auser-poolparty 1.3.4 → 1.3.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (140) hide show
  1. data/VERSION.yml +1 -1
  2. data/bin/cloud-bootstrap +1 -0
  3. data/bin/cloud-configure +1 -0
  4. data/bin/cloud-contract +1 -0
  5. data/bin/poolparty-setup +36 -0
  6. data/examples/vmware.rb +18 -0
  7. data/lib/cloud_providers/cloud_provider_instance.rb +1 -1
  8. data/lib/core/object.rb +2 -2
  9. data/lib/dependency_resolvers/chef.rb +2 -2
  10. data/lib/mixins/askable.rb +16 -7
  11. data/lib/poolparty/base.rb +9 -7
  12. data/lib/poolparty/cloud.rb +57 -2
  13. data/lib/poolparty/installer.rb +8 -4
  14. data/lib/poolparty/installers/ec2.rb +75 -5
  15. data/lib/poolparty/installers/vmware.rb +17 -5
  16. data/lib/poolparty/plugins/apache.rb +3 -2
  17. data/lib/poolparty/plugins/apache2/base.conf.erb +2 -2
  18. data/lib/poolparty/plugins/apache2/browser_fixes.conf.erb +1 -1
  19. data/lib/poolparty/plugins/apache2/passenger_site.rb +2 -2
  20. data/lib/poolparty/pool.rb +9 -2
  21. data/lib/poolparty/resource.rb +20 -7
  22. data/lib/poolparty/resources/directory.rb +5 -1
  23. data/lib/poolparty/resources/exec.rb +2 -2
  24. data/lib/poolparty/resources/file.rb +8 -2
  25. data/lib/poolparty/resources/gem_package.rb +2 -2
  26. data/lib/poolparty/resources/line.rb +23 -6
  27. data/lib/poolparty/resources/mount.rb +2 -2
  28. data/lib/poolparty/resources/package.rb +2 -2
  29. data/lib/poolparty/resources/service.rb +2 -2
  30. data/lib/poolparty/resources/user.rb +2 -2
  31. data/lib/poolparty.rb +2 -2
  32. data/test/lib/poolparty/base_test.rb +13 -0
  33. data/test/lib/poolparty/resources/line_test.rb +3 -3
  34. data/test/lib/poolparty/resources/service_test.rb +1 -1
  35. data/vendor/gems/net-ssh/CHANGELOG.rdoc +127 -0
  36. data/vendor/gems/net-ssh/Manifest +104 -0
  37. data/vendor/gems/net-ssh/README.rdoc +110 -0
  38. data/vendor/gems/net-ssh/Rakefile +26 -0
  39. data/vendor/gems/net-ssh/THANKS.rdoc +16 -0
  40. data/vendor/gems/net-ssh/lib/net/ssh/authentication/agent.rb +176 -0
  41. data/vendor/gems/net-ssh/lib/net/ssh/authentication/constants.rb +18 -0
  42. data/vendor/gems/net-ssh/lib/net/ssh/authentication/key_manager.rb +193 -0
  43. data/vendor/gems/net-ssh/lib/net/ssh/authentication/methods/abstract.rb +60 -0
  44. data/vendor/gems/net-ssh/lib/net/ssh/authentication/methods/hostbased.rb +71 -0
  45. data/vendor/gems/net-ssh/lib/net/ssh/authentication/methods/keyboard_interactive.rb +66 -0
  46. data/vendor/gems/net-ssh/lib/net/ssh/authentication/methods/password.rb +39 -0
  47. data/vendor/gems/net-ssh/lib/net/ssh/authentication/methods/publickey.rb +92 -0
  48. data/vendor/gems/net-ssh/lib/net/ssh/authentication/pageant.rb +183 -0
  49. data/vendor/gems/net-ssh/lib/net/ssh/authentication/session.rb +134 -0
  50. data/vendor/gems/net-ssh/lib/net/ssh/buffer.rb +340 -0
  51. data/vendor/gems/net-ssh/lib/net/ssh/buffered_io.rb +149 -0
  52. data/vendor/gems/net-ssh/lib/net/ssh/config.rb +181 -0
  53. data/vendor/gems/net-ssh/lib/net/ssh/connection/channel.rb +625 -0
  54. data/vendor/gems/net-ssh/lib/net/ssh/connection/constants.rb +33 -0
  55. data/vendor/gems/net-ssh/lib/net/ssh/connection/session.rb +596 -0
  56. data/vendor/gems/net-ssh/lib/net/ssh/connection/term.rb +178 -0
  57. data/vendor/gems/net-ssh/lib/net/ssh/errors.rb +85 -0
  58. data/vendor/gems/net-ssh/lib/net/ssh/key_factory.rb +102 -0
