hrr_rb_ssh 0.1.9 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +12 -2
- data/README.md +11 -9
- data/demo/echo_server.rb +50 -42
- data/demo/server.rb +81 -62
- data/demo/subsystem_echo_server.rb +54 -47
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm/ecdsa_sha2_nistp521 → algorithm/publickey/ecdsa_sha2}/ecdsa_signature_blob.rb +3 -3
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm/ecdsa_sha2_nistp256 → algorithm/publickey/ecdsa_sha2}/public_key_blob.rb +5 -6
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm/ecdsa_sha2_nistp256 → algorithm/publickey/ecdsa_sha2}/signature.rb +5 -5
- data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb +85 -0
- data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp256.rb +19 -0
- data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp384.rb +19 -0
- data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp521.rb +19 -0
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_dss/public_key_blob.rb +3 -3
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_dss/signature.rb +4 -4
- data/lib/hrr_rb_ssh/algorithm/publickey/ssh_dss.rb +90 -0
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_rsa/public_key_blob.rb +3 -4
- data/lib/hrr_rb_ssh/{transport/server_host_key_algorithm → algorithm/publickey}/ssh_rsa/signature.rb +4 -4
- data/lib/hrr_rb_ssh/algorithm/publickey/ssh_rsa.rb +67 -0
- data/lib/hrr_rb_ssh/algorithm/publickey.rb +32 -0
- data/lib/hrr_rb_ssh/algorithm.rb +9 -0
- data/lib/hrr_rb_ssh/authentication/method/none/context.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/none.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/password/context.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/password.rb +1 -1
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb +2 -65
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb +2 -65
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521.rb +2 -65
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/functionable.rb +54 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/signature_blob.rb +31 -0
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb +2 -73
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb +2 -55
- data/lib/hrr_rb_ssh/authentication/method/publickey.rb +3 -3
- data/lib/hrr_rb_ssh/authentication.rb +15 -15
- data/lib/hrr_rb_ssh/codable.rb +1 -1
- data/lib/hrr_rb_ssh/compat/openssh/public_key.rb +3 -40
- data/lib/hrr_rb_ssh/compat/ruby/array.rb +14 -0
- data/lib/hrr_rb_ssh/compat/ruby/openssl/bn.rb +20 -0
- data/lib/hrr_rb_ssh/compat/ruby/openssl.rb +4 -0
- data/lib/hrr_rb_ssh/compat/ruby/queue.rb +38 -0
- data/lib/hrr_rb_ssh/compat/ruby.rb +6 -0
- data/lib/hrr_rb_ssh/compat.rb +1 -63
- data/lib/hrr_rb_ssh/connection/channel/channel_type/direct_tcpip.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/forwarded_tcpip.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain/chain_context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/exec/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/exec.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/pty_req/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/pty_req.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/shell/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/shell.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/subsystem/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/subsystem.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/window_change/context.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/window_change.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb +1 -1
