diff options
Diffstat (limited to 'lib')
65 files changed, 54 insertions, 104 deletions
diff --git a/lib/net/ssh.rb b/lib/net/ssh.rb index 292d6c6..8b8b7b9 100644 --- a/lib/net/ssh.rb +++ b/lib/net/ssh.rb @@ -15,7 +15,6 @@ require 'net/ssh/connection/session' require 'net/ssh/prompt' module Net - # Net::SSH is a library for interacting, programmatically, with remote # processes via the SSH2 protocol. Sessions are always initiated via # Net::SSH.start. From there, a program interacts with the new SSH session diff --git a/lib/net/ssh/authentication/agent.rb b/lib/net/ssh/authentication/agent.rb index 59912a8..7ff0096 100644 --- a/lib/net/ssh/authentication/agent.rb +++ b/lib/net/ssh/authentication/agent.rb @@ -13,6 +13,7 @@ module Net module Authentication # Class for representing agent-specific errors. class AgentError < Net::SSH::Exception; end + # An exception for indicating that the SSH agent is not available. class AgentNotAvailable < AgentError; end @@ -107,6 +108,7 @@ module Net type, body = send_and_wait(SSH2_AGENT_REQUEST_VERSION, :string, Transport::ServerVersion::PROTO_VERSION) raise AgentNotAvailable, "SSH2 agents are not yet supported" if type == SSH2_AGENT_VERSION_RESPONSE + if type == SSH2_AGENT_FAILURE debug { "Unexpected response type==#{type}, this will be ignored" } elsif type != SSH_AGENT_RSA_IDENTITIES_ANSWER1 && type != SSH_AGENT_RSA_IDENTITIES_ANSWER2 diff --git a/lib/net/ssh/authentication/certificate.rb b/lib/net/ssh/authentication/certificate.rb index 310ad7d..28fbe71 100644 --- a/lib/net/ssh/authentication/certificate.rb +++ b/lib/net/ssh/authentication/certificate.rb @@ -125,6 +125,7 @@ module Net def self.type_symbol(type) types = { 1 => :user, 2 => :host } raise ArgumentError("unsupported type: #{type}") unless types.include?(type) + types.fetch(type) end private_class_method :type_symbol @@ -134,6 +135,7 @@ module Net def type_value(type) types = { user: 1, host: 2 } raise ArgumentError("unsupported type: #{type}") unless types.include?(type) + types.fetch(type) end diff --git a/lib/net/ssh/authentication/constants.rb b/lib/net/ssh/authentication/constants.rb index d0b88b0..8976aed 100644 --- a/lib/net/ssh/authentication/constants.rb +++ b/lib/net/ssh/authentication/constants.rb @@ -1,7 +1,6 @@ module Net module SSH module Authentication - # Describes the constants used by the Net::SSH::Authentication components # of the Net::SSH library. Individual authentication method implemenations # may define yet more constants that are specific to their implementation. diff --git a/lib/net/ssh/authentication/ed25519.rb b/lib/net/ssh/authentication/ed25519.rb index 5e047ec..1da9389 100644 --- a/lib/net/ssh/authentication/ed25519.rb +++ b/lib/net/ssh/authentication/ed25519.rb @@ -44,9 +44,11 @@ module Net datafull = datafull.strip raise ArgumentError.new("Expected #{MBEGIN} at start of private key") unless datafull.start_with?(MBEGIN) raise ArgumentError.new("Expected #{MEND} at end of private key") unless datafull.end_with?(MEND) + datab64 = datafull[MBEGIN.size...-MEND.size] data = Base64.decode64(datab64) raise ArgumentError.new("Expected #{MAGIC} at start of decoded private key") unless data.start_with?(MAGIC) + buffer = Net::SSH::Buffer.new(data[MAGIC.size + 1..-1]) ciphername = buffer.read_string @@ -59,6 +61,7 @@ module Net kdfopts = Net::SSH::Buffer.new(buffer.read_string) num_keys = buffer.read_long raise ArgumentError.new("Only 1 key is supported in ssh keys #{num_keys} was in private key") unless num_keys == 1 + _pubkey = buffer.read_string len = buffer.read_long @@ -72,6 +75,7 @@ module Net rounds = kdfopts.read_long raise "BCryptPbkdf is not implemented for jruby" if RUBY_PLATFORM == "java" + key = BCryptPbkdf::key(password, salt, keylen + ivlen, rounds) else key = '\x00' * (keylen + ivlen) diff --git a/lib/net/ssh/authentication/ed25519_loader.rb b/lib/net/ssh/authentication/ed25519_loader.rb index bcf920d..08ccd94 100644 --- a/lib/net/ssh/authentication/ed25519_loader.rb +++ b/lib/net/ssh/authentication/ed25519_loader.rb @@ -1,7 +1,6 @@ module Net module SSH module Authentication - # Loads ED25519 support which requires optinal dependecies like # ed25519, bcrypt_pbkdf module ED25519Loader diff --git a/lib/net/ssh/authentication/key_manager.rb b/lib/net/ssh/authentication/key_manager.rb index 8113ee3..d41eed8 100644 --- a/lib/net/ssh/authentication/key_manager.rb +++ b/lib/net/ssh/authentication/key_manager.rb @@ -6,7 +6,6 @@ require 'net/ssh/authentication/agent' module Net module SSH module Authentication - # A trivial exception class used to report errors in the key manager. class KeyManagerError < Net::SSH::Exception; end @@ -177,6 +176,7 @@ module Net if info[:from] == :agent raise KeyManagerError, "the agent is no longer available" unless agent + return agent.sign(info[:identity], data.to_s) end @@ -201,6 +201,7 @@ module Net # or if the agent is otherwise not available. def agent return unless use_agent? + @agent ||= Agent.connect(logger, options[:agent_socket_factory], options[:identity_agent]) rescue AgentNotAvailable @use_agent = false diff --git a/lib/net/ssh/authentication/methods/abstract.rb b/lib/net/ssh/authentication/methods/abstract.rb