RubyGems - hrr_rb_ssh - Versions diffs - 0.1.1 → 0.1.2 - Mend

hrr_rb_ssh 0.1.1 → 0.1.2

Files changed (86) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: af60a04fe1efba55f720ee23fd252e624d3c2ba955f36462e5ef766f6ad8acaa
-  data.tar.gz: 5be5463dbc89b27652abd85ad6e4ef5d87f0639f8a32df370b0677d20dcbb39b
+  metadata.gz: a15e10f1895dfd1a8e0159fc18355de0128cc033bbe5f5ee49e483e2de7bc1e3
+  data.tar.gz: 6e1cb80d55521f431dff77735cb843c37fdc440640ffd9ae958119fdd9eb96d3
 SHA512:
-  metadata.gz: 500b7e3562f9d413c9698cc167e51e3c2635b4658a6667ddfbf0d717aec68711aa81f51df85b203d7a26e42f62b9d5bc4e11a2c86b2f81594f5458b6b64f5790
-  data.tar.gz: cc7bcc38e495f362dec7bbfe7fdae03c743945e1093b09ae1122f0cd27a43c4ba274935cd390120b6a845307d3340d033e04ab94722cd79a66985687ae5f0b28
+  metadata.gz: b63d6c8658d97b862f81e9beed336d04768894fffe1339c86cd2f8f9c22310f5f1d1be1f7abc381a0a0a5bbb18fd9a343959355aa77d849c321041de954d3749
+  data.tar.gz: db9de741c096e3024231760c25e3d0ed04fee0a7d3083f1ad71b1deecbe389c401576f37c31714052408bca4c6431861e40f7ccafc04be8b4277c096147ef32f

data/README.md CHANGED Viewed

@@ -5,7 +5,7 @@
 [![Test Coverage](https://api.codeclimate.com/v1/badges/f5dfdb97d72f24ca5939/test_coverage)](https://codeclimate.com/github/hirura/hrr_rb_ssh/test_coverage)
 [![Gem Version](https://badge.fury.io/rb/hrr_rb_ssh.svg)](https://badge.fury.io/rb/hrr_rb_ssh)
-hrr_rb_ssh is a pure Ruby SSH2 server implementation.
+hrr_rb_ssh is a pure Ruby SSH 2.0 server implementation.
 ## Installation

data/demo/server.rb CHANGED Viewed

@@ -23,8 +23,23 @@ auth_none = HrrRbSsh::Authentication::Authenticator.new { |context|
 }
 auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
   username = 'user1'
-  public_key_algorithm_name = 'ssh-rsa'
-  public_key = <<-'EOB'
+  dss_public_key_algorithm_name = 'ssh-dss'
+  dss_public_key = <<-'EOB'
+-----BEGIN PUBLIC KEY-----
+  MIIBtzCCASwGByqGSM44BAEwggEfAoGBAKh2ZJp4ao8Xaexa0sk68VqMCaOaTi19
+YIqo2+t2t8ve4QSHvk/NbFIDTGq90lHziakTqwKaaswWLB7cSRPTcXjLv16Zmazg
+JRvh1jZ3ikuBME2G/B+EptlQ00dMa+5W/Acp2P6Cv5NRgA/tx0AyCJaItSpLXG+k
+B+HMp9LQ8WotAhUAk/yyvpsY9sVSyeN3lHvg5Nsl568CgYEAj4rqF241ROP2olNh
+VJUF0K5N4dSBCfcPnSPYuGPCi7qV229RISET3LOwrCXEUwSwlKoe/lLb2mcaeC84
+NIeN6pQnRTE6zajJ9UUeGErOFRm1x6E+FMtlVp/fwUE1Ra+AscHVKwMUehz7sA6A
+ZxJK7UvLs+R6s1eYhrES0bcorLIDgYQAAoGAd6XKzevlwzt6aCYdBRdN+BT4BQUw
+/L3MVYG0kDV9WqPcyAFvLO54xAUf9LxYM0e8X8J5ECp4oEGOcK1ilXEw3LPMJGmY
+IB56R9izS1t636kxnJTYNGQY+XvjAeuP7nC2WVNHNz7vXprT4Sq+hQaNkaKPu/3/
+48xJs2mYbxfyHCQ=
+-----END PUBLIC KEY-----
+  EOB
+  rsa_public_key_algorithm_name = 'ssh-rsa'
+  rsa_public_key = <<-'EOB'
 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OnIQcRTdeTZFjhGcx8f
 ssCgeqzY47p5KhT/gKMz2nOANNLCBr9e6IGaRePew03St3Cn0ApikuGzPnWxSlBT
@@ -35,7 +50,12 @@ wqbQt4paM0aEuypWE+CaizA0I+El7f0y+59sUqTAN/7F9UlXaOBdd9SZkhACBrAR
 nQIDAQAB
 -----END PUBLIC KEY-----
   EOB
-  context.verify username, public_key_algorithm_name, public_key
+  [
+    [dss_public_key_algorithm_name, dss_public_key],
+    [rsa_public_key_algorithm_name, rsa_public_key],
+  ].any? { |public_key_algorithm_name, public_key|
+    context.verify username, public_key_algorithm_name, public_key
+  }
 }
 auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
   user_and_pass = [

