RubyGems - hrr_rb_ssh - Versions diffs - 0.1.1 → 0.1.2 - Mend

hrr_rb_ssh 0.1.1 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (86) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: af60a04fe1efba55f720ee23fd252e624d3c2ba955f36462e5ef766f6ad8acaa
-  data.tar.gz: 5be5463dbc89b27652abd85ad6e4ef5d87f0639f8a32df370b0677d20dcbb39b
+  metadata.gz: a15e10f1895dfd1a8e0159fc18355de0128cc033bbe5f5ee49e483e2de7bc1e3
+  data.tar.gz: 6e1cb80d55521f431dff77735cb843c37fdc440640ffd9ae958119fdd9eb96d3
 SHA512:
-  metadata.gz: 500b7e3562f9d413c9698cc167e51e3c2635b4658a6667ddfbf0d717aec68711aa81f51df85b203d7a26e42f62b9d5bc4e11a2c86b2f81594f5458b6b64f5790
-  data.tar.gz: cc7bcc38e495f362dec7bbfe7fdae03c743945e1093b09ae1122f0cd27a43c4ba274935cd390120b6a845307d3340d033e04ab94722cd79a66985687ae5f0b28
+  metadata.gz: b63d6c8658d97b862f81e9beed336d04768894fffe1339c86cd2f8f9c22310f5f1d1be1f7abc381a0a0a5bbb18fd9a343959355aa77d849c321041de954d3749
+  data.tar.gz: db9de741c096e3024231760c25e3d0ed04fee0a7d3083f1ad71b1deecbe389c401576f37c31714052408bca4c6431861e40f7ccafc04be8b4277c096147ef32f

data/README.md CHANGED Viewed

@@ -5,7 +5,7 @@
 [![Test Coverage](https://api.codeclimate.com/v1/badges/f5dfdb97d72f24ca5939/test_coverage)](https://codeclimate.com/github/hirura/hrr_rb_ssh/test_coverage)
 [![Gem Version](https://badge.fury.io/rb/hrr_rb_ssh.svg)](https://badge.fury.io/rb/hrr_rb_ssh)
-hrr_rb_ssh is a pure Ruby SSH2 server implementation.
+hrr_rb_ssh is a pure Ruby SSH 2.0 server implementation.
 ## Installation

data/demo/server.rb CHANGED Viewed

@@ -23,8 +23,23 @@ auth_none = HrrRbSsh::Authentication::Authenticator.new { |context|
 }
 auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
   username = 'user1'
-  public_key_algorithm_name = 'ssh-rsa'
-  public_key = <<-'EOB'
+  dss_public_key_algorithm_name = 'ssh-dss'
+  dss_public_key = <<-'EOB'
+-----BEGIN PUBLIC KEY-----
+  MIIBtzCCASwGByqGSM44BAEwggEfAoGBAKh2ZJp4ao8Xaexa0sk68VqMCaOaTi19
+YIqo2+t2t8ve4QSHvk/NbFIDTGq90lHziakTqwKaaswWLB7cSRPTcXjLv16Zmazg
+JRvh1jZ3ikuBME2G/B+EptlQ00dMa+5W/Acp2P6Cv5NRgA/tx0AyCJaItSpLXG+k
+B+HMp9LQ8WotAhUAk/yyvpsY9sVSyeN3lHvg5Nsl568CgYEAj4rqF241ROP2olNh
+VJUF0K5N4dSBCfcPnSPYuGPCi7qV229RISET3LOwrCXEUwSwlKoe/lLb2mcaeC84
+NIeN6pQnRTE6zajJ9UUeGErOFRm1x6E+FMtlVp/fwUE1Ra+AscHVKwMUehz7sA6A
+ZxJK7UvLs+R6s1eYhrES0bcorLIDgYQAAoGAd6XKzevlwzt6aCYdBRdN+BT4BQUw
+/L3MVYG0kDV9WqPcyAFvLO54xAUf9LxYM0e8X8J5ECp4oEGOcK1ilXEw3LPMJGmY
+IB56R9izS1t636kxnJTYNGQY+XvjAeuP7nC2WVNHNz7vXprT4Sq+hQaNkaKPu/3/
+48xJs2mYbxfyHCQ=
+-----END PUBLIC KEY-----
+  EOB
+  rsa_public_key_algorithm_name = 'ssh-rsa'
+  rsa_public_key = <<-'EOB'
 -----BEGIN PUBLIC KEY-----
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OnIQcRTdeTZFjhGcx8f
 ssCgeqzY47p5KhT/gKMz2nOANNLCBr9e6IGaRePew03St3Cn0ApikuGzPnWxSlBT
@@ -35,7 +50,12 @@ wqbQt4paM0aEuypWE+CaizA0I+El7f0y+59sUqTAN/7F9UlXaOBdd9SZkhACBrAR
 nQIDAQAB
 -----END PUBLIC KEY-----
   EOB
-  context.verify username, public_key_algorithm_name, public_key
+  [
+    [dss_public_key_algorithm_name, dss_public_key],
+    [rsa_public_key_algorithm_name, rsa_public_key],
+  ].any? { |public_key_algorithm_name, public_key|
+    context.verify username, public_key_algorithm_name, public_key
+  }
 }
 auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
   user_and_pass = [

