------------------------------------------------- read_null_crypto_tar(Config) -> - ChPid2 = ?config(channel_pid2, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), NameBins = lists:sort( [{"b1",<<"A binary">>}, {"b2",list_to_binary(lists:duplicate(750000,"a"))} @@ -880,7 +880,7 @@ read_null_crypto_tar(Config) -> Cw = {Cinitw,Cenc,Cendw}, Cr = {Cinitr,Cdec}, - TarFileName = ?config(tar_filename, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, TarFileName, [write,{crypto,Cw}]), [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) || {Name,Bin} <- NameBins], @@ -890,7 +890,7 @@ read_null_crypto_tar(Config) -> %%-------------------------------------------------------------------- read_crypto_tar(Config) -> - ChPid2 = ?config(channel_pid2, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), NameBins = lists:sort( [{"b1",<<"A binary">>}, {"b2",list_to_binary(lists:duplicate(750000,"a"))} @@ -904,7 +904,7 @@ read_crypto_tar(Config) -> Cw = {Cinitw,Cenc,Cendw}, Cr = {Cinitr,Cdec}, - TarFileName = ?config(tar_filename, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, TarFileName, [write,{crypto,Cw}]), [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) || {Name,Bin} <- NameBins], @@ -914,7 +914,7 @@ read_crypto_tar(Config) -> %%-------------------------------------------------------------------- aes_cbc256_crypto_tar(Config) -> - ChPid2 = ?config(channel_pid2, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), NameBins = lists:sort( [{"b1",<<"A binary">>}, {"b2",list_to_binary(lists:duplicate(750000,"a"))}, @@ -944,7 +944,7 @@ aes_cbc256_crypto_tar(Config) -> end, Cw = {Cinitw,Cenc,Cendw}, - TarFileName = ?config(tar_filename, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, TarFileName, [write,{crypto,Cw}]), [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) || {Name,Bin} <- NameBins], ok = erl_tar:close(HandleWrite), @@ -959,7 +959,7 @@ pad(BlockSize, Bin) -> %%-------------------------------------------------------------------- aes_ctr_stream_crypto_tar(Config) -> - ChPid2 = ?config(channel_pid2, Config), + ChPid2 = proplists:get_value(channel_pid2, Config), NameBins = lists:sort( [{"b1",<<"A binary">>}, {"b2",list_to_binary(lists:duplicate(750000,"a"))}, @@ -987,7 +987,7 @@ aes_ctr_stream_crypto_tar(Config) -> end, Cw = {Cinitw,Cenc,Cendw}, - TarFileName = ?config(tar_filename, Config), + TarFileName = proplists:get_value(tar_filename, Config), {ok,HandleWrite} = ssh_sftp:open_tar(ChPid2, TarFileName, [write,{crypto,Cw}]), [ok = erl_tar:add(HandleWrite, Bin, Name, [verbose]) || {Name,Bin} <- NameBins], ok = erl_tar:close(HandleWrite), @@ -999,11 +999,11 @@ aes_ctr_stream_crypto_tar(Config) -> %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- oldprep(Config) -> - DataDir = ?config(data_dir, Config), - TestFile = ?config(filename, Config), - TestFile1 = ?config(testfile, Config), - TestLink = ?config(linktest, Config), - TarFileName = ?config(tar_filename, Config), + DataDir = proplists:get_value(data_dir, Config), + TestFile = proplists:get_value(filename, Config), + TestFile1 = proplists:get_value(testfile, Config), + TestLink = proplists:get_value(linktest, Config), + TarFileName = proplists:get_value(tar_filename, Config), file:delete(TestFile), file:delete(TestFile1), @@ -1052,12 +1052,12 @@ chk_tar(Items, Config) -> chk_tar(Items, Config, []). chk_tar(Items, Config, Opts) -> - TarFileName = ?config(tar_filename, Config), + TarFileName = proplists:get_value(tar_filename, Config), chk_tar(Items, TarFileName, Config, Opts). chk_tar(Items, TarFileName, Config, Opts) when is_list(Opts) -> tar_size(TarFileName, Config), - {ChPid,_} = ?config(sftp,Config), + {ChPid,_} = proplists:get_value(sftp,Config), {ok,HandleRead} = ssh_sftp:open_tar(ChPid, TarFileName, [read|Opts]), {ok,NameValueList} = erl_tar:extract(HandleRead,[memory,verbose]), ok = erl_tar:close(HandleRead), @@ -1099,7 +1099,7 @@ analyze_report([], []) -> "". tar_size(TarFileName, Config) -> - {ChPid,_} = ?config(sftp,Config), + {ChPid,_} = proplists:get_value(sftp,Config), {ok,Data} = ssh_sftp:read_file(ChPid, TarFileName), io:format('Tar file ~p is~n ~p bytes.~n',[TarFileName, size(Data)]). @@ -1126,7 +1126,7 @@ read_item_contents(ItemName, FileName) -> end. fn(Name, Config) -> - Dir = ?config(datadir_tar, Config), + Dir = proplists:get_value(datadir_tar, Config), filename:join(Dir,Name). fmt_host({A,B,C,D}) -> lists:concat([A,".",B,".",C,".",D]); diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl index 9385bd127d..4a69fd36b3 100644 --- a/lib/ssh/test/ssh_sftpd_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_SUITE.erl @@ -72,19 +72,19 @@ groups() -> %%-------------------------------------------------------------------- init_per_suite(Config) -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_dsa(DataDir, PrivDir), %% to make sure we don't use public-key-auth %% this should be tested by other test suites - UserDir = filename:join(?config(priv_dir, Config), nopubkey), + UserDir = filename:join(proplists:get_value(priv_dir, Config), nopubkey), file:make_dir(UserDir), Config. end_per_suite(Config) -> - SysDir = ?config(priv_dir, Config), + SysDir = proplists:get_value(priv_dir, Config), ssh_test_lib:clean_dsa(SysDir), - UserDir = filename:join(?config(priv_dir, Config), nopubkey), + UserDir = filename:join(proplists:get_value(priv_dir, Config), nopubkey), file:del_dir(UserDir), ssh:stop(). @@ -101,9 +101,9 @@ end_per_group(_GroupName, Config) -> init_per_testcase(TestCase, Config) -> ssh:start(), prep(Config), - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), ClientUserDir = filename:join(PrivDir, nopubkey), - SystemDir = filename:join(?config(priv_dir, Config), system), + SystemDir = filename:join(proplists:get_value(priv_dir, Config), system), Options = [{system_dir, SystemDir}, {user_dir, PrivDir}, @@ -154,8 +154,8 @@ init_per_testcase(TestCase, Config) -> [{sftp, {Cm, Channel}}, {sftpd, Sftpd }| Config]. end_per_testcase(_TestCase, Config) -> - ssh_sftpd:stop(?config(sftpd, Config)), - {Cm, Channel} = ?config(sftp, Config), + ssh_sftpd:stop(proplists:get_value(sftpd, Config)), + {Cm, Channel} = proplists:get_value(sftp, Config), ssh_connection:close(Cm, Channel), ssh:close(Cm), ssh:stop(). @@ -166,9 +166,9 @@ end_per_testcase(_TestCase, Config) -> open_close_file() -> [{doc, "Test SSH_FXP_OPEN and SSH_FXP_CLOSE commands"}]. open_close_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), FileName = filename:join(PrivDir, "test.txt"), - {Cm, Channel} = ?config(sftp, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), ReqId = 0, {ok, <>, _} = @@ -196,9 +196,9 @@ open_close_file(Config) when is_list(Config) -> ver3_open_flags() -> [{doc, "Test open flags"}]. ver3_open_flags(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), FileName = filename:join(PrivDir, "not_exist.txt"), - {Cm, Channel} = ?config(sftp, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), ReqId = 0, {ok, <>, _} = @@ -230,8 +230,8 @@ ver3_open_flags(Config) when is_list(Config) -> open_close_dir() -> [{doc,"Test SSH_FXP_OPENDIR and SSH_FXP_CLOSE commands"}]. open_close_dir(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - {Cm, Channel} = ?config(sftp, Config), + PrivDir = proplists:get_value(priv_dir, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), FileName = filename:join(PrivDir, "test.txt"), ReqId = 0, @@ -257,11 +257,11 @@ open_close_dir(Config) when is_list(Config) -> read_file() -> [{doc, "Test SSH_FXP_READ command"}]. read_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), FileName = filename:join(PrivDir, "test.txt"), ReqId = 0, - {Cm, Channel} = ?config(sftp, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), {ok, <>, _} = open_file(FileName, Cm, Channel, ReqId, @@ -280,8 +280,8 @@ read_file(Config) when is_list(Config) -> read_dir() -> [{doc,"Test SSH_FXP_READDIR command"}]. read_dir(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - {Cm, Channel} = ?config(sftp, Config), + PrivDir = proplists:get_value(priv_dir, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), ReqId = 0, {ok, <>, _} = open_dir(PrivDir, Cm, Channel, ReqId), @@ -291,11 +291,11 @@ read_dir(Config) when is_list(Config) -> write_file() -> [{doc, "Test SSH_FXP_WRITE command"}]. write_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), FileName = filename:join(PrivDir, "test.txt"), ReqId = 0, - {Cm, Channel} = ?config(sftp, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), {ok, <>, _} = open_file(FileName, Cm, Channel, ReqId, @@ -315,10 +315,10 @@ write_file(Config) when is_list(Config) -> remove_file() -> [{doc, "Test SSH_FXP_REMOVE command"}]. remove_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), FileName = filename:join(PrivDir, "test.txt"), ReqId = 0, - {Cm, Channel} = ?config(sftp, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), {ok, <>, _} = @@ -336,11 +336,11 @@ remove_file(Config) when is_list(Config) -> rename_file() -> [{doc, "Test SSH_FXP_RENAME command"}]. rename_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), FileName = filename:join(PrivDir, "test.txt"), NewFileName = filename:join(PrivDir, "test1.txt"), ReqId = 0, - {Cm, Channel} = ?config(sftp, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), {ok, <>, _} = @@ -373,8 +373,8 @@ rename_file(Config) when is_list(Config) -> mk_rm_dir() -> [{doc, "Test SSH_FXP_MKDIR and SSH_FXP_RMDIR command"}]. mk_rm_dir(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), - {Cm, Channel} = ?config(sftp, Config), + PrivDir = proplists:get_value(priv_dir, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), DirName = filename:join(PrivDir, "test"), ReqId = 0, {ok, < {skip, "Not a relevant test on windows"}; _ -> ReqId = 0, - {Cm, Channel} = ?config(sftp, Config), - PrivDir = ?config(priv_dir, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), + PrivDir = proplists:get_value(priv_dir, Config), TestDir = filename:join(PrivDir, "ssh_test"), ok = file:make_dir(TestDir), @@ -427,8 +427,8 @@ links(Config) when is_list(Config) -> {skip, "Links are not fully supported by windows"}; _ -> ReqId = 0, - {Cm, Channel} = ?config(sftp, Config), - PrivDir = ?config(priv_dir, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), + PrivDir = proplists:get_value(priv_dir, Config), FileName = filename:join(PrivDir, "test.txt"), LinkFileName = filename:join(PrivDir, "link_test.txt"), @@ -451,10 +451,10 @@ links(Config) when is_list(Config) -> retrieve_attributes() -> [{"Test SSH_FXP_STAT, SSH_FXP_LSTAT AND SSH_FXP_FSTAT commands"}]. retrieve_attributes(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), FileName = filename:join(PrivDir, "test.txt"), ReqId = 0, - {Cm, Channel} = ?config(sftp, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), {ok, FileInfo} = file:read_file_info(FileName), @@ -520,10 +520,10 @@ set_attributes(Config) when is_list(Config) -> {win32, _} -> {skip, "Known error bug in erts file:read_file_info"}; _ -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), FileName = filename:join(PrivDir, "test.txt"), ReqId = 0, - {Cm, Channel} = ?config(sftp, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), {ok, FileInfo} = file:read_file_info(FileName), @@ -574,11 +574,11 @@ set_attributes(Config) when is_list(Config) -> ver3_rename() -> [{doc, "Test that ver3 rename message is handled OTP 6352"}]. ver3_rename(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), FileName = filename:join(PrivDir, "test.txt"), NewFileName = filename:join(PrivDir, "test1.txt"), ReqId = 0, - {Cm, Channel} = ?config(sftp, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), {ok, <>, _} = @@ -589,7 +589,7 @@ relpath() -> [{doc, "Check that realpath works ok seq10670"}]. relpath(Config) when is_list(Config) -> ReqId = 0, - {Cm, Channel} = ?config(sftp, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), case os:type() of {win32, _} -> @@ -611,11 +611,11 @@ relpath(Config) when is_list(Config) -> sshd_read_file() -> [{doc,"Test SSH_FXP_READ command, using sshd-server"}]. sshd_read_file(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), FileName = filename:join(PrivDir, "test.txt"), ReqId = 0, - {Cm, Channel} = ?config(sftp, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), {ok, <>, _} = open_file(FileName, Cm, Channel, ReqId, @@ -633,9 +633,9 @@ sshd_read_file(Config) when is_list(Config) -> ver6_basic() -> [{doc, "Test SFTP Version 6"}]. ver6_basic(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), %FileName = filename:join(PrivDir, "test.txt"), - {Cm, Channel} = ?config(sftp, Config), + {Cm, Channel} = proplists:get_value(sftp, Config), ReqId = 0, {ok, <>, _} = @@ -646,7 +646,7 @@ ver6_basic(Config) when is_list(Config) -> %% Internal functions ------------------------------------------------ %%-------------------------------------------------------------------- prep(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), TestFile = filename:join(PrivDir, "test.txt"), TestFile1 = filename:join(PrivDir, "test1.txt"), @@ -654,7 +654,7 @@ prep(Config) -> file:delete(TestFile1), %% Initial config - DataDir = ?config(data_dir, Config), + DataDir = proplists:get_value(data_dir, Config), FileName = filename:join(DataDir, "test.txt"), file:copy(FileName, TestFile), Mode = 8#00400 bor 8#00200 bor 8#00040, % read & write owner, read group diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl