Java > Open Source Codes > com > jcraft > jsch > Session


1 /* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
2 /*
3 Copyright (c) 2002,2003,2004,2005,2006 ymnk, JCraft,Inc. All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
7
8   1. Redistributions of source code must retain the above copyright notice,
9      this list of conditions and the following disclaimer.
10
11   2. Redistributions in binary form must reproduce the above copyright
12      notice, this list of conditions and the following disclaimer in
13      the documentation and/or other materials provided with the distribution.
14
15   3. The names of the authors may not be used to endorse or promote products
16      derived from this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
19 INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
20 FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
21 INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
22 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
23 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
24 OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
25 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
26 NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
27 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 package com.jcraft.jsch;
31
32 import java.io.*;
33 import java.net.*;
34
35 public class Session implements Runnable {
36   static private final String version="JSCH-0.1.33";
37
38   // http://ietf.org/internet-drafts/draft-ietf-secsh-assignednumbers-01.txt
39 static final int SSH_MSG_DISCONNECT= 1;
40   static final int SSH_MSG_IGNORE= 2;
41   static final int SSH_MSG_UNIMPLEMENTED= 3;
42   static final int SSH_MSG_DEBUG= 4;
43   static final int SSH_MSG_SERVICE_REQUEST= 5;
44   static final int SSH_MSG_SERVICE_ACCEPT= 6;
45   static final int SSH_MSG_KEXINIT= 20;
46   static final int SSH_MSG_NEWKEYS= 21;
47   static final int SSH_MSG_KEXDH_INIT= 30;
48   static final int SSH_MSG_KEXDH_REPLY= 31;
49   static final int SSH_MSG_KEX_DH_GEX_GROUP= 31;
50   static final int SSH_MSG_KEX_DH_GEX_INIT= 32;
51   static final int SSH_MSG_KEX_DH_GEX_REPLY= 33;
52   static final int SSH_MSG_KEX_DH_GEX_REQUEST= 34;
53   static final int SSH_MSG_GLOBAL_REQUEST= 80;
54   static final int SSH_MSG_REQUEST_SUCCESS= 81;
55   static final int SSH_MSG_REQUEST_FAILURE= 82;
56   static final int SSH_MSG_CHANNEL_OPEN= 90;
57   static final int SSH_MSG_CHANNEL_OPEN_CONFIRMATION= 91;
58   static final int SSH_MSG_CHANNEL_OPEN_FAILURE= 92;
59   static final int SSH_MSG_CHANNEL_WINDOW_ADJUST= 93;
60   static final int SSH_MSG_CHANNEL_DATA= 94;
61   static final int SSH_MSG_CHANNEL_EXTENDED_DATA= 95;
62   static final int SSH_MSG_CHANNEL_EOF= 96;
63   static final int SSH_MSG_CHANNEL_CLOSE= 97;
64   static final int SSH_MSG_CHANNEL_REQUEST= 98;
65   static final int SSH_MSG_CHANNEL_SUCCESS= 99;
66   static final int SSH_MSG_CHANNEL_FAILURE= 100;
67
68   private byte[] V_S; // server version
69 private byte[] V_C=("SSH-2.0-"+version).getBytes(); // client version
70
71   private byte[] I_C; // the payload of the client's SSH_MSG_KEXINIT
72 private byte[] I_S; // the payload of the server's SSH_MSG_KEXINIT
73 private byte[] K_S; // the host key
74
75   private byte[] session_id;
76
77   private byte[] IVc2s;
78   private byte[] IVs2c;
79   private byte[] Ec2s;
80   private byte[] Es2c;
81   private byte[] MACc2s;
82   private byte[] MACs2c;
83
84   private int seqi=0;
85   private int seqo=0;
86
87   String [] guess=null;
88   private Cipher s2ccipher;
89   private Cipher c2scipher;
90   private MAC s2cmac;
91   private MAC c2smac;
92   //private byte[] mac_buf;
93 private byte[] s2cmac_result1;
94   private byte[] s2cmac_result2;
95
96   private Compression deflater;
97   private Compression inflater;
98
99   private IO io;
100   private Socket socket;
101   private int timeout=0;
102
103   private boolean isConnected=false;
104
105   private boolean isAuthed=false;
106
107   private Thread connectThread=null;