data/hrr_rb_ssh.gemspec CHANGED Viewed

@@ -7,8 +7,8 @@ Gem::Specification.new do |spec|
   spec.name          = "hrr_rb_ssh"
   spec.version       = HrrRbSsh::VERSION
   spec.license       = 'Apache-2.0'
-  spec.summary       = %q{Pure Ruby SSH2 server implementation}
-  spec.description   = %q{Pure Ruby SSH2 server implementation}
+  spec.summary       = %q{Pure Ruby SSH 2.0 server implementation}
+  spec.description   = %q{Pure Ruby SSH 2.0 server implementation}
   spec.authors       = ["hirura"]
   spec.email         = ["hirura@gmail.com"]
   spec.homepage      = "https://github.com/hirura/hrr_rb_ssh"

data/lib/hrr_rb_ssh/authentication/method/method.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/logger'
+module HrrRbSsh
+  class Authentication
+    module Method
+      class Method
+        @@list = Array.new
+        def self.inherited klass
+          @@list.push klass
+        end
+        def self.list
+          @@list
+        end
+        def self.name_list
+          @@list.map{ |klass| klass::NAME }
+        end
+        def self.[] key
+          @@list.find{ |klass| key == klass::NAME }
+        end
+        def initialize options
+          @logger = HrrRbSsh::Logger.new self.class.name
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/none.rb CHANGED Viewed

@@ -1,19 +1,16 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
-require 'hrr_rb_ssh/logger'
-require 'hrr_rb_ssh/authentication/method/none/context'
+require 'hrr_rb_ssh/authentication/method/method'
 module HrrRbSsh
   class Authentication
     module Method
-      name_list = [
-        'none'
-      ]
+      class None < Method
+        NAME = 'none'
-      class None
         def initialize options
-          @logger = HrrRbSsh::Logger.new self.class.name
+          super
           @authenticator = options.fetch( 'authentication_none_authenticator', Authenticator.new { false } )
         end
@@ -25,14 +22,8 @@ module HrrRbSsh
           @authenticator.authenticate context
         end
       end
-      @@list ||= Hash.new
-      name_list.each do |name|
-        @@list[name] = None
-      end
     end
   end
 end
+require 'hrr_rb_ssh/authentication/method/none/context'

data/lib/hrr_rb_ssh/authentication/method/password.rb CHANGED Viewed

@@ -1,19 +1,16 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
-require 'hrr_rb_ssh/logger'
-require 'hrr_rb_ssh/authentication/method/password/context'
+require 'hrr_rb_ssh/authentication/method/method'
 module HrrRbSsh
   class Authentication
     module Method
-      name_list = [
-        'password'
-      ]
+      class Password < Method
+        NAME = 'password'
-      class Password
         def initialize options
-          @logger = HrrRbSsh::Logger.new self.class.name
+          super
           @authenticator = options.fetch( 'authentication_password_authenticator', Authenticator.new { false } )
         end
@@ -27,11 +24,8 @@ module HrrRbSsh
           @authenticator.authenticate context
         end
       end
-      @@list ||= Hash.new
-      name_list.each do |name|
-        @@list[name] = Password
-      end
     end
   end
 end
+require 'hrr_rb_ssh/authentication/method/password/context'