index 355ce6a8f5..75b5090c2b 100644 --- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl @@ -54,8 +54,8 @@ groups() -> init_per_suite(Config) -> catch ssh:stop(), - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), FileAlt = filename:join(DataDir, "ssh_sftpd_file_alt.erl"), c:c(FileAlt), FileName = filename:join(DataDir, "test.txt"), @@ -66,9 +66,9 @@ init_per_suite(Config) -> Config. end_per_suite(Config) -> - UserDir = filename:join(?config(priv_dir, Config), nopubkey), + UserDir = filename:join(proplists:get_value(priv_dir, Config), nopubkey), file:del_dir(UserDir), - SysDir = ?config(priv_dir, Config), + SysDir = proplists:get_value(priv_dir, Config), ssh_test_lib:clean_dsa(SysDir), ok. @@ -83,7 +83,7 @@ end_per_group(_GroupName, Config) -> init_per_testcase(TestCase, Config) -> ssh:start(), - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), SystemDir = filename:join(PrivDir, system), Options = @@ -96,7 +96,7 @@ init_per_testcase(TestCase, Config) -> {user_dir, PrivDir}, {subsystems, [Spec]}]; "root_dir" -> - Privdir = ?config(priv_dir, Config), + Privdir = proplists:get_value(priv_dir, Config), Root = filename:join(Privdir, root), file:make_dir(Root), Spec = ssh_sftpd:subsystem_spec([{root,Root}]), @@ -132,8 +132,8 @@ init_per_testcase(TestCase, Config) -> [{port, Port}, {sftp, {ChannelPid, Connection}}, {sftpd, Sftpd} | NewConfig]. end_per_testcase(_TestCase, Config) -> - catch ssh_sftpd:stop(?config(sftpd, Config)), - {Sftp, Connection} = ?config(sftp, Config), + catch ssh_sftpd:stop(proplists:get_value(sftpd, Config)), + {Sftp, Connection} = proplists:get_value(sftp, Config), catch ssh_sftp:stop_channel(Sftp), catch ssh:close(Connection), ssh:stop(). @@ -146,10 +146,10 @@ close_file() -> "transfer OTP-6350"}]. close_file(Config) when is_list(Config) -> - DataDir = ?config(data_dir, Config), + DataDir = proplists:get_value(data_dir, Config), FileName = filename:join(DataDir, "test.txt"), - {Sftp, _} = ?config(sftp, Config), + {Sftp, _} = proplists:get_value(sftp, Config), NumOfPorts = length(erlang:ports()), @@ -167,12 +167,12 @@ quit() -> "client hanging. OTP-6349"}]. quit(Config) when is_list(Config) -> - DataDir = ?config(data_dir, Config), + DataDir = proplists:get_value(data_dir, Config), FileName = filename:join(DataDir, "test.txt"), - UserDir = ?config(priv_dir, Config), - Port = ?config(port, Config), + UserDir = proplists:get_value(priv_dir, Config), + Port = proplists:get_value(port, Config), - {Sftp, _} = ?config(sftp, Config), + {Sftp, _} = proplists:get_value(sftp, Config), {ok, <<_/binary>>} = ssh_sftp:read_file(Sftp, FileName), @@ -198,13 +198,13 @@ file_cb() -> " the sftpds filehandling. OTP-6356"}]. file_cb(Config) when is_list(Config) -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), FileName = filename:join(DataDir, "test.txt"), register(sftpd_file_alt_tester, self()), - {Sftp, _} = ?config(sftp, Config), + {Sftp, _} = proplists:get_value(sftp, Config), {ok, Bin} = ssh_sftp:read_file(Sftp, FileName), alt_file_handler_check(alt_open), @@ -242,7 +242,7 @@ file_cb(Config) when is_list(Config) -> %%-------------------------------------------------------------------- root_dir(Config) when is_list(Config) -> - {Sftp, _} = ?config(sftp, Config), + {Sftp, _} = proplists:get_value(sftp, Config), FileName = "test.txt", Bin = <<"Test file for root dir option">>, ok = ssh_sftp:write_file(Sftp, FileName, Bin), @@ -253,7 +253,7 @@ root_dir(Config) when is_list(Config) -> %%-------------------------------------------------------------------- list_dir_limited(Config) when is_list(Config) -> - {Sftp, _} = ?config(sftp, Config), + {Sftp, _} = proplists:get_value(sftp, Config), {ok, Listing} = ssh_sftp:list_dir(Sftp, "."), ct:log("Listing: ~p~n", [Listing]). @@ -262,9 +262,9 @@ list_dir_limited(Config) when is_list(Config) -> ver6_basic() -> [{doc, "Test some version 6 features"}]. ver6_basic(Config) when is_list(Config) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), NewDir = filename:join(PrivDir, "testdir2"), - {Sftp, _} = ?config(sftp, Config), + {Sftp, _} = proplists:get_value(sftp, Config), ok = ssh_sftp:make_dir(Sftp, NewDir), %%Test file_is_a_directory {error, file_is_a_directory} = ssh_sftp:delete(Sftp, NewDir). diff --git a/lib/ssh/test/ssh_sup_SUITE.erl b/lib/ssh/test/ssh_sup_SUITE.erl index f8929b30ff..574564f6e9 100644 --- a/lib/ssh/test/ssh_sup_SUITE.erl +++ b/lib/ssh/test/ssh_sup_SUITE.erl @@ -54,7 +54,7 @@ end_per_group(_GroupName, Config) -> init_per_suite(Config) -> Port = ssh_test_lib:inet_port(node()), - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), [{userdir, UserDir},{port, Port}, {host, "localhost"}, {host_ip, any} | Config]. @@ -64,7 +64,7 @@ end_per_suite(_) -> init_per_testcase(sshc_subtree, Config) -> ssh:start(), - SystemDir = ?config(data_dir, Config), + SystemDir = proplists:get_value(data_dir, Config), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {failfun, fun ssh_test_lib:failfun/2}, {user_passwords, @@ -75,7 +75,7 @@ init_per_testcase(Case, Config) -> ssh:start(), Config. end_per_testcase(sshc_subtree, Config) -> - {Pid,_,_} = ?config(server, Config), + {Pid,_,_} = proplists:get_value(server, Config), ssh:stop_daemon(Pid), ssh:stop(); end_per_testcase(_, _Config) -> @@ -100,8 +100,8 @@ default_tree(Config) when is_list(Config) -> sshc_subtree() -> [{doc, "Make sure the sshc subtree is correct"}]. sshc_subtree(Config) when is_list(Config) -> - {_Pid, Host, Port} = ?config(server, Config), - UserDir = ?config(userdir, Config), + {_Pid, Host, Port} = proplists:get_value(server, Config), + UserDir = proplists:get_value(userdir, Config), ?wait_match([], supervisor:which_children(sshc_sup)), @@ -128,9 +128,9 @@ sshc_subtree(Config) when is_list(Config) -> sshd_subtree() -> [{doc, "Make sure the sshd subtree is correct"}]. sshd_subtree(Config) when is_list(Config) -> - HostIP = ?config(host_ip, Config), - Port = ?config(port, Config), - SystemDir = ?config(data_dir, Config), + HostIP = proplists:get_value(host_ip, Config), + Port = proplists:get_value(port, Config), + SystemDir = proplists:get_value(data_dir, Config), ssh:daemon(HostIP, Port, [{system_dir, SystemDir}, {failfun, fun ssh_test_lib:failfun/2}, {user_passwords, @@ -149,10 +149,10 @@ sshd_subtree(Config) when is_list(Config) -> sshd_subtree_profile() -> [{doc, "Make sure the sshd subtree using profile option is correct"}]. sshd_subtree_profile(Config) when is_list(Config) -> - HostIP = ?config(host_ip, Config), - Port = ?config(port, Config), - Profile = ?config(profile, Config), - SystemDir = ?config(data_dir, Config), + HostIP = proplists:get_value(host_ip, Config), + Port = proplists:get_value(port, Config), + Profile = proplists:get_value(profile, Config), + SystemDir = proplists:get_value(data_dir, Config), {ok, _} = ssh:daemon(HostIP, Port, [{system_dir, SystemDir}, {failfun, fun ssh_test_lib:failfun/2}, @@ -171,9 +171,9 @@ sshd_subtree_profile(Config) when is_list(Config) -> check_sshd_system_tree(Daemon, Config) -> - Host = ?config(host, Config), - Port = ?config(port, Config), - UserDir = ?config(userdir, Config), + Host = proplists:get_value(host, Config), + Port = proplists:get_value(port, Config), + UserDir = proplists:get_value(userdir, Config), {ok, Client} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, {user_interaction, false}, {user, ?USER}, {password, ?PASSWD},{user_dir, UserDir}]), diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl index a1291146e4..6233680dce 100644 --- a/lib/ssh/test/ssh_test_lib.erl +++ b/lib/ssh/test/ssh_test_lib.erl @@ -71,7 +71,7 @@ daemon_port(Port, _) -> Port. std_daemon(Config, ExtraOpts) -> - PrivDir = ?config(priv_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), std_daemon1(Config, @@ -80,13 +80,13 @@ std_daemon(Config, ExtraOpts) -> {user_passwords, [{"usr1","pwd1"}]}]). std_daemon1(Config, ExtraOpts) -> - SystemDir = ?config(data_dir, Config), + SystemDir = proplists:get_value(data_dir, Config), {_Server, _Host, _Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {failfun, fun ssh_test_lib:failfun/2} | ExtraOpts]). std_connect(Config, Host, Port, ExtraOpts) -> - UserDir = ?config(priv_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), _ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, {user_dir, UserDir}, @@ -99,7 +99,7 @@ std_simple_sftp(Host, Port, Config) -> std_simple_sftp(Host, Port, Config, []). std_simple_sftp(Host, Port, Config, Opts) -> - UserDir = ?config(priv_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), DataFile = filename:join(UserDir, "test.data"), ConnectionRef = ssh_test_lib:std_connect(Config, Host, Port, Opts), {ok, ChannelRef} = ssh_sftp:start_channel(ConnectionRef), diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index 2be75fd7f3..f96a2cc62b 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -73,8 +73,8 @@ end_per_suite(_Config) -> ok. init_per_group(erlang_server, Config) -> - DataDir = ?config(data_dir, Config), - UserDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), ssh_test_lib:setup_dsa_known_host(DataDir, UserDir), ssh_test_lib:setup_rsa_known_host(DataDir, UserDir), Config; @@ -87,7 +87,7 @@ init_per_group(_, Config) -> Config. end_per_group(erlang_server, Config) -> - UserDir = ?config(priv_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), ssh_test_lib:clean_dsa(UserDir), ssh_test_lib:clean_rsa(UserDir), Config; @@ -222,7 +222,7 @@ erlang_client_openssh_server_kexs() -> [{doc, "Test that we can connect with different KEXs."}]. erlang_client_openssh_server_kexs(Config) when is_list(Config) -> - KexAlgos = try proplists:get_value(kex, ?config(common_algs,Config)) + KexAlgos = try proplists:get_value(kex, proplists:get_value(common_algs,Config)) catch _:_ -> [] end, comment(KexAlgos), @@ -366,8 +366,8 @@ erlang_server_openssh_client_public_key_rsa(Config) when is_list(Config) -> erlang_server_openssh_client_public_key_X(Config, PubKeyAlg) -> - SystemDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + SystemDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), KnownHosts = filename:join(PrivDir, "known_hosts"), {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SystemDir}, {public_key_alg, PubKeyAlg}, @@ -387,7 +387,7 @@ erlang_client_openssh_server_password() -> [{doc, "Test client password option"}]. erlang_client_openssh_server_password(Config) when is_list(Config) -> %% to make sure we don't public-key-auth - UserDir = ?config(data_dir, Config), + UserDir = proplists:get_value(data_dir, Config), {error, Reason0} = ssh:connect(any, ?SSH_DEFAULT_PORT, [{silently_accept_hosts, true}, {user, "foo"}, diff --git a/lib/ssh/test/ssh_upgrade_SUITE.erl b/lib/ssh/test/ssh_upgrade_SUITE.erl index 06bef2455e..9d9b2b78fb 100644 --- a/lib/ssh/test/ssh_upgrade_SUITE.erl +++ b/lib/ssh/test/ssh_upgrade_SUITE.erl @@ -59,7 +59,7 @@ init_per_suite(Config0) -> end_per_suite(Config) -> ct_release_test:cleanup(Config), ssh:stop(), - UserDir = ?config(priv_dir, Config), + UserDir = proplists:get_value(priv_dir, Config), ssh_test_lib:clean_rsa(UserDir). init_per_testcase(_TestCase, Config) -> @@ -138,8 +138,8 @@ test_soft(State0, FileName) -> setup_server_client(#state{config=Config} = State) -> - DataDir = ?config(data_dir, Config), - PrivDir = ?config(priv_dir, Config), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), FtpRootDir = filename:join(PrivDir, "ftp_root"), catch file:make_dir(FtpRootDir), -- cgit v1.2.3 From aafe345aee998d55af320b2c9ae81a350a2d08dd Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 27 May 2016 15:55:03 +0200 Subject: ssh: Added timetrap to ssh_benchmark_SUITE --- lib/ssh/test/ssh_benchmark_SUITE.erl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_benchmark_SUITE.erl b/lib/ssh/test/ssh_benchmark_SUITE.erl index 0e925ee19b..c2bfc48449 100644 --- a/lib/ssh/test/ssh_benchmark_SUITE.erl +++ b/lib/ssh/test/ssh_benchmark_SUITE.erl @@ -29,7 +29,9 @@ -include_lib("ssh/src/ssh_userauth.hrl"). -suite() -> [{ct_hooks,[{ts_install_cth,[{nodenames,2}]}]}]. +suite() -> [{ct_hooks,[{ts_install_cth,[{nodenames,2}]}]}, + {timetrap,{minutes,3}} + ]. %%suite() -> [{ct_hooks,[ts_install_cth]}]. all() -> [{group, opensshc_erld} -- cgit v1.2.3 From d7d109ca8ab68d7a62772305d543123233d4eea4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 1 Jun 2016 16:43:29 +0200 Subject: ssh: update connect doc --- lib/ssh/doc/src/ssh.xml | 13 ++++++++----- lib/ssh/doc/src/ssh_sftp.xml | 11 ++++++----- 2 files changed, 14 insertions(+), 10 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index bd330e479f..501ca36b09 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -124,10 +124,10 @@ - connect(TcpSocket, Options) -> - connect(TcpSocket, Options, Timeout) -> connect(Host, Port, Options) -> - connect(Host, Port, Options, Timeout) -> + connect(Host, Port, Options, Timeout) -> + connect(TcpSocket, Options) -> + connect(TcpSocket, Options, Timeout) -> {ok, ssh_connection_ref()} | {error, Reason} Connects to an SSH server. @@ -140,7 +140,7 @@ Negotiation time-out in milli-seconds. The default value is infinity. For connection time-out, use option {connect_timeout, timeout()}. TcpSocket = port() - The socket is supposed to be from gen_tcp:connect with option {active,false} + The socket is supposed to be from gen_tcp:connect or gen_tcp:accept with option {active,false}