  59. data/vendor/gems/net-ssh/lib/net/ssh/known_hosts.rb +129 -0
  60. data/vendor/gems/net-ssh/lib/net/ssh/loggable.rb +61 -0
  61. data/vendor/gems/net-ssh/lib/net/ssh/packet.rb +102 -0
  62. data/vendor/gems/net-ssh/lib/net/ssh/prompt.rb +93 -0
  63. data/vendor/gems/net-ssh/lib/net/ssh/proxy/errors.rb +14 -0
  64. data/vendor/gems/net-ssh/lib/net/ssh/proxy/http.rb +94 -0
  65. data/vendor/gems/net-ssh/lib/net/ssh/proxy/socks4.rb +70 -0
  66. data/vendor/gems/net-ssh/lib/net/ssh/proxy/socks5.rb +129 -0
  67. data/vendor/gems/net-ssh/lib/net/ssh/ruby_compat.rb +7 -0
  68. data/vendor/gems/net-ssh/lib/net/ssh/service/forward.rb +267 -0
  69. data/vendor/gems/net-ssh/lib/net/ssh/test/channel.rb +129 -0
  70. data/vendor/gems/net-ssh/lib/net/ssh/test/extensions.rb +152 -0
  71. data/vendor/gems/net-ssh/lib/net/ssh/test/kex.rb +44 -0
  72. data/vendor/gems/net-ssh/lib/net/ssh/test/local_packet.rb +51 -0
  73. data/vendor/gems/net-ssh/lib/net/ssh/test/packet.rb +81 -0
  74. data/vendor/gems/net-ssh/lib/net/ssh/test/remote_packet.rb +38 -0
  75. data/vendor/gems/net-ssh/lib/net/ssh/test/script.rb +157 -0
  76. data/vendor/gems/net-ssh/lib/net/ssh/test/socket.rb +59 -0
  77. data/vendor/gems/net-ssh/lib/net/ssh/test.rb +89 -0
  78. data/vendor/gems/net-ssh/lib/net/ssh/transport/algorithms.rb +384 -0
  79. data/vendor/gems/net-ssh/lib/net/ssh/transport/cipher_factory.rb +80 -0
  80. data/vendor/gems/net-ssh/lib/net/ssh/transport/constants.rb +30 -0
  81. data/vendor/gems/net-ssh/lib/net/ssh/transport/hmac/abstract.rb +78 -0
  82. data/vendor/gems/net-ssh/lib/net/ssh/transport/hmac/md5.rb +12 -0
  83. data/vendor/gems/net-ssh/lib/net/ssh/transport/hmac/md5_96.rb +11 -0
  84. data/vendor/gems/net-ssh/lib/net/ssh/transport/hmac/none.rb +15 -0
  85. data/vendor/gems/net-ssh/lib/net/ssh/transport/hmac/sha1.rb +13 -0
  86. data/vendor/gems/net-ssh/lib/net/ssh/transport/hmac/sha1_96.rb +11 -0
  87. data/vendor/gems/net-ssh/lib/net/ssh/transport/hmac.rb +31 -0
  88. data/vendor/gems/net-ssh/lib/net/ssh/transport/identity_cipher.rb +55 -0
  89. data/vendor/gems/net-ssh/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +208 -0
  90. data/vendor/gems/net-ssh/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +77 -0
  91. data/vendor/gems/net-ssh/lib/net/ssh/transport/kex.rb +13 -0
  92. data/vendor/gems/net-ssh/lib/net/ssh/transport/openssl.rb +128 -0
  93. data/vendor/gems/net-ssh/lib/net/ssh/transport/packet_stream.rb +230 -0
  94. data/vendor/gems/net-ssh/lib/net/ssh/transport/server_version.rb +60 -0
  95. data/vendor/gems/net-ssh/lib/net/ssh/transport/session.rb +276 -0
  96. data/vendor/gems/net-ssh/lib/net/ssh/transport/state.rb +201 -0
  97. data/vendor/gems/net-ssh/lib/net/ssh/verifiers/lenient.rb +30 -0
  98. data/vendor/gems/net-ssh/lib/net/ssh/verifiers/null.rb +12 -0
  99. data/vendor/gems/net-ssh/lib/net/ssh/verifiers/strict.rb +53 -0
  100. data/vendor/gems/net-ssh/lib/net/ssh/version.rb +62 -0
  101. data/vendor/gems/net-ssh/lib/net/ssh.rb +215 -0
  102. data/vendor/gems/net-ssh/net-ssh.gemspec +33 -0
  103. data/vendor/gems/net-ssh/setup.rb +1585 -0
  104. data/vendor/gems/net-ssh/test/authentication/methods/common.rb +28 -0
  105. data/vendor/gems/net-ssh/test/authentication/methods/test_abstract.rb +51 -0
  106. data/vendor/gems/net-ssh/test/authentication/methods/test_hostbased.rb +114 -0