108
109   boolean x11_forwarding=false;
110   boolean agent_forwarding=false;
111
112   InputStream in=null;
113   OutputStream out=null;
114
115   static Random random;
116
117   Buffer buf;
118   Packet packet;
119
120   SocketFactory socket_factory=null;
121
122   private java.util.Hashtable config=null;
123
124   private Proxy proxy=null;
125   private UserInfo userinfo;
126
127   private String hostKeyAlias=null;
128   private int serverAliveInterval=0;
129   private int serverAliveCountMax=1;
130
131   protected boolean daemon_thread=false;
132
133   String host="127.0.0.1";
134   int port=22;
135
136   String username=null;
137   byte[] password=null;
138
139   JSch jsch;
140
141   Session(JSch jsch) throws JSchException{
142     super();
143     this.jsch=jsch;
144     buf=new Buffer();
145     packet=new Packet(buf);
146   }
147
148   public void connect() throws JSchException{
149     connect(timeout);
150   }
151
152   public void connect(int connectTimeout) throws JSchException{
153     if(isConnected){
154       throw new JSchException("session is already connected");
155     }
156
157     io=new IO();
158     if(random==null){
159       try{
160     Class c=Class.forName(getConfig("random"));
161         random=(Random)(c.newInstance());
162       }
163       catch(Exception e){
164         throw new JSchException(e.toString(), e);
165       }
166     }
167     Packet.setRandom(random);
168
169     if(JSch.getLogger().isEnabled(Logger.INFO)){
170       JSch.getLogger().log(Logger.INFO,
171                            "Connecting to "+host+" port "+port);
172     }
173
174     try {
175       int i, j;
176
177       if(proxy==null){
178     proxy=jsch.getProxy(host);
179     if(proxy!=null){
180       synchronized(proxy){
181         proxy.close();
182       }
183     }
184       }
185
186       if(proxy==null){
187         InputStream in;
188         OutputStream out;
189     if(socket_factory==null){
190           socket=Util.createSocket(host, port, connectTimeout);
191       in=socket.getInputStream();
192       out=socket.getOutputStream();
193     }
194     else{
195           socket=socket_factory.createSocket(host, port);
196       in=socket_factory.getInputStream(socket);
197       out=socket_factory.getOutputStream(socket);
198     }
199     //if(timeout>0){ socket.setSoTimeout(timeout); }
200 socket.setTcpNoDelay(true);
201         io.setInputStream(in);
202         io.setOutputStream(out);
203       }
204       else{
205     synchronized(proxy){
206           proxy.connect(socket_factory, host, port, connectTimeout);
207       io.setInputStream(proxy.getInputStream());
208       io.setOutputStream(proxy.getOutputStream());
209           socket=proxy.getSocket();
210     }
211       }
212
213       if(connectTimeout>0 && socket!=null){
214         socket.setSoTimeout(connectTimeout);
215       }
216
217       isConnected=true;
218
219       if(JSch.getLogger().isEnabled(Logger.INFO)){
220         JSch.getLogger().log(Logger.INFO,
221                              "Connection established");
222       }
223
224       jsch.addSession(this);
225
226       while(true){
227         i=0;
228         j=0;
229         while(i<buf.buffer.length){
230           j=io.getByte();
231           if(j<0)break;
232           buf.buffer[i]=(byte)j; i++;
233           if(j==10)break;
234         }
235         if(j<0){
236           throw new JSchException("connection is closed by foreign host");
237         }
238
239         if(buf.buffer[i-1]==10){ // 0x0a
240 i--;
241           if(buf.buffer[i-1]==13){ // 0x0d
242 i--;
243           }
244         }
245
246         if(i>4 && (i!=buf.buffer.length) &&
247            (buf.buffer[0]!='S'||buf.buffer[1]!='S'||
248             buf.buffer[2]!='H'||buf.buffer[3]!='-')){
249           //System.err.println(new String(buf.buffer, 0, i);
250 continue;
251         }
252
253         if(i==buf.buffer.length ||
254            i<7 || // SSH-1.99 or SSH-2.0
255 (buf.buffer[4]=='1' && buf.buffer[6]!='9') // SSH-1.5