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/algorithm.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/codable'
+module HrrRbSsh
+  class Authentication
+    module Method
+      class Publickey
+        module Algorithm
+          class Algorithm
+            @@list = Array.new
+            def self.inherited klass
+              @@list.push klass
+            end
+            def self.list
+              @@list
+            end
+            def self.name_list
+              @@list.map{ |klass| klass::NAME }
+            end
+            def self.[] key
+              @@list.find{ |klass| key == klass::NAME }
+            end
+            def initialize
+              @logger = HrrRbSsh::Logger.new self.class.name
+            end
+            include Codable
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/codable.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/transport/data_type'
+module HrrRbSsh
+  class Authentication
+    module Method
+      class Publickey
+        module Algorithm
+          module Codable
+            def encode definition, payload
+              definition.map{ |data_type, field_name|
+                field_value = if payload[field_name].instance_of? ::Proc then payload[field_name].call else payload[field_name] end
+                HrrRbSsh::Transport::DataType[data_type].encode(field_value)
+              }.join
+            end
+            def decode definition, payload
+              payload_io = StringIO.new payload, 'r'
+              definition.map{ |data_type, field_name|
+                [
+                  field_name,
+                  HrrRbSsh::Transport::DataType[data_type].decode(payload_io)
+                ]
+              }.to_h
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb ADDED Viewed

@@ -0,0 +1,105 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+module HrrRbSsh
+  class Authentication
+    module Method
+      class Publickey
+        module Algorithm
+          class SshDss < Algorithm
+            NAME   = 'ssh-dss'
+            DIGEST = 'sha1'
+            PUBLIC_KEY_BLOB_DEFINITION = [
+              ['string', 'public key algorithm name'],
+              ['mpint',  'p'],
+              ['mpint',  'q'],
+              ['mpint',  'g'],
+              ['mpint',  'y'],
+            ]
+            SIGNATURE_DEFINITION = [
+              ['string', 'public key algorithm name'],
+              ['string', 'signature blob'],
+            ]
+            SIGNATURE_BLOB_DEFINITION = [
+              ['string',  'session identifier'],
+              ['byte',    'message number'],
+              ['string',  'user name'],
+              ['string',  'service name'],
+              ['string',  'method name'],
+              ['boolean', 'with signature'],
+              ['string',  'public key algorithm name'],
+              ['string',  'public key blob'],
+            ]
+            def verify_public_key public_key_algorithm_name, public_key, public_key_blob
+              public_key = case public_key
+                           when String
+                             OpenSSL::PKey::DSA.new(public_key)
+                           when OpenSSL::PKey::DSA
+                             public_key
+                           else
+                             return false
+                           end
+              public_key_message = {
+                'public key algorithm name' => public_key_algorithm_name,
+                'p'                         => public_key.p.to_i,
+                'g'                         => public_key.g.to_i,
+                'q'                         => public_key.q.to_i,
+                'y'                         => public_key.pub_key.to_i,
+              }
+              public_key_blob == encode(PUBLIC_KEY_BLOB_DEFINITION, public_key_message)
+            end
+            def verify_signature session_id, message
+              signature_message   = decode SIGNATURE_DEFINITION, message['signature']
+              signature_algorithm = signature_message['public key algorithm name']
+              signature_blob      = signature_message['signature blob']
+              public_key = decode PUBLIC_KEY_BLOB_DEFINITION, message['public key blob']
+              algorithm = OpenSSL::PKey::DSA.new
+              if algorithm.respond_to?(:set_pqg)
+                algorithm.set_pqg public_key['p'], public_key['q'], public_key['g']
+              else
+                algorithm.p = public_key['p']
+                algorithm.q = public_key['q']
+                algorithm.g = public_key['g']
+              end
+              if algorithm.respond_to?(:set_key)
+                algorithm.set_key public_key['y'], nil
+              else
+                algorithm.pub_key = public_key['y']
+              end
+              data_message = {
+                'session identifier'        => session_id,
+                'message number'            => message['message number'],
+                'user name'                 => message['user name'],
+                'service name'              => message['service name'],
+                'method name'               => message['method name'],
+                'with signature'            => message['with signature'],
+                'public key algorithm name' => message['public key algorithm name'],
+                'public key blob'           => message['public key blob'],
+              }
+              data_blob = encode SIGNATURE_BLOB_DEFINITION, data_message
+              hash = OpenSSL::Digest.digest(DIGEST, data_blob)
+              sign_r = signature_blob[ 0, 20]
+              sign_s = signature_blob[20, 20]
+              sign_asn1 = OpenSSL::ASN1::Sequence.new(
+                [
+                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r, 2)),
+                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s, 2)),
+                ]
+              )
+              sign_der = sign_asn1.to_der
+              (signature_algorithm == message['public key algorithm name']) && algorithm.sysverify(hash, sign_der)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb ADDED Viewed