  107. data/vendor/gems/net-ssh/test/authentication/methods/test_keyboard_interactive.rb +98 -0
  108. data/vendor/gems/net-ssh/test/authentication/methods/test_password.rb +50 -0
  109. data/vendor/gems/net-ssh/test/authentication/methods/test_publickey.rb +127 -0
  110. data/vendor/gems/net-ssh/test/authentication/test_agent.rb +205 -0
  111. data/vendor/gems/net-ssh/test/authentication/test_key_manager.rb +105 -0
  112. data/vendor/gems/net-ssh/test/authentication/test_session.rb +93 -0
  113. data/vendor/gems/net-ssh/test/common.rb +106 -0
  114. data/vendor/gems/net-ssh/test/configs/eqsign +3 -0
  115. data/vendor/gems/net-ssh/test/configs/exact_match +8 -0
  116. data/vendor/gems/net-ssh/test/configs/wild_cards +14 -0
  117. data/vendor/gems/net-ssh/test/connection/test_channel.rb +452 -0
  118. data/vendor/gems/net-ssh/test/connection/test_session.rb +488 -0
  119. data/vendor/gems/net-ssh/test/test_all.rb +6 -0
  120. data/vendor/gems/net-ssh/test/test_buffer.rb +336 -0
  121. data/vendor/gems/net-ssh/test/test_buffered_io.rb +63 -0
  122. data/vendor/gems/net-ssh/test/test_config.rb +84 -0
  123. data/vendor/gems/net-ssh/test/test_key_factory.rb +67 -0
  124. data/vendor/gems/net-ssh/test/transport/hmac/test_md5.rb +39 -0
  125. data/vendor/gems/net-ssh/test/transport/hmac/test_md5_96.rb +25 -0
  126. data/vendor/gems/net-ssh/test/transport/hmac/test_none.rb +34 -0
  127. data/vendor/gems/net-ssh/test/transport/hmac/test_sha1.rb +34 -0
  128. data/vendor/gems/net-ssh/test/transport/hmac/test_sha1_96.rb +25 -0
  129. data/vendor/gems/net-ssh/test/transport/kex/test_diffie_hellman_group1_sha1.rb +146 -0
  130. data/vendor/gems/net-ssh/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +92 -0
  131. data/vendor/gems/net-ssh/test/transport/test_algorithms.rb +302 -0
  132. data/vendor/gems/net-ssh/test/transport/test_cipher_factory.rb +171 -0
  133. data/vendor/gems/net-ssh/test/transport/test_hmac.rb +34 -0
  134. data/vendor/gems/net-ssh/test/transport/test_identity_cipher.rb +40 -0
  135. data/vendor/gems/net-ssh/test/transport/test_packet_stream.rb +435 -0
  136. data/vendor/gems/net-ssh/test/transport/test_server_version.rb +57 -0
  137. data/vendor/gems/net-ssh/test/transport/test_session.rb +315 -0
  138. data/vendor/gems/net-ssh/test/transport/test_state.rb +173 -0
  139. metadata +109 -4
  140. data/bin/install-poolparty +0 -20
@@ -0,0 +1,78 @@
1
+ require 'openssl'
2
+
3
+ module Net; module SSH; module Transport; module HMAC
4
+
5
+ # The base class of all OpenSSL-based HMAC algorithm wrappers.
6
+ class Abstract
7
+
8
+ class <<self
9
+ def key_length(*v)
10
+ @key_length = nil if !defined?(@key_length)
11
+ if v.empty?
12
+ @key_length = superclass.key_length if @key_length.nil? && superclass.respond_to?(:key_length)
13
+ return @key_length
14
+ elsif v.length == 1
15
+ @key_length = v.first
16
+ else
17
+ raise ArgumentError, "wrong number of arguments (#{v.length} for 1)"
18
+ end
19
+ end
20
+
21
+ def mac_length(*v)
22
+ @mac_length = nil if !defined?(@mac_length)
23
+ if v.empty?
24
+ @mac_length = superclass.mac_length if @mac_length.nil? && superclass.respond_to?(:mac_length)
25
+ return @mac_length
26
+ elsif v.length == 1
27
+ @mac_length = v.first
28
+ else
29
+ raise ArgumentError, "wrong number of arguments (#{v.length} for 1)"
30
+ end
31
+ end
32
+
33
+ def digest_class(*v)
34
+ @digest_class = nil if !defined?(@digest_class)
35
+ if v.empty?