256 ){
257           throw new JSchException("invalid server's version string");
258         }
259         break;
260       }
261
262       V_S=new byte[i]; System.arraycopy(buf.buffer, 0, V_S, 0, i);
263       //System.err.println("V_S: ("+i+") ["+new String(V_S)+"]");
264
265       if(JSch.getLogger().isEnabled(Logger.INFO)){
266         JSch.getLogger().log(Logger.INFO,
267                              "Remote version string: "+new String (V_S));
268         JSch.getLogger().log(Logger.INFO,
269                              "Local version string: "+new String (V_C));
270       }
271
272       //io.put(V_C, 0, V_C.length); io.put("\n".getBytes(), 0, 1);
273 {
274     // Some Cisco devices will miss to read '\n' if it is sent separately.
275 byte[] foo=new byte[V_C.length+1];
276     System.arraycopy(V_C, 0, foo, 0, V_C.length);
277     foo[foo.length-1]=(byte)'\n';
278     io.put(foo, 0, foo.length);
279       }
280
281       buf=read(buf);
282       //System.err.println("read: 20 ? "+buf.buffer[5]);
283 if(buf.buffer[5]!=SSH_MSG_KEXINIT){
284     throw new JSchException("invalid protocol: "+buf.buffer[5]);
285       }
286
287       if(JSch.getLogger().isEnabled(Logger.INFO)){
288         JSch.getLogger().log(Logger.INFO,
289                              "SSH_MSG_KEXINIT received");
290       }
291
292       KeyExchange kex=receive_kexinit(buf);
293
294       while(true){
295     buf=read(buf);
296     if(kex.getState()==buf.buffer[5]){
297           boolean result=kex.next(buf);
298       if(!result){
299         //System.err.println("verify: "+result);
300 in_kex=false;
301         throw new JSchException("verify: "+result);
302       }
303     }
304     else{
305           in_kex=false;
306       throw new JSchException("invalid protocol(kex): "+buf.buffer[5]);
307     }
308     if(kex.getState()==KeyExchange.STATE_END){
309       break;
310     }
311       }
312
313       try{ checkHost(host, port, kex); }
314       catch(JSchException ee){
315         in_kex=false;
316         throw ee;
317       }
318
319       send_newkeys();
320
321       // receive SSH_MSG_NEWKEYS(21)
322 buf=read(buf);
323       //System.err.println("read: 21 ? "+buf.buffer[5]);
324 if(buf.buffer[5]==SSH_MSG_NEWKEYS){
325
326         if(JSch.getLogger().isEnabled(Logger.INFO)){
327           JSch.getLogger().log(Logger.INFO,
328                                "SSH_MSG_NEWKEYS received");
329         }
330
331     receive_newkeys(buf, kex);
332       }
333       else{
334         in_kex=false;
335     throw new JSchException("invalid protocol(newkyes): "+buf.buffer[5]);
336       }
337
338       boolean auth=false;
339       boolean auth_cancel=false;
340
341       /*
342       UserAuthNone usn=new UserAuthNone();
343       auth=usn.start(this, userinfo);
344       */
345       UserAuth ua=null;
346       try{
347     Class c=Class.forName(getConfig("userauth.none"));
348         ua=(UserAuth)(c.newInstance());
349       }
350       catch(Exception e){
351         throw new JSchException(e.toString(), e);
352       }
353
354       auth=ua.start(this, userinfo);
355
356       String cmethods=getConfig("PreferredAuthentications");
357       String [] cmethoda=Util.split(cmethods, ",");
358
359       String smethods=null;
360       if(!auth){
361         smethods=((UserAuthNone)ua).getMethods();
362         if(smethods!=null){
363           smethods=smethods.toLowerCase();
364         }
365         else{
366           // methods: publickey,password,keyboard-interactive
367 //smethods="publickey,password,keyboard-interactive";
368 smethods=cmethods;
369         }
370       }
371
372       String [] smethoda=Util.split(smethods, ",");
373
374       int methodi=0;
375
376       loop:
377       while(true){
378
379 //System.err.println("methods: "+methods);
380
381     while(!auth &&
382           cmethoda!=null && methodi<cmethoda.length){
383
384           String method=cmethoda[methodi++];
385           boolean acceptable=false;
