mirror of
https://github.com/amnezia-vpn/amnezia-client.git
synced 2026-05-08 14:33:23 +00:00
847bb6923b
* refactor: move business logic from servers model * refactor: move containersModel initialization * refactor: added protocol ui controller and removed settings class from protocols model * refactor: moved cli management to separate controller * refactor: moved app split to separate controller * refactor: moved site split to separate controller * refactor: moved allowed dns to separate controller * refactor: moved language logic to separate ui controller * refactor: removed Settings from devices model * refactor: moved configs and services api logit to separate core controller * refactor: added a layer with a repository between the storage and controllers * refactor: use child parent system instead of smart pointers for controllers and models initialization * refactor: moved install functions from server controller to install controller * refactor: install controller refactoring * chore: renamed exportController to exportUiController * refactor: separate export controller * refactor: removed VpnConfigurationsController * chore: renamed ServerController to SshSession * refactor: replaced ServerController to SshSession * chore: moved qml controllers to separate folder * chore: include fixes * chore: moved utils from core root to core/utils * chore: include fixes * chore: rename core/utils files to camelCase foramt * chore: include fixes * chore: moved some utils to api and selfhosted folders * chore: include fixes * chore: remove unused file * chore: moved serialization folder to core/utils * chore: include fixes * chore: moved some files from client root to core/utils * chore: include fixes * chore: moved ui utils to ui/utils folder * chore: include fixes * chore: move utils from root to ui/utils * chore: include fixes * chore: moved configurators to core/configurators * chore: include fixes * refactor: moved iap logic from ui controller to core * refactor: moved remaining core logic from ApiConfigsController to SubscriptionController * chore: rename apiNewsController to apiNewsUiController * refactor: moved core logic from news ui controller to core * chore: renamed apiConfigsController to subscriptionUiController * chore: include fixes * refactor: merge ApiSettingsController with SubscriptionUiController * chore: moved ui selfhosted controllers to separate folder * chore: include fixes * chore: rename connectionController to connectiomUiController * refactor: moved core logic from connectionUiController * chore: rename settingsController to settingsUiController * refactor: move core logic from settingsUiController * refactor: moved core controller signal/slot connections to separate class * fix: newsController fixes after refactoring * chore: rename model to camelCase * chore: include fixes * chore: remove unused code * chore: move selfhosted core to separate folder * chore: include fixes * chore: rename importController to importUiController * refactor: move core logic from importUiController * chore: minor fixes * chore: remove prem v1 migration * refactor: remove openvpn over cloak and openvpn over shadowsocks * refactor: removed protocolsForContainer function * refactor: add core models * refactor: replace json with c++ structs for server config * refactor: move getDnsPair to ServerConfigUtils * feat: add admin selfhosted config export test * feat: add multi import test * refactor: use coreController for tests * feat: add few simple tests * chore: qrepos in all core controllers * feat: add test for settings * refactor: remove repo dependency from configurators * chore: moved protocols to core folder * chore: include fixes * refactor: moved containersDefs, defs, apiDefs, protocolsDefs to different places * chore: include fixes * chore: build fixes * chore: build fixes * refactor: remove q repo and interface repo * feat: add test for ui servers model and controller * chore: renamed to camelCase * chore: include fixes * refactor: moved core logic from sites ui controller * fix: fixed api config processing * fix: fixed processed server index processing * refactor: protocol models now use c++ structs instead of json configs * refactor: servers model now use c++ struct instead of json config * fix: fixed default server index processing * fix: fix logs init * fix: fix secure settings load keys * chore: build fixes * fix: fixed clear settings * fix: fixed restore backup * fix: sshSession usage * fix: fixed export functions signatures * fix: return missing part from buildContainerWorker * fix: fixed server description on page home * refactor: add container config helpers functions * refactor: c++ structs instead of json * chore: add dns protocol config struct * refactor: move config utils functions to config structs * feat: add test for selfhosted server setup * refactor: separate resources.qrc * fix: fixed server rename * chore: return nameOverriddenByUser * fix: build fixes * fix: fixed models init * refactor: cleanup models usage * fix: fixed models init * chore: cleanup connections and functions signatures * chore: cleanup updateModel calls * feat: added cache to servers repo * chore: cleanup unused functions * chore: ssxray processing * chore: remove transportProtoWithDefault and portWithDefault functions * chore: removed proto types any and l2tp * refactor: moved some constants * fix: fixed native configs export * refactor: remove json from processConfigWith functions * fix: fixed processed server index usage * fix: qml warning fixes * chore: merge fixes * chore: update tests * fix: fixed xray config processing * fix: fixed split tunneling processing * chore: rename sites controllers and model * chore: rename fixes * chore: minor fixes * chore: remove ability to load backup from "file with connection settings" button * fix: fixed api device revoke * fix: remove full model update when renaming a user * fix: fixed premium/free server rename * fix: fixed selfhosted new server install * fix: fixed updateContainer function * fix: fixed revoke for external premium configs * feat: add native configs qr processing * chore: codestyle fixes * fix: fixed admin config create * chore: again remove ability to load backup from "file with connection settings" button * chore: minor fixes * fix: fixed variables initialization * fix: fixed qml imports * fix: minor fixes * fix: fix vpnConnection function calls * feat: add buckup error handling * fix: fixed admin config revok * fix: fixed selfhosted awg installation * fix: ad visability * feat: add empty check for primary dns * chore: minor fixes
365 lines
13 KiB
C++
365 lines
13 KiB
C++
#include "sshClient.h"
|
|
|
|
#include <QEventLoop>
|
|
#include <QtConcurrent>
|
|
|
|
#include <fstream>
|
|
|
|
#ifdef Q_OS_WINDOWS
|
|
const uint32_t S_IRWXU = 0644;
|
|
#endif
|
|
|
|
namespace libssh {
|
|
constexpr auto libsshTimeoutError{"Timeout connecting to"};
|
|
|
|
std::function<QString()> Client::m_passphraseCallback;
|
|
|
|
