RubyGems - hrr_rb_ssh - Versions diffs - 0.3.0.pre1 → 0.4.2 - Mend

hrr_rb_ssh 0.3.0.pre1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (139) hide show

data/demo/echo_server.rb CHANGED Viewed

@@ -12,8 +12,6 @@ def start_service io, logger=nil
     require 'hrr_rb_ssh'
   end
-  HrrRbSsh::Logger.initialize logger if logger
   auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
     true # accept any user and password
   }
@@ -39,12 +37,19 @@ def start_service io, logger=nil
   options['authentication_password_authenticator'] = auth_password
   options['connection_channel_request_shell']      = conn_echo
-  server = HrrRbSsh::Server.new options
+  server = HrrRbSsh::Server.new options, logger: logger
   server.start io
 end
+class MyLoggerFormatter < ::Logger::Formatter
+  def call severity, time, progname, msg
+    "%s, [%s#%d.%x] %5s -- %s: %s\n" % [severity[0..0], format_datetime(time), Process.pid, Thread.current.object_id, severity, progname, msg2str(msg)]
+  end
+end
 logger = Logger.new STDOUT
 logger.level = Logger::INFO
+logger.formatter = MyLoggerFormatter.new
 server = TCPServer.new 10022
 loop do

data/demo/more_flexible_auth.rb ADDED Viewed

@@ -0,0 +1,105 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'logger'
+require 'socket'
+def start_service io, logger=nil
+  require 'etc'
+  begin
+    require 'hrr_rb_ssh'
+  rescue LoadError
+    $:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+    require 'hrr_rb_ssh'
+  end
+  auth_none = HrrRbSsh::Authentication::Authenticator.new { |context|
+    context.authentication_methods.push 'publickey'
+    HrrRbSsh::Authentication::PARTIAL_SUCCESS
+  }
+  auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
+    users = ['user1', 'user2']
+    is_verified = users.any?{ |username|
+      passwd = Etc.getpwnam(username)
+      homedir = passwd.dir
+      authorized_keys = HrrRbSsh::Compat::OpenSSH::AuthorizedKeys.new(File.read(File.join(homedir, '.ssh', 'authorized_keys')))
+      authorized_keys.any?{ |public_key| context.verify username, public_key.algorithm_name, public_key.to_pem }
+    }
+    if is_verified
+      context.authentication_methods.push 'password'
+      HrrRbSsh::Authentication::PARTIAL_SUCCESS
+    else
+      HrrRbSsh::Authentication::FAILURE
+    end
+  }
+  auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
+    user_and_pass = [
+      ['user1',  'password1'],
+      ['user2',  'password2'],
+    ]
+    is_verified = user_and_pass.any? { |user, pass| context.verify user, pass }
+    if is_verified
+      HrrRbSsh::Authentication::SUCCESS # or HrrRbSsh::Authentication::PARTIAL_SUCCESS
+    else
+      HrrRbSsh::Authentication::FAILURE
+    end
+  }
+  auth_preferred_authentication_methods = ["none"]
+  options = {}
+  options['authentication_none_authenticator']      = auth_none
+  options['authentication_publickey_authenticator'] = auth_publickey
+  options['authentication_password_authenticator']  = auth_password
+  options['authentication_preferred_authentication_methods'] = auth_preferred_authentication_methods
+  options['connection_channel_request_pty_req']       = HrrRbSsh::Connection::RequestHandler::ReferencePtyReqRequestHandler.new
+  options['connection_channel_request_env']           = HrrRbSsh::Connection::RequestHandler::ReferenceEnvRequestHandler.new
+  options['connection_channel_request_shell']         = HrrRbSsh::Connection::RequestHandler::ReferenceShellRequestHandler.new
+  options['connection_channel_request_exec']          = HrrRbSsh::Connection::RequestHandler::ReferenceExecRequestHandler.new
+  options['connection_channel_request_window_change'] = HrrRbSsh::Connection::RequestHandler::ReferenceWindowChangeRequestHandler.new
+  server = HrrRbSsh::Server.new options, logger: logger
+  server.start io
+end
+class MyLoggerFormatter < ::Logger::Formatter
+  def call severity, time, progname, msg
+    "%s, [%s#%d.%x] %5s -- %s: %s\n" % [severity[0..0], format_datetime(time), Process.pid, Thread.current.object_id, severity, progname, msg2str(msg)]
+  end
+end
+logger = Logger.new STDOUT
+logger.level = Logger::INFO
+logger.formatter = MyLoggerFormatter.new
+server = TCPServer.new 10022
+loop do
+  Thread.new(server.accept) do |io|
+    begin
+      pid = fork do
+        begin
+          start_service io, logger
+        rescue => e
+          logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+          exit false
+        end
+      end
+      logger.info { "process #{pid} started" }
+      io.close rescue nil
+      pid, status = Process.waitpid2 pid
+    rescue => e
+      logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+    ensure
+      status ||= nil
+      logger.info { "process #{pid} finished with status #{status.inspect}" }
+    end
+  end
+end