36
+ @digest_class = superclass.digest_class if @digest_class.nil? && superclass.respond_to?(:digest_class)
37
+ return @digest_class
38
+ elsif v.length == 1
39
+ @digest_class = v.first
40
+ else
41
+ raise ArgumentError, "wrong number of arguments (#{v.length} for 1)"
42
+ end
43
+ end
44
+ end
45
+
46
+ def key_length
47
+ self.class.key_length
48
+ end
49
+
50
+ def mac_length
51
+ self.class.mac_length
52
+ end
53
+
54
+ def digest_class
55
+ self.class.digest_class
56
+ end
57
+
58
+ # The key in use for this instance.
59
+ attr_reader :key
60
+
61
+ def initialize(key=nil)
62
+ self.key = key
63
+ end
64
+
65
+ # Sets the key to the given value, truncating it so that it is the correct
66
+ # length.
67
+ def key=(value)
68
+ @key = value ? value.to_s[0,key_length] : nil
69
+ end
70
+
71
+ # Compute the HMAC digest for the given data string.
72
+ def digest(data)
73
+ OpenSSL::HMAC.digest(digest_class.new, key, data)[0,mac_length]
74
+ end
75
+
76
+ end
77
+
78
+ end; end; end; end
@@ -0,0 +1,12 @@
1
+ require 'net/ssh/transport/hmac/abstract'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The MD5 HMAC algorithm.
6
+ class MD5 < Abstract
7
+ mac_length 16
8
+ key_length 16
9
+ digest_class OpenSSL::Digest::MD5
10
+ end
11
+
12
+ end
@@ -0,0 +1,11 @@
1
+ require 'net/ssh/transport/hmac/md5'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The MD5-96 HMAC algorithm. This returns only the first 12 bytes of
6
+ # the digest.
7
+ class MD5_96 < MD5
8
+ mac_length 12
9
+ end
10
+
11
+ end
@@ -0,0 +1,15 @@
1
+ require 'net/ssh/transport/hmac/abstract'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The "none" algorithm. This has a key and mac length of 0.
6
+ class None < Abstract
7
+ key_length 0
8
+ mac_length 0
9
+
10
+ def digest(data)
11
+ ""
12
+ end
13
+ end
14
+
15
+ end
@@ -0,0 +1,13 @@
1
+ require 'net/ssh/transport/hmac/abstract'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The SHA1 HMAC algorithm. This has a mac and key length of 20, and
6
+ # uses the SHA1 digest algorithm.
7
+ class SHA1 < Abstract
8
+ mac_length 20
9
+ key_length 20
10
+ digest_class OpenSSL::Digest::SHA1
11
+ end
12
+
13
+ end
@@ -0,0 +1,11 @@
1
+ require 'net/ssh/transport/hmac/sha1'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The SHA1-96 HMAC algorithm. This returns only the first 12 bytes of
6
+ # the digest.
7
+ class SHA1_96 < SHA1
8
+ mac_length 12
9
+ end
10
+
11
+ end
@@ -0,0 +1,31 @@
1
+ require 'net/ssh/transport/hmac/md5'
2
+ require 'net/ssh/transport/hmac/md5_96'
3
+ require 'net/ssh/transport/hmac/sha1'
4
+ require 'net/ssh/transport/hmac/sha1_96'
5
+ require 'net/ssh/transport/hmac/none'
6
+
7
+ # Implements a simple factory interface for fetching hmac implementations, or
8
+ # for finding the key lengths for hmac implementations.s
9
+ module Net::SSH::Transport::HMAC
10
+ # The mapping of SSH hmac algorithms to their implementations
11
+ MAP = {
12
+ 'hmac-md5' => MD5,
13
+ 'hmac-md5-96' => MD5_96,
14
+ 'hmac-sha1' => SHA1,
15
+ 'hmac-sha1-96' => SHA1_96,
16
+ 'none' => None
17
+ }
18
+
19
+ # Retrieves a new hmac instance of the given SSH type (+name+). If +key+ is
20
+ # given, the new instance will be initialized with that key.
21
+ def self.get(name, key="")
22
+ impl = MAP[name] or raise ArgumentError, "hmac not found: #{name.inspect}"
23
+ impl.new(key)
24
+ end
25
+
26
+ # Retrieves the key length for the hmac of the given SSH type (+name+).