@@ -0,0 +1,85 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+module HrrRbSsh
+  class Authentication
+    module Method
+      class Publickey
+        module Algorithm
+          class SshRsa < Algorithm
+            NAME   = 'ssh-rsa'
+            DIGEST = 'sha1'
+            PUBLIC_KEY_BLOB_DEFINITION = [
+              ['string', 'public key algorithm name'],
+              ['mpint',  'e'],
+              ['mpint',  'n'],
+            ]
+            SIGNATURE_DEFINITION = [
+              ['string', 'public key algorithm name'],
+              ['string', 'signature blob'],
+            ]
+            SIGNATURE_BLOB_DEFINITION = [
+              ['string',  'session identifier'],
+              ['byte',    'message number'],
+              ['string',  'user name'],
+              ['string',  'service name'],
+              ['string',  'method name'],
+              ['boolean', 'with signature'],
+              ['string',  'public key algorithm name'],
+              ['string',  'public key blob'],
+            ]
+            def verify_public_key public_key_algorithm_name, public_key, public_key_blob
+              public_key = case public_key
+                           when String
+                             OpenSSL::PKey::RSA.new(public_key)
+                           when OpenSSL::PKey::RSA
+                             public_key
+                           else
+                             return false
+                           end
+              public_key_message = {
+                'public key algorithm name' => public_key_algorithm_name,
+                'e'                         => public_key.e.to_i,
+                'n'                         => public_key.n.to_i,
+              }
+              public_key_blob == encode(PUBLIC_KEY_BLOB_DEFINITION, public_key_message)
+            end
+            def verify_signature session_id, message
+              signature_message   = decode SIGNATURE_DEFINITION, message['signature']
+              signature_algorithm = signature_message['public key algorithm name']
+              signature_blob      = signature_message['signature blob']
+              public_key = decode PUBLIC_KEY_BLOB_DEFINITION, message['public key blob']
+              algorithm = OpenSSL::PKey::RSA.new
+              if algorithm.respond_to?(:set_key)
+                algorithm.set_key public_key['n'], public_key['e'], nil
+              else
+                algorithm.e = public_key['e']
+                algorithm.n = public_key['n']
+              end
+              data_message = {
+                'session identifier'        => session_id,
+                'message number'            => message['message number'],
+                'user name'                 => message['user name'],
+                'service name'              => message['service name'],
+                'method name'               => message['method name'],
+                'with signature'            => message['with signature'],
+                'public key algorithm name' => message['public key algorithm name'],
+                'public key blob'           => message['public key blob'],
+              }
+              data_blob = encode SIGNATURE_BLOB_DEFINITION, data_message
+              (signature_algorithm == message['public key algorithm name']) && algorithm.verify(DIGEST, signature_blob, data_blob)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+module HrrRbSsh
+  class Authentication
+    module Method
+      class Publickey
+        module Algorithm
+          def self.list
+            Algorithm.list
+          end
+          def self.name_list
+            Algorithm.name_list
+          end
+          def self.[] key
+            Algorithm[key]
+          end
+        end
+      end
+    end
+  end
+end
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/algorithm'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa'

