jayniz-net-ssh 2.0.15

data/Rudyfile

@@ -0,0 +1,110 @@
+# Rudyfile
+#
+# This configuration is used to test installing
+# and running net-ssh on a clean machine. 
+#
+# Usage:
+#
+#     $ rudy -vv startup
+#     $ rudy -vv testsuite
+#     $ rudy -vv shutdown
+#
+# Requires: Rudy 0.9 (http://code.google.com/p/rudy/)
+#
+
+defaults do
+  color true
+  environment :test
+  role :netssh
+end
+
+machines do
+  region :'us-east-1' do
+    ami 'ami-e348af8a'               # Alestic Debian 5.0, 32-bit (US)
+  end
+  env :test do
+    role :netssh do
+      user :root
+    end
+  end
+end
+
+commands do
+  allow :apt_get, "apt-get", :y, :q
+  allow :gem_install, "/usr/bin/gem", "install", :n, '/usr/bin', :y, :V, "--no-rdoc", "--no-ri"
+  allow :gem_sources, "/usr/bin/gem", "sources"
+  allow :gem_uninstall, "/usr/bin/gem", "uninstall", :V
+  allow :update_rubygems
+  allow :rm
+end
+
+routines do
+  
+  testsuite do
+    before :sysupdate, :installdeps, :install_gem
+    
+    remote :root do
+      directory_upload 'test', '/tmp/'
+      cd '/tmp'
+      ruby :I, 'lib/', :I, 'test/', :r, 'rubygems', 'test/test_all.rb'
+    end
+    
+    after :install_rubyforge, :install_github
+  end
+    
+  install_rubyforge do
+    remote :root do
+      gem_install 'net-ssh', '--version', '2.0.7'
+      gem_install 'net-ssh'
+    end
+  end
+
+  install_github do
+    remote :root do
+      gem_sources :a, "http://gems.github.com"
+      gem_install 'net-ssh-net-ssh'
+    end
+  end
+  
+  install_gem do
+    before :package_gem
+    remote :root do
+      disable_safe_mode
+      file_upload "pkg/net-ssh-*.gem", "/tmp/"
+      gem_install "/tmp/net-ssh-*.gem"
+    end
+  end
+  
+  package_gem do
+    local do
+      rm :r, :f, 'pkg'
+      rake 'package'
+    end
+  end
+  
+  remove do
+    remote :root do
+      gem_uninstall 'net-ssh'
+    end
+  end
+  
+  installdeps do
+    remote :root do
+      gem_install "rye", "test-unit", "mocha"
+      rye 'authorize-local'
+    end
+  end
+  
+  sysupdate do
+    remote :root do                  
+      apt_get "update"               
+      apt_get "install", "build-essential", "git-core"
+      apt_get "install", "ruby1.8-dev", "rdoc", "libzlib-ruby", "rubygems"
+      mkdir :p, "/var/lib/gems/1.8/bin" # Doesn't get created, but causes Rubygems to fail
+      gem_install "builder", "session"
+      gem_install 'rubygems-update', "-v=1.3.4"  # circular issue with 1.3.5 and hoe
+      update_rubygems
+    end
+  end
+end
+

data/THANKS.rdoc

@@ -0,0 +1,16 @@
+Net::SSH was originally written by Jamis Buck <jamis@37signals.com>. In
+addition, the following individuals are gratefully acknowledged for their
+contributions:
+
+GOTOU Yuuzou <gotoyuzo@notwork.org>
+  * help and code related to OpenSSL
+
+Guillaume Mar�ais <guillaume.marcais@free.fr>
+  * support for communicating with the the PuTTY "pageant" process
+
+Daniel Berger <djberg96@yahoo.com>
+  * help getting unit tests in earlier Net::SSH versions to pass in Windows
+  * initial version of Net::SSH::Config provided inspiration and encouragement
+
+Chris Andrews <chris@nodnol.org> and Lee Jensen <lee@outerim.com>
+  * support for ssh agent forwarding