- data/lib/hrr_rb_ssh/connection/channel.rb +22 -22
- data/lib/hrr_rb_ssh/connection/global_request_handler.rb +1 -1
- data/lib/hrr_rb_ssh/connection/request_handler/reference_env_request_handler.rb +1 -1
- data/lib/hrr_rb_ssh/connection/request_handler/reference_exec_request_handler.rb +3 -56
- data/lib/hrr_rb_ssh/connection/request_handler/reference_pty_req_request_handler.rb +50 -13
- data/lib/hrr_rb_ssh/connection/request_handler/reference_shell_request_handler.rb +3 -56
- data/lib/hrr_rb_ssh/connection/request_handler/reference_window_change_request_handler.rb +1 -1
- data/lib/hrr_rb_ssh/connection/request_handler.rb +1 -1
- data/lib/hrr_rb_ssh/connection.rb +40 -40
- data/lib/hrr_rb_ssh/data_type.rb +0 -3
- data/lib/hrr_rb_ssh/error/closed_authentication.rb +9 -0
- data/lib/hrr_rb_ssh/{closed_transport_error.rb → error/closed_connection.rb} +3 -1
- data/lib/hrr_rb_ssh/{closed_authentication_error.rb → error/closed_transport.rb} +3 -1
- data/lib/hrr_rb_ssh/error.rb +11 -0
- data/lib/hrr_rb_ssh/{closed_connection_error.rb → mode.rb} +3 -1
- data/lib/hrr_rb_ssh/server.rb +23 -0
- data/lib/hrr_rb_ssh/transport/compression_algorithm/functionable.rb +1 -1
- data/lib/hrr_rb_ssh/transport/compression_algorithm/unfunctionable.rb +1 -1
- data/lib/hrr_rb_ssh/transport/encryption_algorithm/functionable.rb +3 -3
- data/lib/hrr_rb_ssh/transport/encryption_algorithm/unfunctionable.rb +1 -1
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman.rb +8 -48
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb +11 -51
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman.rb +8 -48
- data/lib/hrr_rb_ssh/transport/kex_algorithm/iv_computable.rb +57 -0
- data/lib/hrr_rb_ssh/transport/mac_algorithm/functionable.rb +2 -2
- data/lib/hrr_rb_ssh/transport/mac_algorithm/unfunctionable.rb +1 -1
- data/lib/hrr_rb_ssh/transport/receiver.rb +1 -1
- data/lib/hrr_rb_ssh/transport/sender.rb +1 -1
- data/lib/hrr_rb_ssh/transport/sequence_number.rb +1 -1
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb +2 -56
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb +2 -56
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521.rb +2 -56
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/functionable.rb +29 -0
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss.rb +2 -50
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa.rb +2 -31
- data/lib/hrr_rb_ssh/transport.rb +83 -81
- data/lib/hrr_rb_ssh/version.rb +1 -1
- data/lib/hrr_rb_ssh.rb +4 -0
- metadata +32 -37
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/public_key_blob.rb +0 -28
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +0 -28
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/ecdsa_signature_blob.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +0 -28
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/public_key_blob.rb +0 -30
