Fix client auth using a timeout - now correctly rethrows an error. Added example client + server

Author: Joannis

Examples/ExampleClient/.gitignore

@@ -0,0 +1,8 @@
+.DS_Store
+/.build
+/Packages
+xcuserdata/
+DerivedData/
+.swiftpm/configuration/registries.json
+.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata
+.netrc

Examples/ExampleClient/.vscode/launch.json

@@ -0,0 +1,24 @@
+{
+  "configurations": [
+    {
+      "type": "lldb",
+      "request": "launch",
+      "sourceLanguages": ["swift"],
+      "args": [],
+      "cwd": "${workspaceFolder:ExampleClient}",
+      "name": "Debug ExampleClient",
+      "program": "${workspaceFolder:ExampleClient}/.build/debug/ExampleClient",
+      "preLaunchTask": "swift: Build Debug ExampleClient"
+    },
+    {
+      "type": "lldb",
+      "request": "launch",
+      "sourceLanguages": ["swift"],
+      "args": [],
+      "cwd": "${workspaceFolder:ExampleClient}",
+      "name": "Release ExampleClient",
+      "program": "${workspaceFolder:ExampleClient}/.build/release/ExampleClient",
+      "preLaunchTask": "swift: Build Release ExampleClient"
+    }
+  ]
+}

Examples/ExampleClient/ExampleServer.dockerfile

@@ -0,0 +1,13 @@
+FROM ubuntu:latest
+
+RUN apt update && apt install  openssh-server sudo -y
+
+RUN useradd -rm -d /home/ubuntu -s /bin/bash -g root -G sudo -u 1000 test 
+
+RUN  echo 'test:test' | chpasswd
+
+RUN service ssh start
+
+EXPOSE 22
+
+CMD ["/usr/sbin/sshd","-D"]

Examples/ExampleClient/Package.swift

@@ -0,0 +1,24 @@
+// swift-tools-version: 5.9
+// The swift-tools-version declares the minimum version of Swift required to build this package.
+
+import PackageDescription
+
+let package = Package(
+    name: "ExampleClient",
+    platforms: [
+        .macOS(.v12),  
+    ],
+    dependencies: [
+        .package(path: "../../"),
+    ],
+    targets: [
+        // Targets are the basic building blocks of a package, defining a module or a test suite.
+        // Targets can depend on other targets in this package and products from dependencies.
+        .executableTarget(
+            name: "ExampleClient",
+            dependencies: [
+                .product(name: "Citadel", package: "Citadel"),
+            ]
+        ),
+    ]
+)

Examples/ExampleClient/README.md

@@ -0,0 +1,3 @@
+1. Build the dockerfile using `docker build --file ExampleServer.dockerfile --tag sshd-example .`
+2. Run the docker image using `docker run -p 2323:22 sshd-example`
+3. Run this Swift code to connect tom the server and run a command using `swift run`

Examples/ExampleClient/Sources/main.swift

@@ -0,0 +1,12 @@
+import Citadel
+
+let client = try await SSHClient.connect(
+    host: "localhost", 
+    port: 2323,
+    authenticationMethod: .passwordBased(username: "test", password: "test"),
+    hostKeyValidator: .acceptAnything(),
+    reconnect: .never
+)
+
+let result = try await client.executeCommand("echo 'Hello, World!'")
+print(String(buffer: result))

Package.resolved

@@ -15,17 +15,17 @@
         "repositoryURL": "https://github.com/apple/swift-atomics.git",
         "state": {
           "branch": null,
-          "revision": "ff3d2212b6b093db7f177d0855adbc4ef9c5f036",
-          "version": "1.0.3"
+          "revision": "cd142fd2f64be2100422d658e7411e39489da985",
+          "version": "1.2.0"
         }
       },
       {
         "package": "swift-collections",
         "repositoryURL": "https://github.com/apple/swift-collections.git",
         "state": {
           "branch": null,
-          "revision": "937e904258d22af6e447a0b72c0bc67583ef64a2",
-          "version": "1.0.4"
+          "revision": "94cf62b3ba8d4bed62680a282d4c25f9c63c2efb",
+          "version": "1.1.0"
         }
       },
       {
@@ -51,8 +51,8 @@
         "repositoryURL": "https://github.com/apple/swift-nio.git",
         "state": {
           "branch": null,
-          "revision": "45167b8006448c79dda4b7bd604e07a034c15c49",
-          "version": "2.48.0"
+          "revision": "359c461e5561d22c6334828806cc25d759ca7aa6",
+          "version": "2.65.0"
         }
       },
       {
@@ -63,6 +63,15 @@
           "revision": "01e03b888734b03f1005b0ca329d7b5af50208e7",
           "version": "0.3.2"
         }
+      },
+      {
+        "package": "swift-system",
+        "repositoryURL": "https://github.com/apple/swift-system.git",
+        "state": {
+          "branch": null,
+          "revision": "025bcb1165deab2e20d4eaba79967ce73013f496",
+          "version": "1.2.1"
+        }
       }
     ]
   },