Connects to an SSH server. No channel is started. This is done @@ -722,12 +722,15 @@ shell(Host) -> shell(Host, Option) -> - shell(Host, Port, Option) -> _ + shell(Host, Port, Option) -> + shell(TcpSocket) -> _ Starts an interactive shell over an SSH server. Host = string() Port = integer() Options - see ssh:connect/3 + TcpSocket = port() + The socket is supposed to be from gen_tcp:connect or gen_tcp:accept with option {active,false}

Starts an interactive shell over an SSH server on the diff --git a/lib/ssh/doc/src/ssh_sftp.xml b/lib/ssh/doc/src/ssh_sftp.xml index 67531b7d99..eb6f43d417 100644 --- a/lib/ssh/doc/src/ssh_sftp.xml +++ b/lib/ssh/doc/src/ssh_sftp.xml @@ -526,10 +526,6 @@ - start_channel(TcpSocket) -> - start_channel(TcpSocket, Options) -> - {ok, Pid, ConnectionRef} | {error, reason()|term()} - start_channel(ConnectionRef) -> start_channel(ConnectionRef, Options) -> {ok, Pid} | {error, reason()|term()} @@ -537,13 +533,18 @@ start_channel(Host, Options) -> start_channel(Host, Port, Options) -> {ok, Pid, ConnectionRef} | {error, reason()|term()} + + start_channel(TcpSocket) -> + start_channel(TcpSocket, Options) -> + {ok, Pid, ConnectionRef} | {error, reason()|term()} + Starts an SFTP client. Host = string() ConnectionRef = ssh_connection_ref() Port = integer() TcpSocket = port() - The socket is supposed to be from gen_tcp:connect with option {active,false} + The socket is supposed to be from gen_tcp:connect or gen_tcp:accept with option {active,false} Options = [{Option, Value}] -- cgit v1.2.3 From 3b769cfe66b81467d756fe670fe25e2fd984fdba Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 1 Jun 2016 16:09:35 +0200 Subject: ssh: daemon taking open socket as input --- lib/ssh/doc/src/ssh.xml | 7 ++- lib/ssh/src/ssh.erl | 134 ++++++++++++++++++++++++++++++----------- lib/ssh/src/ssh_acceptor.erl | 3 +- lib/ssh/src/ssh_system_sup.erl | 5 +- 4 files changed, 110 insertions(+), 39 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 501ca36b09..e6c54d27bf 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -351,8 +351,9 @@ daemon(Port) -> daemon(Port, Options) -> - daemon(HostAddress, Port, Options) -> {ok, - ssh_daemon_ref()} | {error, atom()} + daemon(HostAddress, Port, Options) -> + daemon(TcpSocket) -> + daemon(TcpSocket, Options) -> {ok, ssh_daemon_ref()} | {error, atom()} Starts a server listening for SSH connections on the given port. @@ -361,6 +362,8 @@ Options = [{Option, Value}] Option = atom() Value = term() + TcpSocket = port() + The socket is supposed to be from gen_tcp:connect or gen_tcp:accept with option {active,false}