data/demo/multi_step_auth.rb ADDED Viewed

@@ -0,0 +1,99 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'logger'
+require 'socket'
+def start_service io, logger=nil
+  require 'etc'
+  begin
+    require 'hrr_rb_ssh'
+  rescue LoadError
+    $:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+    require 'hrr_rb_ssh'
+  end
+  auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
+    users = ['user1', 'user2']
+    is_verified = users.any?{ |username|
+      passwd = Etc.getpwnam(username)
+      homedir = passwd.dir
+      authorized_keys = HrrRbSsh::Compat::OpenSSH::AuthorizedKeys.new(File.read(File.join(homedir, '.ssh', 'authorized_keys')))
+      authorized_keys.any?{ |public_key| context.verify username, public_key.algorithm_name, public_key.to_pem }
+    }
+    if is_verified
+      HrrRbSsh::Authentication::PARTIAL_SUCCESS
+    else
+      HrrRbSsh::Authentication::FAILURE
+    end
+  }
+  auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
+    user_and_pass = [
+      ['user1',  'password1'],
+      ['user2',  'password2'],
+    ]
+    is_verified = user_and_pass.any? { |user, pass| context.verify user, pass }
+    if is_verified
+      HrrRbSsh::Authentication::PARTIAL_SUCCESS
+    else
+      HrrRbSsh::Authentication::FAILURE
+    end
+  }
+  auth_preferred_authentication_methods = ["publickey", "password"]
+  options = {}
+  options['authentication_publickey_authenticator'] = auth_publickey
+  options['authentication_password_authenticator']  = auth_password
+  options['authentication_preferred_authentication_methods'] = auth_preferred_authentication_methods
+  options['connection_channel_request_pty_req']       = HrrRbSsh::Connection::RequestHandler::ReferencePtyReqRequestHandler.new
+  options['connection_channel_request_env']           = HrrRbSsh::Connection::RequestHandler::ReferenceEnvRequestHandler.new
+  options['connection_channel_request_shell']         = HrrRbSsh::Connection::RequestHandler::ReferenceShellRequestHandler.new
+  options['connection_channel_request_exec']          = HrrRbSsh::Connection::RequestHandler::ReferenceExecRequestHandler.new
+  options['connection_channel_request_window_change'] = HrrRbSsh::Connection::RequestHandler::ReferenceWindowChangeRequestHandler.new
+  server = HrrRbSsh::Server.new options, logger: logger
+  server.start io
+end
+class MyLoggerFormatter < ::Logger::Formatter
+  def call severity, time, progname, msg
+    "%s, [%s#%d.%x] %5s -- %s: %s\n" % [severity[0..0], format_datetime(time), Process.pid, Thread.current.object_id, severity, progname, msg2str(msg)]
+  end
+end
+logger = Logger.new STDOUT
+logger.level = Logger::INFO
+logger.formatter = MyLoggerFormatter.new
+server = TCPServer.new 10022
+loop do
+  Thread.new(server.accept) do |io|
+    begin
+      pid = fork do
+        begin
+          start_service io, logger
+        rescue => e
+          logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+          exit false
+        end
+      end
+      logger.info { "process #{pid} started" }
+      io.close rescue nil
+      pid, status = Process.waitpid2 pid
+    rescue => e
+      logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+    ensure
+      status ||= nil
+      logger.info { "process #{pid} finished with status #{status.inspect}" }
+    end
+  end
+end