data/lib/net/ssh/authentication/agent.rb

@@ -0,0 +1,176 @@
+require 'net/ssh/buffer'
+require 'net/ssh/errors'
+require 'net/ssh/loggable'
+require 'net/ssh/transport/server_version'
+
+require 'net/ssh/authentication/pageant' if File::ALT_SEPARATOR && !(RUBY_PLATFORM =~ /java/)
+
+module Net; module SSH; module Authentication
+
+  # A trivial exception class for representing agent-specific errors.
+  class AgentError < Net::SSH::Exception; end
+
+  # An exception for indicating that the SSH agent is not available.
+  class AgentNotAvailable < AgentError; end
+
+  # This class implements a simple client for the ssh-agent protocol. It
+  # does not implement any specific protocol, but instead copies the
+  # behavior of the ssh-agent functions in the OpenSSH library (3.8).
+  #
+  # This means that although it behaves like a SSH1 client, it also has
+  # some SSH2 functionality (like signing data).
+  class Agent
+    include Loggable
+
+    # A simple module for extending keys, to allow comments to be specified
+    # for them.
+    module Comment
+      attr_accessor :comment
+    end
+
+    SSH2_AGENT_REQUEST_VERSION    = 1
+    SSH2_AGENT_REQUEST_IDENTITIES = 11
+    SSH2_AGENT_IDENTITIES_ANSWER  = 12
+    SSH2_AGENT_SIGN_REQUEST       = 13
+    SSH2_AGENT_SIGN_RESPONSE      = 14
+    SSH2_AGENT_FAILURE            = 30
+    SSH2_AGENT_VERSION_RESPONSE   = 103
+
+    SSH_COM_AGENT2_FAILURE        = 102
+
+    SSH_AGENT_REQUEST_RSA_IDENTITIES = 1
+    SSH_AGENT_RSA_IDENTITIES_ANSWER1 = 2
+    SSH_AGENT_RSA_IDENTITIES_ANSWER2 = 5
+    SSH_AGENT_FAILURE                = 5
+
+    # The underlying socket being used to communicate with the SSH agent.
+    attr_reader :socket
+
+    # Instantiates a new agent object, connects to a running SSH agent,
+    # negotiates the agent protocol version, and returns the agent object.
+    def self.connect(logger=nil)
+      agent = new(logger)
+      agent.connect!
+      agent.negotiate!
+      agent
+    end
+
+    # Creates a new Agent object, using the optional logger instance to
+    # report status.
+    def initialize(logger=nil)
+      self.logger = logger
+    end
+
+    # Connect to the agent process using the socket factory and socket name
+    # given by the attribute writers. If the agent on the other end of the
+    # socket reports that it is an SSH2-compatible agent, this will fail
+    # (it only supports the ssh-agent distributed by OpenSSH).
+    def connect!
+      begin
+        debug { "connecting to ssh-agent" }
+        @socket = agent_socket_factory.open(ENV['SSH_AUTH_SOCK'])
+      rescue
+        error { "could not connect to ssh-agent" }
+        raise AgentNotAvailable, $!.message
+      end
+    end
+
+    # Attempts to negotiate the SSH agent protocol version. Raises an error
+    # if the version could not be negotiated successfully.
+    def negotiate!
+      # determine what type of agent we're communicating with
+      type, body = send_and_wait(SSH2_AGENT_REQUEST_VERSION, :string, Transport::ServerVersion::PROTO_VERSION)
+
+      if type == SSH2_AGENT_VERSION_RESPONSE
+        raise NotImplementedError, "SSH2 agents are not yet supported"
+      elsif type != SSH_AGENT_RSA_IDENTITIES_ANSWER1 && type != SSH_AGENT_RSA_IDENTITIES_ANSWER2
+        raise AgentError, "unknown response from agent: #{type}, #{body.to_s.inspect}"
+      end
+    end
+
+    # Return an array of all identities (public keys) known to the agent.
+    # Each key returned is augmented with a +comment+ property which is set
+    # to the comment returned by the agent for that key.
+    def identities
+      type, body = send_and_wait(SSH2_AGENT_REQUEST_IDENTITIES)
+      raise AgentError, "could not get identity count" if agent_failed(type)
+      raise AgentError, "bad authentication reply: #{type}" if type != SSH2_AGENT_IDENTITIES_ANSWER
+
+      identities = []
+      body.read_long.times do
+        key = Buffer.new(body.read_string).read_key
+        key.extend(Comment)
+        key.comment = body.read_string
+        identities.push key
+      end
+
+      return identities
+    end
+
+    # Closes this socket. This agent reference is no longer able to
+    # query the agent.
+    def close
+      @socket.close
+    end
+
+    # Using the agent and the given public key, sign the given data. The
+    # signature is returned in SSH2 format.
+    def sign(key, data)
+      type, reply = send_and_wait(SSH2_AGENT_SIGN_REQUEST, :string, Buffer.from(:key, key), :string, data, :long, 0)
+
+      if agent_failed(type)
+        raise AgentError, "agent could not sign data with requested identity"
+      elsif type != SSH2_AGENT_SIGN_RESPONSE
+        raise AgentError, "bad authentication response #{type}"
+      end
+
+      return reply.read_string
+    end
+
+    private
+
+      # Returns the agent socket factory to use.
+      def agent_socket_factory
+        if File::ALT_SEPARATOR
+          Pageant::Socket
+        else
+          UNIXSocket
+        end
+      end
+
+      # Send a new packet of the given type, with the associated data.
+      def send_packet(type, *args)
+        buffer = Buffer.from(*args)
+        data = [buffer.length + 1, type.to_i, buffer.to_s].pack("NCA*")
+        debug { "sending agent request #{type} len #{buffer.length}" }
+        @socket.send data, 0
+      end
+
+      # Read the next packet from the agent. This will return a two-part
+      # tuple consisting of the packet type, and the packet's body (which
+      # is returned as a Net::SSH::Buffer).
+      def read_packet
+        buffer = Net::SSH::Buffer.new(@socket.read(4))
+        buffer.append(@socket.read(buffer.read_long))
+        type = buffer.read_byte
+        debug { "received agent packet #{type} len #{buffer.length-4}" }
+        return type, buffer
+      end
+
+      # Send the given packet and return the subsequent reply from the agent.
+      # (See #send_packet and #read_packet).
+      def send_and_wait(type, *args)
+        send_packet(type, *args)
+        read_packet
+      end
+
+      # Returns +true+ if the parameter indicates a "failure" response from
+      # the agent, and +false+ otherwise.
+      def agent_failed(type)
+        type == SSH_AGENT_FAILURE ||
+        type == SSH2_AGENT_FAILURE ||
+        type == SSH_COM_AGENT2_FAILURE
+      end
+  end
+
+end; end; end