int Client::callback(const char *prompt, char *buf, size_t len, int echo, int verify, void *userdata)
|
|
{
|
|
auto passphrase = m_passphraseCallback();
|
|
passphrase.toStdString().copy(buf, passphrase.size() + 1);
|
|
return 0;
|
|
}
|
|
|
|
ErrorCode Client::connectToHost(const ServerCredentials &credentials)
|
|
{
|
|
if (m_session != nullptr) {
|
|
if (!ssh_is_connected(m_session)) {
|
|
ssh_free(m_session);
|
|
m_session = nullptr;
|
|
}
|
|
}
|
|
|
|
if (m_session == nullptr) {
|
|
m_session = ssh_new();
|
|
|
|
if (m_session == nullptr) {
|
|
qDebug() << "Failed to create ssh session";
|
|
return ErrorCode::InternalError;
|
|
}
|
|
|
|
int port = credentials.port;
|
|
int logVerbosity = SSH_LOG_NOLOG;
|
|
std::string hostIp = credentials.hostName.toStdString();
|
|
std::string hostUsername = credentials.userName.toStdString() + "@" + hostIp;
|
|
|
|
ssh_options_set(m_session, SSH_OPTIONS_HOST, hostIp.c_str());
|
|
ssh_options_set(m_session, SSH_OPTIONS_PORT, &port);
|
|
ssh_options_set(m_session, SSH_OPTIONS_USER, hostUsername.c_str());
|
|
ssh_options_set(m_session, SSH_OPTIONS_LOG_VERBOSITY, &logVerbosity);
|
|
|
|
QFutureWatcher<int> watcher;
|
|
QFuture<int> future = QtConcurrent::run([this]() {
|
|
return ssh_connect(m_session);
|
|
});
|
|
|
|
QEventLoop wait;
|
|
connect(&watcher, &QFutureWatcher<ErrorCode>::finished, &wait, &QEventLoop::quit);
|
|
watcher.setFuture(future);
|
|
wait.exec();
|
|
|
|
int connectionResult = watcher.result();
|
|
|
|
if (connectionResult != SSH_OK) {
|
|
return fromLibsshErrorCode();
|
|
}
|
|
|
|
std::string authUsername = credentials.userName.toStdString();
|
|
|
|
int authResult = SSH_ERROR;
|
|
if (credentials.secretData.contains("BEGIN") && credentials.secretData.contains("PRIVATE KEY")) {
|
|
ssh_key privateKey = nullptr;
|
|
ssh_key publicKey = nullptr;
|
|
authResult = ssh_pki_import_privkey_base64(credentials.secretData.toStdString().c_str(), nullptr, callback, nullptr, &privateKey);
|
|
if (authResult == SSH_OK) {
|
|
authResult = ssh_pki_export_privkey_to_pubkey(privateKey, &publicKey);
|
|
}
|
|
|
|
if (authResult == SSH_OK) {
|
|
authResult = ssh_userauth_try_publickey(m_session, authUsername.c_str(), publicKey);
|
|
}
|
|
|
|
if (authResult == SSH_OK) {
|
|
authResult = ssh_userauth_publickey(m_session, authUsername.c_str(), privateKey);
|
|
}
|
|
|
|
if (publicKey) {
|
|
ssh_key_free(publicKey);
|
|
}
|
|
if (privateKey) {
|
|
ssh_key_free(privateKey);
|
|
}
|
|
if (authResult != SSH_OK) {
|
|
qCritical() << ssh_get_error(m_session);
|
|
ErrorCode errorCode = fromLibsshErrorCode();
|
|
if (errorCode == ErrorCode::NoError) {
|
|
errorCode = ErrorCode::SshPrivateKeyFormatError;
|
|
}
|
|
return errorCode;
|
|
}
|
|
} else {
|
|
authResult = ssh_userauth_password(m_session, authUsername.c_str(), credentials.secretData.toStdString().c_str());
|
|
if (authResult != SSH_OK) {
|
|
return fromLibsshErrorCode();
|
|
}
|
|
}
|
|
}
|
|
return ErrorCode::NoError;
|
|
}
|
|
|
|
void Client::disconnectFromHost()
|
|
{
|
|
if (m_session != nullptr) {
|
|
if (ssh_is_connected(m_session)) {
|
|
ssh_disconnect(m_session);
|
|
}
|
|
ssh_free(m_session);
|
|
m_session = nullptr;
|
|
}
|
|
}
|
|
|
|
ErrorCode Client::executeCommand(const QString &data,
|
|
const std::function<ErrorCode (const QString &, Client &)> &cbReadStdOut,
|
|
const std::function<ErrorCode (const QString &, Client &)> &cbReadStdErr)
|
|
{
|
|
m_channel = ssh_channel_new(m_session);
|
|
|
|
if (m_channel == nullptr) {
|
|
return closeChannel();
|
|
}
|
|
|
|
int result = ssh_channel_open_session(m_channel);