27
+ def self.key_length(name)
28
+ impl = MAP[name] or raise ArgumentError, "hmac not found: #{name.inspect}"
29
+ impl.key_length
30
+ end
31
+ end
@@ -0,0 +1,55 @@
1
+ module Net; module SSH; module Transport
2
+
3
+ # A cipher that does nothing but pass the data through, unchanged. This
4
+ # keeps things in the code nice and clean when a cipher has not yet been
5
+ # determined (i.e., during key exchange).
6
+ class IdentityCipher
7
+ class <<self
8
+ # A default block size of 8 is required by the SSH2 protocol.
9
+ def block_size
10
+ 8
11
+ end
12
+
13
+ # Returns an arbitrary integer.
14
+ def iv_len
15
+ 4
16
+ end
17
+
18
+ # Does nothing. Returns self.
19
+ def encrypt
20
+ self
21
+ end
22
+
23
+ # Does nothing. Returns self.
24
+ def decrypt
25
+ self
26
+ end
27
+
28
+ # Passes its single argument through unchanged.
29
+ def update(text)
30
+ text
31
+ end
32
+
33
+ # Returns the empty string.
34
+ def final
35
+ ""
36
+ end
37
+
38
+ # The name of this cipher, which is "identity".
39
+ def name
40
+ "identity"
41
+ end
42
+
43
+ # Does nothing. Returns nil.
44
+ def iv=(v)
45
+ nil
46
+ end
47
+
48
+ # Does nothing. Returns self.
49
+ def reset
50
+ self
51
+ end
52
+ end
53
+ end
54
+
55
+ end; end; end
@@ -0,0 +1,208 @@
1
+ require 'net/ssh/buffer'
2
+ require 'net/ssh/errors'
3
+ require 'net/ssh/loggable'
4
+ require 'net/ssh/transport/openssl'
5
+ require 'net/ssh/transport/constants'
6
+
7
+ module Net; module SSH; module Transport; module Kex
8
+
9
+ # A key-exchange service implementing the "diffie-hellman-group1-sha1"
10
+ # key-exchange algorithm.
11
+ class DiffieHellmanGroup1SHA1
12
+ include Constants, Loggable
13
+
14
+ # The value of 'P', as a string, in hexadecimal
15
+ P_s = "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" +
16
+ "C4C6628B" "80DC1CD1" "29024E08" "8A67CC74" +
17
+ "020BBEA6" "3B139B22" "514A0879" "8E3404DD" +
18
+ "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" +
19
+ "4FE1356D" "6D51C245" "E485B576" "625E7EC6" +
20
+ "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" +
21
+ "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" +
22
+ "49286651" "ECE65381" "FFFFFFFF" "FFFFFFFF"
23
+
24
+ # The radix in which P_s represents the value of P
25
+ P_r = 16
26
+
27
+ # The group constant
28
+ G = 2
29
+
30
+ attr_reader :p
31
+ attr_reader :g
32
+ attr_reader :digester
33
+ attr_reader :algorithms
34
+ attr_reader :connection
35
+ attr_reader :data
36
+ attr_reader :dh
37
+
38
+ # Create a new instance of the DiffieHellmanGroup1SHA1 algorithm.
39
+ # The data is a Hash of symbols representing information
40
+ # required by this algorithm, which was acquired during earlier
41
+ # processing.
42
+ def initialize(algorithms, connection, data)
43
+ @p = OpenSSL::BN.new(P_s, P_r)
44
+ @g = G
45
+
46
+ @digester = OpenSSL::Digest::SHA1
47
+ @algorithms = algorithms
48
+ @connection = connection
49
+
50
+ @data = data.dup
51
+ @dh = generate_key
52
+ @logger = @data.delete(:logger)
53
+ end
54
+
55
+ # Perform the key-exchange for the given session, with the given
56
+ # data. This method will return a hash consisting of the
57
+ # following keys:
58
+ #
59
+ # * :session_id
60
+ # * :server_key
61
+ # * :shared_secret
62
+ # * :hashing_algorithm
63
+ #
64
+ # The caller is expected to be able to understand how to use these
65
+ # deliverables.
66
+ def exchange_keys
67
+ result = send_kexinit
68
+ verify_server_key(result[:server_key])
69
+ session_id = verify_signature(result)
70
+ confirm_newkeys
71
+
72
+ return { :session_id => session_id,
73
+ :server_key => result[:server_key],
74
+ :shared_secret => result[:shared_secret],
75
+ :hashing_algorithm => digester }
76
+ end
77
+
78
+ private
79
+
80
+ # Returns the DH key parameters for the current connection.
81
+ def get_parameters
82
+ [p, g]
83
+ end
84
+
85
+ # Returns the INIT/REPLY constants used by this algorithm.