data/lib/net/ssh/authentication/constants.rb

@@ -0,0 +1,18 @@
+module Net; module SSH; module Authentication
+
+  # Describes the constants used by the Net::SSH::Authentication components
+  # of the Net::SSH library. Individual authentication method implemenations
+  # may define yet more constants that are specific to their implementation.
+  module Constants
+    USERAUTH_REQUEST          = 50
+    USERAUTH_FAILURE          = 51
+    USERAUTH_SUCCESS          = 52
+    USERAUTH_BANNER           = 53
+
+    USERAUTH_PASSWD_CHANGEREQ = 60
+    USERAUTH_PK_OK            = 60
+
+    USERAUTH_METHOD_RANGE     = 60..79
+  end
+
+end; end; end

data/lib/net/ssh/authentication/key_manager.rb

@@ -0,0 +1,193 @@
+require 'net/ssh/errors'
+require 'net/ssh/key_factory'
+require 'net/ssh/loggable'
+require 'net/ssh/authentication/agent'
+
+module Net
+  module SSH
+    module Authentication
+
+      # A trivial exception class used to report errors in the key manager.
+      class KeyManagerError < Net::SSH::Exception; end
+
+      # This class encapsulates all operations done by clients on a user's
+      # private keys. In practice, the client should never need a reference
+      # to a private key; instead, they grab a list of "identities" (public 
+      # keys) that are available from the KeyManager, and then use
+      # the KeyManager to do various private key operations using those
+      # identities.
+      #
+      # The KeyManager also uses the Agent class to encapsulate the
+      # ssh-agent. Thus, from a client's perspective it is completely
+      # hidden whether an identity comes from the ssh-agent or from a file
+      # on disk.
+      class KeyManager
+        include Loggable
+
+        # The list of user key files that will be examined
+        attr_reader :key_files
+
+        # The list of user key data that will be examined
+        attr_reader :key_data
+
+        # The map of loaded identities
+        attr_reader :known_identities
+
+        # The map of options that were passed to the key-manager
+        attr_reader :options
+
+        # Create a new KeyManager. By default, the manager will
+        # use the ssh-agent (if it is running).
+        def initialize(logger, options={})
+          self.logger = logger
+          @key_files = []
+          @key_data = []
+          @use_agent = true
+          @known_identities = {}
+          @agent = nil
+          @options = options
+        end
+
+        # Clear all knowledge of any loaded user keys. This also clears the list
+        # of default identity files that are to be loaded, thus making it
+        # appropriate to use if a client wishes to NOT use the default identity
+        # files.
+        def clear!
+          key_files.clear
+          key_data.clear
+          known_identities.clear
+          self
+        end
+
+        # Add the given key_file to the list of key files that will be used.
+        def add(key_file)
+          key_files.push(File.expand_path(key_file)).uniq!
+          self
+        end
+
+        # Add the given key_file to the list of keys that will be used.
+        def add_key_data(key_data_)
+          key_data.push(key_data_).uniq!
+          self
+        end
+
+        # This is used as a hint to the KeyManager indicating that the agent
+        # connection is no longer needed. Any other open resources may be closed
+        # at this time.
+        #
+        # Calling this does NOT indicate that the KeyManager will no longer
+        # be used. Identities may still be requested and operations done on
+        # loaded identities, in which case, the agent will be automatically
+        # reconnected. This method simply allows the client connection to be
+        # closed when it will not be used in the immediate future.
+        def finish
+          @agent.close if @agent
+          @agent = nil
+        end
+
+        # Iterates over all available identities (public keys) known to this
+        # manager. As it finds one, it will then yield it to the caller.
+        # The origin of the identities may be from files on disk or from an