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/public_key_blob.rb +0 -28
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature.rb +0 -27
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature_blob.rb +0 -33
- data/lib/hrr_rb_ssh/transport/mode.rb +0 -11
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256/ecdsa_signature_blob.rb +0 -23
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/ecdsa_signature_blob.rb +0 -23
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/public_key_blob.rb +0 -25
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384/signature.rb +0 -23
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/public_key_blob.rb +0 -25
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521/signature.rb +0 -23
@@ -0,0 +1,54 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/logger'
|
5
|
+
require 'hrr_rb_ssh/algorithm/publickey'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
module Functionable
|
13
|
+
def initialize
|
14
|
+
@logger = Logger.new(self.class.name)
|
15
|
+
end
|
16
|
+
|
17
|
+
def verify_public_key public_key_algorithm_name, public_key, public_key_blob
|
18
|
+
begin
|
19
|
+
publickey = HrrRbSsh::Algorithm::Publickey[self.class::NAME].new public_key
|
20
|
+
public_key_algorithm_name == self.class::NAME && public_key_blob == publickey.to_public_key_blob
|
21
|
+
rescue => e
|
22
|
+
@logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
|
23
|
+
false
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
def verify_signature session_id, message
|
28
|
+
begin
|
29
|
+
signature_blob_h = {
|
30
|
+
:'session identifier' => session_id,
|
31
|
+
:'message number' => message[:'message number'],
|
32
|
+
:'user name' => message[:'user name'],
|
33
|
+
:'service name' => message[:'service name'],
|
34
|
+
:'method name' => message[:'method name'],
|
35
|
+
:'with signature' => message[:'with signature'],
|
36
|
+
:'public key algorithm name' => message[:'public key algorithm name'],
|
37
|
+
:'public key blob' => message[:'public key blob'],
|
38
|
+
}
|
39
|
+
signature_blob = SignatureBlob.encode signature_blob_h
|
40
|
+
publickey = HrrRbSsh::Algorithm::Publickey[self.class::NAME].new message[:'public key blob']
|
41
|
+
publickey.verify message[:'signature'], signature_blob
|
42
|
+
rescue => e
|
43
|
+
@logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
|
44
|
+
false
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/signature_blob'
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'hrr_rb_ssh/data_type'
|
5
|
+
require 'hrr_rb_ssh/codable'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
class Authentication
|
9
|
+
class Method
|
10
|
+
class Publickey
|
11
|
+
class Algorithm
|
12
|
+
module SignatureBlob
|
13
|
+
class << self
|
14
|
+
include Codable
|
15
|
+
end
|
16
|
+
DEFINITION = [
|
17
|
+
[DataType::String, :'session identifier'],
|
18
|
+
[DataType::Byte, :'message number'],
|
19
|
+
[DataType::String, :'user name'],
|
20
|
+
[DataType::String, :'service name'],
|
21
|
+
[DataType::String, :'method name'],
|
22
|
+
[DataType::Boolean, :'with signature'],
|
23
|
+
[DataType::String, :'public key algorithm name'],
|
24
|
+
