RubyGems - hrr_rb_ssh - Versions diffs - 0.3.0.pre1 → 0.4.2 - Mend

hrr_rb_ssh 0.3.0.pre1 → 0.4.2

Files changed (139) hide show

data/demo/echo_server.rb CHANGED Viewed

@@ -12,8 +12,6 @@ def start_service io, logger=nil
     require 'hrr_rb_ssh'
   end
-  HrrRbSsh::Logger.initialize logger if logger
   auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
     true # accept any user and password
   }
@@ -39,12 +37,19 @@ def start_service io, logger=nil
   options['authentication_password_authenticator'] = auth_password
   options['connection_channel_request_shell']      = conn_echo
-  server = HrrRbSsh::Server.new options
+  server = HrrRbSsh::Server.new options, logger: logger
   server.start io
 end
+class MyLoggerFormatter < ::Logger::Formatter
+  def call severity, time, progname, msg
+    "%s, [%s#%d.%x] %5s -- %s: %s\n" % [severity[0..0], format_datetime(time), Process.pid, Thread.current.object_id, severity, progname, msg2str(msg)]
+  end
+end
 logger = Logger.new STDOUT
 logger.level = Logger::INFO
+logger.formatter = MyLoggerFormatter.new
 server = TCPServer.new 10022
 loop do

data/demo/more_flexible_auth.rb ADDED Viewed

@@ -0,0 +1,105 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'logger'
+require 'socket'
+def start_service io, logger=nil
+  require 'etc'
+  begin
+    require 'hrr_rb_ssh'
+  rescue LoadError
+    $:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+    require 'hrr_rb_ssh'
+  end
+  auth_none = HrrRbSsh::Authentication::Authenticator.new { |context|
+    context.authentication_methods.push 'publickey'
+    HrrRbSsh::Authentication::PARTIAL_SUCCESS
+  }
+  auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
+    users = ['user1', 'user2']
+    is_verified = users.any?{ |username|
+      passwd = Etc.getpwnam(username)
+      homedir = passwd.dir
+      authorized_keys = HrrRbSsh::Compat::OpenSSH::AuthorizedKeys.new(File.read(File.join(homedir, '.ssh', 'authorized_keys')))
+      authorized_keys.any?{ |public_key| context.verify username, public_key.algorithm_name, public_key.to_pem }
+    }
+    if is_verified
+      context.authentication_methods.push 'password'
+      HrrRbSsh::Authentication::PARTIAL_SUCCESS
+    else
+      HrrRbSsh::Authentication::FAILURE
+    end
+  }
+  auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
+    user_and_pass = [
+      ['user1',  'password1'],
+      ['user2',  'password2'],
+    ]
+    is_verified = user_and_pass.any? { |user, pass| context.verify user, pass }
+    if is_verified
+      HrrRbSsh::Authentication::SUCCESS # or HrrRbSsh::Authentication::PARTIAL_SUCCESS
+    else
+      HrrRbSsh::Authentication::FAILURE
+    end
+  }
+  auth_preferred_authentication_methods = ["none"]
+  options = {}
+  options['authentication_none_authenticator']      = auth_none
+  options['authentication_publickey_authenticator'] = auth_publickey
+  options['authentication_password_authenticator']  = auth_password
+  options['authentication_preferred_authentication_methods'] = auth_preferred_authentication_methods
+  options['connection_channel_request_pty_req']       = HrrRbSsh::Connection::RequestHandler::ReferencePtyReqRequestHandler.new
+  options['connection_channel_request_env']           = HrrRbSsh::Connection::RequestHandler::ReferenceEnvRequestHandler.new
+  options['connection_channel_request_shell']         = HrrRbSsh::Connection::RequestHandler::ReferenceShellRequestHandler.new
+  options['connection_channel_request_exec']          = HrrRbSsh::Connection::RequestHandler::ReferenceExecRequestHandler.new
+  options['connection_channel_request_window_change'] = HrrRbSsh::Connection::RequestHandler::ReferenceWindowChangeRequestHandler.new
+  server = HrrRbSsh::Server.new options, logger: logger
+  server.start io
+end
+class MyLoggerFormatter < ::Logger::Formatter
+  def call severity, time, progname, msg
+    "%s, [%s#%d.%x] %5s -- %s: %s\n" % [severity[0..0], format_datetime(time), Process.pid, Thread.current.object_id, severity, progname, msg2str(msg)]
+  end
+end
+logger = Logger.new STDOUT
+logger.level = Logger::INFO
+logger.formatter = MyLoggerFormatter.new
+server = TCPServer.new 10022
+loop do
+  Thread.new(server.accept) do |io|
+    begin
+      pid = fork do
+        begin
+          start_service io, logger
+        rescue => e
+          logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+          exit false
+        end
+      end
+      logger.info { "process #{pid} started" }
+      io.close rescue nil
+      pid, status = Process.waitpid2 pid
+    rescue => e
+      logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+    ensure
+      status ||= nil
+      logger.info { "process #{pid} finished with status #{status.inspect}" }
+    end
+  end
+end