|
|
|
|
if (result == SSH_OK && ssh_channel_is_open(m_channel)) {
|
|
qDebug() << "SSH chanel opened";
|
|
} else {
|
|
return closeChannel();
|
|
}
|
|
|
|
QFutureWatcher<ErrorCode> watcher;
|
|
connect(&watcher, &QFutureWatcher<ErrorCode>::finished, this, &Client::writeToChannelFinished);
|
|
|
|
QFuture<ErrorCode> future = QtConcurrent::run([this, &data, &cbReadStdOut, &cbReadStdErr]() {
|
|
const size_t bufferSize = 2048;
|
|
|
|
int bytesRead = 0;
|
|
char buffer[bufferSize];
|
|
|
|
int result = ssh_channel_request_exec(m_channel, data.toUtf8());
|
|
if (result == SSH_OK) {
|
|
std::string output;
|
|
auto readOutput = [&](bool isStdErr) {
|
|
bytesRead = ssh_channel_read(m_channel, buffer, sizeof(buffer), isStdErr);
|
|
while (bytesRead > 0)
|
|
{
|
|
output = std::string(buffer, bytesRead);
|
|
if (!output.empty()) {
|
|
if (cbReadStdOut && !isStdErr){
|
|
auto error = cbReadStdOut(output.c_str(), *this);
|
|
if (error != ErrorCode::NoError) {
|
|
return error;
|
|
}
|
|
}
|
|
if (cbReadStdErr && isStdErr){
|
|
auto error = cbReadStdErr(output.c_str(), *this);
|
|
if (error != ErrorCode::NoError) {
|
|
return error;
|
|
}
|
|
}
|
|
}
|
|
bytesRead = ssh_channel_read(m_channel, buffer, sizeof(buffer), isStdErr);
|
|
}
|
|
return ErrorCode::NoError;
|
|
};
|
|
|
|
auto errorCode = readOutput(false);
|
|
if (errorCode != ErrorCode::NoError) {
|
|
return errorCode;
|
|
}
|
|
errorCode = readOutput(true);
|
|
if (errorCode != ErrorCode::NoError) {
|
|
return errorCode;
|
|
}
|
|
} else {
|
|
return closeChannel();
|
|
}
|
|
return closeChannel();
|
|
});
|
|
watcher.setFuture(future);
|
|
|
|
QEventLoop wait;
|
|
QObject::connect(this, &Client::writeToChannelFinished, &wait, &QEventLoop::quit);
|
|
wait.exec();
|
|
|
|
return watcher.result();
|
|
}
|
|
|
|
ErrorCode Client::writeResponse(const QString &data)
|
|
{
|
|
if (m_channel == nullptr) {
|
|
qCritical() << "ssh channel not initialized";
|
|
return fromLibsshErrorCode();
|
|
}
|
|
|
|
int bytesWritten = ssh_channel_write(m_channel, data.toUtf8(), (uint32_t)data.size());
|
|
if (bytesWritten == data.size() && ssh_channel_write(m_channel, "\n", 1)) {
|
|
return fromLibsshErrorCode();
|
|
}
|
|
return fromLibsshErrorCode();
|
|
}
|
|
|
|
ErrorCode Client::closeChannel()
|
|
{
|
|
if (m_channel != nullptr) {
|
|
if (ssh_channel_is_eof(m_channel)) {
|
|
ssh_channel_send_eof(m_channel);
|
|
}
|
|
if (ssh_channel_is_open(m_channel)) {
|
|
ssh_channel_close(m_channel);
|
|
}
|
|
ssh_channel_free(m_channel);
|
|
m_channel = nullptr;
|
|
}
|
|
return fromLibsshErrorCode();
|
|
}
|
|
|
|
ErrorCode Client::scpFileCopy(const ScpOverwriteMode overwriteMode, const QString& localPath, const QString& remotePath, const QString &fileDesc)
|
|
{
|
|
m_scpSession = ssh_scp_new(m_session, SSH_SCP_WRITE, remotePath.toStdString().c_str());
|
|
|
|
if (m_scpSession == nullptr) {
|
|
return fromLibsshErrorCode();
|
|
}
|
|
|
|
if (ssh_scp_init(m_scpSession) != SSH_OK) {
|
|
auto errorCode = fromLibsshErrorCode();
|
|
closeScpSession();
|
|
return errorCode;
|
|
}
|
|
|
|
QFutureWatcher<ErrorCode> watcher;
|
|
connect(&watcher, &QFutureWatcher<ErrorCode>::finished, this, &Client::scpFileCopyFinished);
|
|
QFuture<ErrorCode> future = QtConcurrent::run([this, overwriteMode, &localPath, &remotePath, &fileDesc]() {
|
|
const int accessType = O_WRONLY | O_CREAT | overwriteMode;
|
|
const int localFileSize = QFileInfo(localPath).size();
|
|
|
|
int result = ssh_scp_push_file(m_scpSession, remotePath.toStdString().c_str(), localFileSize, accessType);