[DataType::String, :'public key blob'],
|
25
|
+
]
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -1,8 +1,7 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/
|
5
|
-
require 'hrr_rb_ssh/data_type'
|
4
|
+
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/functionable'
|
6
5
|
|
7
6
|
module HrrRbSsh
|
8
7
|
class Authentication
|
@@ -14,80 +13,10 @@ module HrrRbSsh
|
|
14
13
|
PREFERENCE = 10
|
15
14
|
DIGEST = 'sha1'
|
16
15
|
|
17
|
-
|
18
|
-
@logger = HrrRbSsh::Logger.new(self.class.name)
|
19
|
-
end
|
20
|
-
|
21
|
-
def verify_public_key public_key_algorithm_name, public_key, public_key_blob
|
22
|
-
public_key = case public_key
|
23
|
-
when String
|
24
|
-
OpenSSL::PKey::DSA.new(public_key)
|
25
|
-
when OpenSSL::PKey::DSA
|
26
|
-
public_key
|
27
|
-
else
|
28
|
-
return false
|
29
|
-
end
|
30
|
-
public_key_message = {
|
31
|
-
:'public key algorithm name' => public_key_algorithm_name,
|
32
|
-
:'p' => public_key.p.to_i,
|
33
|
-
:'g' => public_key.g.to_i,
|
34
|
-
:'q' => public_key.q.to_i,
|
35
|
-
:'y' => public_key.pub_key.to_i,
|
36
|
-
}
|
37
|
-
public_key_blob == PublicKeyBlob.encode(public_key_message)
|
38
|
-
end
|
39
|
-
|
40
|
-
def verify_signature session_id, message
|
41
|
-
signature_message = Signature.decode message[:'signature']
|
42
|
-
signature_algorithm = signature_message[:'public key algorithm name']
|
43
|
-
signature_blob = signature_message[:'signature blob']
|
44
|
-
|
45
|
-
public_key = PublicKeyBlob.decode message[:'public key blob']
|
46
|
-
algorithm = OpenSSL::PKey::DSA.new
|
47
|
-
if algorithm.respond_to?(:set_pqg)
|
48
|
-
algorithm.set_pqg public_key[:'p'], public_key[:'q'], public_key[:'g']
|
49
|
-
else
|
50
|
-
algorithm.p = public_key[:'p']
|
51
|
-
algorithm.q = public_key[:'q']
|
52
|
-
algorithm.g = public_key[:'g']
|
53
|
-
end
|
54
|
-
if algorithm.respond_to?(:set_key)
|
55
|
-
algorithm.set_key public_key[:'y'], nil
|
56
|
-
else
|
57
|
-
algorithm.pub_key = public_key[:'y']
|
58
|
-
end
|
59
|
-
|
60
|
-
data_message = {
|
61
|
-
:'session identifier' => session_id,
|
62
|
-
:'message number' => message[:'message number'],
|
63
|
-
:'user name' => message[:'user name'],
|
64
|
-
:'service name' => message[:'service name'],
|
65
|
-
:'method name' => message[:'method name'],
|
66
|
-
:'with signature' => message[:'with signature'],
|
67
|
-
:'public key algorithm name' => message[:'public key algorithm name'],
|
68
|
-
:'public key blob' => message[:'public key blob'],
|
69
|
-
}
|
70
|
-
data_blob = SignatureBlob.encode data_message
|
71
|
-
|
72
|
-
hash = OpenSSL::Digest.digest(DIGEST, data_blob)
|
73
|
-
sign_r = signature_blob[ 0, 20]
|
74
|
-
sign_s = signature_blob[20, 20]
|
75
|
-
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
76
|
-
[
|
77
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r, 2)),
|
78
|
-
OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s, 2)),
|
79
|
-
]
|
80
|
-
)
|
81
|
-
sign_der = sign_asn1.to_der
|
82
|
-
(signature_algorithm == message[:'public key algorithm name']) && algorithm.sysverify(hash, sign_der)
|
83
|
-
end
|
16
|
+
include Functionable
|
84
17
|
end
|
85
18
|
end
|
86
19
|
end
|
87
20
|
end
|
88
21
|
end
|
89
22
|
end
|