386           for(int k=0; k<smethoda.length; k++){
387             if(smethoda[k].equals(method)){
388               acceptable=true;
389               break;
390             }
391           }
392           if(!acceptable){
393             continue;
394           }
395
396           //System.err.println(" method: "+method);
397
398           if(JSch.getLogger().isEnabled(Logger.INFO)){
399             String str="Authentications that can continue: ";
400             for(int k=methodi-1; k<cmethoda.length; k++){
401               str+=cmethoda[k];
402               if(k+1<cmethoda.length)
403                 str+=",";
404             }
405             JSch.getLogger().log(Logger.INFO,
406                                  str);
407             JSch.getLogger().log(Logger.INFO,
408                                  "Next authentication method: "+method);
409           }
410
411       ua=null;
412           try{
413             Class c=null;
414             if(getConfig("userauth."+method)!=null){
415               c=Class.forName(getConfig("userauth."+method));
416               ua=(UserAuth)(c.newInstance());
417             }
418           }
419           catch(Exception e){
420             if(JSch.getLogger().isEnabled(Logger.WARN)){
421               JSch.getLogger().log(Logger.WARN,
422                                    "failed to load "+method+" method");
423             }
424           }
425
426       if(ua!=null){
427             auth_cancel=false;
428         try{
429           auth=ua.start(this, userinfo);
430               if(auth &&
431                  JSch.getLogger().isEnabled(Logger.INFO)){
432                 JSch.getLogger().log(Logger.INFO,
433                                      "Authentication succeeded ("+method+").");
434               }
435         }
436         catch(JSchAuthCancelException ee){
437           auth_cancel=true;
438         }
439         catch(JSchPartialAuthException ee){
440           smethods=ee.getMethods();
441               smethoda=Util.split(smethods, ",");
442               methodi=0;
443           //System.err.println("PartialAuth: "+methods);
444 auth_cancel=false;
445           continue loop;
446         }
447         catch(RuntimeException ee){
448           throw ee;
449         }
450         catch(Exception ee){
451           //System.err.println("ee: "+ee); // SSH_MSG_DISCONNECT: 2 Too many authentication failures
452 break loop;
453         }
454       }
455     }
456         break;
457       }
458
459       if(auth){
460
461         if(connectTimeout>0 || timeout>0){
462           socket.setSoTimeout(timeout);
463         }
464
465         isAuthed=true;
466     connectThread=new Thread (this);
467     connectThread.setName("Connect thread "+host+" session");
468         if(daemon_thread){
469           connectThread.setDaemon(daemon_thread);
470         }
471     connectThread.start();
472     return;
473       }
474
475       if(auth_cancel)
476     throw new JSchException("Auth cancel");
477       throw new JSchException("Auth fail");
478     }
479     catch(Exception e) {
480       in_kex=false;
481       if(isConnected){
482     try{
483       packet.reset();
484       buf.putByte((byte)SSH_MSG_DISCONNECT);
485       buf.putInt(3);
486       buf.putString(e.toString().getBytes());
487       buf.putString("en".getBytes());
488       write(packet);
489       disconnect();
490     }
491     catch(Exception ee){
492     }
493       }
494       isConnected=false;
495       //e.printStackTrace();
496 if(e instanceof RuntimeException ) throw (RuntimeException )e;
497       if(e instanceof JSchException) throw (JSchException)e;
498       throw new JSchException("Session.connect: "+e);
499     }
500     finally{
501       Util.bzero(this.password);
502       this.password=null;
503     }
504   }
505
506   private KeyExchange receive_kexinit(Buffer buf) throws Exception {
507     int j=buf.getInt();
508     if(j!=buf.getLength()){ // packet was compressed and
509 buf.getByte(); // j is the size of deflated packet.
