You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
624 lines
18 KiB
624 lines
18 KiB
/***************************************************************************
|
|
ksshprocess.h - description
|
|
-------------------
|
|
begin : Tue Jul 31 2001
|
|
copyright : (C) 2001 by Lucas Fisher
|
|
email : ljfisher@purdue.edu
|
|
***************************************************************************/
|
|
|
|
/***************************************************************************
|
|
* *
|
|
* This program is free software; you can redistribute it and/or modify *
|
|
* it under the terms of the GNU General Public License as published by *
|
|
* the Free Software Foundation; either version 2 of the License, or *
|
|
* (at your option) any later version. *
|
|
* *
|
|
***************************************************************************/
|
|
|
|
#ifndef KSSHPROCESS_H
|
|
#define KSSHPROCESS_H
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/wait.h>
|
|
#include <signal.h>
|
|
#include <unistd.h>
|
|
|
|
#include <tqvaluelist.h>
|
|
|
|
#include <kdebug.h>
|
|
|
|
#include "process.h"
|
|
|
|
#define KSSHPROC 7120
|
|
|
|
/**
|
|
* Provides version independent access to ssh. Currently supported
|
|
* versions of SSH are:
|
|
* OpenSSH 2.9p1
|
|
* OpenSSH 2.9p2
|
|
* OpenSSH 3.0
|
|
* OpenSSH 3.1
|
|
* Commercial SSH 3.0.0
|
|
* Other versions of OpenSSH and commerical SSH will probably work also.
|
|
*
|
|
* To setup a SSH connection first create a list of options to use and tell
|
|
* KSshProcess about your options. Then start the ssh connection. Once the
|
|
* connection is setup use the stdin, stdout, stderr, and pty file descriptors
|
|
* to communicate with ssh. For a detailed example of how to use, see
|
|
* ksshprocesstest.cpp.
|
|
*
|
|
* @author Lucas Fisher
|
|
*
|
|
* Example: Connect to ssh server on localhost
|
|
* KSshProcess::SshOpt opt;
|
|
* KSshProcess::SshOptList options;
|
|
*
|
|
* opt.opt = KSshProcess::SSH_HOST;
|
|
* opt.str = "localhost";
|
|
* options.append(opt);
|
|
*
|
|
* opt.opt = KSshProcess::SSH_USERNAME;
|
|
* opt.str = "me";
|
|
* options.append(opt);
|
|
*
|
|
* KSshProcess ssh;
|
|
* if( !ssh.setOptions(options) ) {
|
|
* int err = ssh.error();
|
|
* // process error
|
|
* return false;
|
|
* }
|
|
*
|
|
* int err;
|
|
* TQString errMsg;
|
|
* while( !ssh.connect() ) {
|
|
* err = ssh.error(errMsg);
|
|
*
|
|
* switch( err ) {
|
|
* case KSshProcess::ERR_NEW_HOST_KEY:
|
|
* case KSshProcess::ERR_DIFF_HOST_KEY:
|
|
* // ask user to accept key
|
|
* if( acceptHostKey ) {
|
|
* ssh.acceptKey(true);
|
|
* }
|
|
* break;
|
|
*
|
|
* case KSshProcess::ERR_NEED_PASSWORD:
|
|
* // ask user for password
|
|
* ssh.password(userPassword);
|
|
* break;
|
|
*
|
|
* case KSshProcess::ERR_NEED_KEY_PASSPHRASE:
|
|
* // ask user for their key passphrase
|
|
* ssh.keyPassphrase(keyPassphrase);
|
|
* break;
|
|
*
|
|
* default:
|
|
* // somethings wrong, alert user
|
|
* return;
|
|
* }
|
|
* }
|
|
* // We have an open ssh connection to localhost
|
|
*
|
|
*/
|
|
|
|
class KSshProcess {
|
|
public:
|
|
/**
|
|
* SSH Option
|
|
*
|
|
* Stores SSH options for use with KSshProcess.
|
|
*
|
|
* SSH options are configured much like UDS entries.
|
|
* Each option is assigned a constant and a string, bool,
|
|
* or number is assigned based on the option.