90
|
-
|
91
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/public_key_blob'
|
92
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature_blob'
|
93
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss/signature'
|
@@ -1,8 +1,7 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/
|
5
|
-
require 'hrr_rb_ssh/data_type'
|
4
|
+
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/functionable'
|
6
5
|
|
7
6
|
module HrrRbSsh
|
8
7
|
class Authentication
|
@@ -14,62 +13,10 @@ module HrrRbSsh
|
|
14
13
|
PREFERENCE = 20
|
15
14
|
DIGEST = 'sha1'
|
16
15
|
|
17
|
-
|
18
|
-
@logger = HrrRbSsh::Logger.new(self.class.name)
|
19
|
-
end
|
20
|
-
|
21
|
-
def verify_public_key public_key_algorithm_name, public_key, public_key_blob
|
22
|
-
public_key = case public_key
|
23
|
-
when String
|
24
|
-
OpenSSL::PKey::RSA.new(public_key)
|
25
|
-
when OpenSSL::PKey::RSA
|
26
|
-
public_key
|
27
|
-
else
|
28
|
-
return false
|
29
|
-
end
|
30
|
-
public_key_message = {
|
31
|
-
:'public key algorithm name' => public_key_algorithm_name,
|
32
|
-
:'e' => public_key.e.to_i,
|
33
|
-
:'n' => public_key.n.to_i,
|
34
|
-
}
|
35
|
-
public_key_blob == PublicKeyBlob.encode(public_key_message)
|
36
|
-
end
|
37
|
-
|
38
|
-
def verify_signature session_id, message
|
39
|
-
signature_message = Signature.decode message[:'signature']
|
40
|
-
signature_algorithm = signature_message[:'public key algorithm name']
|
41
|
-
signature_blob = signature_message[:'signature blob']
|
42
|
-
|
43
|
-
public_key = PublicKeyBlob.decode message[:'public key blob']
|
44
|
-
algorithm = OpenSSL::PKey::RSA.new
|
45
|
-
if algorithm.respond_to?(:set_key)
|
46
|
-
algorithm.set_key public_key[:'n'], public_key[:'e'], nil
|
47
|
-
else
|
48
|
-
algorithm.e = public_key[:'e']
|
49
|
-
algorithm.n = public_key[:'n']
|
50
|
-
end
|
51
|
-
|
52
|
-
data_message = {
|
53
|
-
:'session identifier' => session_id,
|
54
|
-
:'message number' => message[:'message number'],
|
55
|
-
:'user name' => message[:'user name'],
|
56
|
-
:'service name' => message[:'service name'],
|
57
|
-
:'method name' => message[:'method name'],
|
58
|
-
:'with signature' => message[:'with signature'],
|
59
|
-
:'public key algorithm name' => message[:'public key algorithm name'],
|
60
|
-
:'public key blob' => message[:'public key blob'],
|
61
|
-
}
|
62
|
-
data_blob = SignatureBlob.encode data_message
|
63
|
-
|
64
|
-
(signature_algorithm == message[:'public key algorithm name']) && algorithm.verify(DIGEST, signature_blob, data_blob)
|
65
|
-
end
|
16
|
+
include Functionable
|
66
17
|
end
|
67
18
|
end
|
68
19
|
end
|
69
20
|
end
|
70
21
|
end
|
71
22
|
end
|
72
|
-
|
73
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/public_key_blob'
|
74
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature_blob'
|
75
|
-
require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa/signature'
|
@@ -11,7 +11,7 @@ module HrrRbSsh
|
|
11
11
|
PREFERENCE = 20
|
12
12
|
|
13
13
|
def initialize options
|
14
|
-
@logger =
|
14
|
+
@logger = Logger.new(self.class.name)
|
15
15
|
@session_id = options['session id']
|
16
16
|
@authenticator = options.fetch( 'authentication_publickey_authenticator', Authenticator.new { false } )