data/hrr_rb_ssh.gemspec CHANGED Viewed

@@ -7,8 +7,8 @@ Gem::Specification.new do |spec|
   spec.name          = "hrr_rb_ssh"
   spec.version       = HrrRbSsh::VERSION
   spec.license       = 'Apache-2.0'
-  spec.summary       = %q{Pure Ruby SSH2 server implementation}
-  spec.description   = %q{Pure Ruby SSH2 server implementation}
+  spec.summary       = %q{Pure Ruby SSH 2.0 server implementation}
+  spec.description   = %q{Pure Ruby SSH 2.0 server implementation}
   spec.authors       = ["hirura"]
   spec.email         = ["hirura@gmail.com"]
   spec.homepage      = "https://github.com/hirura/hrr_rb_ssh"

data/lib/hrr_rb_ssh/authentication/method/method.rb ADDED Viewed

@@ -0,0 +1,34 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/logger'
+module HrrRbSsh
+  class Authentication
+    module Method
+      class Method
+        @@list = Array.new
+        def self.inherited klass
+          @@list.push klass
+        end
+        def self.list
+          @@list
+        end
+        def self.name_list
+          @@list.map{ |klass| klass::NAME }
+        end
+        def self.[] key
+          @@list.find{ |klass| key == klass::NAME }
+        end
+        def initialize options
+          @logger = HrrRbSsh::Logger.new self.class.name
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/none.rb CHANGED Viewed

@@ -1,19 +1,16 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
-require 'hrr_rb_ssh/logger'
-require 'hrr_rb_ssh/authentication/method/none/context'
+require 'hrr_rb_ssh/authentication/method/method'
 module HrrRbSsh
   class Authentication
     module Method
-      name_list = [
-        'none'
-      ]
+      class None < Method
+        NAME = 'none'
-      class None
         def initialize options
-          @logger = HrrRbSsh::Logger.new self.class.name
+          super
           @authenticator = options.fetch( 'authentication_none_authenticator', Authenticator.new { false } )
         end
@@ -25,14 +22,8 @@ module HrrRbSsh
           @authenticator.authenticate context
         end
       end
-      @@list ||= Hash.new
-      name_list.each do |name|
-        @@list[name] = None
-      end
     end
   end
 end
+require 'hrr_rb_ssh/authentication/method/none/context'

data/lib/hrr_rb_ssh/authentication/method/password.rb CHANGED Viewed

@@ -1,19 +1,16 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
-require 'hrr_rb_ssh/logger'
-require 'hrr_rb_ssh/authentication/method/password/context'
+require 'hrr_rb_ssh/authentication/method/method'
 module HrrRbSsh
   class Authentication
     module Method
-      name_list = [
-        'password'
-      ]
+      class Password < Method
+        NAME = 'password'
-      class Password
         def initialize options
-          @logger = HrrRbSsh::Logger.new self.class.name
+          super
           @authenticator = options.fetch( 'authentication_password_authenticator', Authenticator.new { false } )
         end
@@ -27,11 +24,8 @@ module HrrRbSsh
           @authenticator.authenticate context
         end
       end
-      @@list ||= Hash.new
-      name_list.each do |name|
-        @@list[name] = Password
-      end
     end
   end
 end
+require 'hrr_rb_ssh/authentication/method/password/context'