|
|
*
|
|
* @author Lucas Fisher (ljfisher@iastate.edu)
|
|
*/
|
|
class SshOpt {
|
|
public:
|
|
TQ_UINT32 opt;
|
|
TQString str;
|
|
TQ_INT32 num;
|
|
bool boolean;
|
|
};
|
|
|
|
/**
|
|
* List of SshOptions and associated iterators
|
|
*/
|
|
typedef TQValueList<SshOpt> SshOptList;
|
|
typedef TQValueListIterator<SshOpt> SshOptListIterator;
|
|
typedef TQValueListConstIterator<SshOpt> SshOptListConstIterator;
|
|
|
|
/**
|
|
* Ssh versions supported by KSshProcess. Subject to change
|
|
* at any time.
|
|
*/
|
|
enum SshVersion {
|
|
OPENSSH_3_6,
|
|
OPENSSH,
|
|
SSH,
|
|
SSH_VER_MAX,
|
|
UNKNOWN_VER
|
|
};
|
|
|
|
/**
|
|
* SSH options supported by KSshProcess. Set SshOpt::opt to one of these
|
|
* values.
|
|
*/
|
|
// we cannot do this like UDSAtomType (ORing the type with the name) because
|
|
// we have too many options for ssh and not enough bits.
|
|
enum SshOptType {
|
|
/**
|
|
* Request server to invoke subsystem. (str)
|
|
*/
|
|
SSH_SUBSYSTEM,
|
|
/**
|
|
* Connect to port on the server. (num)
|
|
*/
|
|
SSH_PORT,
|
|
/**
|
|
* Connect to host. (str)
|
|
*/
|
|
SSH_HOST,
|
|
/**
|
|
* connect using this username. (str)
|
|
*/
|
|
SSH_USERNAME,
|
|
/**
|
|
* connect using this password. (str)
|
|
*/
|
|
SSH_PASSWD,
|
|
/**
|
|
* connect using this version of the SSH protocol. num == 1 or 2
|
|
*/
|
|
SSH_PROTOCOL,
|
|
/**
|
|
* whether to forward X11 connections. (boolean)
|
|
*/
|
|
SSH_FORWARDX11,
|
|
/**
|
|
* whether to do agent forwarding. (boolean)
|
|
*/
|
|
SSH_FORWARDAGENT,
|
|
/**
|
|
* use as escape character. 0 for none (num)
|
|
*/
|
|
SSH_ESCAPE_CHAR,
|
|
/**
|
|
* command for ssh to perform once it is connected (str)
|
|
*/
|
|
SSH_COMMAND,
|
|
/**
|
|
* Set ssh verbosity. This may be added multiple times. It may also cause KSSHProcess
|
|
* to fail since we don't understand all the debug messages.
|
|
*/
|
|
SSH_VERBOSE,
|
|
/**
|
|
* Set a ssh option as one would find in the ssh_config file
|
|
* The str member should be set to 'optName value'
|
|
*/
|
|
SSH_OPTION,
|
|
/**
|
|
* Set some other option not supported by KSSHProcess. The option should
|
|
* be specified in the str member of SshOpt. Careful with this since
|
|
* not all versions of SSH support the same options.
|
|
*/
|
|
SSH_OTHER,
|
|
SSH_OPT_MAX // always last
|
|
}; // that's all for now
|
|
|
|
/**
|
|
* Errors that KSshProcess can encounter. When a member function returns
|
|
* false, call error() to retrieve one of these error codes.
|
|
*/
|
|
enum SshError {
|
|
/**
|
|
* Don't recognize the ssh version
|
|
*/
|
|
ERR_UNKNOWN_VERSION,
|
|
/**
|
|
* Cannot lauch ssh client
|
|
*/
|
|
ERR_CANNOT_LAUNCH,
|
|
/**
|
|
* Interaction with the ssh client failed. This happens when we can't
|
|
* find the password prompt or something similar
|
|
*/
|
|
ERR_INTERACT,
|
|
/**
|
|
* Arguments for both a remotely executed subsystem and command were provide.
|
|
* Only one or the other may be used
|
|
*/
|
|
ERR_CMD_SUBSYS_CONFLICT,
|
|
/**
|
|
* No password was supplied
|
|
*/
|
|
ERR_NEED_PASSWD,
|
|
/**
|
|
* No passphrase was supplied.
|
|
*/
|
|
ERR_NEED_PASSPHRASE,
|
|
/**
|
|
* No usename was supplied
|
|
*/
|
|
ERR_NEED_USERNAME,
|
|
/**
|
|
* Timed out waiting for a response from ssh or the server
|
|
*/
|
|
ERR_TIMED_OUT,
|
|
/**
|
|
* Internal error, probably from a system call
|
|
*/
|
|
ERR_INTERNAL,
|
|
/**
|
|
* ssh was disconnect from the host
|
|
*/
|
|
ERR_DISCONNECTED,
|
|
/**
|
|
* No ssh options have been set. Call setArgs() before calling connect.