+        # ssh-agent. Note that identities from an ssh-agent are always listed
+        # first in the array, with other identities coming after.
+        def each_identity
+          if agent
+            agent.identities.each do |key|
+              known_identities[key] = { :from => :agent }
+              yield key
+            end
+          end
+          
+          key_files.each do |file|
+            public_key_file = file + ".pub"
+            if File.readable?(public_key_file)
+              begin
+                key = KeyFactory.load_public_key(public_key_file)
+                known_identities[key] = { :from => :file, :file => file }
+                yield key
+              rescue Exception => e
+                error { "could not load public key file `#{public_key_file}': #{e.class} (#{e.message})" }
+              end
+            elsif File.readable?(file)
+              begin
+                private_key = KeyFactory.load_private_key(file, options[:passphrase])
+                key = private_key.send(:public_key)
+                known_identities[key] = { :from => :file, :file => file, :key => private_key }
+                yield key
+              rescue Exception => e
+                error { "could not load private key file `#{file}': #{e.class} (#{e.message})" }
+              end
+            end
+          end
+
+          key_data.each do |data|
+            private_key = KeyFactory.load_data_private_key(data)
+            key = private_key.send(:public_key)
+            known_identities[key] = { :from => :key_data, :data => data, :key => private_key }
+            yield key
+          end
+
+          self
+        end
+
+        # Sign the given data, using the corresponding private key of the given
+        # identity. If the identity was originally obtained from an ssh-agent,
+        # then the ssh-agent will be used to sign the data, otherwise the
+        # private key for the identity will be loaded from disk (if it hasn't
+        # been loaded already) and will then be used to sign the data.
+        #
+        # Regardless of the identity's origin or who does the signing, this
+        # will always return the signature in an SSH2-specified "signature
+        # blob" format.
+        def sign(identity, data)
+          info = known_identities[identity] or raise KeyManagerError, "the given identity is unknown to the key manager"
+
+          if info[:key].nil? && info[:from] == :file
+            begin
+              info[:key] = KeyFactory.load_private_key(info[:file], options[:passphrase])
+            rescue Exception => e 
+              raise KeyManagerError, "the given identity is known, but the private key could not be loaded: #{e.class} (#{e.message})"
+            end
+          end
+
+          if info[:key]
+            return Net::SSH::Buffer.from(:string, identity.ssh_type,
+              :string, info[:key].ssh_do_sign(data.to_s)).to_s
+          end
+
+          if info[:from] == :agent
+            raise KeyManagerError, "the agent is no longer available" unless agent
+            return agent.sign(identity, data.to_s)
+          end
+
+          raise KeyManagerError, "[BUG] can't determine identity origin (#{info.inspect})"
+        end
+
+        # Identifies whether the ssh-agent will be used or not.
+        def use_agent?
+          @use_agent
+        end
+
+        # Toggles whether the ssh-agent will be used or not. If true, an
+        # attempt will be made to use the ssh-agent. If false, any existing
+        # connection to an agent is closed and the agent will not be used.
+        def use_agent=(use_agent)
+          finish if !use_agent
+          @use_agent = use_agent
+        end
+
+        # Returns an Agent instance to use for communicating with an SSH
+        # agent process. Returns nil if use of an SSH agent has been disabled,
+        # or if the agent is otherwise not available.
+        def agent
+          return unless use_agent?
+          @agent ||= Agent.connect(logger)
+        rescue AgentNotAvailable
+          @use_agent = false
+          nil
+        end
+      end
+
+    end
+  end
+end