data/demo/server.rb CHANGED Viewed

@@ -15,10 +15,8 @@ def start_service io, logger=nil
     require 'hrr_rb_ssh'
   end
-  HrrRbSsh::Logger.initialize logger if logger
   tran_preferred_encryption_algorithms      = %w(aes128-ctr aes192-ctr aes256-ctr aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour)
-  tran_preferred_server_host_key_algorithms = %w(ssh-ed25519 ecdsa-sha2-nistp521 ecdsa-sha2-nistp384 ecdsa-sha2-nistp256 ssh-rsa ssh-dss)
+  tran_preferred_server_host_key_algorithms = %w(ecdsa-sha2-nistp521 ecdsa-sha2-nistp384 ecdsa-sha2-nistp256 ssh-rsa ssh-dss)
   tran_preferred_kex_algorithms             = %w(ecdh-sha2-nistp521 ecdh-sha2-nistp384 ecdh-sha2-nistp256 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1)
   tran_preferred_mac_algorithms             = %w(hmac-sha2-512 hmac-sha2-256 hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96)
   tran_preferred_compression_algorithms     = %w(none zlib)
@@ -89,13 +87,21 @@ OfeosJOO9twerD7pPhmXREkygblPsEXaVA==
   options['connection_channel_request_exec']          = HrrRbSsh::Connection::RequestHandler::ReferenceExecRequestHandler.new
   options['connection_channel_request_window_change'] = HrrRbSsh::Connection::RequestHandler::ReferenceWindowChangeRequestHandler.new
-  server = HrrRbSsh::Server.new options
+  server = HrrRbSsh::Server.new options, logger: logger
   server.start io
 end
+class MyLoggerFormatter < ::Logger::Formatter
+  def call severity, time, progname, msg
+    "%s, [%s#%d.%x] %5s -- %s: %s\n" % [severity[0..0], format_datetime(time), Process.pid, Thread.current.object_id, severity, progname, msg2str(msg)]
+  end
+end
 logger = Logger.new STDOUT
 logger.level = Logger::INFO
+logger.formatter = MyLoggerFormatter.new
 server = TCPServer.new 10022
 loop do

data/demo/subsystem_echo_server.rb CHANGED Viewed

@@ -12,8 +12,6 @@ def start_service io, logger=nil
     require 'hrr_rb_ssh'
   end
-  HrrRbSsh::Logger.initialize logger if logger
   auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
     true # accept any user and password
   }
@@ -47,12 +45,19 @@ def start_service io, logger=nil
   options['authentication_password_authenticator'] = auth_password
   options['connection_channel_request_subsystem']  = conn_echo
-  server = HrrRbSsh::Server.new options
+  server = HrrRbSsh::Server.new options, logger: logger
   server.start io
 end
+class MyLoggerFormatter < ::Logger::Formatter
+  def call severity, time, progname, msg
+    "%s, [%s#%d.%x] %5s -- %s: %s\n" % [severity[0..0], format_datetime(time), Process.pid, Thread.current.object_id, severity, progname, msg2str(msg)]
+  end
+end
 logger = Logger.new STDOUT
 logger.level = Logger::INFO
+logger.formatter = MyLoggerFormatter.new
 server = TCPServer.new 10022
 while true

data/hrr_rb_ssh.gemspec CHANGED Viewed

@@ -1,3 +1,5 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
 lib = File.expand_path("../lib", __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
@@ -7,8 +9,8 @@ Gem::Specification.new do |spec|
   spec.name          = "hrr_rb_ssh"
   spec.version       = HrrRbSsh::VERSION
   spec.license       = 'Apache-2.0'
-  spec.summary       = %q{Pure Ruby SSH 2.0 server implementation}
-  spec.description   = %q{Pure Ruby SSH 2.0 server implementation}
+  spec.summary       = %q{Pure Ruby SSH 2.0 server and client implementation}
+  spec.description   = %q{Pure Ruby SSH 2.0 server and client implementation}
   spec.authors       = ["hirura"]
   spec.email         = ["hirura@gmail.com"]
   spec.homepage      = "https://github.com/hirura/hrr_rb_ssh"
@@ -20,9 +22,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.0.0'
-  spec.add_dependency "ed25519", "~> 1.2"
-  spec.add_development_dependency "bundler", "~> 1.16"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rake", "~> 12.0"
   spec.add_development_dependency "rspec", "~> 3.0"
-  spec.add_development_dependency "codeclimate-test-reporter", "~> 1.0.8"
+  spec.add_development_dependency "simplecov", "~> 0.16"
 end

data/lib/hrr_rb_ssh.rb CHANGED Viewed

@@ -9,7 +9,6 @@ end
 require "hrr_rb_ssh/version"
 require "hrr_rb_ssh/compat"
-require "hrr_rb_ssh/logger"
 require "hrr_rb_ssh/mode"
 require "hrr_rb_ssh/algorithm"
 require "hrr_rb_ssh/error"
@@ -17,3 +16,4 @@ require "hrr_rb_ssh/transport"
 require "hrr_rb_ssh/authentication"
 require "hrr_rb_ssh/connection"
 require "hrr_rb_ssh/server"
+require "hrr_rb_ssh/client"

