除libssh库外，其他的C/C++的第三方库和pythong的第三方库进行了升级。

external/version.ini

@@ -1,9 +1,9 @@
 [external_ver]
-openssl = 1.0.2h,1000208f
+openssl = 1.0.2p,1000208f
-libuv = 1.18.0
+libuv = 1.23.0
-mbedtls = 2.6.1
+mbedtls = 2.12.0
 sqlite = 3170000
 libssh = 0.7.5
 jsoncpp = 0.10.6
-mongoose = 6.10
+mongoose = 6.12
 

server/tp_core/core/tp_core.vs2015.vcxproj

@@ -181,6 +181,7 @@
     <ClCompile Include="..\..\..\external\jsoncpp\src\lib_json\json_writer.cpp" />
     <ClCompile Include="..\..\..\external\mbedtls\library\aes.c" />
     <ClCompile Include="..\..\..\external\mbedtls\library\base64.c" />
+    <ClCompile Include="..\..\..\external\mbedtls\library\platform_util.c" />
     <ClCompile Include="..\..\..\external\mbedtls\library\sha1.c" />
     <ClCompile Include="..\..\..\external\mongoose\mongoose.c" />
     <ClCompile Include="main.cpp" />

server/tp_core/core/tp_core.vs2015.vcxproj.filters

@@ -109,6 +109,9 @@
     <ClCompile Include="tp_tpp_mgr.cpp">
       <Filter>main app</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\external\mbedtls\library\platform_util.c">
+      <Filter>mbedtls\library</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="ts_main.h">

server/tp_core/protocol/telnet/telnet_session.cpp

@@ -542,7 +542,7 @@ sess_state TelnetSession::_do_relay(TelnetConn *conn) {
 		{
 			if (_this->_putty_replace_username(m_conn_client, m_conn_server))
 			{
-				_this->m_username_sent = true;
+				//_this->m_username_sent = true;
 				is_processed = true;
 			}
 		}
@@ -582,7 +582,8 @@ sess_state TelnetSession::_do_relay(TelnetConn *conn) {
 		{
 			if (_this->_parse_find_and_send(m_conn_server, m_conn_client, _this->m_password_prompt.c_str(), _this->m_acc_secret.c_str()))
 			{
-				_this->m_password_sent = true;
+                _this->m_username_sent = true;
+                _this->m_password_sent = true;
 				is_processed = true;
 			}
 		}

server/tp_core/protocol/telnet/tptelnet.vs2015.vcxproj

@@ -142,6 +142,7 @@
     <ClCompile Include="..\..\..\..\external\libuv\src\fs-poll.c" />
     <ClCompile Include="..\..\..\..\external\libuv\src\inet.c" />
     <ClCompile Include="..\..\..\..\external\libuv\src\threadpool.c" />
+    <ClCompile Include="..\..\..\..\external\libuv\src\timer.c" />
     <ClCompile Include="..\..\..\..\external\libuv\src\uv-common.c" />
     <ClCompile Include="..\..\..\..\external\libuv\src\version.c" />
     <ClCompile Include="..\..\..\..\external\libuv\src\win\async.c" />
@@ -165,7 +166,6 @@
     <ClCompile Include="..\..\..\..\external\libuv\src\win\stream.c" />
     <ClCompile Include="..\..\..\..\external\libuv\src\win\tcp.c" />
     <ClCompile Include="..\..\..\..\external\libuv\src\win\thread.c" />
-    <ClCompile Include="..\..\..\..\external\libuv\src\win\timer.c" />
     <ClCompile Include="..\..\..\..\external\libuv\src\win\tty.c" />
     <ClCompile Include="..\..\..\..\external\libuv\src\win\udp.c" />
     <ClCompile Include="..\..\..\..\external\libuv\src\win\util.c" />

server/tp_core/protocol/telnet/tptelnet.vs2015.vcxproj.filters

@@ -244,9 +244,6 @@
     <ClCompile Include="..\..\..\..\external\libuv\src\win\thread.c">
       <Filter>libuv\src\win</Filter>
     </ClCompile>
-    <ClCompile Include="..\..\..\..\external\libuv\src\win\timer.c">
-      <Filter>libuv\src\win</Filter>
-    </ClCompile>
     <ClCompile Include="..\..\..\..\external\libuv\src\win\tty.c">
       <Filter>libuv\src\win</Filter>
     </ClCompile>
@@ -316,5 +313,8 @@
     <ClCompile Include="..\..\..\..\external\jsoncpp\src\lib_json\json_value.cpp">
       <Filter>jsoncpp</Filter>
     </ClCompile>
+    <ClCompile Include="..\..\..\..\external\libuv\src\timer.c">
+      <Filter>libuv</Filter>
+    </ClCompile>
   </ItemGroup>
 </Project>