|
17
17
|
end
|
@@ -37,11 +37,11 @@ module HrrRbSsh
|
|
37
37
|
|
38
38
|
def userauth_pk_ok_message public_key_algorithm_name, public_key_blob
|
39
39
|
message = {
|
40
|
-
:'message number' =>
|
40
|
+
:'message number' => Message::SSH_MSG_USERAUTH_PK_OK::VALUE,
|
41
41
|
:'public key algorithm name from the request' => public_key_algorithm_name,
|
42
42
|
:'public key blob from the request' => public_key_blob,
|
43
43
|
}
|
44
|
-
payload =
|
44
|
+
payload = Message::SSH_MSG_USERAUTH_PK_OK.encode message
|
45
45
|
end
|
46
46
|
end
|
47
47
|
end
|
@@ -3,7 +3,7 @@
|
|
3
3
|
|
4
4
|
require 'hrr_rb_ssh/logger'
|
5
5
|
require 'hrr_rb_ssh/message'
|
6
|
-
require 'hrr_rb_ssh/
|
6
|
+
require 'hrr_rb_ssh/error/closed_authentication'
|
7
7
|
require 'hrr_rb_ssh/authentication/authenticator'
|
8
8
|
require 'hrr_rb_ssh/authentication/method'
|
9
9
|
|
@@ -15,7 +15,7 @@ module HrrRbSsh
|
|
15
15
|
@transport = transport
|
16
16
|
@options = options
|
17
17
|
|
18
|
-
@logger =
|
18
|
+
@logger = Logger.new self.class.name
|
19
19
|
|
20
20
|
@transport.register_acceptable_service SERVICE_NAME
|
21
21
|
|
@@ -25,20 +25,20 @@ module HrrRbSsh
|
|
25
25
|
end
|
26
26
|
|
27
27
|
def send payload
|
28
|
-
raise
|
28
|
+
raise Error::ClosedAuthentication if @closed
|
29
29
|
begin
|
30
30
|
@transport.send payload
|
31
|
-
rescue
|
32
|
-
raise
|
31
|
+
rescue Error::ClosedTransport
|
32
|
+
raise Error::ClosedAuthentication
|
33
33
|
end
|
34
34
|
end
|
35
35
|
|
36
36
|
def receive
|
37
|
-
raise
|
37
|
+
raise Error::ClosedAuthentication if @closed
|
38
38
|
begin
|
39
39
|
@transport.receive
|
40
|
-
rescue
|
41
|
-
raise
|
40
|
+
rescue Error::ClosedTransport
|
41
|
+
raise Error::ClosedAuthentication
|
42
42
|
end
|
43
43
|
end
|
44
44
|
|
@@ -58,7 +58,7 @@ module HrrRbSsh
|
|
58
58
|
end
|
59
59
|
|
60
60
|
def username
|
61
|
-
raise
|
61
|
+
raise Error::ClosedAuthentication if @closed
|
62
62
|
@username
|
63
63
|
end
|
64
64
|
|
@@ -66,8 +66,8 @@ module HrrRbSsh
|
|
66
66
|
loop do
|
67
67
|
payload = @transport.receive
|
68
68
|
case payload[0,1].unpack("C")[0]
|
69
|
-
when
|
70
|
-
userauth_request_message =
|
69
|
+
when Message::SSH_MSG_USERAUTH_REQUEST::VALUE
|
70
|
+
userauth_request_message = Message::SSH_MSG_USERAUTH_REQUEST.decode payload
|
71
71
|
method_name = userauth_request_message[:'method name']
|
72
72
|
method = Method[method_name].new({'session id' => @transport.session_id}.merge(@options))
|
73
73
|
result = method.authenticate(userauth_request_message)
|
@@ -94,19 +94,19 @@ module HrrRbSsh
|
|
94
94
|
|
95
95
|
def send_userauth_failure
|
96
96
|
message = {
|
97
|
-
:'message number' =>
|
97
|
+
:'message number' => Message::SSH_MSG_USERAUTH_FAILURE::VALUE,
|
98
98
|
:'authentications that can continue' => Method.list_preferred,
|
99
99
|
:'partial success' => false,
|
100
100
|
}
|
101
|
-
payload =
|
101
|
+
payload = Message::SSH_MSG_USERAUTH_FAILURE.encode message
|
102
102
|
@transport.send payload
|
103
103
|
end
|
104
104
|
|
105
105
|
def send_userauth_success
|
106
106
|
message = {
|
107
|
-
:'message number' =>
|
107
|
+
:'message number' => Message::SSH_MSG_USERAUTH_SUCCESS::VALUE,
|
108
108
|
}
|
109
|
