feat: use shell stdout, stderr streams

Manaf941 · Manaf941 · commit ba5565ce7de8 · 2024-11-23T12:24:12.000+01:00
diff --git a/src/channels/Session/Shell.ts b/src/channels/Session/Shell.ts
@@ -2,6 +2,7 @@ import { Readable, Writable } from "stream"
 import SessionChannel from "../SessionChannel.js"
 import ChannelData from "../../packets/ChannelData.js"
 import assert from "assert"
+import ChannelExtendedData from "../../packets/ChannelExtendedData.js"
 
 export default class Shell {
     channel: SessionChannel
@@ -43,8 +44,9 @@ export default class Shell {
             assert(Buffer.isBuffer(chunk))
 
             this.channel.client.sendPacket(
-                new ChannelData({
+                new ChannelExtendedData({
                     recipient_channel_id: this.channel.remoteId!,
+                    data_type_code: 1,
                     data: chunk,
                 }),
             )
diff --git a/src/index_server.ts b/src/index_server.ts
@@ -5,7 +5,6 @@ import PrivateKey from "./utils/PrivateKey.js"
 import { readFileSync } from "node:fs"
 import { homedir } from "node:os"
 import SessionChannel from "./channels/SessionChannel.js"
-import ChannelData from "./packets/ChannelData.js"
 
 const server = new Server({
     hostKeys: [
@@ -15,6 +14,54 @@ const server = new Server({
     ],
 })
 
+const allowedPublicKeys = PublicKey.parseAuthorizedKeysFile(`
+    # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcSFk1WeyZZyOV/W5oFXldpVvLssFZNZVyURUsSz6tU thomiz@vitc.org
+    # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJS6a664HMOKoLXZU0NTI/v9psSjaYye6GUsab62uvg3 manafralli@gmail.com
+    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1QB7MrCW2ZmvlGgADPkm61EBkds4AI8kpXo7vvNDTl manaf@2221.ch
+    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNMME9pqRzPV2Gn6LB3erVXpvkzi1OtYLGkjTRSupQg9sN+17iTQIx3dCEudWRWLXBOtlL1lg1UH9TbnnCYjY+ns7KlFa8ibLeAy9D8NPTZ/4yMapDhZM8ThQseqKMbr9D9XfSryCpj9bPNCg2+OY2FPhArVyOBRcT9byHXPJYPES82pH8EepCDnr/D7NSM1TsrIzXc0d8JLZJxr+f6OMdrf8646cLmM0iJuEelyt+2sBxrJZRsu0Y0pHMwVoN+2U1xOjshxLCAZrIJGK7LOLCDR/AFljNzQlTFkQOSFDghBkz/R4CDtsoT6D0/GA8ZMDb7hgrCgu93C7ZFDfzOZKDzN4l80nuxdUbcEdtMVc36Aj2IzMoFxWauGGmnOBu1zujnSvU2azK/f1RT1UNKqMfwq8hn5T7OC9CGX6cTKGOnHwIzv1igMDi2Wghgarj79jH4xdcF//wAkyaipPZSW9LAX4CRauLW3hKZ/Afeq15Bm6H39zLH4cdtonX0rDPvk= manaf@cooper.home
+`)
+
+server.hooker.hook("publicKeyAuthentication", (_, context, controller) => {
+    console.debug(
+        `PublicKeyAuthentication request for user ${context.username} and key ${context.publicKey.hash("sha256")}`,
+    )
+    // only allow user "manaf"
+    if (context.username != "manaf") return
+
+    const publicKey = allowedPublicKeys.find((key) => key.equals(context.publicKey))
+    // public key is not in the keys file
+    if (!publicKey) return
+
+    // when using password managers or keychains,
+    // the server needs to explicitely tell the
+    // client to sign the auth request.
+    if (!context.signature) {
+        controller.requestSignature = true
+        return
+    }
+
+    // If the signature is not valid, do not allow login.
+    if (!context.publicKey.verifySignature(context.signatureMessage, context.signature)) return
+
+    controller.allowLogin = true
+})
+
+server.hooker.hook("passwordAuthentication", (_, context, controller) => {
+    console.debug(
+        `PasswordAuthentication request for user ${context.username} and password ${context.password}`,
+    )
+
+    if (context.password !== "test") return
+
+    controller.allowLogin = true
+})
+
+server.hooker.hook("channelOpenRequest", (_, channel, controller) => {
+    if (!(channel instanceof SessionChannel)) return
+
+    controller.allowOpen = true
+})
+
 server.listen(3022, () => {
     server.debug("Server listening on port", 3022)
 })
@@ -42,64 +89,13 @@ server.on("connection", (client) => {
         })
 