510 I_S=new byte[buf.index-5];
511     }
512     else{
513       I_S=new byte[j-1-buf.getByte()];
514     }
515     System.arraycopy(buf.buffer, buf.s, I_S, 0, I_S.length);
516 /*
517 try{
518 byte[] tmp=new byte[I_S.length];
519 System.arraycopy(I_S, 0, tmp, 0, I_S.length);
520 Buffer tmpb=new Buffer(tmp);
521 System.err.println("I_S: len="+I_S.length);
522 tmpb.setOffSet(17);
523 System.err.println("kex: "+new String(tmpb.getString()));
524 System.err.println("server_host_key: "+new String(tmpb.getString()));
525 System.err.println("cipher.c2s: "+new String(tmpb.getString()));
526 System.err.println("cipher.s2c: "+new String(tmpb.getString()));
527 System.err.println("mac.c2s: "+new String(tmpb.getString()));
528 System.err.println("mac.s2c: "+new String(tmpb.getString()));
529 System.err.println("compression.c2s: "+new String(tmpb.getString()));
530 System.err.println("compression.s2c: "+new String(tmpb.getString()));
531 System.err.println("lang.c2s: "+new String(tmpb.getString()));
532 System.err.println("lang.s2c: "+new String(tmpb.getString()));
533 System.err.println("?: "+(tmpb.getByte()&0xff));
534 System.err.println("??: "+tmpb.getInt());
535 }
536 catch(Exception e){
537 System.err.println(e);
538 }
539 */
540
541     send_kexinit();
542     guess=KeyExchange.guess(I_S, I_C);
543     if(guess==null){
544       throw new JSchException("Algorithm negotiation fail");
545     }
546
547     if(!isAuthed &&
548        (guess[KeyExchange.PROPOSAL_ENC_ALGS_CTOS].equals("none") ||
549         (guess[KeyExchange.PROPOSAL_ENC_ALGS_STOC].equals("none")))){
550       throw new JSchException("NONE Cipher should not be chosen before authentification is successed.");
551     }
552
553     KeyExchange kex=null;
554     try{
555       Class c=Class.forName(getConfig(guess[KeyExchange.PROPOSAL_KEX_ALGS]));
556       kex=(KeyExchange)(c.newInstance());
557     }
558     catch(Exception e){
559       throw new JSchException(e.toString(), e);
560     }
561     //kex.guess=guess;
562 kex.init(this, V_S, V_C, I_S, I_C);
563     return kex;
564   }
565
566   private boolean in_kex=false;
567   public void rekey() throws Exception {
568     send_kexinit();
569   }
570   private void send_kexinit() throws Exception {
571     if(in_kex) return;
572     in_kex=true;
573
574     // byte SSH_MSG_KEXINIT(20)
575 // byte[16] cookie (random bytes)
576 // string kex_algorithms
577 // string server_host_key_algorithms
578 // string encryption_algorithms_client_to_server
579 // string encryption_algorithms_server_to_client
580 // string mac_algorithms_client_to_server
581 // string mac_algorithms_server_to_client
582 // string compression_algorithms_client_to_server
583 // string compression_algorithms_server_to_client
584 // string languages_client_to_server
585 // string languages_server_to_client
586 packet.reset();
587     buf.putByte((byte) SSH_MSG_KEXINIT);
588     synchronized(random){
589       random.fill(buf.buffer, buf.index, 16); buf.skip(16);
590     }
591     buf.putString(getConfig("kex").getBytes());
592     buf.putString(getConfig("server_host_key").getBytes());
593     buf.putString(getConfig("cipher.c2s").getBytes());
594     buf.putString(getConfig("cipher.s2c").getBytes());
595     buf.putString(getConfig("mac.c2s").getBytes());
596     buf.putString(getConfig("mac.s2c").getBytes());
597     buf.putString(getConfig("compression.c2s").getBytes());
598     buf.putString(getConfig("compression.s2c").getBytes());
599     buf.putString(getConfig("lang.c2s").getBytes());