index bcddd4f..ec35043 100644 --- a/lib/net/ssh/authentication/methods/abstract.rb +++ b/lib/net/ssh/authentication/methods/abstract.rb @@ -7,7 +7,6 @@ module Net module SSH module Authentication module Methods - # The base class of all user authentication methods. It provides a few # bits of common functionality. class Abstract diff --git a/lib/net/ssh/authentication/methods/hostbased.rb b/lib/net/ssh/authentication/methods/hostbased.rb index a4afbb4..c4cd4cb 100644 --- a/lib/net/ssh/authentication/methods/hostbased.rb +++ b/lib/net/ssh/authentication/methods/hostbased.rb @@ -4,7 +4,6 @@ module Net module SSH module Authentication module Methods - # Implements the host-based SSH authentication method. class Hostbased < Abstract include Constants @@ -67,7 +66,6 @@ module Net Buffer.from(:key, identity).to_s, hostname, client_username).to_s end end - end end end diff --git a/lib/net/ssh/authentication/methods/keyboard_interactive.rb b/lib/net/ssh/authentication/methods/keyboard_interactive.rb index 7652b21..c241eda 100644 --- a/lib/net/ssh/authentication/methods/keyboard_interactive.rb +++ b/lib/net/ssh/authentication/methods/keyboard_interactive.rb @@ -5,7 +5,6 @@ module Net module SSH module Authentication module Methods - # Implements the "keyboard-interactive" SSH authentication method. class KeyboardInteractive < Abstract USERAUTH_INFO_REQUEST = 60 @@ -32,6 +31,7 @@ module Net message[:authentications].split(/,/).include? 'keyboard-interactive' return false unless interactive? + password = nil debug { "retrying keyboard-interactive" } send_message(userauth_request(username, next_service, "keyboard-interactive", "", "")) diff --git a/lib/net/ssh/authentication/methods/none.rb b/lib/net/ssh/authentication/methods/none.rb index d583b7d..c1184e1 100644 --- a/lib/net/ssh/authentication/methods/none.rb +++ b/lib/net/ssh/authentication/methods/none.rb @@ -5,7 +5,6 @@ module Net module SSH module Authentication module Methods - # Implements the "none" SSH authentication method. class None < Abstract # Attempt to authenticate as "none" @@ -30,7 +29,6 @@ module Net end end - end end end diff --git a/lib/net/ssh/authentication/methods/password.rb b/lib/net/ssh/authentication/methods/password.rb index e18edee..9cb1828 100644 --- a/lib/net/ssh/authentication/methods/password.rb +++ b/lib/net/ssh/authentication/methods/password.rb @@ -6,7 +6,6 @@ module Net module SSH module Authentication module Methods - # Implements the "password" SSH authentication method. class Password < Abstract # Attempt to authenticate the given user for the given service. If @@ -29,6 +28,7 @@ module Net raise Net::SSH::Authentication::DisallowedMethod unless message[:authentications].split(/,/).include? 'password' + password = nil end end until (message.type != USERAUTH_FAILURE || retries >= max_retries) @@ -74,7 +74,6 @@ module Net options[:non_interactive] ? 0 : result end end - end end end diff --git a/lib/net/ssh/authentication/methods/publickey.rb b/lib/net/ssh/authentication/methods/publickey.rb index bff9ffd..65e5dca 100644 --- a/lib/net/ssh/authentication/methods/publickey.rb +++ b/lib/net/ssh/authentication/methods/publickey.rb @@ -6,7 +6,6 @@ module Net module SSH module Authentication module Methods - # Implements the "publickey" SSH authentication method. class Publickey < Abstract # Attempts to perform public-key authentication for the given @@ -90,7 +89,6 @@ module Net end end end - end end end diff --git a/lib/net/ssh/authentication/pageant.rb b/lib/net/ssh/authentication/pageant.rb index a79802b..f3de568 100644 --- a/lib/net/ssh/authentication/pageant.rb +++ b/lib/net/ssh/authentication/pageant.rb @@ -24,7 +24,6 @@ require 'net/ssh/errors' module Net module SSH module Authentication - # This module encapsulates the implementation of a socket factory that # uses the PuTTY "pageant" utility to obtain information about SSH # identities. @@ -285,6 +284,7 @@ module Net first = ptr.ptr.to_i second = ptr_to_s(ptr,Win::SIZEOF_DWORD).unpack('L')[0] raise "Error" unless first == second + first end @@ -421,10 +421,12 @@ module Net while true return ret if @input_buffer.length < 4 + msg_length = @input_buffer.read_long + 4 @input_buffer.reset! return ret if @input_buffer.length < msg_length + msg = @input_buffer.read!(msg_length) @output_buffer.append(send_query(msg)) end @@ -491,7 +493,6 @@ module Net end end end - end end end diff --git a/lib/net/ssh/authentication/session.rb b/lib/net/ssh/authentication/session.rb index 95f4d95..4451cde 100644 --- a/lib/net/ssh/authentication/session.rb +++ b/lib/net/ssh/authentication/session.rb @@ -11,7 +11,6 @@ require 'net/ssh/authentication/methods/keyboard_interactive' module Net module SSH module Authentication - # Raised if the current authentication method is not allowed class DisallowedMethod < Net::SSH::Exception end @@ -71,6 +70,7 @@ module Net @auth_methods.each do |name| next unless @allowed_auth_methods.include?