|
|
*/
|
|
ERR_NO_OPTIONS,
|
|
/**
|
|
* A host key was received from an unknown host.
|
|
* Call connect() with the acceptHostKey argument to accept the key.
|
|
*/
|
|
ERR_NEW_HOST_KEY,
|
|
/**
|
|
* A host key different from what is stored in the user's known_hosts file
|
|
* has be received. This is an indication of an attack
|
|
*/
|
|
ERR_DIFF_HOST_KEY,
|
|
/**
|
|
* A new or different host key was rejected by the caller. The ssh
|
|
* connection was terminated and the ssh process killed.
|
|
*/
|
|
ERR_HOST_KEY_REJECTED,
|
|
/**
|
|
* An invalid option was found in the SSH option list
|
|
*/
|
|
ERR_INVALID_OPT,
|
|
/**
|
|
* SSH accepted host key without prompting user.
|
|
*/
|
|
ERR_ACCEPTED_KEY,
|
|
/**
|
|
* Authentication failed
|
|
*/
|
|
ERR_AUTH_FAILED,
|
|
/**
|
|
* Authentication failed because a new host key was detected and
|
|
* SSH is configured with strict host key checking enabled.
|
|
*/
|
|
ERR_AUTH_FAILED_NEW_KEY,
|
|
/**
|
|
* Authentication failed because a changed host key was detected and
|
|
* SSH is configured with strict host key checking enabled.
|
|
*/
|
|
ERR_AUTH_FAILED_DIFF_KEY,
|
|
/**
|
|
* The remote host closed the connection for unknown reasons.
|
|
*/
|
|
ERR_CLOSED_BY_REMOTE_HOST,
|
|
/**
|
|
* We have no idea what happened
|
|
*/
|
|
ERR_UNKNOWN,
|
|
/**
|
|
* The connect state machine entered an invalid state.
|
|
*/
|
|
ERR_INVALID_STATE,
|
|
ERR_MAX
|
|
};
|
|
|
|
/**
|
|
* Initialize a SSH process using the first SSH binary found in the PATH
|
|
*/
|
|
KSshProcess();
|
|
|
|
/**
|
|
* Initialize a SSH process using the specified SSH binary.
|
|
* @param pathToSsh The fully qualified path name of the ssh binary
|
|
* KSshProcess should use to setup a SSH connection.
|
|
*/
|
|
KSshProcess(TQString pathToSsh);
|
|
~KSshProcess();
|
|
|
|
/**
|
|
* Set the ssh binary KSshProcess should use. This will only affect the
|
|
* next ssh connection attempt using this instance.
|
|
*
|
|
* @param pathToSsh Full path to the ssh binary.
|
|
*
|
|
* @return True if the ssh binary is found and KSshProcess
|
|
* recognizes the version.
|
|
*
|
|
*/
|
|
bool setSshPath(TQString pathToSsh);
|
|
|
|
/**
|
|
* Get the ssh version.
|
|
*
|
|
* @return The ssh version or -1 if KSshProcess does not recognize
|
|
* the ssh version. The returned value corresponds to the
|
|
* member of the SshVersion enum.
|
|
*/
|
|
SshVersion version();
|
|
|
|
/**
|
|
* Get a string describing the ssh version
|
|
*
|
|
* @return A string describing the ssh version recognized by KSshProcess
|
|
*/
|
|
//TQString versionStr();
|
|
|
|
/**
|
|
* Get the last error encountered by KSshProcess.
|
|
*
|
|
* @param msg Set to the error message, if any, outputted by ssh when it is run.
|
|
*
|
|
* @return The error number. See SshError for descriptions.
|
|
*/
|
|
int error(TQString& msg);
|
|
|
|
/**
|
|
* Get the last error encountered by KSshProcess.
|
|
* @return The error number. See SshError for descriptions.
|
|
*/
|
|
int error() { return mError; }
|
|
|
|
TQString errorMsg() { return mErrorMsg; }
|
|
|
|
/**
|
|
* Send a signal to the ssh process. Do not use this to end the
|
|
* ssh connection as it will not correctly reset the internal
|
|
* state of the KSshProcess object. Use KSshProcess::disconnect()
|
|
* instead.