Starts a server listening for SSH connections on the given diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 50dfe55798..fa2354a3df 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -160,7 +160,7 @@ channel_info(ConnectionRef, ChannelId, Options) -> %%-------------------------------------------------------------------- -spec daemon(integer()) -> {ok, pid()} | {error, term()}. --spec daemon(integer(), proplists:proplist()) -> {ok, pid()} | {error, term()}. +-spec daemon(integer()|port(), proplists:proplist()) -> {ok, pid()} | {error, term()}. -spec daemon(any | inet:ip_address(), integer(), proplists:proplist()) -> {ok, pid()} | {error, term()}. %% Description: Starts a server listening for SSH connections @@ -169,28 +169,16 @@ channel_info(ConnectionRef, ChannelId, Options) -> daemon(Port) -> daemon(Port, []). -daemon(Port, Options) -> - daemon(any, Port, Options). +daemon(Port, Options) when is_integer(Port) -> + daemon(any, Port, Options); + +daemon(Socket, Options0) when is_port(Socket) -> + Options = daemon_shell_opt(Options0), + start_daemon(Socket, Options). daemon(HostAddr, Port, Options0) -> - Options1 = case proplists:get_value(shell, Options0) of - undefined -> - [{shell, {shell, start, []}} | Options0]; - _ -> - Options0 - end, - - {Host, Inet, Options} = case HostAddr of - any -> - {ok, Host0} = inet:gethostname(), - {Host0, proplists:get_value(inet, Options1, inet), Options1}; - {_,_,_,_} -> - {HostAddr, inet, - [{ip, HostAddr} | Options1]}; - {_,_,_,_,_,_,_,_} -> - {HostAddr, inet6, - [{ip, HostAddr} | Options1]} - end, + Options1 = daemon_shell_opt(Options0), + {Host, Inet, Options} = daemon_host_inet_opt(HostAddr, Options1), start_daemon(Host, Port, Options, Inet). %%-------------------------------------------------------------------- @@ -284,19 +272,100 @@ default_algorithms() -> %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- +daemon_shell_opt(Options) -> + case proplists:get_value(shell, Options) of + undefined -> + [{shell, {shell, start, []}} | Options]; + _ -> + Options + end. + +daemon_host_inet_opt(HostAddr, Options1) -> + case HostAddr of + any -> + {ok, Host0} = inet:gethostname(), + {Host0, proplists:get_value(inet, Options1, inet), Options1}; + {_,_,_,_} -> + {HostAddr, inet, + [{ip, HostAddr} | Options1]}; + {_,_,_,_,_,_,_,_} -> + {HostAddr, inet6, + [{ip, HostAddr} | Options1]} + end. + + +start_daemon(Socket, Options) -> + case handle_options(Options) of + {error, _Reason} = Error -> + Error; + {SocketOptions, SshOptions}-> + try + do_start_daemon(Socket, [{role,server}|SshOptions], SocketOptions) + catch + throw:bad_fd -> {error,bad_fd}; + _C:_E -> {error,{cannot_start_daemon,_C,_E}} + end + end. + start_daemon(Host, Port, Options, Inet) -> case handle_options(Options) of {error, _Reason} = Error -> Error; {SocketOptions, SshOptions}-> try - do_start_daemon(Host, Port,[{role, server} |SshOptions] , [Inet | SocketOptions]) + do_start_daemon(Host, Port, [{role,server}|SshOptions] , [Inet|SocketOptions]) catch throw:bad_fd -> {error,bad_fd}; _C:_E -> {error,{cannot_start_daemon,_C,_E}} end end. +do_start_daemon(Socket, SshOptions, SocketOptions) -> + {ok, {IP,Port}} = + try {ok,_} = inet:sockname(Socket) + catch + _:_ -> throw(bad_socket) + end, + Host = fmt_host(IP), + Profile = proplists:get_value(profile, SshOptions, ?DEFAULT_PROFILE), + Opts = [{asocket, Socket}, + {asock_owner,self()}, + {address, Host}, + {port, Port}, + {role, server}, + {socket_opts, SocketOptions}, + {ssh_opts, SshOptions}], + {_, Callback, _} = proplists:get_value(transport, SshOptions, {tcp, gen_tcp, tcp_closed}), + case ssh_system_sup:system_supervisor(Host, Port, Profile) of + undefined -> + %% It would proably make more sense to call the + %% address option host but that is a too big change at the + %% monent. The name is a legacy name! + try sshd_sup:start_child(Opts) of + {error, {already_started, _}} -> + {error, eaddrinuse}; + Result = {ok,_} -> + ssh_acceptor:handle_connection(Callback, Host, Port, Opts, Socket), + Result; + Result = {error, _} -> + Result + catch + exit:{noproc, _} -> + {error, ssh_not_started} + end; + Sup -> + AccPid = ssh_system_sup:acceptor_supervisor(Sup), + case ssh_acceptor_sup:start_child(AccPid, Opts) of + {error, {already_started, _}} -> + {error, eaddrinuse}; + {ok, _} -> + ssh_acceptor:handle_connection(Callback, Host, Port, Opts, Socket), + {ok, Sup}; + Other -> + Other + end + end. + do_start_daemon(Host0, Port0, SshOptions, SocketOptions) -> {Host,Port1} = try @@ -312,7 +381,7 @@ do_start_daemon(Host0, Port0, SshOptions, SocketOptions) -> _:_ -> throw(bad_fd) end, Profile = proplists:get_value(profile, SshOptions, ?DEFAULT_PROFILE), - {Port, WaitRequestControl, Opts} = + {Port, WaitRequestControl, Opts0} = case Port1 of 0 -> %% Allocate the socket here to get the port number... {_, Callback, _} = @@ -326,17 +395,17 @@ do_start_daemon(Host0, Port0, SshOptions, SocketOptions) -> _ -> {Port1, false, []} end, + Opts = [{address, Host}, + {port, Port}, + {role, server}, + {socket_opts, SocketOptions}, + {ssh_opts, SshOptions} | Opts0], case ssh_system_sup:system_supervisor(Host, Port, Profile) of undefined -> %% It would proably make more sense to call the %% address option host but that is a too big change at the %% monent. The name is a legacy name! - try sshd_sup:start_child([{address, Host}, - {port, Port}, - {role, server}, - {socket_opts, SocketOptions}, - {ssh_opts, SshOptions} - | Opts]) of + try sshd_sup:start_child(Opts) of {error, {already_started, _}} -> {error, eaddrinuse}; Result = {ok,_} -> @@ -350,12 +419,7 @@ do_start_daemon(Host0, Port0, SshOptions, SocketOptions) -> end; Sup -> AccPid = ssh_system_sup:acceptor_supervisor(Sup), - case ssh_acceptor_sup:start_child(AccPid, [{address, Host}, - {port, Port}, - {role, server}, - {socket_opts, SocketOptions}, - {ssh_opts, SshOptions} - | Opts]) of + case ssh_acceptor_sup:start_child(AccPid, Opts) of {error, {already_started, _}} -> {error, eaddrinuse}; {ok, _} -> diff --git a/lib/ssh/src/ssh_acceptor.erl b/lib/ssh/src/ssh_acceptor.erl index 90fd951dcd..9f3e60bd62 100644 --- a/lib/ssh/src/ssh_acceptor.erl +++ b/lib/ssh/src/ssh_acceptor.erl @@ -27,7 +27,8 @@ %% Internal application API -export([start_link/5, number_of_connections/1, - callback_listen/3]). + callback_listen/3, + handle_connection/5]). %% spawn export -export([acceptor_init/6, acceptor_loop/6]). diff --git a/lib/ssh/src/ssh_system_sup.erl b/lib/ssh/src/ssh_system_sup.erl index 5035bc8f80..e97ac7b01a 100644 --- a/lib/ssh/src/ssh_system_sup.erl +++ b/lib/ssh/src/ssh_system_sup.erl @@ -131,7 +131,10 @@ init([ServerOpts]) -> RestartStrategy = one_for_one, MaxR = 0, MaxT = 3600, - Children = child_specs(ServerOpts), + Children = case proplists:get_value(asocket,ServerOpts) of + undefined -> child_specs(ServerOpts); + _ -> [] + end, {ok, {{RestartStrategy, MaxR, MaxT}, Children}}. %%%========================================================================= -- cgit v1.2.3 From 2f0d43a9da600a3835b9dbbb20eeaf43565363f6 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 1 Jun 2016 19:54:35 +0200 Subject: ssh: better validation --- lib/ssh/src/ssh.erl | 74 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 46 insertions(+), 28 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index fa2354a3df..65f1acc6a6 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -86,29 +86,19 @@ connect(Socket, Options) -> connect(Socket, Options, Timeout) when is_port(Socket) -> case handle_options(Options) of - {error, _Reason} = Error -> - Error; + {error, Error} -> + {error, Error}; {_SocketOptions, SshOptions} -> - case proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}) of - {tcp,_,_} -> - %% Is the socket a valid tcp socket? - case {{ok,[]} =/= inet:getopts(Socket, [delay_send]), - {ok,[{active,false}]} == inet:getopts(Socket, [active]) - } - of - {true, true} -> - {ok, {Host,_Port}} = inet:sockname(Socket), - Opts = [{user_pid,self()}, {host,fmt_host(Host)} | SshOptions], - ssh_connection_handler:start_connection(client, Socket, Opts, Timeout); - {true, false} -> - {error, not_passive_mode}; - _ -> - {error, not_tcp_socket} - end; - {L4,_,_} -> - {error, {unsupported,L4}} + case valid_socket_to_use(Socket, Options) of + ok -> + {ok, {Host,_Port}} = inet:sockname(Socket), + Opts = [{user_pid,self()}, {host,fmt_host(Host)} | SshOptions], + ssh_connection_handler:start_connection(client, Socket, Opts, Timeout); + {error,SockError} -> + {error,SockError} end end; + connect(Host, Port, Options) when is_integer(Port), Port>0 -> connect(Host, Port, Options, infinity). @@ -272,6 +262,29 @@ default_algorithms() -> %%-------------------------------------------------------------------- %%% Internal functions %%-------------------------------------------------------------------- +valid_socket_to_use(Socket, Options) -> + case proplists:get_value(transport, Options, {tcp, gen_tcp, tcp_closed}) of + {tcp,_,_} -> + %% Is this tcp-socket a valid socket? + case {is_tcp_socket(Socket), + {ok,[{active,false}]} == inet:getopts(Socket, [active]) + } + of + {true, true} -> + ok; + {true, false} -> + {error, not_passive_mode}; + _ -> + {error, not_tcp_socket} + end; + {L4,_,_} -> + {error, {unsupported,L4}} + end. + +is_tcp_socket(Socket) -> {ok,[]} =/= inet:getopts(Socket, [delay_send]). + + + daemon_shell_opt(Options) -> case proplists:get_value(shell, Options) of undefined -> @@ -296,14 +309,19 @@ daemon_host_inet_opt(HostAddr, Options1) -> start_daemon(Socket, Options) -> case handle_options(Options) of - {error, _Reason} = Error -> - Error; - {SocketOptions, SshOptions}-> - try - do_start_daemon(Socket, [{role,server}|SshOptions], SocketOptions) - catch - throw:bad_fd -> {error,bad_fd}; - _C:_E -> {error,{cannot_start_daemon,_C,_E}} + {error, Error} -> + {error, Error}; + {SocketOptions, SshOptions} -> + case valid_socket_to_use(Socket, Options) of + ok -> + try + do_start_daemon(Socket, [{role,server}|SshOptions], SocketOptions) + catch + throw:bad_fd -> {error,bad_fd}; + _C:_E -> {error,{cannot_start_daemon,_C,_E}} + end; + {error,SockError} -> + {error,SockError} end end. -- cgit v1.2.3 From 875782025e19047bc8c25da8ed1c121a33521d71 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 1 Jun 2016 19:55:08 +0200 Subject: ssh: test cases on daemon using open socket --- lib/ssh/test/ssh_connection_SUITE.erl | 65 ++++++++++++++++++++++++++++++++--- 1 file changed, 60 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index c9a321fbbd..105cd6def5 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -48,6 +48,9 @@ all() -> start_shell_exec, start_shell_exec_fun, start_shell_sock_exec_fun, + start_shell_sock_daemon_exec, + connect_sock_not_tcp, + daemon_sock_not_tcp, gracefull_invalid_version, gracefull_invalid_start, gracefull_invalid_long_start, @@ -57,13 +60,11 @@ all() -> max_channels_option ]. groups() -> - [{openssh, [], payload() ++ ptty()}]. + [{openssh, [], payload() ++ ptty() ++ sock()}]. payload() -> [simple_exec, simple_exec_sock, - connect_sock_not_tcp, - connect_sock_not_passive, small_cat, big_cat, send_after_exit]. @@ -73,6 +74,11 @@ ptty() -> ptty_alloc, ptty_alloc_pixel]. +sock() -> + [connect_sock_not_passive, + daemon_sock_not_passive + ]. + %%-------------------------------------------------------------------- init_per_suite(Config) -> Config. @@ -159,17 +165,29 @@ do_simple_exec(ConnectionRef) -> end. %%-------------------------------------------------------------------- -connect_sock_not_tcp(Config) -> +connect_sock_not_tcp(_Config) -> {ok,Sock} = gen_udp:open(0, []), {error, not_tcp_socket} = ssh:connect(Sock, []), gen_udp:close(Sock). %%-------------------------------------------------------------------- -connect_sock_not_passive(Config) -> +daemon_sock_not_tcp(_Config) -> + {ok,Sock} = gen_udp:open(0, []), + {error, not_tcp_socket} = ssh:daemon(Sock), + gen_udp:close(Sock). + +%%-------------------------------------------------------------------- +connect_sock_not_passive(_Config) -> {ok,Sock} = gen_tcp:connect("localhost", ?SSH_DEFAULT_PORT, []), {error, not_passive_mode} = ssh:connect(Sock, []), gen_tcp:close(Sock). +%%-------------------------------------------------------------------- +daemon_sock_not_passive(_Config) -> + {ok,Sock} = gen_tcp:connect("localhost", ?SSH_DEFAULT_PORT, []), + {error, not_passive_mode} = ssh:daemon(Sock), + gen_tcp:close(Sock). + %%-------------------------------------------------------------------- small_cat() -> [{doc, "Use 'cat' to echo small data block back to us."