(name) + attempted << name debug { "trying #{name}" } @@ -127,6 +127,7 @@ module Net def expect_message(type) message = next_message raise Net::SSH::Exception, "expected #{type}, got #{message.type} (#{message})" unless message.type == type + message end diff --git a/lib/net/ssh/buffer.rb b/lib/net/ssh/buffer.rb index 0fe4e56..b27fc5d 100644 --- a/lib/net/ssh/buffer.rb +++ b/lib/net/ssh/buffer.rb @@ -5,7 +5,6 @@ require 'net/ssh/authentication/ed25519_loader' module Net module SSH - # Net::SSH::Buffer is a flexible class for building and parsing binary # data packets. It provides a stream-like interface for sequentially # reading data items from the buffer, as well as a useful helper method @@ -237,6 +236,7 @@ module Net def read_bignum data = read_string return unless data + OpenSSL::BN.new(data, 2) end diff --git a/lib/net/ssh/buffered_io.rb b/lib/net/ssh/buffered_io.rb index 54a4889..d974a1d 100644 --- a/lib/net/ssh/buffered_io.rb +++ b/lib/net/ssh/buffered_io.rb @@ -3,7 +3,6 @@ require 'net/ssh/loggable' module Net module SSH - # This module is used to extend sockets and other IO objects, to allow # them to be buffered for both read and write. This abstraction makes it # quite easy to write a select-based event loop @@ -115,6 +114,7 @@ module Net while output.length > 0 result = IO.select(nil, [self]) or next next unless result[1].any? + send_pending end end @@ -198,6 +198,5 @@ module Net end end end - end end diff --git a/lib/net/ssh/config.rb b/lib/net/ssh/config.rb index f333ee8..6aac71a 100644 --- a/lib/net/ssh/config.rb +++ b/lib/net/ssh/config.rb @@ -1,6 +1,5 @@ module Net module SSH - # The Net::SSH::Config class is used to parse OpenSSH configuration files, # and translates that syntax into the configuration syntax that Net::SSH # understands. This lets Net::SSH scripts read their configuration (to diff --git a/lib/net/ssh/connection/channel.rb b/lib/net/ssh/connection/channel.rb index 9a408b2..835d72f 100644 --- a/lib/net/ssh/connection/channel.rb +++ b/lib/net/ssh/connection/channel.rb @@ -5,7 +5,6 @@ require 'net/ssh/connection/term' module Net module SSH module Connection - # The channel abstraction. Multiple "channels" can be multiplexed onto a # single SSH channel, each operating independently and seemingly in parallel. # This class represents a single such channel. Most operations performed @@ -251,6 +250,7 @@ module Net # channel.send_data("the password\n") def send_data(data) raise EOFError, "cannot send data if channel has declared eof" if eof? + output.append(data.to_s) end @@ -298,6 +298,7 @@ module Net # the CHANNEL_CLOSE message will be sent from event loop def close return if @closing + @closing = true end @@ -313,6 +314,7 @@ module Net # The CHANNEL_EOF packet will be sent once the output buffer is empty. def eof! return if eof? + @eof = true end @@ -486,6 +488,7 @@ module Net def send_channel_request(request_name, *data, &callback) info { "sending channel request #{request_name.inspect}" } fail "Channel open not yet confirmed, please call send_channel_request(or exec) from block of open_channel" unless remote_id + msg = Buffer.from(:byte, CHANNEL_REQUEST, :long, remote_id, :string, request_name, :bool, !callback.nil?, *data) @@ -687,7 +690,6 @@ module Net env.each { |key, value| self.env(key, value) } end end - end end end diff --git a/lib/net/ssh/connection/constants.rb b/lib/net/ssh/connection/constants.rb index a2b0257..5370fa8 100644 --- a/lib/net/ssh/connection/constants.rb +++ b/lib/net/ssh/connection/constants.rb @@ -1,11 +1,9 @@ module Net module SSH module Connection - # Definitions of constants that are specific to the connection layer of the # SSH protocol. module Constants - #-- # Connection protocol generic messages #++ @@ -29,9 +27,7 @@ module Net CHANNEL_REQUEST = 98 CHANNEL_SUCCESS = 99 CHANNEL_FAILURE = 100 - end - end end end diff --git a/lib/net/ssh/connection/event_loop.rb b/lib/net/ssh/connection/event_loop.rb index cd9d3f1..56085cf 100644 --- a/lib/net/ssh/connection/event_loop.rb +++ b/lib/net/ssh/connection/event_loop.rb @@ -36,6 +36,7 @@ module Net begin @sessions = [session] return false unless ev_preprocess + ev_select_and_postprocess(wait) ensure @sessions = orig_sessions @@ -46,8 +47,10 @@ module Net # block retuns false then we exit the processing def ev_preprocess(&block) return false if block_given? && !yield(self) + @sessions.each(&:ev_preprocess) return false if block_given? && !yield(self) + return true end @@ -97,13 +100,16 @@ module Net # we call block with session as argument def ev_preprocess(&block) return false if block_given? && !yield(@sessions.first) + @sessions.each(&:ev_preprocess) return false if block_given? && !yield(@sessions.first) + return true end def ev_select_and_postprocess(wait) raise "Only one session expected" unless @sessions.count == 1 + session = @sessions.first sr,sw,actwait = session.ev_do_calculate_rw_wait(wait) readers, writers, = IO.select(sr, sw, nil, actwait) diff --git a/lib/net/ssh/connection/keepalive.rb b/lib/net/ssh/connection/keepalive.rb index fb9be05..8926ba5 100644 --- a/lib/net/ssh/connection/keepalive.rb +++ b/lib/net/ssh/connection/keepalive.rb @@ -2,7 +2,6 @@ require 'net/ssh/loggable' module Net module SSH module Connection - class Keepalive include Loggable @@ -28,6 +27,7 @@ module Net def should_send? return false unless enabled? return true unless @last_keepalive_sent_at + Time.now - @last_keepalive_sent_at >= interval