|
|
*
|
|
* @param signal The signal to send to the ssh process. See 'kill -l'
|
|
* for a list of possible signals.
|
|
* The default signal is SIGKILL which kills ssh.
|
|
*
|
|
*/
|
|
void kill(int signal = SIGKILL);
|
|
|
|
/**
|
|
* The pid of the ssh process started by this instance of KSshProcess.
|
|
* Only valid if KSshProcess::running() returns true;
|
|
*
|
|
* @return The pid of the running ssh process.
|
|
*/
|
|
int pid() { return ssh.pid(); }
|
|
|
|
/**
|
|
* Whether a ssh connection has been established with a
|
|
* remote host. A establish connection means ssh has successfully
|
|
* authenticated with the remote host and user data can be transfered
|
|
* between the local and remote host. This cannot return
|
|
* true unless the most recent call to KSshProccess::connect() returned true.
|
|
*
|
|
* @return True if a ssh connection has been established with a remote
|
|
* host. False otherwise.
|
|
*/
|
|
bool connected() { return mConnected; }
|
|
|
|
/**
|
|
* Whether a ssh process is currently running. This only indicates
|
|
* if a ssh process has been started and is still running. It does not
|
|
* tell if authentication has been successful. This may return true
|
|
* even if the most recent call to KSshProcess::connect() returned false.
|
|
*
|
|
* @return True if a ssh process started by this instance of KSshProcess
|
|
* is running. False otherwise.
|
|
*/
|
|
bool running() { return mRunning; }
|
|
|
|
/**
|
|
* Print the command line arguments ssh is run with using kdDebug.
|
|
*/
|
|
void printArgs();
|
|
|
|
/**
|
|
* Set the SSH options.
|
|
* This must be called before connect(). See SshOptType for a list of
|
|
* supported ssh options. The required options are SSH_USERNAME
|
|
* and SSH_HOST.
|
|
*
|
|
* To reset the saved options, just recall setOptions() again with
|
|
* a different options list.
|
|
*
|
|
* @param opts A list of SshOpt objects specifying the ssh options.
|
|
*
|
|
* @return True if all options are valid. False if unrecognized options
|
|
* or a required option is missing. Call error()
|
|
* for details.
|
|
*
|
|
*/
|
|
bool setOptions(const SshOptList& opts);
|
|
|
|
/**
|
|
* Create a ssh connection based on the options provided by setOptions().
|
|
* Sets one of the following error codes on failure:
|
|
* <ul>
|
|
* <li>ERR_NO_OPTIONS</li>
|
|
* <li>ERR_CANNOT_LAUNCH</li>
|
|
* <li>ERR_INVALID_STATE</li>
|
|
* <li>ERR_NEED_PASSWD</li>
|
|
* <li>ERR_AUTH_FAILED</li>
|
|
* <li>ERR_NEW_HOST_KEY</li>
|
|
* <li>ERR_KEY_ACCEPTED</li>
|
|
* <li>ERR_DIFF_HOST_KEY</li>
|
|
* <li>ERR_INTERNAL</li>
|
|
* <li>ERR_INTERACT</li>
|
|
* </ul>
|
|
*
|
|
* @param acceptHostKey When true KSshProcess will automatically accept
|
|
* unrecognized or changed host keys.
|
|
*
|
|
* @return True if the ssh connection is successful. False if the connection
|
|
* fails. Call error() to get the reason for the failure.
|
|
*/
|
|
bool connect();
|
|
|
|
|
|
/**
|
|
* Disconnect ssh from the host. This kills the ssh process and
|
|
* resets the internal state of this KSshProcess object. After a
|
|
* disconnect, the same KSshProcess can be used to connect to a
|
|
* host.
|
|
*/
|
|
void disconnect();
|
|
|
|
/**
|
|
* Call to respond to a ERR_NEW_HOST_KEY or ERR_DIFF_HOST_KEY error.
|
|
*
|
|
* @param accept True to accept the host key, false to not accept the
|
|
* host key and kill ssh.
|
|
*
|
|
*/
|
|
void acceptHostKey(bool accept);
|
|
|
|
/**
|
|
* Call to respond to a ERR_NEED_PASSWD or ERR_NEED_PASSPHRASE error.
|
|
*
|
|
* @param password The user password to give ssh.