600     buf.putString(getConfig("lang.s2c").getBytes());
601     buf.putByte((byte)0);
602     buf.putInt(0);
603
604     buf.setOffSet(5);
605     I_C=new byte[buf.getLength()];
606     buf.getByte(I_C);
607
608     write(packet);
609
610     if(JSch.getLogger().isEnabled(Logger.INFO)){
611       JSch.getLogger().log(Logger.INFO,
612                            "SSH_MSG_KEXINIT sent");
613     }
614   }
615
616   private void send_newkeys() throws Exception {
617     // send SSH_MSG_NEWKEYS(21)
618 packet.reset();
619     buf.putByte((byte)SSH_MSG_NEWKEYS);
620     write(packet);
621
622     if(JSch.getLogger().isEnabled(Logger.INFO)){
623       JSch.getLogger().log(Logger.INFO,
624                            "SSH_MSG_NEWKEYS sent");
625     }
626   }
627
628   private void checkHost(String chost, int port, KeyExchange kex) throws JSchException {
629     String shkc=getConfig("StrictHostKeyChecking");
630
631     if(hostKeyAlias!=null){
632       chost=hostKeyAlias;
633     }
634
635     //System.err.println("shkc: "+shkc);
636
637     byte[] K_S=kex.getHostKey();
638     String key_type=kex.getKeyType();
639     String key_fprint=kex.getFingerPrint();
640
641     if(hostKeyAlias==null && port!=22){
642       chost=("["+chost+"]:"+port);
643     }
644
645 // hostkey=new HostKey(chost, K_S);
646
647     HostKeyRepository hkr=jsch.getHostKeyRepository();
648     int i=0;
649     synchronized(hkr){
650       i=hkr.check(chost, K_S);
651     }
652
653     boolean insert=false;
654
655     if((shkc.equals("ask") || shkc.equals("yes")) &&
656        i==HostKeyRepository.CHANGED){
657       String file=null;
658       synchronized(hkr){
659     file=hkr.getKnownHostsRepositoryID();
660       }
661       if(file==null){file="known_hosts";}
662
663       boolean b=false;
664
665       if(userinfo!=null){
666         String message=
667 "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!\n"+
668 "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\n"+
669 "Someone could be eavesdropping on you right now (man-in-the-middle attack)!\n"+
670 "It is also possible that the "+key_type+" host key has just been changed.\n"+
671 "The fingerprint for the "+key_type+" key sent by the remote host is\n"+
672 key_fprint+".\n"+
673 "Please contact your system administrator.\n"+
674 "Add correct host key in "+file+" to get rid of this message.";
675
676         if(shkc.equals("ask")){
677           b=userinfo.promptYesNo(message+
678                                  "\nDo you want to delete the old key and insert the new key?");
679         }
680         else{ // shkc.equals("yes")
681 userinfo.showMessage(message);
682         }
683       }
684
685       if(!b){
686         throw new JSchException("HostKey has been changed: "+chost);
687       }
688
689       synchronized(hkr){
690         hkr.remove(chost,
691                    (key_type.equals("DSA") ? "ssh-dss" : "ssh-rsa"),
692                    null);
693         insert=true;
694       }
695     }
696
697     if((shkc.equals("ask") || shkc.equals("yes")) &&
698        (i!=HostKeyRepository.OK) && !insert){
699       if(shkc.equals("yes")){
700     throw new JSchException("reject HostKey: "+host);
701       }
702       //System.err.println("finger-print: "+key_fprint);
703 if(userinfo!=null){
704     boolean foo=userinfo.promptYesNo(
705 "The authenticity of host '"+host+"' can't be established.\n"+
706 key_type+" key fingerprint is "+key_fprint+".\n"+
707 "Are you sure you want to continue connecting?"
