/**
* @param buffer The {@link Buffer} to check
* @return The {@link Buffer} if this is an {@link SftpConstants#SSH_FXP_EXTENDED_REPLY}, or
* {@code null} if this is a {@link SftpConstants#SSH_FXP_STATUS} carrying an {@link
* SftpConstants#SSH_FX_OK} result
* @throws IOException If a non-{@link SftpConstants#SSH_FX_OK} result or not a {@link
* SftpConstants#SSH_FXP_EXTENDED_REPLY} buffer
*/
protected Buffer checkExtendedReplyBuffer(Buffer buffer) throws IOException {
int length = buffer.getInt();
int type = buffer.getUByte();
int id = buffer.getInt();
if (type == SftpConstants.SSH_FXP_STATUS) {
int substatus = buffer.getInt();
String msg = buffer.getString();
String lang = buffer.getString();
if (log.isDebugEnabled()) {
log.debug(
"checkStatus({}}[id={}] - status: {} [{}] {}", getName(), id, substatus, lang, msg);
}
if (substatus != SftpConstants.SSH_FX_OK) {
throwStatusException(id, substatus, msg, lang);
}
return null;
} else if (type == SftpConstants.SSH_FXP_EXTENDED_REPLY) {
return buffer;
} else {
throw new SshException(
"Unexpected SFTP packet received: type=" + type + ", id=" + id + ", length=" + length);
}
}
@Override
public Boolean doAuth(Buffer buffer, boolean init) throws Exception {
ValidateUtils.checkTrue(init, "Instance not initialized");
boolean hasSig = buffer.getBoolean();
String alg = buffer.getString();
int oldLim = buffer.wpos();
int oldPos = buffer.rpos();
int len = buffer.getInt();
buffer.wpos(buffer.rpos() + len);
PublicKey key = buffer.getRawPublicKey();
ServerFactoryManager manager = session.getFactoryManager();
Signature verif =
ValidateUtils.checkNotNull(
NamedFactory.Utils.create(manager.getSignatureFactories(), alg),
"No verifier located for algorithm=%s",
alg);
verif.initVerifier(key);
buffer.wpos(oldLim);
byte[] sig = hasSig ? buffer.getBytes() : null;
PublickeyAuthenticator authenticator =
ValidateUtils.checkNotNull(
manager.getPublickeyAuthenticator(), "No PublickeyAuthenticator configured");
if (!authenticator.authenticate(username, key, session)) {
return Boolean.FALSE;
}
if (!hasSig) {
Buffer buf = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_PK_OK);
buf.putString(alg);
buf.putRawBytes(buffer.array(), oldPos, 4 + len);
session.writePacket(buf);
return null;
} else {
Buffer buf = new ByteArrayBuffer();
buf.putBytes(session.getKex().getH());
buf.putByte(SshConstants.SSH_MSG_USERAUTH_REQUEST);
buf.putString(username);
buf.putString(service);
buf.putString(UserAuthPublicKeyFactory.NAME);
buf.putBoolean(true);
buf.putString(alg);
buffer.rpos(oldPos);
buffer.wpos(oldPos + 4 + len);
buf.putBuffer(buffer);
verif.update(buf.array(), buf.rpos(), buf.available());
if (!verif.verify(sig)) {
throw new Exception("Key verification failed");
}
return Boolean.TRUE;
}
}
@Override
public void handleOpenFailure(Buffer buffer) {
int reason = buffer.getInt();
String msg = buffer.getString();
String lang = buffer.getString();
if (log.isDebugEnabled()) {
log.debug(
"handleOpenFailure({}) reason={}, lang={}, msg={}",
this,
SshConstants.getOpenErrorCodeName(reason),
lang,
msg);
}
this.openFailureReason = reason;
this.openFailureMsg = msg;
this.openFailureLang = lang;
this.openFuture.setException(new SshException(msg));
this.closeFuture.setClosed();
this.doCloseImmediately();
notifyStateChanged();
}
@Override
public synchronized SshdSocketAddress startRemotePortForwarding(
SshdSocketAddress remote, SshdSocketAddress local) throws IOException {
ValidateUtils.checkNotNull(local, "Local address is null");
ValidateUtils.checkNotNull(remote, "Remote address is null");
Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_GLOBAL_REQUEST);
buffer.putString("tcpip-forward");
buffer.putBoolean(true);
buffer.putString(remote.getHostName());
buffer.putInt(remote.getPort());
Buffer result = session.request(buffer);
if (result == null) {
throw new SshException("Tcpip forwarding request denied by server");
}
int port = (remote.getPort() == 0) ? result.getInt() : remote.getPort();
// TODO: Is it really safe to only store the local address after the request ?
SshdSocketAddress prev;
synchronized (remoteToLocal) {
prev = remoteToLocal.put(port, local);
}
if (prev != null) {
throw new IOException(
"Multiple remote port forwarding bindings on port="
+ port
+ ": current="
+ remote
+ ", previous="
+ prev);
}
SshdSocketAddress bound = new SshdSocketAddress(remote.getHostName(), port);
if (log.isDebugEnabled()) {
log.debug("startRemotePortForwarding(" + remote + " -> " + local + "): " + bound);
}
return bound;
}
@Override
public Result process(
ConnectionService connectionService, String request, boolean wantReply, Buffer buffer)
throws Exception {
if (!REQUEST.equals(request)) {
return super.process(connectionService, request, wantReply, buffer);
}
String address = buffer.getString();
int port = buffer.getInt();
SshdSocketAddress socketAddress = new SshdSocketAddress(address, port);
TcpipForwarder forwarder =
Objects.requireNonNull(connectionService.getTcpipForwarder(), "No TCP/IP forwarder");
SshdSocketAddress bound = forwarder.localPortForwardingRequested(socketAddress);
if (log.isDebugEnabled()) {
log.debug(
"process({})[{}][want-reply-{}] {} => {}",
connectionService,
request,
wantReply,
socketAddress,
bound);
}
if (bound == null) {
return Result.ReplyFailure;
}
port = bound.getPort();
if (wantReply) {
Session session = connectionService.getSession();
buffer = session.createBuffer(SshConstants.SSH_MSG_REQUEST_SUCCESS, Integer.BYTES);
buffer.putInt(port);
session.writePacket(buffer);
}
return Result.Replied;
}