|
|
*/
|
|
void setPassword(TQString password);
|
|
|
|
/**
|
|
* Access to standard in and out of the ssh process.
|
|
*
|
|
* @return The file description for stdin and stdout of the ssh process.
|
|
*/
|
|
int stdioFd() { return ssh.stdioFd(); }
|
|
|
|
/**
|
|
* Access to standard error of the ssh process.
|
|
*
|
|
* @return The file descriptior for stderr of the ssh process.
|
|
*/
|
|
int stderrFd() { return ssh.stderrFd(); }
|
|
|
|
/**
|
|
* Access the pty to which the ssh process is attached.
|
|
*
|
|
* @return The file descriptor of pty to which ssh is attached.
|
|
*/
|
|
int pty() { return ssh.fd(); }
|
|
private:
|
|
/**
|
|
* Path the the ssh binary.
|
|
*/
|
|
TQString mSshPath;
|
|
|
|
/**
|
|
* SSH version. This is an index into the supported SSH
|
|
* versions array, and the various messages arrays.
|
|
*/
|
|
SshVersion mVersion;
|
|
|
|
/**
|
|
* User's password. Zero this out when it is no longer needed.
|
|
*/
|
|
TQString mPassword;
|
|
|
|
/**
|
|
* User's username.
|
|
*/
|
|
TQString mUsername;
|
|
|
|
/**
|
|
* Name of host we are connecting to.
|
|
*/
|
|
TQString mHost;
|
|
|
|
/**
|
|
* Accept new or changed host keys if true.
|
|
*/
|
|
bool mAcceptHostKey;
|
|
|
|
/**
|
|
* Flag to tell use if we have an open, authenticated ssh
|
|
* session going.
|
|
*/
|
|
bool mConnected;
|
|
|
|
/**
|
|
* Flag to tell us if we have started a ssh process, we use this
|
|
* to make sure we kill ssh before going away.
|
|
*/
|
|
bool mRunning;
|
|
|
|
/**
|
|
* Save any key fingerprint msg from ssh so we can present
|
|
* it to the caller.
|
|
*/
|
|
TQString mKeyFingerprint;
|
|
|
|
/**
|
|
* The location of the known host key file. We grab this from
|
|
* any error messages ssh prints out.
|
|
*/
|
|
TQString mKnownHostsFile;
|
|
|
|
/**
|
|
* The state of our connect state machine.
|
|
*/
|
|
int mConnectState;
|
|
|
|
/**
|
|
* Port on on which the target ssh server is listening.
|
|
*/
|
|
int mPort;
|
|
|
|
/**
|
|
* The last error number encountered. This is only valid for the
|
|
* last error.
|
|
*/
|
|
SshError mError;
|
|
|
|
/**
|
|
* An error message that corresponds to the error number set in
|
|
* mError. Optional.
|
|
*/
|
|
TQString mErrorMsg;
|
|
|
|
/**
|
|
* Interface to the SSH process we ceate. Handles communication
|
|
* to and from the SSH process using stdin, stdout, stderr, and
|
|
* pty.
|
|
*/
|
|
MyPtyProcess ssh;
|
|
|
|
/**
|
|
* List of arguments we start SSH with.
|
|
*/
|
|
QCStringList mArgs;
|
|
void init();
|
|
|
|
/**
|
|
* Handler to clean up when ssh process terminates.
|
|
*/
|
|
static void SIGCHLD_handler(int signo);
|
|
void installSignalHandlers();
|
|
void removeSignalHandlers();
|
|
|
|
TQString getLine();
|
|
|
|
static TQRegExp versionStrs[];
|
|
static const char * const passwordPrompt[];
|
|
static const char * const passphrasePrompt[];
|
|
static const char * const authSuccessMsg[];
|
|
static const char * const authFailedMsg[];
|
|
static TQRegExp hostKeyMissingMsg[];
|
|
static const char * const hostKeyChangedMsg[];
|
|
static const char * const continuePrompt[];
|
|
static const char * const hostKeyAcceptedMsg[];
|
|
static const char * const tryAgainMsg[];
|
|
static TQRegExp hostKeyVerifyFailedMsg[];
|
|
static const char * const connectionClosedMsg[];
|
|
static const char * const changeHostKeyOnDiskPrompt[];
|
|
static TQRegExp keyFingerprintMsg[];
|
|
static TQRegExp knownHostsFileMsg[];
|
|
};
|
|
#endif
|