86
+ def get_message_types
87
+ [KEXDH_INIT, KEXDH_REPLY]
88
+ end
89
+
90
+ # Build the signature buffer to use when verifying a signature from
91
+ # the server.
92
+ def build_signature_buffer(result)
93
+ response = Net::SSH::Buffer.new
94
+ response.write_string data[:client_version_string],
95
+ data[:server_version_string],
96
+ data[:client_algorithm_packet],
97
+ data[:server_algorithm_packet],
98
+ result[:key_blob]
99
+ response.write_bignum dh.pub_key,
100
+ result[:server_dh_pubkey],
101
+ result[:shared_secret]
102
+ response
103
+ end
104
+
105
+ # Generate a DH key with a private key consisting of the given
106
+ # number of bytes.
107
+ def generate_key #:nodoc:
108
+ dh = OpenSSL::PKey::DH.new
109
+
110
+ dh.p, dh.g = get_parameters
111
+ dh.priv_key = OpenSSL::BN.rand(data[:need_bytes] * 8)
112
+
113
+ dh.generate_key! until dh.valid?
114
+
115
+ dh
116
+ end
117
+
118
+ # Send the KEXDH_INIT message, and expect the KEXDH_REPLY. Return the
119
+ # resulting buffer.
120
+ #
121
+ # Parse the buffer from a KEXDH_REPLY message, returning a hash of
122
+ # the extracted values.
123
+ def send_kexinit #:nodoc:
124
+ init, reply = get_message_types
125
+
126
+ # send the KEXDH_INIT message
127
+ buffer = Net::SSH::Buffer.from(:byte, init, :bignum, dh.pub_key)
128
+ connection.send_message(buffer)
129
+
130
+ # expect the KEXDH_REPLY message
131
+ buffer = connection.next_message
132
+ raise Net::SSH::Exception, "expected REPLY" unless buffer.type == reply
133
+
134
+ result = Hash.new
135
+
136
+ result[:key_blob] = buffer.read_string
137
+ result[:server_key] = Net::SSH::Buffer.new(result[:key_blob]).read_key
138
+ result[:server_dh_pubkey] = buffer.read_bignum
139
+ result[:shared_secret] = OpenSSL::BN.new(dh.compute_key(result[:server_dh_pubkey]), 2)
140
+
141
+ sig_buffer = Net::SSH::Buffer.new(buffer.read_string)
142
+ sig_type = sig_buffer.read_string
143
+ if sig_type != algorithms.host_key
144
+ raise Net::SSH::Exception,
145
+ "host key algorithm mismatch for signature " +
146
+ "'#{sig_type}' != '#{algorithms.host_key}'"
147
+ end
148
+ result[:server_sig] = sig_buffer.read_string
149
+
150
+ return result
151
+ end
152
+
153
+ # Verify that the given key is of the expected type, and that it
154
+ # really is the key for the session's host. Raise Net::SSH::Exception
155
+ # if it is not.
156
+ def verify_server_key(key) #:nodoc:
157
+ if key.ssh_type != algorithms.host_key
158
+ raise Net::SSH::Exception,
159
+ "host key algorithm mismatch " +
160
+ "'#{key.ssh_type}' != '#{algorithms.host_key}'"
161
+ end
162
+
163
+ blob, fingerprint = generate_key_fingerprint(key)
164
+
165
+ unless connection.host_key_verifier.verify(:key => key, :key_blob => blob, :fingerprint => fingerprint, :session => connection)
166
+ raise Net::SSH::Exception, "host key verification failed"
167
+ end
168
+ end
169
+
170
+ def generate_key_fingerprint(key)
171
+ blob = Net::SSH::Buffer.from(:key, key).to_s
172
+ fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":")
173
+
174
+ [blob, fingerprint]
175
+ rescue ::Exception => e
176
+ [nil, "(could not generate fingerprint: #{e.message})"]
177
+ end
178
+
179
+ # Verify the signature that was received. Raise Net::SSH::Exception
180
+ # if the signature could not be verified. Otherwise, return the new
181
+ # session-id.
182
+ def verify_signature(result) #:nodoc:
183
+ response = build_signature_buffer(result)
184
+
185
+ hash = @digester.digest(response.to_s)
186
+
187
+ unless result[:server_key].ssh_do_verify(result[:server_sig], hash)
188
+ raise Net::SSH::Exception, "could not verify server signature"
189
+ end
190
+
191
+ return hash
192
+ end
193
+
194
+ # Send the NEWKEYS message, and expect the NEWKEYS message in
195
+ # reply.