}]. @@ -520,7 +538,44 @@ start_shell_sock_exec_fun(Config) when is_list(Config) -> ssh:stop_daemon(Pid). %%-------------------------------------------------------------------- +start_shell_sock_daemon_exec(Config) -> + PrivDir = proplists:get_value(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + SysDir = proplists:get_value(data_dir, Config), + {ok,Sl} = gen_tcp:listen(0, [{active,false}]), + {ok,{IP,Port}} = inet:sockname(Sl), + + spawn_link(fun() -> + {ok,Ss} = gen_tcp:connect(IP,Port, [{active,false}]), + {ok, Pid} = ssh:daemon(Ss, [{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {exec, fun ssh_exec/1}]) + end), + {ok,Sc} = gen_tcp:accept(Sl), + {ok,ConnectionRef} = ssh:connect(Sc, [{silently_accept_hosts, true}, + {user, "foo"}, + {password, "morot"}, + {user_interaction, true}, + {user_dir, UserDir}]), + + {ok, ChannelId0} = ssh_connection:session_channel(ConnectionRef, infinity), + + success = ssh_connection:exec(ConnectionRef, ChannelId0, + "testing", infinity), + + receive + {ssh_cm, ConnectionRef, {data, _ChannelId, 0, <<"testing\r\n">>}} -> + ok + after 5000 -> + ct:fail("Exec Timeout") + end, + + ssh:close(ConnectionRef). + +%%-------------------------------------------------------------------- gracefull_invalid_version(Config) when is_list(Config) -> PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth -- cgit v1.2.3 From fba5d467360c18d58ddf664c581dd7e78823a4d4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 2 Jun 2016 08:37:13 +0200 Subject: ssh: fix ssh_connection_SUITE error on Windows --- lib/ssh/test/ssh_connection_SUITE.erl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 105cd6def5..a52633a269 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -545,10 +545,10 @@ start_shell_sock_daemon_exec(Config) -> SysDir = proplists:get_value(data_dir, Config), {ok,Sl} = gen_tcp:listen(0, [{active,false}]), - {ok,{IP,Port}} = inet:sockname(Sl), + {ok,{_IP,Port}} = inet:sockname(Sl), % _IP is likely to be {0,0,0,0}. Win don't like... spawn_link(fun() -> - {ok,Ss} = gen_tcp:connect(IP,Port, [{active,false}]), + {ok,Ss} = gen_tcp:connect("localhost", Port, [{active,false}]), {ok, Pid} = ssh:daemon(Ss, [{system_dir, SysDir}, {user_dir, UserDir}, {password, "morot"}, -- cgit v1.2.3 From 3cd8fe84c7a3b1f40d824d243447e4bf82ac28b3 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 2 Jun 2016 20:13:11 +0200 Subject: ssh: temp fix hazard in test suite --- lib/ssh/test/ssh_sftp_SUITE.erl | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 4d40b4647c..19cf6d446e 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -673,6 +673,7 @@ start_channel_sock(Config) -> %% Test that the socket is closed when the Connection closes ok = ssh:close(Conn), + timer:sleep(400), %% Until the stop sequence is fixed {error,einval} = inet:getopts(Sock, [active]), ok. -- cgit v1.2.3 From ab95786ce0dc29f330de6e0c3565a30948ba799b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 25 May 2016 14:51:55 +0200 Subject: ssh: logging in test helper ssh_echo_server --- lib/ssh/test/ssh_connection_SUITE.erl | 30 ++++++++++++++++++++++-------- lib/ssh/test/ssh_echo_server.erl | 35 ++++++++++++++++++++++++++++------- 2 files changed, 50 insertions(+), 15 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index a52633a269..a6e2f0fba9 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -366,19 +366,21 @@ interrupted_send(Config) -> UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), SysDir = proplists:get_value(data_dir, Config), + EchoSS_spec = {ssh_echo_server, [4000000,[{dbg,true}]]}, {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, {password, "morot"}, - {subsystems, [{"echo_n", {ssh_echo_server, [4000000]}}]}]), - + {subsystems, [{"echo_n",EchoSS_spec}]}]), + + ct:log("connect", []), ConnectionRef = ssh_test_lib:connect(Host, Port, [{silently_accept_hosts, true}, {user, "foo"}, {password, "morot"}, {user_interaction, false}, {user_dir, UserDir}]), - + ct:log("connected", []), {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), - + ct:log("start subsystem", []), success = ssh_connection:subsystem(ConnectionRef, ChannelId, "echo_n", infinity), %% build 10MB binary @@ -388,15 +390,21 @@ interrupted_send(Config) -> <> = Data, %% pre-adjust receive window so the other end doesn't block + ct:log("adjust window", []), ssh_connection:adjust_window(ConnectionRef, ChannelId, size(ExpectedData) + 1), + ct:log("going to send ~p bytes", [size(Data)]), case ssh_connection:send(ConnectionRef, ChannelId, Data, 10000) of {error, closed} -> + ct:log("{error,closed} - That's what we expect :)", []), ok; Msg -> + ct:log("Got ~p - that's bad, very bad indeed",[Msg]), ct:fail({expected,{error,closed}, got, Msg}) end, + ct:log("going to receive data", []), receive_data(ExpectedData, ConnectionRef, ChannelId), + ct:log("back from receive data", []), ssh:close(ConnectionRef), ssh:stop_daemon(Pid). @@ -860,15 +868,21 @@ receive_data(ExpectedData, ConnectionRef, ChannelId) -> ExpectedData = collect_data(ConnectionRef, ChannelId). collect_data(ConnectionRef, ChannelId) -> - collect_data(ConnectionRef, ChannelId, []). + ct:pal("Listener ~p running!",[self()]), + collect_data(ConnectionRef, ChannelId, [], 0). -collect_data(ConnectionRef, ChannelId, Acc) -> +collect_data(ConnectionRef, ChannelId, Acc, Sum) -> receive {ssh_cm, ConnectionRef, {data, ChannelId, 0, Data}} -> - collect_data(ConnectionRef, ChannelId, [Data | Acc]); + ct:pal("collect_data: received ~p bytes. total ~p bytes",[size(Data),Sum+size(Data)]), + collect_data(ConnectionRef, ChannelId, [Data | Acc], Sum+size(Data)); {ssh_cm, ConnectionRef, {eof, ChannelId}} -> - iolist_to_binary(lists:reverse(Acc)) + ct:pal("collect_data: received eof",[]), + R = iolist_to_binary(lists:reverse(Acc)), + ct:pal("Got in total ~p bytes",[size(R)]), + R after 5000 -> + ct:pal("collect_data: timeout",[]), timeout end. diff --git a/lib/ssh/test/ssh_echo_server.erl b/lib/ssh/test/ssh_echo_server.erl index ed9bbe1b67..3702630cb4 100644 --- a/lib/ssh/test/ssh_echo_server.erl +++ b/lib/ssh/test/ssh_echo_server.erl @@ -26,15 +26,29 @@ -record(state, { n, id, - cm + cm, + dbg = false }). -export([init/1, handle_msg/2, handle_ssh_msg/2, terminate/2]). +-define(DBG(State,Fmt,Args), + case State#state.dbg of + true -> ct:log("~p:~p ~p "++Fmt, [?MODULE,?LINE,self()|Args]); + false -> ok + end). + + init([N]) -> - ct:pal("Echo server: ~p",[self()]), - {ok, #state{n = N}}. + {ok, #state{n = N}}; +init([N,Opts]) -> + State = #state{n = N, + dbg = proplists:get_value(dbg,Opts,false) + }, + ?DBG(State, "init([~p])",[N]), + {ok, State}. handle_msg({ssh_channel_up, ChannelId, ConnectionManager}, State) -> + ?DBG(State, "ssh_channel_up Cid=~p ConnMngr=~p",[ChannelId,ConnectionManager]), {ok, State#state{id = ChannelId, cm = ConnectionManager}}. @@ -42,32 +56,39 @@ handle_ssh_msg({ssh_cm, CM, {data, ChannelId, 0, Data}}, #state{n = N} = State) M = N - size(Data), case M > 0 of true -> + ?DBG(State, "ssh_cm data Cid=~p size(Data)=~p M=~p",[ChannelId,size(Data),M]), ssh_connection:send(CM, ChannelId, Data), {ok, State#state{n = M}}; false -> <> = Data, + ?DBG(State, "ssh_cm data Cid=~p size(Data)=~p M=~p size(SendData)=~p",[ChannelId,size(Data),M,size(SendData)]), ssh_connection:send(CM, ChannelId, SendData), ssh_connection:send_eof(CM, ChannelId), {stop, ChannelId, State} end; handle_ssh_msg({ssh_cm, _ConnectionManager, {data, _ChannelId, 1, Data}}, State) -> + ?DBG(State, "stderr: ~p",[Data]), error_logger:format(standard_error, " ~p~n", [binary_to_list(Data)]), {ok, State}; handle_ssh_msg({ssh_cm, _ConnectionManager, {eof, _ChannelId}}, State) -> + ?DBG(State, "{eof ~p}",[_ChannelId]), {ok, State}; -handle_ssh_msg({ssh_cm, _, {signal, _, _}}, State) -> +handle_ssh_msg({ssh_cm, _, _Sig={signal, _, _}}, State) -> %% Ignore signals according to RFC 4254 section 6.9. + ?DBG(State, "~p",[_Sig]), {ok, State}; -handle_ssh_msg({ssh_cm, _, {exit_signal, ChannelId, _, _Error, _}}, - State) -> +handle_ssh_msg({ssh_cm, _, _Sig={exit_signal, ChannelId, _, _Error, _}}, State) -> + ?DBG(State, "~p",[_Sig]), {stop, ChannelId, State}; -handle_ssh_msg({ssh_cm, _, {exit_status, ChannelId, _Status}}, State) -> +handle_ssh_msg({ssh_cm, _, _Sig={exit_status, ChannelId, _Status}}, State) -> + ?DBG(State, "~p",[_Sig]), {stop, ChannelId, State}. terminate(_Reason, _State) -> + ?DBG(_State, "terminate ~p",[_Reason]), ok. -- cgit v1.2.3 From 4feb3583a526eef5f4570a76bf69eeae0e827367 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 26 May 2016 11:51:51 +0200 Subject: ssh: ssh_connection_SUITE:interrupted_send separate result collector process --- lib/ssh/test/ssh_connection_SUITE.erl | 114 ++++++++++++++++++++++++---------- 1 file changed, 80 insertions(+), 34 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index a6e2f0fba9..f453061935 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -379,9 +379,6 @@ interrupted_send(Config) -> {user_interaction, false}, {user_dir, UserDir}]), ct:log("connected", []), - {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), - ct:log("start subsystem", []), - success = ssh_connection:subsystem(ConnectionRef, ChannelId, "echo_n", infinity), %% build 10MB binary Data = << <> || X <- lists:seq(1,2500000)>>, @@ -389,24 +386,63 @@ interrupted_send(Config) -> %% expect remote end to send us 4MB back <> = Data, - %% pre-adjust receive window so the other end doesn't block - ct:log("adjust window", []), - ssh_connection:adjust_window(ConnectionRef, ChannelId, size(ExpectedData) + 1), - - ct:log("going to send ~p bytes", [size(Data)]), - case ssh_connection:send(ConnectionRef, ChannelId, Data, 10000) of - {error, closed} -> - ct:log("{error,closed} - That's what we expect :)", []), - ok; - Msg -> - ct:log("Got ~p - that's bad, very bad indeed",[Msg]), - ct:fail({expected,{error,closed}, got, Msg}) - end, - ct:log("going to receive data", []), - receive_data(ExpectedData, ConnectionRef, ChannelId), - ct:log("back from receive data", []), - ssh:close(ConnectionRef), - ssh:stop_daemon(Pid). + %% Spawn listener. Otherwise we could get a deadlock due to filled buffers + Parent = self(), + ResultPid = spawn( + fun() -> + ct:log("open channel",[]), + {ok, ChannelId} = ssh_connection:session_channel(ConnectionRef, infinity), + ct:log("start subsystem", []), + case ssh_connection:subsystem(ConnectionRef, ChannelId, "echo_n", infinity) of + success -> + Parent ! {self(), channelId, ChannelId}, + + Result = + try collect_data(ConnectionRef, ChannelId) + of + ExpectedData -> + ok; + _ -> + {fail,"unexpected result"} + catch + Class:Exception -> + {fail, io_lib:format("Exception ~p:~p",[Class,Exception])} + end, + Parent ! {self(), Result}; + Other -> + Parent ! {self(), channelId, error, Other} + end + end), + + receive + {ResultPid, channelId, ChannelId} -> + %% pre-adjust receive window so the other end doesn't block + ct:log("adjust window", []), + ssh_connection:adjust_window(ConnectionRef, ChannelId, size(ExpectedData) + 1), + + ct:log("going to send ~p bytes", [size(Data)]), + case ssh_connection:send(ConnectionRef, ChannelId, Data, 10000) of + {error, closed} -> + ct:log("{error,closed} - That's what we expect :)", []), + ok; + Msg -> + ct:log("Got ~p - that's bad, very bad indeed",[Msg]), + ct:fail({expected,{error,closed}, got, Msg}) + end, + ct:log("going to receive result", []), + receive + {ResultPid, Result} -> + ct:log("back from receive data: ~p", [Result]), + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid), + Result + end; + + {ResultPid, channelId, error, Other} -> + ssh:close(ConnectionRef), + ssh:stop_daemon(Pid), + {fail, io_lib:format("ssh_connection:subsystem: ~p",[Other])} + end. %%-------------------------------------------------------------------- start_shell() -> @@ -864,26 +900,36 @@ big_cat_rx(ConnectionRef, ChannelId, Acc) -> timeout end. -receive_data(ExpectedData, ConnectionRef, ChannelId) -> - ExpectedData = collect_data(ConnectionRef, ChannelId). - collect_data(ConnectionRef, ChannelId) -> - ct:pal("Listener ~p running!",[self()]), + ct:log("Listener ~p running! ConnectionRef=~p, ChannelId=~p",[self(),ConnectionRef,ChannelId]), collect_data(ConnectionRef, ChannelId, [], 0). collect_data(ConnectionRef, ChannelId, Acc, Sum) -> + TO = 5000, receive - {ssh_cm, ConnectionRef, {data, ChannelId, 0, Data}} -> - ct:pal("collect_data: received ~p bytes. total ~p bytes",[size(Data),Sum+size(Data)]), + {ssh_cm, ConnectionRef, {data, ChannelId, 0, Data}} when is_binary(Data) -> + ct:log("collect_data: received ~p bytes. total ~p bytes",[size(Data),Sum+size(Data)]), collect_data(ConnectionRef, ChannelId, [Data | Acc], Sum+size(Data)); {ssh_cm, ConnectionRef, {eof, ChannelId}} -> - ct:pal("collect_data: received eof",[]), - R = iolist_to_binary(lists:reverse(Acc)), - ct:pal("Got in total ~p bytes",[size(R)]), - R - after 5000 -> - ct:pal("collect_data: timeout",[]), - timeout + try + iolist_to_binary(lists:reverse(Acc)) + of + Bin -> + ct:log("collect_data: received eof.