data/lib/hrr_rb_ssh/authentication/method/publickey.rb CHANGED Viewed

@@ -1,30 +1,16 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
-require 'hrr_rb_ssh/logger'
-require 'hrr_rb_ssh/authentication/method/publickey/context'
-require 'hrr_rb_ssh/authentication/method/publickey/ssh_rsa'
+require 'hrr_rb_ssh/authentication/method/method'
 module HrrRbSsh
   class Authentication
     module Method
-      name_list = [
-        'publickey'
-      ]
-      class Publickey
-        @@algorithm_list ||= Hash.new
-        def self.[] key
-          @@algorithm_list[key]
-        end
-        def self.algorithm_name_list
-          @@algorithm_list.keys
-        end
+      class Publickey < Method
+        NAME = 'publickey'
         def initialize options
-          @logger = HrrRbSsh::Logger.new self.class.name
+          super
           @session_id = options['session id']
           @authenticator = options.fetch( 'authentication_publickey_authenticator', Authenticator.new { false } )
@@ -32,7 +18,7 @@ module HrrRbSsh
         def authenticate userauth_request_message
           public_key_algorithm_name = userauth_request_message['public key algorithm name']
-          unless @@algorithm_list.has_key?(public_key_algorithm_name)
+          unless Algorithm.name_list.include?(public_key_algorithm_name)
             @logger.info("unsupported public key algorithm: #{public_key_algorithm_name}")
             return false
           end
@@ -43,7 +29,7 @@ module HrrRbSsh
           else
             @logger.info("verify signature")
             username = userauth_request_message['user name']
-            algorithm = @@algorithm_list[public_key_algorithm_name].new
+            algorithm = Algorithm[public_key_algorithm_name].new
             context = Context.new(username, algorithm, @session_id, userauth_request_message)
             @authenticator.authenticate context
           end
@@ -58,11 +44,9 @@ module HrrRbSsh
           payload = HrrRbSsh::Message::SSH_MSG_USERAUTH_PK_OK.encode message
         end
       end
-      @@list ||= Hash.new
-      name_list.each do |name|
-        @@list[name] = Publickey
-      end
     end
   end
 end
+require 'hrr_rb_ssh/authentication/method/publickey/context'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm'

data/lib/hrr_rb_ssh/authentication/method.rb CHANGED Viewed

@@ -1,22 +1,25 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
-require 'hrr_rb_ssh/authentication/method/none'
-require 'hrr_rb_ssh/authentication/method/password'
-require 'hrr_rb_ssh/authentication/method/publickey'
 module HrrRbSsh
   class Authentication
     module Method
-      @@list ||= Hash.new
-      def self.[] key
-        @@list[key]
+      def self.list
+        Method.list
       end
       def self.name_list
-        @@list.keys
+        Method.name_list
+      end
+      def self.[] key
+        Method[key]
       end
     end
   end
 end
+require 'hrr_rb_ssh/authentication/method/method'
+require 'hrr_rb_ssh/authentication/method/none'
+require 'hrr_rb_ssh/authentication/method/password'
+require 'hrr_rb_ssh/authentication/method/publickey'

data/lib/hrr_rb_ssh/connection/channel/channel_type/channel_type.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+module HrrRbSsh
+  class Connection
+    class Channel
+      module ChannelType
+        class ChannelType
+          @@list = Array.new
+          def self.inherited klass
+            @@list.push klass
+          end
+          def self.list
+            @@list
+          end
+          def self.name_list
+            @@list.map{ |klass| klass::NAME }
+          end
+          def self.[] key
+            @@list.find{ |klass| key == klass::NAME }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env/context.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/logger'
+module HrrRbSsh
+  class Connection
+    class Channel
+      module ChannelType
+        class Session
+          module RequestType
+            class Env
+              class Context
+                attr_reader \
+                  :logger,
+                  :username,
+                  :io,
+                  :variables,
+                  :vars,
+                  :variable_name,
+                  :variable_value
+                def initialize proc_chain, username, io, variables, message
+                  @logger = HrrRbSsh::Logger.new self.class.name
+                  @proc_chain = proc_chain
+                  @username   = username
+                  @io         = io
+                  @variables  = variables
+                  @vars       = variables
+                  @variable_name  = message['variable name']
+                  @variable_value = message['variable value']
+                end
+                def chain_proc &block
+                  @proc = block || @proc
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end