contrib/python/Twisted/py3/twisted/conch/client/direct.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

# Copyright (c) Twisted Matrix Laboratories.
# See LICENSE for details.

from __future__ import annotations

from typing import TYPE_CHECKING, Callable

from twisted.conch import error
from twisted.conch.ssh import transport
from twisted.internet import defer, protocol, reactor
from twisted.internet.address import IPv4Address, IPv6Address
from twisted.internet.defer import Deferred, maybeDeferred
from twisted.internet.interfaces import (
    IAddress,
    IConnector,
    IListeningPort,
    IReactorTCP,
)
from twisted.python.failure import Failure

if TYPE_CHECKING:
    from twisted.conch.client.options import ConchOptions
    from twisted.conch.ssh.userauth import SSHUserAuthClient


class SSHClientFactory(protocol.ClientFactory):
    def __init__(
        self,
        d: Deferred[None],
        options: ConchOptions,
        verifyHostKey: _VHK,
        userAuthObject: SSHUserAuthClient,
    ) -> None:
        self.d: Deferred[None] | None = d
        self.options = options
        self.verifyHostKey = verifyHostKey
        self.userAuthObject = userAuthObject

    def clientConnectionLost(self, connector: IConnector, reason: Failure) -> None:
        if self.options["reconnect"]:
            connector.connect()

    def clientConnectionFailed(self, connector: IConnector, reason: Failure) -> None:
        if self.d is None:
            return
        d, self.d = self.d, None
        d.errback(reason)

    def buildProtocol(self, addr: IAddress) -> SSHClientTransport:
        trans = SSHClientTransport(self)
        if self.options["ciphers"]:
            trans.supportedCiphers = self.options["ciphers"]
        if self.options["macs"]:
            trans.supportedMACs = self.options["macs"]
        if self.options["compress"]:
            trans.supportedCompressions[0:1] = [b"zlib"]
        if self.options["host-key-algorithms"]:
            trans.supportedPublicKeys = self.options["host-key-algorithms"]
        return trans


class SSHClientTransport(transport.SSHClientTransport):
    # pre-mypy LSP violation
    factory: SSHClientFactory  # type:ignore[assignment]

    def __init__(self, factory: SSHClientFactory) -> None:
        self.factory = factory
        self.unixServer: None | IListeningPort = None

    def connectionLost(self, reason: Failure | None = None) -> None:
        if self.unixServer:
            # The C{unixServer} attribute is untested, and it's not entirely
            # clear that it does anything at all. It appears to be a vestigial
            # attempt to support something like OpenSSH's ControlMaster client
            # option; at some point we should either document and test it, or
            # remove it.

            # https://github.com/twisted/twisted/issues/12418
            d = maybeDeferred(self.unixServer.stopListening)  # pragma: no cover
            self.unixServer = None  # pragma: no cover
        else:
            d = defer.succeed(None)
        d.addCallback(
            lambda x: transport.SSHClientTransport.connectionLost(self, reason)
        )

    def receiveError(self, code, desc):
        if self.factory.d is None:
            return
        d, self.factory.d = self.factory.d, None
        d.errback(error.ConchError(desc, code))

    def sendDisconnect(self, code, reason):
        if self.factory.d is None:
            return
        d, self.factory.d = self.factory.d, None
        transport.SSHClientTransport.sendDisconnect(self, code, reason)
        d.errback(error.ConchError(reason, code))

    def receiveDebug(self, alwaysDisplay, message, lang):
        self._log.debug(
            "Received Debug Message: {message}",
            message=message,
            alwaysDisplay=alwaysDisplay,
            lang=lang,
        )
        if alwaysDisplay:  # XXX what should happen here?
            print(message)

    def verifyHostKey(self, pubKey: bytes, fingerprint: str) -> Deferred[bool]:
        transport = self.transport
        assert transport is not None
        peer = transport.getPeer()
        assert isinstance(
            peer, (IPv4Address, IPv6Address)
        ), "Address must have a host to verify against."
        return self.factory.verifyHostKey(
            self, peer.host.encode("utf-8"), pubKey, fingerprint
        )

    def setService(self, service):
        self._log.info("setting client server to {service}", service=service)
        transport.SSHClientTransport.setService(self, service)
        if service.name != "ssh-userauth" and self.factory.d is not None:
            d, self.factory.d = self.factory.d, None
            d.callback(None)

    def connectionSecure(self):
        self.requestService(self.factory.userAuthObject)


_VHK = Callable[[SSHClientTransport, bytes, bytes, str], Deferred[bool]]


def connect(
    host: str,
    port: int,
    options: ConchOptions,
    verifyHostKey: _VHK,
    userAuthObject: SSHUserAuthClient,
) -> Deferred[None]:
    d: Deferred[None] = defer.Deferred()
    factory = SSHClientFactory(d, options, verifyHostKey, userAuthObject)
    IReactorTCP(reactor).connectTCP(host, port, factory)
    return d