end @@ -38,6 +38,7 @@ module Net def send_as_needed(was_events) return if was_events return unless should_send? + info { "sending keepalive #{@unresponded_keepalive_count}" } @unresponded_keepalive_count += 1 @@ -53,7 +54,6 @@ module Net end end end - end end end diff --git a/lib/net/ssh/connection/session.rb b/lib/net/ssh/connection/session.rb index 61abd76..874b23f 100644 --- a/lib/net/ssh/connection/session.rb +++ b/lib/net/ssh/connection/session.rb @@ -8,7 +8,6 @@ require 'net/ssh/connection/event_loop' module Net module SSH module Connection - # A session class representing the connection service running on top of # the SSH transport layer. It manages the creation of channels (see # #open_channel), and the dispatching of messages to the various channels. @@ -237,8 +236,10 @@ module Net # false, this method returns false. Otherwise, it returns true. def preprocess(&block) return false if block_given? && !yield(self) + ev_preprocess(&block) return false if block_given? && !yield(self) + return true end @@ -702,10 +703,10 @@ module Net MAP = Constants.constants.each_with_object({}) do |name, memo| value = const_get(name) next unless Integer === value + memo[value] = name.downcase.to_sym end end - end end end diff --git a/lib/net/ssh/connection/term.rb b/lib/net/ssh/connection/term.rb index 5b5a7de..ef32910 100644 --- a/lib/net/ssh/connection/term.rb +++ b/lib/net/ssh/connection/term.rb @@ -176,7 +176,6 @@ module Net # Specifies the output baud rate in bits per second. TTY_OP_OSPEED = 129 end - end end end diff --git a/lib/net/ssh/key_factory.rb b/lib/net/ssh/key_factory.rb index 04dac98..c8df306 100644 --- a/lib/net/ssh/key_factory.rb +++ b/lib/net/ssh/key_factory.rb @@ -5,7 +5,6 @@ require 'net/ssh/authentication/ed25519_loader' module Net module SSH - # A factory class for returning new Key classes. It is used for obtaining # OpenSSL key instances via their SSH names, and for loading both public and # private keys. It used used primarily by Net::SSH itself, internally, and diff --git a/lib/net/ssh/known_hosts.rb b/lib/net/ssh/known_hosts.rb index 166e208..f3d773a 100644 --- a/lib/net/ssh/known_hosts.rb +++ b/lib/net/ssh/known_hosts.rb @@ -6,7 +6,6 @@ require 'net/ssh/authentication/ed25519_loader' module Net module SSH - # Represents the result of a search in known hosts # see search_for class HostKeys diff --git a/lib/net/ssh/loggable.rb b/lib/net/ssh/loggable.rb index b9df4d5..15ea750 100644 --- a/lib/net/ssh/loggable.rb +++ b/lib/net/ssh/loggable.rb @@ -1,6 +1,5 @@ module Net module SSH - # A simple module to make logging easier to deal with. It assumes that the # logger instance (if not nil) quacks like a Logger object (in Ruby's # standard library). Although used primarily internally by Net::SSH, it diff --git a/lib/net/ssh/packet.rb b/lib/net/ssh/packet.rb index a379586..cc762ca 100644 --- a/lib/net/ssh/packet.rb +++ b/lib/net/ssh/packet.rb @@ -5,7 +5,6 @@ require 'net/ssh/connection/constants' module Net module SSH - # A specialization of Buffer that knows the format of certain common # packet types. It auto-parses those packet types, and allows them to # be accessed via the #[] accessor. @@ -85,6 +84,7 @@ module Net def [](name) name = name.to_sym raise ArgumentError, "no such element #{name}" unless @named_elements.key?(name) + @named_elements[name] end diff --git a/lib/net/ssh/prompt.rb b/lib/net/ssh/prompt.rb index 3b9fdac..98715c5 100644 --- a/lib/net/ssh/prompt.rb +++ b/lib/net/ssh/prompt.rb @@ -2,7 +2,6 @@ require 'io/console' module Net module SSH - # Default prompt implementation, called for asking password from user. # It will never be instantiated directly, but will instead be created for # you automatically. @@ -59,6 +58,5 @@ module Net Prompter.new(info) end end - end end diff --git a/lib/net/ssh/proxy/command.rb b/lib/net/ssh/proxy/command.rb index 1bb2423..d6a89dd 100644 --- a/lib/net/ssh/proxy/command.rb +++ b/lib/net/ssh/proxy/command.rb @@ -5,7 +5,6 @@ require 'net/ssh/proxy/errors' module Net module SSH module Proxy - # An implementation of a command proxy. To use it, instantiate it, # then pass the instantiated object via the :proxy key to # Net::SSH.start: @@ -105,6 +104,7 @@ module Net if IO.select([self], nil, [self], timeout_in_seconds) == nil raise "Unexpected spurious read wakeup" end + retry end result diff --git a/lib/net/ssh/proxy/errors.rb b/lib/net/ssh/proxy/errors.rb index bbaf5dd..d7e5458 100644 --- a/lib/net/ssh/proxy/errors.rb +++ b/lib/net/ssh/proxy/errors.rb @@ -3,7 +3,6 @@ require 'net/ssh/errors' module Net module SSH module Proxy - # A general exception class for all Proxy errors. class Error < Net::SSH::Exception; end @@ -12,7 +11,6 @@ module Net # Used when the server doesn't recognize the user's credentials. class UnauthorizedError < Error; end - end end end diff --git a/lib/net/ssh/proxy/http.rb b/lib/net/ssh/proxy/http.rb index 1cfaa62..cf94634 100644 --- a/lib/net/ssh/proxy/http.rb +++ b/lib/net/ssh/proxy/http.rb @@ -4,7 +4,6 @@ require 'net/ssh/proxy/errors' module Net module SSH module Proxy - # An implementation of an HTTP proxy. To use it, instantiate it, then # pass the instantiated object via the :proxy key to