server/www/packages/packages-common/pymysql/_auth.py

@@ -0,0 +1,253 @@
+"""
+Implements auth methods
+"""
+from ._compat import text_type, PY2
+from .constants import CLIENT
+from .err import OperationalError
+
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import serialization, hashes
+from cryptography.hazmat.primitives.asymmetric import padding
+
+from functools import partial
+import hashlib
+import struct
+
+
+DEBUG = False
+SCRAMBLE_LENGTH = 20
+sha1_new = partial(hashlib.new, 'sha1')
+
+
+# mysql_native_password
+# https://dev.mysql.com/doc/internals/en/secure-password-authentication.html#packet-Authentication::Native41
+
+
+def scramble_native_password(password, message):
+    """Scramble used for mysql_native_password"""
+    if not password:
+        return b''
+
+    stage1 = sha1_new(password).digest()
+    stage2 = sha1_new(stage1).digest()
+    s = sha1_new()
+    s.update(message[:SCRAMBLE_LENGTH])
+    s.update(stage2)
+    result = s.digest()
+    return _my_crypt(result, stage1)
+
+
+def _my_crypt(message1, message2):
+    result = bytearray(message1)
+    if PY2:
+        message2 = bytearray(message2)
+
+    for i in range(len(result)):
+        result[i] ^= message2[i]
+
+    return bytes(result)
+
+
+# old_passwords support ported from libmysql/password.c
+# https://dev.mysql.com/doc/internals/en/old-password-authentication.html
+
+SCRAMBLE_LENGTH_323 = 8
+
+
+class RandStruct_323(object):
+
+    def __init__(self, seed1, seed2):
+        self.max_value = 0x3FFFFFFF
+        self.seed1 = seed1 % self.max_value
+        self.seed2 = seed2 % self.max_value
+
+    def my_rnd(self):
+        self.seed1 = (self.seed1 * 3 + self.seed2) % self.max_value
+        self.seed2 = (self.seed1 + self.seed2 + 33) % self.max_value
+        return float(self.seed1) / float(self.max_value)
+
+
+def scramble_old_password(password, message):
+    """Scramble for old_password"""
+    hash_pass = _hash_password_323(password)
+    hash_message = _hash_password_323(message[:SCRAMBLE_LENGTH_323])
+    hash_pass_n = struct.unpack(">LL", hash_pass)
+    hash_message_n = struct.unpack(">LL", hash_message)
+
+    rand_st = RandStruct_323(
+        hash_pass_n[0] ^ hash_message_n[0], hash_pass_n[1] ^ hash_message_n[1]
+    )
+    outbuf = io.BytesIO()
+    for _ in range(min(SCRAMBLE_LENGTH_323, len(message))):
+        outbuf.write(int2byte(int(rand_st.my_rnd() * 31) + 64))
+    extra = int2byte(int(rand_st.my_rnd() * 31))
+    out = outbuf.getvalue()
+    outbuf = io.BytesIO()
+    for c in out:
+        outbuf.write(int2byte(byte2int(c) ^ byte2int(extra)))
+    return outbuf.getvalue()
+
+
+def _hash_password_323(password):
+    nr = 1345345333
+    add = 7
+    nr2 = 0x12345671
+
+    # x in py3 is numbers, p27 is chars
+    for c in [byte2int(x) for x in password if x not in (' ', '\t', 32, 9)]:
+        nr ^= (((nr & 63) + add) * c) + (nr << 8) & 0xFFFFFFFF
+        nr2 = (nr2 + ((nr2 << 8) ^ nr)) & 0xFFFFFFFF
+        add = (add + c) & 0xFFFFFFFF
+
+    r1 = nr & ((1 << 31) - 1)  # kill sign bits
+    r2 = nr2 & ((1 << 31) - 1)
+    return struct.pack(">LL", r1, r2)
+
+
+# sha256_password
+
+
+def _roundtrip(conn, send_data):
+    conn.write_packet(send_data)
+    pkt = conn._read_packet()
+    pkt.check_error()
+    return pkt
+
+
+def _xor_password(password, salt):
+    password_bytes = bytearray(password)
+    salt = bytearray(salt)  # for PY2 compat.
+    salt_len = len(salt)
+    for i in range(len(password_bytes)):
+        password_bytes[i] ^= salt[i % salt_len]
+    return bytes(password_bytes)
+
+
+def sha2_rsa_encrypt(password, salt, public_key):
+    """Encrypt password with salt and public_key.
+
+    Used for sha256_password and caching_sha2_password.
+    """
+    message = _xor_password(password + b'\0', salt)
+    rsa_key = serialization.load_pem_public_key(public_key, default_backend())
+    return rsa_key.encrypt(
+        message,
+        padding.OAEP(
+            mgf=padding.MGF1(algorithm=hashes.SHA1()),