data/demo/multi_step_auth.rb ADDED Viewed

@@ -0,0 +1,99 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'logger'
+require 'socket'
+def start_service io, logger=nil
+  require 'etc'
+  begin
+    require 'hrr_rb_ssh'
+  rescue LoadError
+    $:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+    require 'hrr_rb_ssh'
+  end
+  auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
+    users = ['user1', 'user2']
+    is_verified = users.any?{ |username|
+      passwd = Etc.getpwnam(username)
+      homedir = passwd.dir
+      authorized_keys = HrrRbSsh::Compat::OpenSSH::AuthorizedKeys.new(File.read(File.join(homedir, '.ssh', 'authorized_keys')))
+      authorized_keys.any?{ |public_key| context.verify username, public_key.algorithm_name, public_key.to_pem }
+    }
+    if is_verified
+      HrrRbSsh::Authentication::PARTIAL_SUCCESS
+    else
+      HrrRbSsh::Authentication::FAILURE
+    end
+  }
+  auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
+    user_and_pass = [
+      ['user1',  'password1'],
+      ['user2',  'password2'],
+    ]
+    is_verified = user_and_pass.any? { |user, pass| context.verify user, pass }
+    if is_verified
+      HrrRbSsh::Authentication::PARTIAL_SUCCESS
+    else
+      HrrRbSsh::Authentication::FAILURE
+    end
+  }
+  auth_preferred_authentication_methods = ["publickey", "password"]
+  options = {}
+  options['authentication_publickey_authenticator'] = auth_publickey
+  options['authentication_password_authenticator']  = auth_password
+  options['authentication_preferred_authentication_methods'] = auth_preferred_authentication_methods
+  options['connection_channel_request_pty_req']       = HrrRbSsh::Connection::RequestHandler::ReferencePtyReqRequestHandler.new
+  options['connection_channel_request_env']           = HrrRbSsh::Connection::RequestHandler::ReferenceEnvRequestHandler.new
+  options['connection_channel_request_shell']         = HrrRbSsh::Connection::RequestHandler::ReferenceShellRequestHandler.new
+  options['connection_channel_request_exec']          = HrrRbSsh::Connection::RequestHandler::ReferenceExecRequestHandler.new
+  options['connection_channel_request_window_change'] = HrrRbSsh::Connection::RequestHandler::ReferenceWindowChangeRequestHandler.new
+  server = HrrRbSsh::Server.new options, logger: logger
+  server.start io
+end
+class MyLoggerFormatter < ::Logger::Formatter
+  def call severity, time, progname, msg
+    "%s, [%s#%d.%x] %5s -- %s: %s\n" % [severity[0..0], format_datetime(time), Process.pid, Thread.current.object_id, severity, progname, msg2str(msg)]
+  end
+end
+logger = Logger.new STDOUT
+logger.level = Logger::INFO
+logger.formatter = MyLoggerFormatter.new
+server = TCPServer.new 10022
+loop do
+  Thread.new(server.accept) do |io|
+    begin
+      pid = fork do
+        begin
+          start_service io, logger
+        rescue => e
+          logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+          exit false
+        end
+      end
+      logger.info { "process #{pid} started" }
+      io.close rescue nil
+      pid, status = Process.waitpid2 pid
+    rescue => e
+      logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+    ensure
+      status ||= nil
+      logger.info { "process #{pid} finished with status #{status.inspect}" }
+    end
+  end
+end