Net::SSH.start: # @@ -94,7 +93,6 @@ module Net body: body } end end - end end end diff --git a/lib/net/ssh/proxy/https.rb b/lib/net/ssh/proxy/https.rb index 298d537..a0da2a4 100644 --- a/lib/net/ssh/proxy/https.rb +++ b/lib/net/ssh/proxy/https.rb @@ -6,7 +6,6 @@ require 'net/ssh/proxy/http' module Net module SSH module Proxy - # A specialization of the HTTP proxy which encrypts the whole connection # using OpenSSL. This has the advantage that proxy authentication # information is not sent in plaintext. @@ -46,7 +45,6 @@ module Net end end end - end end end diff --git a/lib/net/ssh/proxy/jump.rb b/lib/net/ssh/proxy/jump.rb index ab67e84..b92dcdc 100644 --- a/lib/net/ssh/proxy/jump.rb +++ b/lib/net/ssh/proxy/jump.rb @@ -4,7 +4,6 @@ require 'net/ssh/proxy/command' module Net module SSH module Proxy - # An implementation of a jump proxy. To use it, instantiate it, # then pass the instantiated object via the :proxy key to # Net::SSH.start: @@ -50,7 +49,6 @@ module Net @command_line_template = template end end - end end end diff --git a/lib/net/ssh/proxy/socks4.rb b/lib/net/ssh/proxy/socks4.rb index eac35b0..ddd95b0 100644 --- a/lib/net/ssh/proxy/socks4.rb +++ b/lib/net/ssh/proxy/socks4.rb @@ -6,7 +6,6 @@ require 'net/ssh/proxy/errors' module Net module SSH module Proxy - # An implementation of a SOCKS4 proxy. To use it, instantiate it, then # pass the instantiated object via the :proxy key to Net::SSH.start: # @@ -63,7 +62,6 @@ module Net return socket end end - end end end diff --git a/lib/net/ssh/proxy/socks5.rb b/lib/net/ssh/proxy/socks5.rb index 08f2a3c..77300cd 100644 --- a/lib/net/ssh/proxy/socks5.rb +++ b/lib/net/ssh/proxy/socks5.rb @@ -4,7 +4,6 @@ require 'net/ssh/proxy/errors' module Net module SSH module Proxy - # An implementation of a SOCKS5 proxy. To use it, instantiate it, then # pass the instantiated object via the :proxy key to Net::SSH.start: # @@ -136,7 +135,6 @@ module Net end end end - end end end diff --git a/lib/net/ssh/service/forward.rb b/lib/net/ssh/service/forward.rb index 4bb3ae6..bcffc67 100644 --- a/lib/net/ssh/service/forward.rb +++ b/lib/net/ssh/service/forward.rb @@ -3,7 +3,6 @@ require 'net/ssh/loggable' module Net module SSH module Service - # This class implements various port forwarding services for use by # Net::SSH clients. The Forward class should never need to be instantiated # directly; instead, it should be accessed via the singleton instance @@ -290,6 +289,7 @@ module Net # end def agent(channel) return if @agent_forwarded + @agent_forwarded = true channel.send_channel_request("auth-agent-req@openssh.com") do |achannel, success| @@ -420,7 +420,6 @@ module Net end end end - end end end diff --git a/lib/net/ssh/test.rb b/lib/net/ssh/test.rb index 47b5db4..d97eebf 100644 --- a/lib/net/ssh/test.rb +++ b/lib/net/ssh/test.rb @@ -5,7 +5,6 @@ require 'net/ssh/test/socket' module Net module SSH - # This module may be used in unit tests, for when you want to test that your # SSH state machines are really doing what you expect they are doing. You will # typically include this module in your unit test class, and then build a @@ -85,11 +84,11 @@ module Net # the block passed to this assertion. def assert_scripted raise "there is no script to be processed" if socket.script.events.empty? + Net::SSH::Test::Extensions::IO.with_test_extension { yield } assert socket.script.events.empty?, "there should not be any remaining scripted events, but there are still" \ "#{socket.script.events.length} pending" end end - end end diff --git a/lib/net/ssh/test/channel.rb b/lib/net/ssh/test/channel.rb index 7cebb9a..9a46ab3 100644 --- a/lib/net/ssh/test/channel.rb +++ b/lib/net/ssh/test/channel.rb @@ -1,7 +1,6 @@ module Net module SSH module Test - # A mock channel, used for scripting actions in tests. It wraps a # Net::SSH::Test::Script instance, and delegates to it for the most part. # This class has little real functionality on its own, but rather acts as @@ -143,7 +142,6 @@ module Net script.gets_channel_close(self) end end - end end end diff --git a/lib/net/ssh/test/extensions.rb b/lib/net/ssh/test/extensions.rb index 5090f6c..91bb2d6 100644 --- a/lib/net/ssh/test/extensions.rb +++ b/lib/net/ssh/test/extensions.rb @@ -9,7 +9,6 @@ require 'net/ssh/transport/packet_stream' module Net module SSH module Test - # A collection of modules used to extend/override the default behavior of # Net::SSH internals for ease of testing. As a consumer of Net::SSH, you'll # never need to use this directly--they're all used under the covers by @@ -70,6 +69,7 @@ module Net # Returns true if there is data pending to be read. Otherwise calls #idle!. def test_available_for_read? return true if select_for_read? + idle! false end @@ -85,6 +85,7 @@ module Net # Reads the next available packet from the IO object and returns it. def test_poll_next_packet return nil if available <= 0 + packet = Net::SSH::Buffer.new(read_available(4)) length = packet.read_long Net::SSH::Packet.new(read_available(length)) @@ -144,6 +145,7 @@ module Net # that mix in Net::SSH::Test::Extensions::BufferedIo. def select_for_test(readers=nil, writers=nil, errors=nil, wait=nil) return select_for_real(readers, writers, errors, wait) unless