+            algorithm=hashes.SHA1(),
+            label=None,
+        ),
+    )
+
+
+def sha256_password_auth(conn, pkt):
+    if conn._secure:
+        if DEBUG:
+            print("sha256: Sending plain password")
+        data = conn.password + b'\0'
+        return _roundtrip(conn, data)
+
+    if pkt.is_auth_switch_request():
+        conn.salt = pkt.read_all()
+        if not conn.server_public_key and conn.password:
+            # Request server public key
+            if DEBUG:
+                print("sha256: Requesting server public key")
+            pkt = _roundtrip(conn, b'\1')
+
+    if pkt.is_extra_auth_data():
+        conn.server_public_key = pkt._data[1:]
+        if DEBUG:
+            print("Received public key:\n", conn.server_public_key.decode('ascii'))
+
+    if conn.password:
+        if not conn.server_public_key:
+            raise OperationalError("Couldn't receive server's public key")
+
+        data = sha2_rsa_encrypt(conn.password, conn.salt, conn.server_public_key)
+    else:
+        data = b''
+
+    return _roundtrip(conn, data)
+
+
+def scramble_caching_sha2(password, nonce):
+    # (bytes, bytes) -> bytes
+    """Scramble algorithm used in cached_sha2_password fast path.
+
+    XOR(SHA256(password), SHA256(SHA256(SHA256(password)), nonce))
+    """
+    if not password:
+        return b''
+
+    p1 = hashlib.sha256(password).digest()
+    p2 = hashlib.sha256(p1).digest()
+    p3 = hashlib.sha256(p2 + nonce).digest()
+
+    res = bytearray(p1)
+    if PY2:
+        p3 = bytearray(p3)
+    for i in range(len(p3)):
+        res[i] ^= p3[i]
+
+    return bytes(res)
+
+
+def caching_sha2_password_auth(conn, pkt):
+    # No password fast path
+    if not conn.password:
+        return _roundtrip(conn, b'')
+
+    if pkt.is_auth_switch_request():
+        # Try from fast auth
+        if DEBUG:
+            print("caching sha2: Trying fast path")
+        conn.salt = pkt.read_all()
+        scrambled = scramble_caching_sha2(conn.password, conn.salt)
+        pkt = _roundtrip(conn, scrambled)
+    # else: fast auth is tried in initial handshake
+
+    if not pkt.is_extra_auth_data():
+        raise OperationalError(
+            "caching sha2: Unknown packet for fast auth: %s" % pkt._data[:1]
+        )
+
+    # magic numbers:
+    # 2 - request public key
+    # 3 - fast auth succeeded
+    # 4 - need full auth
+
+    pkt.advance(1)
+    n = pkt.read_uint8()
+
+    if n == 3:
+        if DEBUG:
+            print("caching sha2: succeeded by fast path.")
+        pkt = conn._read_packet()
+        pkt.check_error()  # pkt must be OK packet
+        return pkt
+
+    if n != 4:
+        raise OperationalError("caching sha2: Unknwon result for fast auth: %s" % n)
+
+    if DEBUG:
+        print("caching sha2: Trying full auth...")
+
+    if conn._secure:
+        if DEBUG:
+            print("caching sha2: Sending plain password via secure connection")
+        return _roundtrip(conn, conn.password + b'\0')
+
+    if not conn.server_public_key:
+        pkt = _roundtrip(conn, b'\x02')  # Request public key
+        if not pkt.is_extra_auth_data():
+            raise OperationalError(
+                "caching sha2: Unknown packet for public key: %s" % pkt._data[:1]
+            )
+
+        conn.server_public_key = pkt._data[1:]
+        if DEBUG:
+            print(conn.server_public_key.decode('ascii'))
+
+    data = sha2_rsa_encrypt(conn.password, conn.salt, conn.server_public_key)
+    pkt = _roundtrip(conn, data)

server/www/teleport/.idea/teleport.iml

@@ -7,7 +7,7 @@
     <content url="file://$MODULE_DIR$/webroot">
       <sourceFolder url="file://$MODULE_DIR$/webroot" isTestSource="false" />
     </content>
-    <orderEntry type="jdk" jdkName="Python 3.7" jdkType="Python SDK" />
+    <orderEntry type="jdk" jdkName="py37" jdkType="Python SDK" />
     <orderEntry type="sourceFolder" forTests="false" />
   </component>
   <component name="TemplatesService">