         channel.events.on("shell", (shell) => {
-            process.stdin.resume()
-            process.stdin.setRawMode(true)
-            process.stdin.setEncoding("utf8")
-            process.stdin.pipe(shell.stdout)
-
-            client.sendPacket(
-                new ChannelData({
-                    recipient_channel_id: channel.remoteId!,
-                    data: Buffer.from("Hello World !\n\nEnvironment Variables:\n", "utf8"),
-                }),
-            )
+            shell.stderr.write(`Hello World !\n\nEnvironment Variables:\n`)
 
             for (const [key, value] of channel.env.entries()) {
-                client.sendPacket(
-                    new ChannelData({
-                        recipient_channel_id: channel.remoteId!,
-                        data: Buffer.from(`${key}=${value}\n`, "utf8"),
-                    }),
-                )
+                shell.stderr.write(`${key}=${value}\n`)
             }
 
             // channel.close()
         })
     })
 })
-
-const allowedUser = "manaf"
-const allowedPublicKeys = PublicKey.parseAuthorizedKeysFile(`
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICcSFk1WeyZZyOV/W5oFXldpVvLssFZNZVyURUsSz6tU thomiz@vitc.org
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJS6a664HMOKoLXZU0NTI/v9psSjaYye6GUsab62uvg3 manafralli@gmail.com
-    ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG1QB7MrCW2ZmvlGgADPkm61EBkds4AI8kpXo7vvNDTl manaf@2221.ch
-    ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNMME9pqRzPV2Gn6LB3erVXpvkzi1OtYLGkjTRSupQg9sN+17iTQIx3dCEudWRWLXBOtlL1lg1UH9TbnnCYjY+ns7KlFa8ibLeAy9D8NPTZ/4yMapDhZM8ThQseqKMbr9D9XfSryCpj9bPNCg2+OY2FPhArVyOBRcT9byHXPJYPES82pH8EepCDnr/D7NSM1TsrIzXc0d8JLZJxr+f6OMdrf8646cLmM0iJuEelyt+2sBxrJZRsu0Y0pHMwVoN+2U1xOjshxLCAZrIJGK7LOLCDR/AFljNzQlTFkQOSFDghBkz/R4CDtsoT6D0/GA8ZMDb7hgrCgu93C7ZFDfzOZKDzN4l80nuxdUbcEdtMVc36Aj2IzMoFxWauGGmnOBu1zujnSvU2azK/f1RT1UNKqMfwq8hn5T7OC9CGX6cTKGOnHwIzv1igMDi2Wghgarj79jH4xdcF//wAkyaipPZSW9LAX4CRauLW3hKZ/Afeq15Bm6H39zLH4cdtonX0rDPvk= manaf@cooper.home
-`)
-
-server.hooker.hook("publicKeyAuthentication", (_, context, controller) => {
-    // only allow user "manaf"
-    if (context.username != allowedUser) return
-
-    const publicKey = allowedPublicKeys.find((key) => key.equals(context.publicKey))
-    // public key is not in the keys file
-    if (!publicKey) return
-
-    // when using password managers or keychains,
-    // the server needs to explicitely tell the
-    // client to sign the auth request.
-    if (!context.signature) {
-        controller.requestSignature = true
-        return
-    }
-
-    // If the signature is not valid, do not allow login.
-    if (!context.publicKey.verifySignature(context.signatureMessage, context.signature)) return
-
-    controller.allowLogin = true
-})
-
-server.hooker.hook("channelOpenRequest", (_, channel, controller) => {
-    if (!(channel instanceof SessionChannel)) return
-
-    controller.allowOpen = true
-})