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/algorithm.rb ADDED Viewed

@@ -0,0 +1,41 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/codable'
+module HrrRbSsh
+  class Authentication
+    module Method
+      class Publickey
+        module Algorithm
+          class Algorithm
+            @@list = Array.new
+            def self.inherited klass
+              @@list.push klass
+            end
+            def self.list
+              @@list
+            end
+            def self.name_list
+              @@list.map{ |klass| klass::NAME }
+            end
+            def self.[] key
+              @@list.find{ |klass| key == klass::NAME }
+            end
+            def initialize
+              @logger = HrrRbSsh::Logger.new self.class.name
+            end
+            include Codable
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/codable.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/transport/data_type'
+module HrrRbSsh
+  class Authentication
+    module Method
+      class Publickey
+        module Algorithm
+          module Codable
+            def encode definition, payload
+              definition.map{ |data_type, field_name|
+                field_value = if payload[field_name].instance_of? ::Proc then payload[field_name].call else payload[field_name] end
+                HrrRbSsh::Transport::DataType[data_type].encode(field_value)
+              }.join
+            end
+            def decode definition, payload
+              payload_io = StringIO.new payload, 'r'
+              definition.map{ |data_type, field_name|
+                [
+                  field_name,
+                  HrrRbSsh::Transport::DataType[data_type].decode(payload_io)
+                ]
+              }.to_h
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb ADDED Viewed

@@ -0,0 +1,105 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+module HrrRbSsh
+  class Authentication
+    module Method
+      class Publickey
+        module Algorithm
+          class SshDss < Algorithm
+            NAME   = 'ssh-dss'
+            DIGEST = 'sha1'
+            PUBLIC_KEY_BLOB_DEFINITION = [
+              ['string', 'public key algorithm name'],
+              ['mpint',  'p'],
+              ['mpint',  'q'],
+              ['mpint',  'g'],
+              ['mpint',  'y'],
+            ]
+            SIGNATURE_DEFINITION = [
+              ['string', 'public key algorithm name'],
+              ['string', 'signature blob'],
+            ]
+            SIGNATURE_BLOB_DEFINITION = [
+              ['string',  'session identifier'],
+              ['byte',    'message number'],
+              ['string',  'user name'],
+              ['string',  'service name'],
+              ['string',  'method name'],
+              ['boolean', 'with signature'],
+              ['string',  'public key algorithm name'],
+              ['string',  'public key blob'],
+            ]
+            def verify_public_key public_key_algorithm_name, public_key, public_key_blob
+              public_key = case public_key
+                           when String
+                             OpenSSL::PKey::DSA.new(public_key)
+                           when OpenSSL::PKey::DSA
+                             public_key
+                           else
+                             return false
+                           end
+              public_key_message = {
+                'public key algorithm name' => public_key_algorithm_name,
+                'p'                         => public_key.p.to_i,
+                'g'                         => public_key.g.to_i,
+                'q'                         => public_key.q.to_i,
+                'y'                         => public_key.pub_key.to_i,
+              }
+              public_key_blob == encode(PUBLIC_KEY_BLOB_DEFINITION, public_key_message)
+            end
+            def verify_signature session_id, message
+              signature_message   = decode SIGNATURE_DEFINITION, message['signature']
+              signature_algorithm = signature_message['public key algorithm name']
+              signature_blob      = signature_message['signature blob']
+              public_key = decode PUBLIC_KEY_BLOB_DEFINITION, message['public key blob']
+              algorithm = OpenSSL::PKey::DSA.new
+              if algorithm.respond_to?(:set_pqg)
+                algorithm.set_pqg public_key['p'], public_key['q'], public_key['g']
+              else
+                algorithm.p = public_key['p']
+                algorithm.q = public_key['q']
+                algorithm.g = public_key['g']
+              end
+              if algorithm.respond_to?(:set_key)
+                algorithm.set_key public_key['y'], nil
+              else
+                algorithm.pub_key = public_key['y']
+              end
+              data_message = {
+                'session identifier'        => session_id,
+                'message number'            => message['message number'],
+                'user name'                 => message['user name'],
+                'service name'              => message['service name'],
+                'method name'               => message['method name'],
+                'with signature'            => message['with signature'],
+                'public key algorithm name' => message['public key algorithm name'],
+                'public key blob'           => message['public key blob'],
+              }
+              data_blob = encode SIGNATURE_BLOB_DEFINITION, data_message
+              hash = OpenSSL::Digest.digest(DIGEST, data_blob)
+              sign_r = signature_blob[ 0, 20]
+              sign_s = signature_blob[20, 20]
+              sign_asn1 = OpenSSL::ASN1::Sequence.new(
+                [
+                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_r, 2)),
+                  OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(sign_s, 2)),
+                ]
+              )
+              sign_der = sign_asn1.to_der
+              (signature_algorithm == message['public key algorithm name']) && algorithm.sysverify(hash, sign_der)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb ADDED Viewed