data/demo/server.rb CHANGED Viewed

@@ -15,10 +15,8 @@ def start_service io, logger=nil
     require 'hrr_rb_ssh'
   end
-  HrrRbSsh::Logger.initialize logger if logger
   tran_preferred_encryption_algorithms      = %w(aes128-ctr aes192-ctr aes256-ctr aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour)
-  tran_preferred_server_host_key_algorithms = %w(ssh-ed25519 ecdsa-sha2-nistp521 ecdsa-sha2-nistp384 ecdsa-sha2-nistp256 ssh-rsa ssh-dss)
+  tran_preferred_server_host_key_algorithms = %w(ecdsa-sha2-nistp521 ecdsa-sha2-nistp384 ecdsa-sha2-nistp256 ssh-rsa ssh-dss)
   tran_preferred_kex_algorithms             = %w(ecdh-sha2-nistp521 ecdh-sha2-nistp384 ecdh-sha2-nistp256 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1)
   tran_preferred_mac_algorithms             = %w(hmac-sha2-512 hmac-sha2-256 hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96)
   tran_preferred_compression_algorithms     = %w(none zlib)
@@ -89,13 +87,21 @@ OfeosJOO9twerD7pPhmXREkygblPsEXaVA==
   options['connection_channel_request_exec']          = HrrRbSsh::Connection::RequestHandler::ReferenceExecRequestHandler.new
   options['connection_channel_request_window_change'] = HrrRbSsh::Connection::RequestHandler::ReferenceWindowChangeRequestHandler.new
-  server = HrrRbSsh::Server.new options
+  server = HrrRbSsh::Server.new options, logger: logger
   server.start io
 end
+class MyLoggerFormatter < ::Logger::Formatter
+  def call severity, time, progname, msg
+    "%s, [%s#%d.%x] %5s -- %s: %s\n" % [severity[0..0], format_datetime(time), Process.pid, Thread.current.object_id, severity, progname, msg2str(msg)]
+  end
+end
 logger = Logger.new STDOUT
 logger.level = Logger::INFO
+logger.formatter = MyLoggerFormatter.new
 server = TCPServer.new 10022
 loop do

data/demo/subsystem_echo_server.rb CHANGED Viewed

@@ -12,8 +12,6 @@ def start_service io, logger=nil
     require 'hrr_rb_ssh'
   end
-  HrrRbSsh::Logger.initialize logger if logger
   auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
     true # accept any user and password
   }
@@ -47,12 +45,19 @@ def start_service io, logger=nil
   options['authentication_password_authenticator'] = auth_password
   options['connection_channel_request_subsystem']  = conn_echo
-  server = HrrRbSsh::Server.new options
+  server = HrrRbSsh::Server.new options, logger: logger
   server.start io
 end
+class MyLoggerFormatter < ::Logger::Formatter
+  def call severity, time, progname, msg
+    "%s, [%s#%d.%x] %5s -- %s: %s\n" % [severity[0..0], format_datetime(time), Process.pid, Thread.current.object_id, severity, progname, msg2str(msg)]
+  end
+end
 logger = Logger.new STDOUT
 logger.level = Logger::INFO
+logger.formatter = MyLoggerFormatter.new
 server = TCPServer.new 10022
 while true

data/hrr_rb_ssh.gemspec CHANGED Viewed

@@ -1,3 +1,5 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
 lib = File.expand_path("../lib", __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
@@ -7,8 +9,8 @@ Gem::Specification.new do |spec|
   spec.name          = "hrr_rb_ssh"
   spec.version       = HrrRbSsh::VERSION
   spec.license       = 'Apache-2.0'
-  spec.summary       = %q{Pure Ruby SSH 2.0 server implementation}
-  spec.description   = %q{Pure Ruby SSH 2.0 server implementation}
+  spec.summary       = %q{Pure Ruby SSH 2.0 server and client implementation}
+  spec.description   = %q{Pure Ruby SSH 2.0 server and client implementation}
   spec.authors       = ["hirura"]
   spec.email         = ["hirura@gmail.com"]
   spec.homepage      = "https://github.com/hirura/hrr_rb_ssh"
@@ -20,9 +22,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.0.0'
-  spec.add_dependency "ed25519", "~> 1.2"
-  spec.add_development_dependency "bundler", "~> 1.16"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rake", "~> 12.0"
   spec.add_development_dependency "rspec", "~> 3.0"
-  spec.add_development_dependency "codeclimate-test-reporter", "~> 1.0.8"
+  spec.add_development_dependency "simplecov", "~> 0.16"
 end

data/lib/hrr_rb_ssh.rb CHANGED Viewed

@@ -9,7 +9,6 @@ end
 require "hrr_rb_ssh/version"
 require "hrr_rb_ssh/compat"
-require "hrr_rb_ssh/logger"
 require "hrr_rb_ssh/mode"
 require "hrr_rb_ssh/algorithm"
 require "hrr_rb_ssh/error"
@@ -17,3 +16,4 @@ require "hrr_rb_ssh/transport"
 require "hrr_rb_ssh/authentication"
 require "hrr_rb_ssh/connection"
 require "hrr_rb_ssh/server"
+require "hrr_rb_ssh/client"