Package.swift

@@ -16,6 +16,7 @@ let package = Package(
         ),
     ],
     dependencies: [
+        // .package(path: "/Users/joannisorlandos/git/joannis/swift-nio-ssh"),
         .package(name: "swift-nio-ssh", url: "https://github.com/Joannis/swift-nio-ssh.git", "0.3.2" ..< "0.4.0"),
         .package(url: "https://github.com/apple/swift-log.git", from: "1.0.0"),
         .package(url: "https://github.com/attaswift/BigInt.git", from: "5.2.0"),

Sources/Citadel/Algorithms/AES.swift

@@ -4,22 +4,6 @@ import Crypto
 import NIO
 import NIOSSH
 
-enum CitadelError: Error {
-    case invalidKeySize
-    case invalidEncryptedPacketLength
-    case invalidDecryptedPlaintextLength
-    case insufficientPadding, excessPadding
-    case invalidMac
-    case cryptographicError
-    case invalidSignature
-    case signingError
-    case unsupported
-    case unauthorized
-    case commandOutputTooLarge
-    case channelCreationFailed
-    case channelFailure
-}
-
 public final class AES128CTR: NIOSSHTransportProtection {
     private enum Mac {
         case sha1, sha256, sha512

Sources/Citadel/Client.swift

@@ -65,7 +65,7 @@ public struct SSHAlgorithms {
 public final class SSHClient {
     private(set) var session: SSHClientSession
     private var userInitiatedClose = false
-    let authenticationMethod: SSHAuthenticationMethod
+    let authenticationMethod: () -> SSHAuthenticationMethod
     let hostKeyValidator: SSHHostKeyValidator
     internal var connectionSettings = SSHConnectionSettings()
     private let algorithms: SSHAlgorithms
@@ -83,7 +83,7 @@ public final class SSHClient {
 
     init(
         session: SSHClientSession,
-        authenticationMethod: SSHAuthenticationMethod,
+        authenticationMethod: @escaping @autoclosure () -> SSHAuthenticationMethod,
         hostKeyValidator: SSHHostKeyValidator,
         algorithms: SSHAlgorithms = SSHAlgorithms(),
         protocolOptions: Set<SSHProtocolOption>
@@ -111,21 +111,21 @@ public final class SSHClient {
     /// - Returns: An SSH client.
     public static func connect(
         on channel: Channel,
-        authenticationMethod: SSHAuthenticationMethod,
+        authenticationMethod: @escaping @autoclosure () -> SSHAuthenticationMethod,
         hostKeyValidator: SSHHostKeyValidator,
         algorithms: SSHAlgorithms = SSHAlgorithms(),
         protocolOptions: Set<SSHProtocolOption> = []
     ) async throws -> SSHClient {
         let session = try await SSHClientSession.connect(
             on: channel,
-            authenticationMethod: authenticationMethod,
+            authenticationMethod: authenticationMethod(),
             hostKeyValidator: hostKeyValidator,
             protocolOptions: protocolOptions
         )
 
         return SSHClient(
             session: session,
-            authenticationMethod: authenticationMethod,
+            authenticationMethod: authenticationMethod(),
             hostKeyValidator: hostKeyValidator,
             algorithms: algorithms,
             protocolOptions: protocolOptions
@@ -222,7 +222,7 @@ public final class SSHClient {
         self.session = try await SSHClientSession.connect(
             host: host,
             port: port,
-            authenticationMethod: authenticationMethod,
+            authenticationMethod: self.authenticationMethod(),
             hostKeyValidator: self.hostKeyValidator,
             protocolOptions: protocolOptions,
             group: session.channel.eventLoop

Sources/Citadel/ClientSession.swift

@@ -1,7 +1,6 @@
 import NIO
 import NIOSSH
 
-struct AuthenticationFailed: Error, Equatable {}
 final class ClientHandshakeHandler: ChannelInboundHandler {
     typealias InboundIn = Any
 
