/* jslint node: true */ 'use strict'; // ENiGMA½ const Config = require('../config.js').config; const baseClient = require('../client.js'); const Log = require('../logger.js').log; const ServerModule = require('../server_module.js').ServerModule; const userLogin = require('../user_login.js').userLogin; const enigVersion = require('../../package.json').version; const theme = require('../theme.js'); const stringFormat = require('../string_format.js'); // deps const ssh2 = require('ssh2'); const fs = require('fs'); const util = require('util'); const _ = require('lodash'); const assert = require('assert'); exports.moduleInfo = { name : 'SSH', desc : 'SSH Server', author : 'NuSkooler', isSecure : true, }; exports.getModule = SSHServerModule; function SSHClient(clientConn) { baseClient.Client.apply(this, arguments); // // WARNING: Until we have emit 'ready', self.input, and self.output and // not yet defined! // const self = this; let loginAttempts = 0; clientConn.on('authentication', function authAttempt(ctx) { const username = ctx.username || ''; const password = ctx.password || ''; self.isNewUser = (Config.users.newUserNames || []).indexOf(username) > -1; self.log.trace( { method : ctx.method, username : username, newUser : self.isNewUser }, 'SSH authentication attempt'); function terminateConnection() { ctx.reject(); clientConn.end(); } // // If the system is open and |isNewUser| is true, the login // sequence is hijacked in order to start the applicaiton process. // if(false === Config.general.closedSystem && self.isNewUser) { return ctx.accept(); } if(username.length > 0 && password.length > 0) { loginAttempts += 1; userLogin(self, ctx.username, ctx.password, function authResult(err) { if(err) { if(err.existingConn) { // :TODO: Can we display somthing here? terminateConnection(); return; } else { return ctx.reject(SSHClient.ValidAuthMethods); } } else { ctx.accept(); } }); } else { if(-1 === SSHClient.ValidAuthMethods.indexOf(ctx.method)) { return ctx.reject(SSHClient.ValidAuthMethods); } if(0 === username.length) { // :TODO: can we display something here? return ctx.reject(); } let interactivePrompt = { prompt : `${ctx.username}'s password: `, echo : false }; ctx.prompt(interactivePrompt, function retryPrompt(answers) { loginAttempts += 1; userLogin(self, username, (answers[0] || ''), err => { if(err) { if(err.existingConn) { // :TODO: can we display something here? terminateConnection(); } else { if(loginAttempts >= Config.general.loginAttempts) { terminateConnection(); } else { const artOpts = { client : self, name : 'SSHPMPT.ASC', readSauce : false, }; theme.getThemeArt(artOpts, (err, artInfo) => { if(err) { interactivePrompt.prompt = `Access denied\n${ctx.username}'s password: `; } else { const newUserNameList = _.has(Config, 'users.newUserNames') && Config.users.newUserNames.length > 0 ? Config.users.newUserNames.map(newName => '"' + newName + '"').join(', ') : '(No new user names enabled!)'; interactivePrompt.prompt = `Access denied\n${stringFormat(artInfo.data, { newUserNames : newUserNameList })}\n${ctx.username}'s password'`; } return ctx.prompt(interactivePrompt, retryPrompt); }); } } } else { ctx.accept(); } }); }); } }); this.updateTermInfo = function(info) { // // From ssh2 docs: // "rows and cols override width and height when rows and cols are non-zero." // let termHeight; let termWidth; if(info.rows > 0 && info.cols > 0) { termHeight = info.rows; termWidth = info.cols; } else if(info.width > 0 && info.height > 0) { termHeight = info.height; termWidth = info.width; } assert(_.isObject(self.term)); // // Note that if we fail here, connect.js attempts some non-standard // queries/etc., and ultimately will default to 80x24 if all else fails // if(termHeight > 0 && termWidth > 0) { self.term.termHeight = termHeight; self.term.termWidth = termWidth; self.clearMciCache(); // term size changes = invalidate cache } if(_.isString(info.term) && info.term.length > 0 && 'unknown' === self.term.termType) { self.setTermType(info.term); } }; clientConn.once('ready', function clientReady() { self.log.info('SSH authentication success'); clientConn.on('session', accept => { const session = accept(); session.on('pty', function pty(accept, reject, info) { self.log.debug(info, 'SSH pty event'); if(_.isFunction(accept)) { accept(); } if(self.input) { // do we have I/O? self.updateTermInfo(info); } else { self.cachedPtyInfo = info; } }); session.on('shell', accept => { self.log.debug('SSH shell event'); const channel = accept(); self.setInputOutput(channel.stdin, channel.stdout); channel.stdin.on('data', data => { self.emit('data', data); }); if(self.cachedPtyInfo) { self.updateTermInfo(self.cachedPtyInfo); delete self.cachedPtyInfo; } // we're ready! const firstMenu = self.isNewUser ? Config.servers.ssh.firstMenuNewUser : Config.servers.ssh.firstMenu; self.emit('ready', { firstMenu : firstMenu } ); }); session.on('window-change', (accept, reject, info) => { self.log.debug(info, 'SSH window-change event'); self.updateTermInfo(info); }); }); }); clientConn.on('end', () => { self.emit('end'); // remove client connection/tracking }); clientConn.on('error', err => { self.log.warn( { error : err.message, code : err.code }, 'SSH connection error'); }); } util.inherits(SSHClient, baseClient.Client); SSHClient.ValidAuthMethods = [ 'password', 'keyboard-interactive' ]; function SSHServerModule() { ServerModule.call(this); } util.inherits(SSHServerModule, ServerModule); SSHServerModule.prototype.createServer = function() { SSHServerModule.super_.prototype.createServer.call(this); const serverConf = { hostKeys : [ { key : fs.readFileSync(Config.servers.ssh.privateKeyPem), passphrase : Config.servers.ssh.privateKeyPass, } ], ident : 'enigma-bbs-' + enigVersion + '-srv', // Note that sending 'banner' breaks at least EtherTerm! debug : (sshDebugLine) => { if(true === Config.servers.ssh.traceConnections) { Log.trace(`SSH: ${sshDebugLine}`); } }, }; const server = ssh2.Server(serverConf); server.on('connection', function onConnection(conn, info) { Log.info(info, 'New SSH connection'); const client = new SSHClient(conn); this.emit('client', client, conn._sock); }); return server; };