data/lib/hrr_rb_ssh/algorithm/publickey.rb CHANGED Viewed

@@ -19,4 +19,3 @@ require 'hrr_rb_ssh/algorithm/publickey/ssh_rsa'
 require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp256'
 require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp384'
 require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp521'
-require 'hrr_rb_ssh/algorithm/publickey/ssh_ed25519'

data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb CHANGED Viewed

@@ -1,14 +1,17 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
-require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/loggable'
 require 'hrr_rb_ssh/data_type'
 module HrrRbSsh
   module Algorithm
     class Publickey
       module EcdsaSha2
-        def initialize arg
+        include Loggable
+        def initialize arg, logger: nil
+          self.logger = logger
           begin
             new_by_key_str arg
           rescue OpenSSL::PKey::ECError
@@ -21,7 +24,7 @@ module HrrRbSsh
         end
         def new_by_public_key_blob public_key_blob
-          public_key_blob_h = PublicKeyBlob.decode(public_key_blob)
+          public_key_blob_h = PublicKeyBlob.new(logger: logger).decode public_key_blob
           @publickey = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
           @publickey.public_key = OpenSSL::PKey::EC::Point.new(@publickey.group, OpenSSL::BN.new(public_key_blob_h[:'Q'], 2))
         end
@@ -36,20 +39,20 @@ module HrrRbSsh
             :'identifier'                => self.class::IDENTIFIER,
             :'Q'                         => @publickey.public_key.to_bn.to_s(2)
           }
-          PublicKeyBlob.encode(public_key_blob_h)
+          PublicKeyBlob.new(logger: logger).encode public_key_blob_h
         end
         def ecdsa_signature_blob signature_blob
           hash = OpenSSL::Digest.digest(self.class::DIGEST, signature_blob)
           sign_der = @publickey.dsa_sign_asn1(hash)
-          sign_asn1 = OpenSSL::ASN1.decode(sign_der)
+          sign_asn1 = OpenSSL::ASN1.decode sign_der
           r = sign_asn1.value[0].value.to_i
           s = sign_asn1.value[1].value.to_i
           ecdsa_signature_blob_h = {
             :'r' => r,
             :'s' => s,
           }
-          EcdsaSignatureBlob.encode ecdsa_signature_blob_h
+          EcdsaSignatureBlob.new(logger: logger).encode ecdsa_signature_blob_h
         end
         def sign signature_blob
@@ -57,12 +60,12 @@ module HrrRbSsh
             :'public key algorithm name' => self.class::NAME,
             :'ecdsa signature blob'      => ecdsa_signature_blob(signature_blob),
           }
-          Signature.encode signature_h
+          Signature.new(logger: logger).encode signature_h
         end
         def verify signature, signature_blob
-          signature_h = Signature.decode signature
-          ecdsa_signature_blob_h = EcdsaSignatureBlob.decode signature_h[:'ecdsa signature blob']
+          signature_h = Signature.new(logger: logger).decode signature
+          ecdsa_signature_blob_h = EcdsaSignatureBlob.new(logger: logger).decode signature_h[:'ecdsa signature blob']
           r = ecdsa_signature_blob_h[:'r']
           s = ecdsa_signature_blob_h[:'s']
           sign_asn1 = OpenSSL::ASN1::Sequence.new(

data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2/ecdsa_signature_blob.rb CHANGED Viewed

@@ -8,10 +8,8 @@ module HrrRbSsh
   module Algorithm
     class Publickey
       module EcdsaSha2
-        module EcdsaSignatureBlob
-          class << self
-            include Codable
-          end
+        class EcdsaSignatureBlob
+          include Codable
           DEFINITION = [
             [DataType::Mpint, :'r'],
             [DataType::Mpint, :'s'],

data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2/public_key_blob.rb CHANGED Viewed

@@ -8,10 +8,8 @@ module HrrRbSsh
   module Algorithm
     class Publickey
       module EcdsaSha2
-        module PublicKeyBlob
-          class << self
-            include Codable
-          end
+        class PublicKeyBlob
+          include Codable
           DEFINITION = [
             [DataType::String, :'public key algorithm name'],
             [DataType::String, :'identifier'],