-
payload =
|
109
|
+
payload = Message::SSH_MSG_USERAUTH_SUCCESS.encode message
|
110
110
|
@transport.send payload
|
111
111
|
end
|
112
112
|
|
data/lib/hrr_rb_ssh/codable.rb
CHANGED
@@ -11,45 +11,8 @@ module HrrRbSsh
|
|
11
11
|
def initialize data_line
|
12
12
|
splitted = data_line.split(' ')
|
13
13
|
@algorithm_name = splitted[0]
|
14
|
-
public_key_blob =
|
15
|
-
|
16
|
-
when 'ssh-dss'
|
17
|
-
@algorithm = OpenSSL::PKey::DSA.new
|
18
|
-
if @algorithm.respond_to?(:set_pqg)
|
19
|
-
@algorithm.set_pqg public_key_blob[:'p'], public_key_blob[:'q'], public_key_blob[:'g']
|
20
|
-
else
|
21
|
-
@algorithm.p = public_key_blob[:'p']
|
22
|
-
@algorithm.q = public_key_blob[:'q']
|
23
|
-
@algorithm.g = public_key_blob[:'g']
|
24
|
-
end
|
25
|
-
if @algorithm.respond_to?(:set_key)
|
26
|
-
@algorithm.set_key public_key_blob[:'y'], nil
|
27
|
-
else
|
28
|
-
@algorithm.pub_key = public_key_blob[:'y']
|
29
|
-
end
|
30
|
-
@pem = @algorithm.public_key.to_pem
|
31
|
-
when 'ssh-rsa'
|
32
|
-
@algorithm = OpenSSL::PKey::RSA.new
|
33
|
-
if @algorithm.respond_to?(:set_key)
|
34
|
-
@algorithm.set_key public_key_blob[:'n'], public_key_blob[:'e'], nil
|
35
|
-
else
|
36
|
-
@algorithm.e = public_key_blob[:'e']
|
37
|
-
@algorithm.n = public_key_blob[:'n']
|
38
|
-
end
|
39
|
-
@pem = @algorithm.public_key.to_pem
|
40
|
-
when 'ecdsa-sha2-nistp256'
|
41
|
-
@algorithm = OpenSSL::PKey::EC.new('prime256v1')
|
42
|
-
@algorithm.public_key = OpenSSL::PKey::EC::Point.new(@algorithm.group, OpenSSL::BN.new(public_key_blob[:'Q'], 2))
|
43
|
-
@pem = @algorithm.to_pem
|
44
|
-
when 'ecdsa-sha2-nistp384'
|
45
|
-
@algorithm = OpenSSL::PKey::EC.new('secp384r1')
|
46
|
-
@algorithm.public_key = OpenSSL::PKey::EC::Point.new(@algorithm.group, OpenSSL::BN.new(public_key_blob[:'Q'], 2))
|
47
|
-
@pem = @algorithm.to_pem
|
48
|
-
when 'ecdsa-sha2-nistp521'
|
49
|
-
@algorithm = OpenSSL::PKey::EC.new('secp521r1')
|
50
|
-
@algorithm.public_key = OpenSSL::PKey::EC::Point.new(@algorithm.group, OpenSSL::BN.new(public_key_blob[:'Q'], 2))
|
51
|
-
@pem = @algorithm.to_pem
|
52
|
-
end
|
14
|
+
public_key_blob = Base64.decode64(splitted[1])
|
15
|
+
@publickey = Algorithm::Publickey[@algorithm_name].new public_key_blob
|
53
16
|
end
|
54
17
|
|
55
18
|
def algorithm_name
|
@@ -57,7 +20,7 @@ module HrrRbSsh
|
|
57
20
|
end
|
58
21
|
|
59
22
|
def to_pem
|
60
|
-
@
|
23
|
+
@publickey.to_pem
|
61
24
|
end
|
62
25
|
end
|
63
26
|
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
if RUBY_VERSION < "2.1"
|
5
|
+
require 'openssl'
|
6
|
+
|
7
|
+
class OpenSSL::BN
|
8
|
+
alias_method :__initialize__, :initialize
|
9
|
+
|
10
|
+
def initialize *args
|
11
|
+
args[0] = case args[0]
|
12
|
+
when OpenSSL::BN, Fixnum, Bignum
|
13
|
+
args[0].to_s
|
14
|
+
else
|
15
|
+
args[0]
|
16
|
+
end
|
17
|
+
__initialize__ *args
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
if RUBY_VERSION < "2.3"
|
5
|
+
require 'timeout'
|
6
|
+
|
7
|
+
class ClosedQueueError < StandardError
|
8
|
+
end
|
9
|
+
|
10
|
+
class Queue
|
11
|
+
alias_method :__enq__, :enq
|
12
|
+
alias_method :__deq__, :deq
|
13
|
+
|
14
|
+
def close
|
15
|
+
@closed = true
|
16
|
+
end
|
17
|
+
|
18
|
+
def closed?