@@ -0,0 +1,85 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+module HrrRbSsh
+  class Authentication
+    module Method
+      class Publickey
+        module Algorithm
+          class SshRsa < Algorithm
+            NAME   = 'ssh-rsa'
+            DIGEST = 'sha1'
+            PUBLIC_KEY_BLOB_DEFINITION = [
+              ['string', 'public key algorithm name'],
+              ['mpint',  'e'],
+              ['mpint',  'n'],
+            ]
+            SIGNATURE_DEFINITION = [
+              ['string', 'public key algorithm name'],
+              ['string', 'signature blob'],
+            ]
+            SIGNATURE_BLOB_DEFINITION = [
+              ['string',  'session identifier'],
+              ['byte',    'message number'],
+              ['string',  'user name'],
+              ['string',  'service name'],
+              ['string',  'method name'],
+              ['boolean', 'with signature'],
+              ['string',  'public key algorithm name'],
+              ['string',  'public key blob'],
+            ]
+            def verify_public_key public_key_algorithm_name, public_key, public_key_blob
+              public_key = case public_key
+                           when String
+                             OpenSSL::PKey::RSA.new(public_key)
+                           when OpenSSL::PKey::RSA
+                             public_key
+                           else
+                             return false
+                           end
+              public_key_message = {
+                'public key algorithm name' => public_key_algorithm_name,
+                'e'                         => public_key.e.to_i,
+                'n'                         => public_key.n.to_i,
+              }
+              public_key_blob == encode(PUBLIC_KEY_BLOB_DEFINITION, public_key_message)
+            end
+            def verify_signature session_id, message
+              signature_message   = decode SIGNATURE_DEFINITION, message['signature']
+              signature_algorithm = signature_message['public key algorithm name']
+              signature_blob      = signature_message['signature blob']
+              public_key = decode PUBLIC_KEY_BLOB_DEFINITION, message['public key blob']
+              algorithm = OpenSSL::PKey::RSA.new
+              if algorithm.respond_to?(:set_key)
+                algorithm.set_key public_key['n'], public_key['e'], nil
+              else
+                algorithm.e = public_key['e']
+                algorithm.n = public_key['n']
+              end
+              data_message = {
+                'session identifier'        => session_id,
+                'message number'            => message['message number'],
+                'user name'                 => message['user name'],
+                'service name'              => message['service name'],
+                'method name'               => message['method name'],
+                'with signature'            => message['with signature'],
+                'public key algorithm name' => message['public key algorithm name'],
+                'public key blob'           => message['public key blob'],
+              }
+              data_blob = encode SIGNATURE_BLOB_DEFINITION, data_message
+              (signature_algorithm == message['public key algorithm name']) && algorithm.verify(DIGEST, signature_blob, data_blob)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm.rb ADDED Viewed

@@ -0,0 +1,28 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+module HrrRbSsh
+  class Authentication
+    module Method
+      class Publickey
+        module Algorithm
+          def self.list
+            Algorithm.list
+          end
+          def self.name_list
+            Algorithm.name_list
+          end
+          def self.[] key
+            Algorithm[key]
+          end
+        end
+      end
+    end
+  end
+end
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/algorithm'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa'