@@ -15,17 +14,18 @@ final class ClientHandshakeHandler: ChannelInboundHandler {
     init(eventLoop: EventLoop) {
         let promise = eventLoop.makePromise(of: Void.self)
         self.promise = promise
-
-        eventLoop.scheduleTask(in: .seconds(10)) {
-            promise.fail(AuthenticationFailed())
-        }
     }
 
     func userInboundEventTriggered(context: ChannelHandlerContext, event: Any) {
+        print(event)
         if event is UserAuthSuccessEvent {
             self.promise.succeed(())
         }
     }
+
+    func errorCaught(context: ChannelHandlerContext, error: any Error) {
+        self.promise.fail(error)
+    }
 
     deinit {
         struct Disconnected: Error {}
@@ -50,14 +50,14 @@ final class SSHClientSession {
     /// - group: The event loop group to use, will use a new group with one thread if not specified.
     public static func connect(
         on channel: Channel,
-        authenticationMethod: SSHAuthenticationMethod,
+        authenticationMethod: @escaping @autoclosure () -> SSHAuthenticationMethod,
         hostKeyValidator: SSHHostKeyValidator,
         algorithms: SSHAlgorithms = SSHAlgorithms(),
         protocolOptions: Set<SSHProtocolOption> = []
     ) async throws -> SSHClientSession {
         let handshakeHandler = ClientHandshakeHandler(eventLoop: channel.eventLoop)
         var clientConfiguration = SSHClientConfiguration(
-            userAuthDelegate: authenticationMethod,
+            userAuthDelegate: authenticationMethod(),
             serverAuthDelegate: hostKeyValidator
         )
 
@@ -95,7 +95,7 @@ final class SSHClientSession {
     public static func connect(
         host: String,
         port: Int = 22,
-        authenticationMethod: SSHAuthenticationMethod,
+        authenticationMethod: @escaping @autoclosure () -> SSHAuthenticationMethod,
         hostKeyValidator: SSHHostKeyValidator,
         algorithms: SSHAlgorithms = SSHAlgorithms(),
         protocolOptions: Set<SSHProtocolOption> = [],
@@ -104,7 +104,7 @@ final class SSHClientSession {
     ) async throws -> SSHClientSession {
         let handshakeHandler = ClientHandshakeHandler(eventLoop: group.next())
         var clientConfiguration = SSHClientConfiguration(
-            userAuthDelegate: authenticationMethod,
+            userAuthDelegate: authenticationMethod(),
             serverAuthDelegate: hostKeyValidator
         )
 

Sources/Citadel/Errors.swift

@@ -1,6 +1,7 @@
 enum SSHClientError: Error {
     case unsupportedPasswordAuthentication, unsupportedPrivateKeyAuthentication, unsupportedHostBasedAuthentication
     case channelCreationFailed
+    case allAuthenticationOptionsFailed
 }
 
 enum SSHChannelError: Error {
@@ -24,3 +25,21 @@ enum SFTPError: Error {
     case errorStatus(SFTPMessage.Status)
     case unsupportedVersion(SFTPProtocolVersion)
 }
+
+enum CitadelError: Error {
+    case invalidKeySize
+    case invalidEncryptedPacketLength
+    case invalidDecryptedPlaintextLength
+    case insufficientPadding, excessPadding
+    case invalidMac
+    case cryptographicError
+    case invalidSignature
+    case signingError
+    case unsupported
+    case unauthorized
+    case commandOutputTooLarge
+    case channelCreationFailed
+    case channelFailure
+}
+
+public struct AuthenticationFailed: Error, Equatable {}

Sources/Citadel/SSHAuthenticationMethod.swift

@@ -3,25 +3,28 @@ import NIOSSH
 import Crypto
 
 /// Represents an authentication method.
-public struct SSHAuthenticationMethod: NIOSSHClientUserAuthenticationDelegate {
+public final class SSHAuthenticationMethod: NIOSSHClientUserAuthenticationDelegate {
     private enum Implementation {
         case custom(NIOSSHClientUserAuthenticationDelegate)
         case user(String, offer: NIOSSHUserAuthenticationOffer.Offer)
     }
 
-    private let implementation: Implementation
+    private let allImplementations: [Implementation]
+    private var implementations: [Implementation]
 
     internal init(
         username: String,
         offer: NIOSSHUserAuthenticationOffer.Offer
     ) {
-        self.implementation = .user(username, offer: offer)
+        self.allImplementations = [.user(username, offer: offer)]
+        self.implementations = allImplementations
     }
 
     internal init(
         custom: NIOSSHClientUserAuthenticationDelegate
     ) {
-        self.implementation = .custom(custom)
+        self.allImplementations = [.custom(custom)]
+        self.implementations = allImplementations
     }
 
     /// Creates a password based authentication method.
@@ -80,6 +83,13 @@ public struct SSHAuthenticationMethod: NIOSSHClientUserAuthenticationDelegate {
         availableMethods: NIOSSHAvailableUserAuthenticationMethods,
         nextChallengePromise: EventLoopPromise<NIOSSHUserAuthenticationOffer?>
     ) {
+        if implementations.isEmpty {
+            nextChallengePromise.fail(SSHClientError.allAuthenticationOptionsFailed)
+            return
+        }
+        
+        let implementation = implementations.removeFirst()
+
         switch implementation {
         case .user(let username, offer: let offer):
             switch offer {