196
+ def confirm_newkeys #:nodoc:
197
+ # send own NEWKEYS message first (the wodSSHServer won't send first)
198
+ response = Net::SSH::Buffer.new
199
+ response.write_byte(NEWKEYS)
200
+ connection.send_message(response)
201
+
202
+ # wait for the server's NEWKEYS message
203
+ buffer = connection.next_message
204
+ raise Net::SSH::Exception, "expected NEWKEYS" unless buffer.type == NEWKEYS
205
+ end
206
+ end
207
+
208
+ end; end; end; end
@@ -0,0 +1,77 @@
1
+ require 'net/ssh/errors'
2
+ require 'net/ssh/transport/constants'
3
+ require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
4
+
5
+ module Net::SSH::Transport::Kex
6
+
7
+ # A key-exchange service implementing the
8
+ # "diffie-hellman-group-exchange-sha1" key-exchange algorithm.
9
+ class DiffieHellmanGroupExchangeSHA1 < DiffieHellmanGroup1SHA1
10
+ MINIMUM_BITS = 1024
11
+ MAXIMUM_BITS = 8192
12
+
13
+ KEXDH_GEX_GROUP = 31
14
+ KEXDH_GEX_INIT = 32
15
+ KEXDH_GEX_REPLY = 33
16
+ KEXDH_GEX_REQUEST = 34
17
+
18
+ private
19
+
20
+ # Compute the number of bits needed for the given number of bytes.
21
+ def compute_need_bits
22
+ need_bits = data[:need_bytes] * 8
23
+ if need_bits < MINIMUM_BITS
24
+ need_bits = MINIMUM_BITS
25
+ elsif need_bits > MAXIMUM_BITS
26
+ need_bits = MAXIMUM_BITS
27
+ end
28
+
29
+ data[:need_bits ] = need_bits
30
+ data[:need_bytes] = need_bits / 8
31
+ end
32
+
33
+ # Returns the DH key parameters for the given session.
34
+ def get_parameters
35
+ compute_need_bits
36
+
37
+ # request the DH key parameters for the given number of bits.
38
+ buffer = Net::SSH::Buffer.from(:byte, KEXDH_GEX_REQUEST, :long, MINIMUM_BITS,
39
+ :long, data[:need_bits], :long, MAXIMUM_BITS)
40
+ connection.send_message(buffer)
41
+
42
+ buffer = connection.next_message
43
+ unless buffer.type == KEXDH_GEX_GROUP
44
+ raise Net::SSH::Exception, "expected KEXDH_GEX_GROUP, got #{buffer.type}"
45
+ end
46
+
47
+ p = buffer.read_bignum
48
+ g = buffer.read_bignum
49
+
50
+ [p, g]
51
+ end
52
+
53
+ # Returns the INIT/REPLY constants used by this algorithm.
54
+ def get_message_types
55
+ [KEXDH_GEX_INIT, KEXDH_GEX_REPLY]
56
+ end
57
+
58
+ # Build the signature buffer to use when verifying a signature from
59
+ # the server.
60
+ def build_signature_buffer(result)
61
+ response = Net::SSH::Buffer.new
62
+ response.write_string data[:client_version_string],
63
+ data[:server_version_string],
64
+ data[:client_algorithm_packet],
65
+ data[:server_algorithm_packet],
66
+ result[:key_blob]
67
+ response.write_long MINIMUM_BITS,
68
+ data[:need_bits],
69
+ MAXIMUM_BITS
70
+ response.write_bignum dh.p, dh.g, dh.pub_key,
71
+ result[:server_dh_pubkey],
72
+ result[:shared_secret]
73
+ response
74
+ end
75
+ end
76
+
77
+ end
@@ -0,0 +1,13 @@
1
+ require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
2
+ require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1'
3
+
4
+ module Net::SSH::Transport
5
+ module Kex
6
+ # Maps the supported key-exchange algorithms as named by the SSH protocol
7
+ # to their corresponding implementors.
8
+ MAP = {
9
+ 'diffie-hellman-group-exchange-sha1' => DiffieHellmanGroupExchangeSHA1,
10
+ 'diffie-hellman-group1-sha1' => DiffieHellmanGroup1SHA1
11
+ }
12
+ end
13
+ end
@@ -0,0 +1,128 @@
1
+ require 'openssl'
2
+ require 'net/ssh/buffer'
3
+
4
+ module OpenSSL
5
+
6
+ # This class is originally defined in the OpenSSL module. As needed, methods
7
+ # have been added to it by the Net::SSH module for convenience in dealing with
8
+ # SSH functionality.
9
+ class BN
10
+
11
+ # Converts a BN object to a string. The format used is that which is
12
+ # required by the SSH2 protocol.