|
|
if (result != SSH_OK) {
|
|
return fromLibsshErrorCode();
|
|
}
|
|
|
|
QFile fin(localPath);
|
|
|
|
if (fin.open(QIODevice::ReadOnly)) {
|
|
constexpr size_t bufferSize = 16384;
|
|
int transferred = 0;
|
|
int currentChunkSize = bufferSize;
|
|
|
|
while (transferred < localFileSize) {
|
|
|
|
// Last Chunk
|
|
if ((localFileSize - transferred) < bufferSize) {
|
|
currentChunkSize = localFileSize % bufferSize;
|
|
}
|
|
|
|
QByteArray chunk = fin.read(currentChunkSize);
|
|
if (chunk.size() != currentChunkSize) {
|
|
return fromFileErrorCode(fin.error());
|
|
}
|
|
|
|
result = ssh_scp_write(m_scpSession, chunk.data(), chunk.size());
|
|
if (result != SSH_OK) {
|
|
return fromLibsshErrorCode();
|
|
}
|
|
|
|
transferred += currentChunkSize;
|
|
}
|
|
} else {
|
|
return fromFileErrorCode(fin.error());
|
|
}
|
|
|
|
return ErrorCode::NoError;
|
|
});
|
|
watcher.setFuture(future);
|
|
|
|
QEventLoop wait;
|
|
QObject::connect(this, &Client::scpFileCopyFinished, &wait, &QEventLoop::quit);
|
|
wait.exec();
|
|
|
|
closeScpSession();
|
|
return watcher.result();
|
|
}
|
|
|
|
void Client::closeScpSession()
|
|
{
|
|
if (m_scpSession != nullptr) {
|
|
ssh_scp_free(m_scpSession);
|
|
m_scpSession = nullptr;
|
|
}
|
|
}
|
|
|
|
ErrorCode Client::fromLibsshErrorCode()
|
|
{
|
|
int errorCode = ssh_get_error_code(m_session);
|
|
if (errorCode != SSH_NO_ERROR) {
|
|
QString errorMessage = ssh_get_error(m_session);
|
|
qCritical() << errorMessage;
|
|
if (errorMessage.contains(libsshTimeoutError)) {
|
|
return ErrorCode::SshTimeoutError;
|
|
}
|
|
}
|
|
|
|
switch (errorCode) {
|
|
case(SSH_NO_ERROR): return ErrorCode::NoError;
|
|
case(SSH_REQUEST_DENIED): return ErrorCode::SshRequestDeniedError;
|
|
case(SSH_EINTR): return ErrorCode::SshInterruptedError;
|
|
case(SSH_FATAL): return ErrorCode::SshInternalError;
|
|
default: return ErrorCode::SshInternalError;
|
|
}
|
|
}
|
|
|
|
ErrorCode Client::fromFileErrorCode(QFileDevice::FileError fileError)
|
|
{
|
|
switch (fileError) {
|
|
case QFileDevice::NoError: return ErrorCode::NoError;
|
|
case QFileDevice::ReadError: return ErrorCode::ReadError;
|
|
case QFileDevice::OpenError: return ErrorCode::OpenError;
|
|
case QFileDevice::PermissionsError: return ErrorCode::PermissionsError;
|
|
case QFileDevice::FatalError: return ErrorCode::FatalError;
|
|
case QFileDevice::AbortError: return ErrorCode::AbortError;
|
|
default: return ErrorCode::UnspecifiedError;
|
|
}
|
|
}
|
|
|
|
ErrorCode Client::getDecryptedPrivateKey(const ServerCredentials &credentials, QString &decryptedPrivateKey, const std::function<QString()> &passphraseCallback)
|
|
{
|
|
int authResult = SSH_ERROR;
|
|
ErrorCode errorCode = ErrorCode::NoError;
|
|
|
|
ssh_key privateKey = nullptr;
|
|
m_passphraseCallback = passphraseCallback;
|
|
authResult = ssh_pki_import_privkey_base64(credentials.secretData.toStdString().c_str(), nullptr, callback, nullptr, &privateKey);
|
|
if (authResult == SSH_OK) {
|
|
char *b64 = nullptr;
|
|
|
|
authResult = ssh_pki_export_privkey_base64(privateKey, nullptr, nullptr, nullptr, &b64);
|
|
decryptedPrivateKey = QString(b64);
|
|
|
|
if (authResult != SSH_OK) {
|
|
qDebug() << "failed to export private key";
|
|
errorCode = ErrorCode::InternalError;
|
|
}
|
|
else {
|
|
ssh_string_free_char(b64);
|
|
}
|
|
} else {
|
|
errorCode = ErrorCode::SshPrivateKeyError;
|
|
}
|
|
|
|
if (privateKey) {
|
|
ssh_key_free(privateKey);
|
|
}
|
|
return errorCode;
|
|
}
|
|
}
|