Net::SSH::Test::Extensions::IO.extension_enabled? + ready_readers = Array(readers).select { |r| r.select_for_read? } ready_writers = Array(writers).select { |r| r.select_for_write? } ready_errors = Array(errors).select { |r| r.select_for_error? } @@ -162,7 +164,6 @@ module Net end end end - end end end diff --git a/lib/net/ssh/test/kex.rb b/lib/net/ssh/test/kex.rb index 415f841..e8a0392 100644 --- a/lib/net/ssh/test/kex.rb +++ b/lib/net/ssh/test/kex.rb @@ -8,7 +8,6 @@ require 'net/ssh/transport/kex' module Net module SSH module Test - # An implementation of a key-exchange strategy specifically for unit tests. # (This strategy would never really work against a real SSH server--it makes # too many assumptions about the server's response.) @@ -39,7 +38,6 @@ module Net hashing_algorithm: OpenSSL::Digest::SHA1 } end end - end end end diff --git a/lib/net/ssh/test/local_packet.rb b/lib/net/ssh/test/local_packet.rb index 998edb7..edcdd48 100644 --- a/lib/net/ssh/test/local_packet.rb +++ b/lib/net/ssh/test/local_packet.rb @@ -4,7 +4,6 @@ require 'net/ssh/test/packet' module Net module SSH module Test - # This is a specialization of Net::SSH::Test::Packet for representing mock # packets that are sent from the local (client) host. These are created # automatically by Net::SSH::Test::Script and Net::SSH::Test::Channel by any @@ -49,7 +48,6 @@ module Net end end end - end end end diff --git a/lib/net/ssh/test/packet.rb b/lib/net/ssh/test/packet.rb index d2d6f27..e604b98 100644 --- a/lib/net/ssh/test/packet.rb +++ b/lib/net/ssh/test/packet.rb @@ -4,7 +4,6 @@ require 'net/ssh/transport/constants' module Net module SSH module Test - # This is an abstract class, not to be instantiated directly, subclassed by # Net::SSH::Test::LocalPacket and Net::SSH::Test::RemotePacket. It implements # functionality common to those subclasses. @@ -90,6 +89,7 @@ module Net else request = Packet.registered_channel_requests(@data[1]) raise "don't know what to do about #{@data[1]} channel request" unless request + parts.concat(request[:extra_parts]) end else raise "don't know how to parse packet type #{@type}" diff --git a/lib/net/ssh/test/remote_packet.rb b/lib/net/ssh/test/remote_packet.rb index e2c6903..34051f1 100644 --- a/lib/net/ssh/test/remote_packet.rb +++ b/lib/net/ssh/test/remote_packet.rb @@ -4,7 +4,6 @@ require 'net/ssh/test/packet' module Net module SSH module Test - # This is a specialization of Net::SSH::Test::Packet for representing mock # packets that are received by the local (client) host. These are created # automatically by Net::SSH::Test::Script and Net::SSH::Test::Channel by any @@ -36,7 +35,6 @@ module Net end end end - end end end diff --git a/lib/net/ssh/test/script.rb b/lib/net/ssh/test/script.rb index 6200bf1..e7cef09 100644 --- a/lib/net/ssh/test/script.rb +++ b/lib/net/ssh/test/script.rb @@ -5,7 +5,6 @@ require 'net/ssh/test/remote_packet' module Net module SSH module Test - # Represents a sequence of scripted events that identify the behavior that # a test expects. Methods named "sends_*" create events for packets being # sent from the local to the remote host, and methods named "gets_*" create @@ -176,7 +175,6 @@ module Net event.process(packet) end end - end end end diff --git a/lib/net/ssh/test/socket.rb b/lib/net/ssh/test/socket.rb index 57fe8f6..c5e781f 100644 --- a/lib/net/ssh/test/socket.rb +++ b/lib/net/ssh/test/socket.rb @@ -6,7 +6,6 @@ require 'net/ssh/test/script' module Net module SSH module Test - # A mock socket implementation for use in testing. It implements the minimum # necessary interface for interacting with the rest of the Net::SSH::Test # system. @@ -62,7 +61,6 @@ module Net end end - end end end diff --git a/lib/net/ssh/transport/cipher_factory.rb b/lib/net/ssh/transport/cipher_factory.rb index 8adc851..da3317f 100644 --- a/lib/net/ssh/transport/cipher_factory.rb +++ b/lib/net/ssh/transport/cipher_factory.rb @@ -6,7 +6,6 @@ require 'net/ssh/transport/identity_cipher' module Net module SSH module Transport - # Implements a factory of OpenSSL cipher algorithms. class CipherFactory # Maps the SSH name of a cipher to it's corresponding OpenSSL name @@ -35,6 +34,7 @@ module Net def self.supported?(name) ossl_name = SSH_TO_OSSL[name] or raise NotImplementedError, "unimplemented cipher `#{name}'" return true if ossl_name == "none" + return OpenSSL::Cipher.ciphers.include?(ossl_name) end @@ -46,6 +46,7 @@ module Net def self.get(name, options={}) ossl_name = SSH_TO_OSSL[name] or raise NotImplementedError, "unimplemented cipher `#{name}'" return IdentityCipher if ossl_name == "none" + cipher = OpenSSL::Cipher.new(ossl_name) cipher.send(options[:encrypt] ? :encrypt : :decrypt) @@ -97,7 +98,6 @@ module Net result end end - end end end diff --git a/lib/net/ssh/transport/hmac/abstract.rb b/lib/net/ssh/transport/hmac/abstract.rb index f8efa3e..575b03b 100644 --- a/lib/net/ssh/transport/hmac/abstract.rb +++ b/lib/net/ssh/transport/hmac/abstract.rb @@ -5,7 +5,6 @@ module Net module SSH module Transport module HMAC - # The base class of all OpenSSL-based HMAC algorithm wrappers. class Abstract class <<self diff --git a/lib/net/ssh/transport/hmac/md5.rb b/lib/net/ssh/transport/hmac/md5.rb