13
+ def to_ssh
14
+ if zero?
15
+ return [0].pack("N")
16
+ else
17
+ buf = to_s(2)
18
+ if buf.getbyte(0)[7] == 1
19
+ return [buf.length+1, 0, buf].pack("NCA*")
20
+ else
21
+ return [buf.length, buf].pack("NA*")
22
+ end
23
+ end
24
+ end
25
+
26
+ end
27
+
28
+ module PKey
29
+
30
+ class PKey
31
+ def fingerprint
32
+ @fingerprint ||= OpenSSL::Digest::MD5.hexdigest(to_blob).scan(/../).join(":")
33
+ end
34
+ end
35
+
36
+ # This class is originally defined in the OpenSSL module. As needed, methods
37
+ # have been added to it by the Net::SSH module for convenience in dealing
38
+ # with SSH functionality.
39
+ class DH
40
+
41
+ # Determines whether the pub_key for this key is valid. (This algorithm
42
+ # lifted more-or-less directly from OpenSSH, dh.c, dh_pub_is_valid.)
43
+ def valid?
44
+ return false if pub_key.nil? || pub_key < 0
45
+ bits_set = 0
46
+ pub_key.num_bits.times { |i| bits_set += 1 if pub_key.bit_set?(i) }
47
+ return ( bits_set > 1 && pub_key < p )
48
+ end
49
+
50
+ end
51
+
52
+ # This class is originally defined in the OpenSSL module. As needed, methods
53
+ # have been added to it by the Net::SSH module for convenience in dealing
54
+ # with SSH functionality.
55
+ class RSA
56
+
57
+ # Returns "ssh-rsa", which is the description of this key type used by the
58
+ # SSH2 protocol.
59
+ def ssh_type
60
+ "ssh-rsa"
61
+ end
62
+
63
+ # Converts the key to a blob, according to the SSH2 protocol.
64
+ def to_blob
65
+ @blob ||= Net::SSH::Buffer.from(:string, ssh_type, :bignum, e, :bignum, n).to_s
66
+ end
67
+
68
+ # Verifies the given signature matches the given data.
69
+ def ssh_do_verify(sig, data)
70
+ verify(OpenSSL::Digest::SHA1.new, sig, data)
71
+ end
72
+
73
+ # Returns the signature for the given data.
74
+ def ssh_do_sign(data)
75
+ sign(OpenSSL::Digest::SHA1.new, data)
76
+ end
77
+ end
78
+
79
+ # This class is originally defined in the OpenSSL module. As needed, methods
80
+ # have been added to it by the Net::SSH module for convenience in dealing
81
+ # with SSH functionality.
82
+ class DSA
83
+
84
+ # Returns "ssh-dss", which is the description of this key type used by the
85
+ # SSH2 protocol.
86
+ def ssh_type
87
+ "ssh-dss"
88
+ end
89
+
90
+ # Converts the key to a blob, according to the SSH2 protocol.
91
+ def to_blob
92
+ @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
93
+ :bignum, p, :bignum, q, :bignum, g, :bignum, pub_key).to_s
94
+ end
95
+
96
+ # Verifies the given signature matches the given data.
97
+ def ssh_do_verify(sig, data)
98
+ sig_r = sig[0,20].unpack("H*")[0].to_i(16)
99
+ sig_s = sig[20,20].unpack("H*")[0].to_i(16)
100
+ a1sig = OpenSSL::ASN1::Sequence([
101
+ OpenSSL::ASN1::Integer(sig_r),
102
+ OpenSSL::ASN1::Integer(sig_s)
103
+ ])
104
+ return verify(OpenSSL::Digest::DSS1.new, a1sig.to_der, data)
105
+ end
106
+
107
+ # Signs the given data.
108
+ def ssh_do_sign(data)
109
+ sig = sign( OpenSSL::Digest::DSS1.new, data)
110
+ a1sig = OpenSSL::ASN1.decode( sig )
111
+
112
+ sig_r = a1sig.value[0].value.to_s(2)
113
+ sig_s = a1sig.value[1].value.to_s(2)
114
+
115
+ if sig_r.length > 20 || sig_s.length > 20
116
+ raise OpenSSL::PKey::DSAError, "bad sig size"
117
+ end
118
+
119
+ sig_r = "\0" * ( 20 - sig_r.length ) + sig_r if sig_r.length < 20
120
+ sig_s = "\0" * ( 20 - sig_s.length ) + sig_s if sig_s.length < 20
121
+
122
+ return sig_r + sig_s
123
+ end
124
+ end
125
+
126
+ end
127
+
128
+ end