708                      );
709     if(!foo){
710       throw new JSchException("reject HostKey: "+host);
711     }
712     insert=true;
713       }
714       else{
715     if(i==HostKeyRepository.NOT_INCLUDED)
716       throw new JSchException("UnknownHostKey: "+host+". "+key_type+" key fingerprint is "+key_fprint);
717     else
718           throw new JSchException("HostKey has been changed: "+host);
719       }
720     }
721
722     if(shkc.equals("no") &&
723        HostKeyRepository.NOT_INCLUDED==i){
724       insert=true;
725     }
726
727     if(i==HostKeyRepository.OK &&
728        JSch.getLogger().isEnabled(Logger.INFO)){
729       JSch.getLogger().log(Logger.INFO,
730                            "Host '"+host+"' is known and mathces the "+key_type+" host key");
731     }
732
733     if(insert &&
734        JSch.getLogger().isEnabled(Logger.WARN)){
735       JSch.getLogger().log(Logger.WARN,
736                            "Permanently added '"+host+"' ("+key_type+") to the list of known hosts.");
737     }
738
739     String hkh=getConfig("HashKnownHosts");
740     if(hkh.equals("yes") && (hkr instanceof KnownHosts)){
741       hostkey=((KnownHosts)hkr).createHashedHostKey(chost, K_S);
742     }
743     else{
744       hostkey=new HostKey(chost, K_S);
745     }
746
747     if(insert){
748       synchronized(hkr){
749     hkr.add(hostkey, userinfo);
750       }
751
752     }
753
754   }
755
756 //public void start(){ (new Thread(this)).start(); }
757
758   public Channel openChannel(String type) throws JSchException{
759     if(!isConnected){
760       throw new JSchException("session is down");
761     }
762     try{
763       Channel channel=Channel.getChannel(type);
764       addChannel(channel);
765       channel.init();
766       return channel;
767     }
768     catch(Exception e){
769       //e.printStackTrace();
770 }
771     return null;
772   }
773
774   // encode will bin invoked in write with synchronization.
775 public void encode(Packet packet) throws Exception {
776 //System.err.println("encode: "+packet.buffer.buffer[5]);
777 //System.err.println(" "+packet.buffer.index);
778 //if(packet.buffer.buffer[5]==96){
779 //Thread.dumpStack();
780 //}
781 if(deflater!=null){
782       packet.buffer.index=deflater.compress(packet.buffer.buffer,
783                         5, packet.buffer.index);
784     }
785     if(c2scipher!=null){
786       //packet.padding(c2scipher.getIVSize());
787 packet.padding(c2scipher_size);
788       int pad=packet.buffer.buffer[4];
789       synchronized(random){
790     random.fill(packet.buffer.buffer, packet.buffer.index-pad, pad);
791       }
792     }
793     else{
794       packet.padding(8);
795     }
796
797     if(c2smac!=null){
798       c2smac.update(seqo);
799       c2smac.update(packet.buffer.buffer, 0, packet.buffer.index);
800       c2smac.doFinal(packet.buffer.buffer, packet.buffer.index);
801     }
802     if(c2scipher!=null){
803       byte[] buf=packet.buffer.buffer;
804       c2scipher.update(buf, 0, packet.buffer.index, buf, 0);
805     }
806     if(c2smac!=null){
807       packet.buffer.skip(c2smac.getBlockSize());
808     }
809   }
810
811   int[] uncompress_len=new int[1];
812
813   private int s2ccipher_size=8;
814   private int c2scipher_size=8;
815   public Buffer read(Buffer buf) throws Exception {
816     int j=0;
817     while(true){
818       buf.reset();
819       io.getByte(buf.buffer, buf.index, s2ccipher_size);
820       buf.index+=s2ccipher_size;