data/lib/hrr_rb_ssh/algorithm/publickey.rb CHANGED Viewed

@@ -19,4 +19,3 @@ require 'hrr_rb_ssh/algorithm/publickey/ssh_rsa'
 require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp256'
 require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp384'
 require 'hrr_rb_ssh/algorithm/publickey/ecdsa_sha2_nistp521'
-require 'hrr_rb_ssh/algorithm/publickey/ssh_ed25519'

data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb CHANGED Viewed

@@ -1,14 +1,17 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
-require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/loggable'
 require 'hrr_rb_ssh/data_type'
 module HrrRbSsh
   module Algorithm
     class Publickey
       module EcdsaSha2
-        def initialize arg
+        include Loggable
+        def initialize arg, logger: nil
+          self.logger = logger
           begin
             new_by_key_str arg
           rescue OpenSSL::PKey::ECError
@@ -21,7 +24,7 @@ module HrrRbSsh
         end
         def new_by_public_key_blob public_key_blob
-          public_key_blob_h = PublicKeyBlob.decode(public_key_blob)
+          public_key_blob_h = PublicKeyBlob.new(logger: logger).decode public_key_blob
           @publickey = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
           @publickey.public_key = OpenSSL::PKey::EC::Point.new(@publickey.group, OpenSSL::BN.new(public_key_blob_h[:'Q'], 2))
         end
@@ -36,20 +39,20 @@ module HrrRbSsh
             :'identifier'                => self.class::IDENTIFIER,
             :'Q'                         => @publickey.public_key.to_bn.to_s(2)
           }
-          PublicKeyBlob.encode(public_key_blob_h)
+          PublicKeyBlob.new(logger: logger).encode public_key_blob_h
         end
         def ecdsa_signature_blob signature_blob
           hash = OpenSSL::Digest.digest(self.class::DIGEST, signature_blob)
           sign_der = @publickey.dsa_sign_asn1(hash)
-          sign_asn1 = OpenSSL::ASN1.decode(sign_der)
+          sign_asn1 = OpenSSL::ASN1.decode sign_der
           r = sign_asn1.value[0].value.to_i
           s = sign_asn1.value[1].value.to_i
           ecdsa_signature_blob_h = {
             :'r' => r,
             :'s' => s,
           }
-          EcdsaSignatureBlob.encode ecdsa_signature_blob_h
+          EcdsaSignatureBlob.new(logger: logger).encode ecdsa_signature_blob_h
         end
         def sign signature_blob
@@ -57,12 +60,12 @@ module HrrRbSsh
             :'public key algorithm name' => self.class::NAME,
             :'ecdsa signature blob'      => ecdsa_signature_blob(signature_blob),
           }
-          Signature.encode signature_h
+          Signature.new(logger: logger).encode signature_h
         end
         def verify signature, signature_blob
-          signature_h = Signature.decode signature
-          ecdsa_signature_blob_h = EcdsaSignatureBlob.decode signature_h[:'ecdsa signature blob']
+          signature_h = Signature.new(logger: logger).decode signature
+          ecdsa_signature_blob_h = EcdsaSignatureBlob.new(logger: logger).decode signature_h[:'ecdsa signature blob']
           r = ecdsa_signature_blob_h[:'r']
           s = ecdsa_signature_blob_h[:'s']
           sign_asn1 = OpenSSL::ASN1::Sequence.new(

data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2/ecdsa_signature_blob.rb CHANGED Viewed

@@ -8,10 +8,8 @@ module HrrRbSsh
   module Algorithm
     class Publickey
       module EcdsaSha2
-        module EcdsaSignatureBlob
-          class << self
-            include Codable
-          end
+        class EcdsaSignatureBlob
+          include Codable
           DEFINITION = [
             [DataType::Mpint, :'r'],
             [DataType::Mpint, :'s'],

data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2/public_key_blob.rb CHANGED Viewed

@@ -8,10 +8,8 @@ module HrrRbSsh
   module Algorithm
     class Publickey
       module EcdsaSha2
-        module PublicKeyBlob
-          class << self
-            include Codable
-          end
+        class PublicKeyBlob
+          include Codable
           DEFINITION = [
             [DataType::String, :'public key algorithm name'],
             [DataType::String, :'identifier'],