index 66b78ca..549b1aa 100644 --- a/lib/net/ssh/transport/hmac/md5.rb +++ b/lib/net/ssh/transport/hmac/md5.rb @@ -1,12 +1,10 @@ require 'net/ssh/transport/hmac/abstract' module Net::SSH::Transport::HMAC - # The MD5 HMAC algorithm. class MD5 < Abstract mac_length 16 key_length 16 digest_class OpenSSL::Digest::MD5 end - end diff --git a/lib/net/ssh/transport/hmac/md5_96.rb b/lib/net/ssh/transport/hmac/md5_96.rb index 826b70a..6dbebc1 100644 --- a/lib/net/ssh/transport/hmac/md5_96.rb +++ b/lib/net/ssh/transport/hmac/md5_96.rb @@ -1,11 +1,9 @@ require 'net/ssh/transport/hmac/md5' module Net::SSH::Transport::HMAC - # The MD5-96 HMAC algorithm. This returns only the first 12 bytes of # the digest. class MD5_96 < MD5 mac_length 12 end - end diff --git a/lib/net/ssh/transport/hmac/none.rb b/lib/net/ssh/transport/hmac/none.rb index 191373e..a5e3af4 100644 --- a/lib/net/ssh/transport/hmac/none.rb +++ b/lib/net/ssh/transport/hmac/none.rb @@ -1,7 +1,6 @@ require 'net/ssh/transport/hmac/abstract' module Net::SSH::Transport::HMAC - # The "none" algorithm. This has a key and mac length of 0. class None < Abstract key_length 0 @@ -11,5 +10,4 @@ module Net::SSH::Transport::HMAC "" end end - end diff --git a/lib/net/ssh/transport/hmac/ripemd160.rb b/lib/net/ssh/transport/hmac/ripemd160.rb index a77e4cd..4c9cdd7 100644 --- a/lib/net/ssh/transport/hmac/ripemd160.rb +++ b/lib/net/ssh/transport/hmac/ripemd160.rb @@ -1,7 +1,6 @@ require 'net/ssh/transport/hmac/abstract' module Net::SSH::Transport::HMAC - # The RIPEMD-160 HMAC algorithm. This has a mac and key length of 20, and # uses the RIPEMD-160 digest algorithm. class RIPEMD160 < Abstract @@ -9,5 +8,4 @@ module Net::SSH::Transport::HMAC key_length 20 digest_class OpenSSL::Digest::RIPEMD160 end - end diff --git a/lib/net/ssh/transport/hmac/sha1.rb b/lib/net/ssh/transport/hmac/sha1.rb index b40d32f..9208392 100644 --- a/lib/net/ssh/transport/hmac/sha1.rb +++ b/lib/net/ssh/transport/hmac/sha1.rb @@ -1,7 +1,6 @@ require 'net/ssh/transport/hmac/abstract' module Net::SSH::Transport::HMAC - # The SHA1 HMAC algorithm. This has a mac and key length of 20, and # uses the SHA1 digest algorithm. class SHA1 < Abstract @@ -9,5 +8,4 @@ module Net::SSH::Transport::HMAC key_length 20 digest_class OpenSSL::Digest::SHA1 end - end diff --git a/lib/net/ssh/transport/hmac/sha1_96.rb b/lib/net/ssh/transport/hmac/sha1_96.rb index 6b0b3c2..e1631e7 100644 --- a/lib/net/ssh/transport/hmac/sha1_96.rb +++ b/lib/net/ssh/transport/hmac/sha1_96.rb @@ -1,11 +1,9 @@ require 'net/ssh/transport/hmac/sha1' module Net::SSH::Transport::HMAC - # The SHA1-96 HMAC algorithm. This returns only the first 12 bytes of # the digest. class SHA1_96 < SHA1 mac_length 12 end - end diff --git a/lib/net/ssh/transport/identity_cipher.rb b/lib/net/ssh/transport/identity_cipher.rb index c690e9f..a23c85c 100644 --- a/lib/net/ssh/transport/identity_cipher.rb +++ b/lib/net/ssh/transport/identity_cipher.rb @@ -1,7 +1,6 @@ module Net module SSH module Transport - # A cipher that does nothing but pass the data through, unchanged. This # keeps things in the code nice and clean when a cipher has not yet been # determined (i.e., during key exchange). @@ -53,7 +52,6 @@ module Net end end end - end end end diff --git a/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb b/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb index bd5e4a9..e081669 100644 --- a/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +++ b/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb @@ -69,5 +69,4 @@ module Net::SSH::Transport::Kex response end end - end diff --git a/lib/net/ssh/transport/openssl.rb b/lib/net/ssh/transport/openssl.rb index 7b16c3d..e10792c 100644 --- a/lib/net/ssh/transport/openssl.rb +++ b/lib/net/ssh/transport/openssl.rb @@ -2,7 +2,6 @@ require 'openssl' require 'net/ssh/authentication/pub_key_fingerprint' module OpenSSL - # This class is originally defined in the OpenSSL module. As needed, methods # have been added to it by the Net::SSH module for convenience in dealing with # SSH functionality. @@ -24,7 +23,6 @@ module OpenSSL end module PKey - class PKey include Net::SSH::Authentication::PubKeyFingerprint end @@ -37,6 +35,7 @@ module OpenSSL # lifted more-or-less directly from OpenSSH, dh.c, dh_pub_is_valid.) def valid? return false if pub_key.nil? || pub_key < 0 + bits_set = 0 pub_key.num_bits.times { |i| bits_set += 1 if pub_key.bit_set?(i) } return (bits_set > 1 && pub_key < p) diff --git a/lib/net/ssh/transport/packet_stream.rb b/lib/net/ssh/transport/packet_stream.rb index 8b4032e..fc07ea1 100644 --- a/lib/net/ssh/transport/packet_stream.rb +++ b/lib/net/ssh/transport/packet_stream.rb @@ -8,7 +8,6 @@ require 'net/ssh/transport/state' module Net module SSH module Transport - # A module that builds additional functionality onto the Net::SSH::BufferedIo # module. It adds SSH encryption, compression, and packet validation, as # per the SSH2 protocol. It also adds an abstraction for polling packets, @@ -222,6 +221,7 @@ module Net if @packet.nil? minimum = server.block_size < 4 ? 