~nGot in total ~p bytes",[size(Bin)]), + Bin + catch + C:E -> + ct:log("collect_data: received eof.~nAcc is strange...~nException=~p:~p~nAcc=~p", + [C,E,Acc]), + {error,{C,E}} + end; + Msg -> + ct:log("collect_data: ***** unexpected message *****~n~p",[Msg]), + collect_data(ConnectionRef, ChannelId, Acc, Sum) + + after TO -> + ct:log("collect_data: ----- Nothing received for ~p seconds -----~n",[]), + collect_data(ConnectionRef, ChannelId, Acc, Sum) end. %%%------------------------------------------------------------------- -- cgit v1.2.3 From 8b2366402a6115686cd68fe617f8933a4febf5b5 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 27 May 2016 10:40:10 +0200 Subject: ssh: TC ssh_connection_SUITE:small_iterrupted_send --- lib/ssh/test/ssh_connection_SUITE.erl | 25 +++++++++++++++++-------- lib/ssh/test/ssh_echo_server.erl | 2 +- 2 files changed, 18 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index f453061935..3d38bc1a66 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -43,6 +43,7 @@ suite() -> all() -> [ {group, openssh}, + small_interrupted_send, interrupted_send, start_shell, start_shell_exec, @@ -361,12 +362,20 @@ ptty_alloc_pixel(Config) when is_list(Config) -> ssh:close(ConnectionRef). %%-------------------------------------------------------------------- +small_interrupted_send(Config) -> + K = 1024, + M = K*K, + do_interrupted_send(Config, 10*M, 4*K). interrupted_send(Config) -> + M = 1024*1024, + do_interrupted_send(Config, 10*M, 4*M). + +do_interrupted_send(Config, SendSize, EchoSize) -> PrivDir = proplists:get_value(priv_dir, Config), UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth file:make_dir(UserDir), SysDir = proplists:get_value(data_dir, Config), - EchoSS_spec = {ssh_echo_server, [4000000,[{dbg,true}]]}, + EchoSS_spec = {ssh_echo_server, [EchoSize,[{dbg,true}]]}, {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, {user_dir, UserDir}, {password, "morot"}, @@ -380,11 +389,11 @@ interrupted_send(Config) -> {user_dir, UserDir}]), ct:log("connected", []), - %% build 10MB binary - Data = << <> || X <- lists:seq(1,2500000)>>, + %% build big binary + Data = << <> || X <- lists:seq(1,SendSize div 4)>>, - %% expect remote end to send us 4MB back - <> = Data, + %% expect remote end to send us EchoSize back + <> = Data, %% Spawn listener. Otherwise we could get a deadlock due to filled buffers Parent = self(), @@ -421,7 +430,7 @@ interrupted_send(Config) -> ssh_connection:adjust_window(ConnectionRef, ChannelId, size(ExpectedData) + 1), ct:log("going to send ~p bytes", [size(Data)]), - case ssh_connection:send(ConnectionRef, ChannelId, Data, 10000) of + case ssh_connection:send(ConnectionRef, ChannelId, Data, 30000) of {error, closed} -> ct:log("{error,closed} - That's what we expect :)", []), ok; @@ -429,10 +438,10 @@ interrupted_send(Config) -> ct:log("Got ~p - that's bad, very bad indeed",[Msg]), ct:fail({expected,{error,closed}, got, Msg}) end, - ct:log("going to receive result", []), + ct:log("going to check the result (if it is available)", []), receive {ResultPid, Result} -> - ct:log("back from receive data: ~p", [Result]), + ct:log("Got result: ~p", [Result]), ssh:close(ConnectionRef), ssh:stop_daemon(Pid), Result diff --git a/lib/ssh/test/ssh_echo_server.erl b/lib/ssh/test/ssh_echo_server.erl index 3702630cb4..5387d21efd 100644 --- a/lib/ssh/test/ssh_echo_server.erl +++ b/lib/ssh/test/ssh_echo_server.erl @@ -61,7 +61,7 @@ handle_ssh_msg({ssh_cm, CM, {data, ChannelId, 0, Data}}, #state{n = N} = State) {ok, State#state{n = M}}; false -> <> = Data, - ?DBG(State, "ssh_cm data Cid=~p size(Data)=~p M=~p size(SendData)=~p",[ChannelId,size(Data),M,size(SendData)]), + ?DBG(State, "ssh_cm data Cid=~p size(Data)=~p M=~p size(SendData)=~p~nSend eof",[ChannelId,size(Data),M,size(SendData)]), ssh_connection:send(CM, ChannelId, SendData), ssh_connection:send_eof(CM, ChannelId), {stop, ChannelId, State} -- cgit v1.2.3 From 92457b67f824e569bba84eb62a5eec69140d81e4 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 27 May 2016 14:56:02 +0200 Subject: ssh: log cryptolib version in ssh_algorithms_SUITE --- lib/ssh/test/ssh_algorithms_SUITE.erl | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index ed9e7aacaa..3e89791b60 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -76,6 +76,7 @@ init_per_suite(Config) -> "init:get_argument(home) = ~p~n~n~n" "OS ssh:~n=======~n~p~n~n~n" "Erl ssh:~n========~n~p~n~n~n" + "crypto:info_lib():~n========~n~p~n~n~n" "Installed ssh client:~n=====================~n~p~n~n~n" "Installed ssh server:~n=====================~n~p~n~n~n" "Misc values:~n============~n" @@ -86,6 +87,7 @@ init_per_suite(Config) -> init:get_argument(home), os:cmd("ssh -V"), ssh:default_algorithms(), + crypto:info_lib(), ssh_test_lib:default_algorithms(sshc), ssh_test_lib:default_algorithms(sshd), {?DEFAULT_DH_GROUP_MIN,?DEFAULT_DH_GROUP_NBITS,?DEFAULT_DH_GROUP_MAX}, -- cgit v1.2.3 From 8619d3d6cf22ad267a5d902be0ddc768280c92fc Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 7 Jun 2016 15:39:44 +0200 Subject: ssh: skip test suites if no crypto lib is installed --- lib/ssh/test/ssh_algorithms_SUITE.erl | 62 ++++++++++++++++-------------- lib/ssh/test/ssh_basic_SUITE.erl | 3 +- lib/ssh/test/ssh_connection_SUITE.erl | 2 +- lib/ssh/test/ssh_options_SUITE.erl | 4 +- lib/ssh/test/ssh_protocol_SUITE.erl | 3 +- lib/ssh/test/ssh_renegotiate_SUITE.erl | 3 +- lib/ssh/test/ssh_sftp_SUITE.erl | 13 ++++--- lib/ssh/test/ssh_sftpd_SUITE.erl | 20 ++++++---- lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl | 26 +++++++------ lib/ssh/test/ssh_sup_SUITE.erl | 13 ++++--- lib/ssh/test/ssh_test_lib.hrl | 10 +++++ lib/ssh/test/ssh_to_openssh_SUITE.erl | 15 +++++--- lib/ssh/test/ssh_upgrade_SUITE.erl | 17 ++++---- 13 files changed, 115 insertions(+), 76 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_algorithms_SUITE.erl b/lib/ssh/test/ssh_algorithms_SUITE.erl index 3e89791b60..0f68130a05 100644 --- a/lib/ssh/test/ssh_algorithms_SUITE.erl +++ b/lib/ssh/test/ssh_algorithms_SUITE.erl @@ -24,6 +24,7 @@ -include_lib("common_test/include/ct.hrl"). -include_lib("ssh/src/ssh_transport.hrl"). +-include("ssh_test_lib.hrl"). %% Note: This directive should only be used in test suites. -compile(export_all). @@ -70,34 +71,39 @@ two_way_tags() -> [cipher,mac,compression]. %%-------------------------------------------------------------------- init_per_suite(Config) -> - ct:log("~n" - "Environment:~n============~n" - "os:getenv(\"HOME\") = ~p~n" - "init:get_argument(home) = ~p~n~n~n" - "OS ssh:~n=======~n~p~n~n~n" - "Erl ssh:~n========~n~p~n~n~n" - "crypto:info_lib():~n========~n~p~n~n~n" - "Installed ssh client:~n=====================~n~p~n~n~n" - "Installed ssh server:~n=====================~n~p~n~n~n" - "Misc values:~n============~n" - " -- Default dh group exchange parameters ({min,def,max}): ~p~n" - " -- dh_default_groups: ~p~n" - " -- Max num algorithms: ~p~n" - ,[os:getenv("HOME"), - init:get_argument(home), - os:cmd("ssh -V"), - ssh:default_algorithms(), - crypto:info_lib(), - ssh_test_lib:default_algorithms(sshc), - ssh_test_lib:default_algorithms(sshd), - {?DEFAULT_DH_GROUP_MIN,?DEFAULT_DH_GROUP_NBITS,?DEFAULT_DH_GROUP_MAX}, - public_key:dh_gex_group_sizes(), - ?MAX_NUM_ALGORITHMS - ]), - ct:log("all() ->~n ~p.~n~ngroups()->~n ~p.~n",[all(),groups()]), - ssh:start(), - [{std_simple_sftp_size,25000} % Sftp transferred data size - | setup_pubkey(Config)]. + ?CHECK_CRYPTO( + begin + ct:log("~n" + "Environment:~n============~n" + "os:getenv(\"HOME\") = ~p~n" + "init:get_argument(home) = ~p~n~n~n" + "OS ssh:~n=======~n~p~n~n~n" + "Erl ssh:~n========~n~p~n~n~n" + "crypto:info_lib():~n========~n~p~n~n~n" + "Installed ssh client:~n=====================~n~p~n~n~n" + "Installed ssh server:~n=====================~n~p~n~n~n" + "Misc values:~n============~n" + " -- Default dh group exchange parameters ({min,def,max}): ~p~n" + " -- dh_default_groups: ~p~n" + " -- Max num algorithms: ~p~n" + ,[os:getenv("HOME"), + init:get_argument(home), + os:cmd("ssh -V"), + ssh:default_algorithms(), + crypto:info_lib(), + ssh_test_lib:default_algorithms(sshc), + ssh_test_lib:default_algorithms(sshd), + {?DEFAULT_DH_GROUP_MIN,?DEFAULT_DH_GROUP_NBITS,?DEFAULT_DH_GROUP_MAX}, + public_key:dh_gex_group_sizes(), + ?MAX_NUM_ALGORITHMS + ]), + ct:log("all() ->~n ~p.~n~ngroups()->~n ~p.~n",[all(),groups()]), + ssh:start(), + [{std_simple_sftp_size,25000} % Sftp transferred data size + | setup_pubkey(Config)] + end + ). + end_per_suite(_Config) -> ssh:stop(). diff --git a/lib/ssh/test/ssh_basic_SUITE.erl b/lib/ssh/test/ssh_basic_SUITE.erl index 4991816850..733414e23a 100644 --- a/lib/ssh/test/ssh_basic_SUITE.erl +++ b/lib/ssh/test/ssh_basic_SUITE.erl @@ -25,6 +25,7 @@ -include_lib("common_test/include/ct.hrl"). -include_lib("kernel/include/inet.hrl"). -include_lib("kernel/include/file.hrl"). +-include("ssh_test_lib.hrl"). %% Note: This directive should only be used in test suites. %%-compile(export_all). @@ -130,7 +131,7 @@ basic_tests() -> %%-------------------------------------------------------------------- init_per_suite(Config) -> - Config. + ?CHECK_CRYPTO(Config). end_per_suite(_Config) -> ssh:stop(). diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index 3d38bc1a66..e0640caf08 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -82,7 +82,7 @@ sock() -> %%-------------------------------------------------------------------- init_per_suite(Config) -> - Config. + ?CHECK_CRYPTO(Config). end_per_suite(Config) -> Config. diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl index d1e3d6cb0e..61883c0647 100644 --- a/lib/ssh/test/ssh_options_SUITE.erl +++ b/lib/ssh/test/ssh_options_SUITE.erl @@ -27,7 +27,7 @@ -include_lib("common_test/include/ct.hrl"). -include_lib("kernel/include/file.hrl"). - +-include("ssh_test_lib.hrl"). %%% Test cases -export([connectfun_disconnectfun_client/1, @@ -126,7 +126,7 @@ groups() -> %%-------------------------------------------------------------------- init_per_suite(Config) -> - Config. + ?CHECK_CRYPTO(Config). end_per_suite(_Config) -> ssh:stop(). diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl index 41faf951e1..4fac1f718a 100644 --- a/lib/ssh/test/ssh_protocol_SUITE.erl +++ b/lib/ssh/test/ssh_protocol_SUITE.erl @@ -26,6 +26,7 @@ -include_lib("ssh/src/ssh.hrl"). % ?UINT32, ?BYTE, #ssh{} ... -include_lib("ssh/src/ssh_transport.hrl"). -include_lib("ssh/src/ssh_auth.hrl"). +-include("ssh_test_lib.hrl"). %% Note: This directive should only be used in test suites. -compile(export_all). @@ -87,7 +88,7 @@ groups() -> init_per_suite(Config) -> - start_std_daemon( setup_dirs( start_apps(Config))). + ?CHECK_CRYPTO(start_std_daemon( setup_dirs( start_apps(Config)))). end_per_suite(Config) -> stop_apps(Config). diff --git a/lib/ssh/test/ssh_renegotiate_SUITE.erl b/lib/ssh/test/ssh_renegotiate_SUITE.erl index 300816276a..b10ec3707f 100644 --- a/lib/ssh/test/ssh_renegotiate_SUITE.erl +++ b/lib/ssh/test/ssh_renegotiate_SUITE.erl @@ -21,6 +21,7 @@ -module(ssh_renegotiate_SUITE). -include_lib("common_test/include/ct.hrl"). +-include("ssh_test_lib.hrl"). %% Note: This directive should only be used in test suites. -compile(export_all). @@ -45,7 +46,7 @@ tests() -> [rekey, rekey_limit, renegotiate1, renegotiate2]. %%-------------------------------------------------------------------- init_per_suite(Config) -> - Config. + ?CHECK_CRYPTO(Config). end_per_suite(_Config) -> ssh:stop(). diff --git a/lib/ssh/test/ssh_sftp_SUITE.erl b/lib/ssh/test/ssh_sftp_SUITE.erl index 19cf6d446e..19ad81e7da 100644 --- a/lib/ssh/test/ssh_sftp_SUITE.erl +++ b/lib/ssh/test/ssh_sftp_SUITE.erl @@ -26,7 +26,7 @@ -include_lib("common_test/include/ct.hrl"). -include_lib("kernel/include/file.hrl"). - +-include("ssh_test_lib.hrl"). % Default timetrap timeout -define(default_timeout, ?t:minutes(1)). @@ -45,10 +45,13 @@ all() -> init_per_suite(Config) -> - ct:log("file:native_name_encoding() = ~p,~nio:getopts() = ~p", - [file:native_name_encoding(),io:getopts()]), - ssh:start(), - Config. + ?CHECK_CRYPTO( + begin + ct:log("file:native_name_encoding() = ~p,~nio:getopts() = ~p", + [file:native_name_encoding(),io:getopts()]), + ssh:start(), + Config + end). end_per_suite(_onfig) -> ssh:stop(). diff --git a/lib/ssh/test/ssh_sftpd_SUITE.erl b/lib/ssh/test/ssh_sftpd_SUITE.erl index 4a69fd36b3..52a26110c4 100644 --- a/lib/ssh/test/ssh_sftpd_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_SUITE.erl @@ -28,6 +28,7 @@ -include_lib("kernel/include/file.hrl"). -include("ssh_xfer.hrl"). -include("ssh.hrl"). +-include("ssh_test_lib.hrl"). -define(USER, "Alladin"). -define(PASSWD, "Sesame"). @@ -72,14 +73,17 @@ groups() -> %%-------------------------------------------------------------------- init_per_suite(Config) -> - DataDir = proplists:get_value(data_dir, Config), - PrivDir = proplists:get_value(priv_dir, Config), - ssh_test_lib:setup_dsa(DataDir, PrivDir), - %% to make sure we don't use public-key-auth - %% this should be tested by other test suites - UserDir = filename:join(proplists:get_value(priv_dir, Config), nopubkey), - file:make_dir(UserDir), - Config. + ?CHECK_CRYPTO( + begin + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), + ssh_test_lib:setup_dsa(DataDir, PrivDir), + %% to make sure we don't use public-key-auth + %% this should be tested by other test suites + UserDir = filename:join(proplists:get_value(priv_dir, Config), nopubkey), + file:make_dir(UserDir), + Config + end). end_per_suite(Config) -> SysDir = proplists:get_value(priv_dir, Config), diff --git a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl index 75b5090c2b..56a33d6349 100644 --- a/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl +++ b/lib/ssh/test/ssh_sftpd_erlclient_SUITE.erl @@ -26,6 +26,7 @@ -include_lib("common_test/include/ct.hrl"). -include_lib("kernel/include/file.hrl"). +-include("ssh_test_lib.hrl"). -define(USER, "Alladin"). -define(PASSWD, "Sesame"). @@ -53,17 +54,20 @@ groups() -> %%-------------------------------------------------------------------- init_per_suite(Config) -> - catch ssh:stop(), - DataDir = proplists:get_value(data_dir, Config), - PrivDir = proplists:get_value(priv_dir, Config), - FileAlt = filename:join(DataDir, "ssh_sftpd_file_alt.erl"), - c:c(FileAlt), - FileName = filename:join(DataDir, "test.txt"), - {ok, FileInfo} = file:read_file_info(FileName), - ok = file:write_file_info(FileName, - FileInfo#file_info{mode = 8#400}), - ssh_test_lib:setup_dsa(DataDir, PrivDir), - Config. + ?CHECK_CRYPTO( + begin + catch ssh:stop(), + DataDir = proplists:get_value(data_dir, Config), + PrivDir = proplists:get_value(priv_dir, Config), + FileAlt = filename:join(DataDir, "ssh_sftpd_file_alt.erl"), + c:c(FileAlt), + FileName = filename:join(DataDir, "test.txt"), + {ok, FileInfo} = file:read_file_info(FileName), + ok = file:write_file_info(FileName, + FileInfo#file_info{mode = 8#400}), + ssh_test_lib:setup_dsa(DataDir, PrivDir), + Config + end). end_per_suite(Config) -> UserDir = filename:join(proplists:get_value(priv_dir, Config), nopubkey), diff --git a/lib/ssh/test/ssh_sup_SUITE.erl b/lib/ssh/test/ssh_sup_SUITE.erl index 574564f6e9..ff53e1c4c6 100644 --- a/lib/ssh/test/ssh_sup_SUITE.erl +++ b/lib/ssh/test/ssh_sup_SUITE.erl @@ -53,11 +53,14 @@ end_per_group(_GroupName, Config) -> Config. init_per_suite(Config) -> - Port = ssh_test_lib:inet_port(node()), - PrivDir = proplists:get_value(priv_dir, Config), - UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth - file:make_dir(UserDir), - [{userdir, UserDir},{port, Port}, {host, "localhost"}, {host_ip, any} | Config]. + ?CHECK_CRYPTO( + begin + Port = ssh_test_lib:inet_port(node()), + PrivDir = proplists:get_value(priv_dir, Config), + UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth + file:make_dir(UserDir), + [{userdir, UserDir},{port, Port}, {host, "localhost"}, {host_ip, any} | Config] + end). end_per_suite(_) -> ok. diff --git a/lib/ssh/test/ssh_test_lib.hrl b/lib/ssh/test/ssh_test_lib.hrl index 7cb7edeaa8..54c93b7e87 100644 --- a/lib/ssh/test/ssh_test_lib.hrl +++ b/lib/ssh/test/ssh_test_lib.hrl @@ -1,3 +1,13 @@ +%%------------------------------------------------------------------------- +%% Check for usable crypt +%%------------------------------------------------------------------------- +-define(CHECK_CRYPTO(Available), + try crypto:start() + of _ -> Available + catch _:_ -> {skip, "Can't start crypto"} + end + ). + %%------------------------------------------------------------------------- %% Help macro %%------------------------------------------------------------------------- diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl index f96a2cc62b..a914938c41 100644 --- a/lib/ssh/test/ssh_to_openssh_SUITE.erl +++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl @@ -22,6 +22,7 @@ -module(ssh_to_openssh_SUITE). -include_lib("common_test/include/ct.hrl"). +-include("ssh_test_lib.hrl"). %% Note: This directive should only be used in test suites. -compile(export_all). @@ -62,12 +63,14 @@ groups() -> ]. init_per_suite(Config) -> - case gen_tcp:connect("localhost", 22, []) of - {error,econnrefused} -> - {skip,"No openssh deamon"}; - _ -> - ssh_test_lib:openssh_sanity_check(Config) - end. + ?CHECK_CRYPTO( + case gen_tcp:connect("localhost", 22, []) of + {error,econnrefused} -> + {skip,"No openssh deamon"}; + _ -> + ssh_test_lib:openssh_sanity_check(Config) + end + ). end_per_suite(_Config) -> ok. diff --git a/lib/ssh/test/ssh_upgrade_SUITE.erl b/lib/ssh/test/ssh_upgrade_SUITE.erl index 9d9b2b78fb..b5b27c369a 100644 --- a/lib/ssh/test/ssh_upgrade_SUITE.erl +++ b/lib/ssh/test/ssh_upgrade_SUITE.erl @@ -23,6 +23,7 @@ -compile(export_all). -include_lib("common_test/include/ct.hrl"). +-include("ssh_test_lib.hrl"). -record(state, { config, @@ -48,13 +49,15 @@ all() -> ]. init_per_suite(Config0) -> - case ct_release_test:init(Config0) of - {skip, Reason} -> - {skip, Reason}; - Config -> - ssh:start(), - Config - end. + ?CHECK_CRYPTO( + case ct_release_test:init(Config0) of + {skip, Reason} -> + {skip, Reason}; + Config -> + ssh:start(), + Config + end + ). end_per_suite(Config) -> ct_release_test:cleanup(Config), -- cgit v1.2.3 From 2f1ee6efa802f7f1089add9f87fd8b2804d5f124 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Thu, 9 Jun 2016 09:50:20 +0200 Subject: ssh: anonymize two unused variables in test suite --- lib/ssh/test/ssh_connection_SUITE.erl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/test/ssh_connection_SUITE.erl b/lib/ssh/test/ssh_connection_SUITE.erl index e0640caf08..bcf3b01824 100644 --- a/lib/ssh/test/ssh_connection_SUITE.erl +++ b/lib/ssh/test/ssh_connection_SUITE.erl @@ -125,7 +125,7 @@ simple_exec(Config) when is_list(Config) -> do_simple_exec(ConnectionRef). -simple_exec_sock(Config) -> +simple_exec_sock(_Config) -> {ok, Sock} = gen_tcp:connect("localhost", ?SSH_DEFAULT_PORT, [{active,false}]), {ok, ConnectionRef} = ssh:connect(Sock, [{silently_accept_hosts, true}, {user_interaction, false}]), @@ -602,10 +602,10 @@ start_shell_sock_daemon_exec(Config) -> spawn_link(fun() -> {ok,Ss} = gen_tcp:connect("localhost", Port, [{active,false}]), - {ok, Pid} = ssh:daemon(Ss, [{system_dir, SysDir}, - {user_dir, UserDir}, - {password, "morot"}, - {exec, fun ssh_exec/1}]) + {ok, _Pid} = ssh:daemon(Ss, [{system_dir, SysDir}, + {user_dir, UserDir}, + {password, "morot"}, + {exec, fun ssh_exec/1}]) end), {ok,Sc} = gen_tcp:accept(Sl), {ok,ConnectionRef} = ssh:connect(Sc, [{silently_accept_hosts, true}, -- cgit v1.2.3 From b686b7f7beb46dfdcd83e23cccca74839e373f1e Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 10 Jun 2016 12:33:22 +0200 Subject: ssh: Additions to experimental ssh_dbg module - reorg - ssh_dbg:stop/0 - formating of send and receive debugging --- lib/ssh/src/ssh_dbg.erl | 44 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 9 deletions(-) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh_dbg.erl b/lib/ssh/src/ssh_dbg.erl index fbf85cfcfc..480795cfc7 100644 --- a/lib/ssh/src/ssh_dbg.erl +++ b/lib/ssh/src/ssh_dbg.erl @@ -23,7 +23,8 @@ -module(ssh_dbg). -export([messages/0, - messages/1 + messages/1, + stop/0 ]). -include("ssh.hrl"). @@ -40,33 +41,58 @@ messages() -> messages(fun(String,_D) -> io:format(String) end). messages(Write) when is_function(Write,2) -> catch dbg:start(), - - Handler = fun msg_formater/2, - InitialData = #data{writer = Write}, - {ok,_} = dbg:tracer(process, {Handler, InitialData}), - + setup_tracer(Write), dbg:p(new,c), + dbg_ssh_messages(). + +dbg_ssh_messages() -> dbg:tp(ssh_message,encode,1, x), dbg:tp(ssh_message,decode,1, x), dbg:tpl(ssh_transport,select_algorithm,3, x). +%%%---------------------------------------------------------------- +stop() -> + dbg:stop(). + %%%================================================================ msg_formater({trace,Pid,call,{ssh_message,encode,[Msg]}}, D) -> fmt("~nSEND ~p ~s~n", [Pid,wr_record(shrink_bin(Msg))], D); - +msg_formater({trace,_Pid,return_from,{ssh_message,encode,1},_Res}, D) -> + D; + +msg_formater({trace,_Pid,call,{ssh_message,decode,_}}, D) -> + D; msg_formater({trace,Pid,return_from,{ssh_message,decode,1},Msg}, D) -> fmt("~nRECV ~p ~s~n", [Pid,wr_record(shrink_bin(Msg))], D); +msg_formater({trace,_Pid,call,{ssh_transport,select_algorithm,_}}, D) -> + D; msg_formater({trace,Pid,return_from,{ssh_transport,select_algorithm,3},{ok,Alg}}, D) -> fmt("~nALGORITHMS ~p~n~s~n", [Pid, wr_record(Alg)], D); -msg_formater(_, D) -> - D. +msg_formater({trace,Pid,send,ErlangMsg,Dest}, D) -> + fmt("~nERL MSG ~p SEND TO ~p~n ~p~n", [Pid,Dest, shrink_bin(ErlangMsg)], D); + +msg_formater({trace,Pid,'receive',ErlangMsg}, D) -> + fmt("~nERL MSG ~p RECIEVE~n ~p~n", [Pid,shrink_bin(ErlangMsg)], D); + +msg_formater(M, D) -> + fmt("~nDBG ~n~p~n", [shrink_bin(M)], D). + +%% msg_formater(_, D) -> +%% D. fmt(Fmt, Args, D=#data{writer=Write,acc=Acc}) -> D#data{acc = Write(io_lib:format(Fmt, Args), Acc)}. +%%%---------------------------------------------------------------- +setup_tracer(Write) -> + Handler = fun msg_formater/2, + InitialData = #data{writer = Write}, + {ok,_} = dbg:tracer(process, {Handler, InitialData}), + ok. + %%%---------------------------------------------------------------- shrink_bin(B) when is_binary(B), size(B)>100 -> {'*** SHRINKED BIN',size(B),element(1,split_binary(B,20)),'***'}; shrink_bin(L) when is_list(L) -> lists:map(fun shrink_bin/1, L); -- cgit v1.2.3 From 4e0bb309fae6449269068fa810e225ed0b828425 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Mon, 13 Jun 2016 15:48:02 +0200 Subject: ssh: add experimental test flag --- lib/ssh/src/ssh.erl | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/src/ssh.erl b/lib/ssh/src/ssh.erl index 65f1acc6a6..0570853a9b 100644 --- a/lib/ssh/src/ssh.erl +++ b/lib/ssh/src/ssh.erl @@ -601,10 +601,13 @@ handle_option([{profile, _ID} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([{max_random_length_padding, _Bool} = Opt|Rest], SocketOptions, SshOptions) -> handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); +handle_option([{tstflg, _} = Opt|Rest], SocketOptions, SshOptions) -> + handle_option(Rest, SocketOptions, [handle_ssh_option(Opt) | SshOptions]); handle_option([Opt | Rest], SocketOptions, SshOptions) -> handle_option(Rest, [handle_inet_option(Opt) | SocketOptions], SshOptions). +handle_ssh_option({tstflg,_F} = Opt) -> Opt; handle_ssh_option({minimal_remote_max_packet_size, Value} = Opt) when is_integer(Value), Value >=0 -> Opt; handle_ssh_option({system_dir, Value} = Opt) when is_list(Value) -> -- cgit v1.2.3 From 6e51c6d19612d03abc81b86bb70b8d7da678ce5d Mon Sep 17 00:00:00 2001 From: Erlang/OTP Date: Tue, 21 Jun 2016 15:12:41 +0200 Subject: Prepare release --- lib/ssh/doc/src/notes.xml | 78 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) (limited to 'lib/ssh') diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 96bc50c689..fd15c334a3 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -30,6 +30,84 @@ notes.xml +