821       if(s2ccipher!=null){
822         s2ccipher.update(buf.buffer, 0, s2ccipher_size, buf.buffer, 0);
823       }
824       j=((buf.buffer[0]<<24)&0xff000000)|
825         ((buf.buffer[1]<<16)&0x00ff0000)|
826         ((buf.buffer[2]<< 8)&0x0000ff00)|
827         ((buf.buffer[3] )&0x000000ff);
828       // RFC 4253 6.1. Maximum Packet Length
829 if(j<5 || j>(32768-4)){
830         throw new IOException("invalid data");
831       }
832       j=j+4-s2ccipher_size;
833       //if(j<0){
834 // throw new IOException("invalid data");
835 //}
836 if((buf.index+j)>buf.buffer.length){
837         byte[] foo=new byte[buf.index+j];
838         System.arraycopy(buf.buffer, 0, foo, 0, buf.index);
839         buf.buffer=foo;
840       }
841       if(j>0){
842     io.getByte(buf.buffer, buf.index, j); buf.index+=(j);
843     if(s2ccipher!=null){
844       s2ccipher.update(buf.buffer, s2ccipher_size, j, buf.buffer, s2ccipher_size);
845     }
846       }
847
848       if(s2cmac!=null){
849     s2cmac.update(seqi);
850     s2cmac.update(buf.buffer, 0, buf.index);
851
852         s2cmac.doFinal(s2cmac_result1, 0);
853     io.getByte(s2cmac_result2, 0, s2cmac_result2.length);
854         if(!java.util.Arrays.equals(s2cmac_result1, s2cmac_result2)){
855           throw new IOException("MAC Error");
856     }
857       }
858
859       seqi++;
860
861       if(inflater!=null){
862         //inflater.uncompress(buf);
863 int pad=buf.buffer[4];
864     uncompress_len[0]=buf.index-5-pad;
865     byte[] foo=inflater.uncompress(buf.buffer, 5, uncompress_len);
866     if(foo!=null){
867       buf.buffer=foo;
868       buf.index=5+uncompress_len[0];
869     }
870     else{
871       System.err.println("fail in inflater");
872       break;
873     }
874       }
875
876       int type=buf.buffer[5]&0xff;
877       //System.err.println("read: "+type);
878 if(type==SSH_MSG_DISCONNECT){
879         buf.rewind();
880         buf.getInt();buf.getShort();
881     int reason_code=buf.getInt();
882     byte[] description=buf.getString();
883     byte[] language_tag=buf.getString();
884     throw new JSchException("SSH_MSG_DISCONNECT:"+
885                 " "+reason_code+
886                 " "+new String (description)+
887                 " "+new String (language_tag));
888     //break;
889 }
890       else if(type==SSH_MSG_IGNORE){
891       }
892       else if(type==SSH_MSG_UNIMPLEMENTED){
893         buf.rewind();
894         buf.getInt();buf.getShort();
895     int reason_id=buf.getInt();
896         if(JSch.getLogger().isEnabled(Logger.INFO)){
897           JSch.getLogger().log(Logger.INFO,
898                                "Received SSH_MSG_UNIMPLEMENTED for "+reason_id);
899         }
900       }
901       else if(type==SSH_MSG_DEBUG){
902         buf.rewind();
903         buf.getInt();buf.getShort();
904 /*
905     byte always_display=(byte)buf.getByte();
906     byte[] message=buf.getString();
907     byte[] language_tag=buf.getString();
908     System.err.println("SSH_MSG_DEBUG:"+
909                " "+new String(message)+
910                " "+new String(language_tag));
911 */
912       }
913       else if(type==SSH_MSG_CHANNEL_WINDOW_ADJUST){
914           buf.rewind();
915           buf.getInt();buf.getShort();
916       Channel c=Channel.getChannel(buf.getInt(), this);
917       if(c==null){
918       }
919       else{
920         c.addRemoteWindowSize(buf.getInt());
921       }
922       }
923       else if(type==52/*SSH_MSG_U