4 : server.block_size return nil if available < minimum + aad_length + data = read_available(minimum + aad_length) # decipher it @@ -275,7 +275,6 @@ module Net end end # rubocop:enable Metrics/AbcSize - end end end diff --git a/lib/net/ssh/transport/server_version.rb b/lib/net/ssh/transport/server_version.rb index 1012685..ba37beb 100644 --- a/lib/net/ssh/transport/server_version.rb +++ b/lib/net/ssh/transport/server_version.rb @@ -5,7 +5,6 @@ require 'net/ssh/version' module Net module SSH module Transport - # Negotiates the SSH protocol version and trades information about server # and client. This is never used directly--it is always called by the # transport layer as part of the initialization process of the transport @@ -47,6 +46,7 @@ module Net socket.flush raise Net::SSH::ConnectionTimeout, "timeout during server version negotiating" if timeout && !IO.select([socket], nil, nil, timeout) + loop do @version = "" loop do @@ -60,6 +60,7 @@ module Net break if b == "\n" end break if @version.match(/^SSH-/) + @header << @version end diff --git a/lib/net/ssh/transport/session.rb b/lib/net/ssh/transport/session.rb index ce55a32..261e5c2 100644 --- a/lib/net/ssh/transport/session.rb +++ b/lib/net/ssh/transport/session.rb @@ -15,7 +15,6 @@ require 'net/ssh/verifiers/never' module Net module SSH module Transport - # The transport layer represents the lowest level of the SSH protocol, and # implements basic message exchanging and protocol initialization. It will # never be instantiated directly (unless you really know what you're about), @@ -160,6 +159,7 @@ module Net # one is performed, causing this method to block until it completes. def rekey_as_needed return if algorithms.pending? + socket.if_needs_rekey? { rekey! } end @@ -211,6 +211,7 @@ module Net else return packet if algorithms.allow?(packet) + push(packet) end end @@ -222,6 +223,7 @@ module Net def wait loop do break if block_given? && yield + message = poll_message(:nonblock, false) push(message) if message break if !block_given? diff --git a/lib/net/ssh/transport/state.rb b/lib/net/ssh/transport/state.rb index 07c509a..0eaa78a 100644 --- a/lib/net/ssh/transport/state.rb +++ b/lib/net/ssh/transport/state.rb @@ -5,7 +5,6 @@ require 'net/ssh/transport/hmac' module Net module SSH module Transport - # Encapsulates state information about one end of an SSH connection. Such # state includes the packet sequence number, the algorithms in use, how # many packets and blocks have been processed since the last reset, and so @@ -122,6 +121,7 @@ module Net def compress(data) data = data.to_s return data unless compression? + compressor.deflate(data, Zlib::SYNC_FLUSH) end @@ -130,6 +130,7 @@ module Net def decompress(data) data = data.to_s return data unless compression? + decompressor.inflate(data) end @@ -202,7 +203,6 @@ module Net return data end end - end end end diff --git a/lib/net/ssh/verifiers/accept_new.rb b/lib/net/ssh/verifiers/accept_new.rb index 677ee75..aa68ff2 100644 --- a/lib/net/ssh/verifiers/accept_new.rb +++ b/lib/net/ssh/verifiers/accept_new.rb @@ -5,7 +5,6 @@ require 'net/ssh/verifiers/always' module Net module SSH module Verifiers - # Does a strict host verification, looking the server up in the known # host files to see if a key has already been seen for this server. If this # server does not appear in any host file, this will silently add the @@ -29,7 +28,6 @@ module Net return true end end - end end end diff --git a/lib/net/ssh/verifiers/accept_new_or_local_tunnel.rb b/lib/net/ssh/verifiers/accept_new_or_local_tunnel.rb index d9f8589..198782d 100644 --- a/lib/net/ssh/verifiers/accept_new_or_local_tunnel.rb +++ b/lib/net/ssh/verifiers/accept_new_or_local_tunnel.rb @@ -3,7 +3,6 @@ require 'net/ssh/verifiers/accept_new' module Net module SSH module Verifiers - # Basically the same as the AcceptNew verifier, but does not try to actually # verify a connection if the server is the localhost and the port is a # nonstandard port number. Those two conditions will typically mean the @@ -14,6 +13,7 @@ module Net # returns true. Otherwise, performs the standard strict verification. def verify(arguments) return true if tunnelled?(arguments) + super end @@ -28,7 +28,6 @@ module Net return ip == "127.0.0.1" || ip == "::1" end end - end end end diff --git a/lib/net/ssh/verifiers/always.rb b/lib/net/ssh/verifiers/always.rb index b3ce944..0f52a29 100644 --- a/lib/net/ssh/verifiers/always.rb +++ b/lib/net/ssh/verifiers/always.rb @@ -4,7 +4,6 @@ require 'net/ssh/known_hosts' module Net module SSH module Verifiers - # Does a strict host verification, looking the server up in the known # host files to see if a key has already been seen for this server. If this # server does not appear in any host file, an exception will be raised @@ -50,7 +49,6 @@ module Net raise exception end end - end end end diff --git a/lib/net/ssh/verifiers/never.rb b/lib/net/ssh/verifiers/never.rb index 11fac1f..43ec072 100644 --- a/lib/net/ssh/verifiers/never.rb +++ b/lib/net/ssh/verifiers/never.rb @@ -1,7 +1,6 @@ module Net module SSH module Verifiers - # This host key verifier simply allows every key it sees, without # any verification. This is simple, but very insecure because it # exposes you to MiTM attacks. @@ -15,7 +14,6 @@ module Net true end end - end end end |