data/lib/hrr_rb_ssh/authentication/method/publickey.rb CHANGED Viewed

@@ -1,30 +1,16 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
-require 'hrr_rb_ssh/logger'
-require 'hrr_rb_ssh/authentication/method/publickey/context'
-require 'hrr_rb_ssh/authentication/method/publickey/ssh_rsa'
+require 'hrr_rb_ssh/authentication/method/method'
 module HrrRbSsh
   class Authentication
     module Method
-      name_list = [
-        'publickey'
-      ]
-      class Publickey
-        @@algorithm_list ||= Hash.new
-        def self.[] key
-          @@algorithm_list[key]
-        end
-        def self.algorithm_name_list
-          @@algorithm_list.keys
-        end
+      class Publickey < Method
+        NAME = 'publickey'
         def initialize options
-          @logger = HrrRbSsh::Logger.new self.class.name
+          super
           @session_id = options['session id']
           @authenticator = options.fetch( 'authentication_publickey_authenticator', Authenticator.new { false } )
@@ -32,7 +18,7 @@ module HrrRbSsh
         def authenticate userauth_request_message
           public_key_algorithm_name = userauth_request_message['public key algorithm name']
-          unless @@algorithm_list.has_key?(public_key_algorithm_name)
+          unless Algorithm.name_list.include?(public_key_algorithm_name)
             @logger.info("unsupported public key algorithm: #{public_key_algorithm_name}")
             return false
           end
@@ -43,7 +29,7 @@ module HrrRbSsh
           else
             @logger.info("verify signature")
             username = userauth_request_message['user name']
-            algorithm = @@algorithm_list[public_key_algorithm_name].new
+            algorithm = Algorithm[public_key_algorithm_name].new
             context = Context.new(username, algorithm, @session_id, userauth_request_message)
             @authenticator.authenticate context
           end
@@ -58,11 +44,9 @@ module HrrRbSsh
           payload = HrrRbSsh::Message::SSH_MSG_USERAUTH_PK_OK.encode message
         end
       end
-      @@list ||= Hash.new
-      name_list.each do |name|
-        @@list[name] = Publickey
-      end
     end
   end
 end
+require 'hrr_rb_ssh/authentication/method/publickey/context'
+require 'hrr_rb_ssh/authentication/method/publickey/algorithm'

data/lib/hrr_rb_ssh/authentication/method.rb CHANGED Viewed

@@ -1,22 +1,25 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
-require 'hrr_rb_ssh/authentication/method/none'
-require 'hrr_rb_ssh/authentication/method/password'
-require 'hrr_rb_ssh/authentication/method/publickey'
 module HrrRbSsh
   class Authentication
     module Method
-      @@list ||= Hash.new
-      def self.[] key
-        @@list[key]
+      def self.list
+        Method.list
       end
       def self.name_list
-        @@list.keys
+        Method.name_list
+      end
+      def self.[] key
+        Method[key]
       end
     end
   end
 end
+require 'hrr_rb_ssh/authentication/method/method'
+require 'hrr_rb_ssh/authentication/method/none'
+require 'hrr_rb_ssh/authentication/method/password'
+require 'hrr_rb_ssh/authentication/method/publickey'

data/lib/hrr_rb_ssh/connection/channel/channel_type/channel_type.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+module HrrRbSsh
+  class Connection
+    class Channel
+      module ChannelType
+        class ChannelType
+          @@list = Array.new
+          def self.inherited klass
+            @@list.push klass
+          end
+          def self.list
+            @@list
+          end
+          def self.name_list
+            @@list.map{ |klass| klass::NAME }
+          end
+          def self.[] key
+            @@list.find{ |klass| key == klass::NAME }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env/context.rb ADDED Viewed

@@ -0,0 +1,46 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+require 'hrr_rb_ssh/logger'
+module HrrRbSsh
+  class Connection
+    class Channel
+      module ChannelType
+        class Session
+          module RequestType
+            class Env
+              class Context
+                attr_reader \
+                  :logger,
+                  :username,
+                  :io,
+                  :variables,
+                  :vars,
+                  :variable_name,
+                  :variable_value
+                def initialize proc_chain, username, io, variables, message
+                  @logger = HrrRbSsh::Logger.new self.class.name
+                  @proc_chain = proc_chain
+                  @username   = username
+                  @io         = io
+                  @variables  = variables
+                  @vars       = variables
+                  @variable_name  = message['variable name']
+                  @variable_value = message['variable value']
+                end
+                def chain_proc &block
+                  @proc = block || @proc
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end