Ssh 4.3 + +
Improvements and New Features + + +

+ A socket created and connected by gen_tcp could now be + used as input to ssh:connect, ssh:shell, + ssh_sftp:start_channel and ssh:daemon.

+

+ Own Id: OTP-12860

+ + +

+ Some time optimization mainly in message encoding.

+

+ Own Id: OTP-13131

+ + +

+ Optimized the sftp client time by setting new packet and + window sizes.

+

+ Own Id: OTP-13175

+ + +

+ The ssh_connection_handler module in SSH is + changed and now uses the new behaviour gen_statem.

+

+ The module can be used as an example of a + gen_statem callback module but with a warning: + This commit of ssh is just a straightforward port from + gen_fsm to gen_statem with some code cleaning. Since the + state machine and the state callbacks are almost + unchanged the ssh module does not demonstrate the full + potential of the new behaviour.

+

+ The "new" state machine uses compound states. The ssh + server and client state machines are quite similar but + differences exist. With gen_fsm there were flags + in the user data which in fact implemented "substates". + Now with gen_statem those are made explicit in the + state names, eg. the state userauth and the binary + role-flag becomes the two state names + {userauth, server} and {userauth, client}.

+

+ Own Id: OTP-13267

+ + +

+ The {error, Reason} tuples returned from + ssh_sftp api functions are described.

+

+ Own Id: OTP-13347 Aux Id: ERL-86

+ + +

+ Added -spec in ssh

+

+ Own Id: OTP-13479

+ + +

+ It is now possible to call ssh:daemon/{1,2,3} with + Port=0. This makes the daemon select a free + listening tcp port before opening it. To find this port + number after the call, use the new function + ssh:daemon_info/1. See the reference manual for + details.

+

+ Own Id: OTP-13527

+ + +
+ +
+
Ssh 4.2.2
Fixed Bugs and Malfunctions -- cgit v1.2.3