|
19
|
+
@closed == true
|
20
|
+
end
|
21
|
+
|
22
|
+
def enq arg
|
23
|
+
raise ClosedQueueError if @closed == true
|
24
|
+
__enq__ arg
|
25
|
+
end
|
26
|
+
|
27
|
+
def deq
|
28
|
+
begin
|
29
|
+
Timeout.timeout(0.1) do
|
30
|
+
__deq__
|
31
|
+
end
|
32
|
+
rescue Timeout::Error
|
33
|
+
return nil if @closed == true
|
34
|
+
retry
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
data/lib/hrr_rb_ssh/compat.rb
CHANGED
@@ -1,67 +1,5 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
+
require 'hrr_rb_ssh/compat/ruby'
|
4
5
|
require 'hrr_rb_ssh/compat/openssh'
|
5
|
-
|
6
|
-
if RUBY_VERSION < "2.1"
|
7
|
-
class Array
|
8
|
-
def to_h
|
9
|
-
h = Hash.new
|
10
|
-
self.each do |k, v|
|
11
|
-
h[k] = v
|
12
|
-
end
|
13
|
-
h
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
require 'openssl'
|
18
|
-
class OpenSSL::BN
|
19
|
-
alias_method :__initialize__, :initialize
|
20
|
-
|
21
|
-
def initialize *args
|
22
|
-
args[0] = case args[0]
|
23
|
-
when OpenSSL::BN, Fixnum, Bignum
|
24
|
-
args[0].to_s
|
25
|
-
else
|
26
|
-
args[0]
|
27
|
-
end
|
28
|
-
__initialize__ *args
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
if RUBY_VERSION < "2.3"
|
34
|
-
class ClosedQueueError < StandardError
|
35
|
-
end
|
36
|
-
|
37
|
-
class Queue
|
38
|
-
require 'timeout'
|
39
|
-
|
40
|
-
alias_method :__enq__, :enq
|
41
|
-
alias_method :__deq__, :deq
|
42
|
-
|
43
|
-
def close
|
44
|
-
@closed = true
|
45
|
-
end
|
46
|
-
|
47
|
-
def closed?
|
48
|
-
@closed == true
|
49
|
-
end
|
50
|
-
|
51
|
-
def enq arg
|
52
|
-
raise ClosedQueueError if @closed == true
|
53
|
-
__enq__ arg
|
54
|
-
end
|
55
|
-
|
56
|
-
def deq
|
57
|
-
begin
|
58
|
-
Timeout.timeout(0.1) do
|
59
|
-
__deq__
|
60
|
-
end
|
61
|
-
rescue Timeout::Error
|
62
|
-
return nil if @closed == true
|
63
|
-
retry
|
64
|
-
end
|
65
|
-
end
|
66
|
-
end
|
67
|
-
end
|
@@ -11,7 +11,7 @@ module HrrRbSsh
|
|
11
11
|
NAME = 'direct-tcpip'
|
12
12
|
|
13
13
|
def initialize connection, channel, message, socket=nil
|
14
|
-
@logger =
|
14
|
+
@logger = Logger.new self.class.name
|
15
15
|
@connection = connection
|
16
16
|
@channel = channel
|
17
17
|
@host_to_connect = message[:'host to connect']
|
@@ -11,7 +11,7 @@ module HrrRbSsh
|
|
11
11
|
NAME = 'forwarded-tcpip'
|
12
12
|
|
13
13
|
def initialize connection, channel, message, socket
|
14
|
-
@logger =
|
14
|
+
@logger = Logger.new self.class.name
|
15
15
|
@connection = connection
|
16
16
|
@channel = channel
|
17
17
|
@socket = socket
|
@@ -14,7 +14,7 @@ module HrrRbSsh
|
|
14
14
|
NAME = 'env'
|
15
15
|
|
16
16
|
def self.run proc_chain, username, io, variables, message, options
|
17
|
-
logger =
|
17
|
+
logger = Logger.new self.class.name
|
18
18
|
|
19
19
|
context = Context.new proc_chain, username, io, variables, message
|
20
20
|
handler = options.fetch('connection_channel_request_env', RequestHandler.new {})
|
@@ -14,7 +14,7 @@ module HrrRbSsh
|
|
14
14
|
NAME = 'exec'
|
15
15
|
|
16
16
|
def self.run proc_chain, username, io, variables, message, options
|
17
|
-
logger =
|
17
|
+
logger = Logger.new self.class.name
|
18
18
|
|
19
19
|
context = Context.new proc_chain, username, io, variables, message
|
20
20
|
handler = options.fetch('connection_channel_request_exec', RequestHandler.new {})
|