net-ssh-backports 6.3.0.backports

data/lib/net/ssh/proxy/http.rb

@@ -0,0 +1,98 @@
+require 'socket'
+require 'net/ssh/proxy/errors'
+
+module Net
+  module SSH
+    module Proxy
+      # An implementation of an HTTP proxy. To use it, instantiate it, then
+      # pass the instantiated object via the :proxy key to Net::SSH.start:
+      #
+      #   require 'net/ssh/proxy/http'
+      #
+      #   proxy = Net::SSH::Proxy::HTTP.new('proxy_host', proxy_port)
+      #   Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
+      #     ...
+      #   end
+      #
+      # If the proxy requires authentication, you can pass :user and :password
+      # to the proxy's constructor:
+      #
+      #   proxy = Net::SSH::Proxy::HTTP.new('proxy_host', proxy_port,
+      #      :user => "user", :password => "password")
+      #
+      # Note that HTTP digest authentication is not supported; Basic only at
+      # this point.
+      class HTTP
+        # The hostname or IP address of the HTTP proxy.
+        attr_reader :proxy_host
+
+        # The port number of the proxy.
+        attr_reader :proxy_port
+
+        # The map of additional options that were given to the object at
+        # initialization.
+        attr_reader :options
+
+        # Create a new socket factory that tunnels via the given host and
+        # port. The +options+ parameter is a hash of additional settings that
+        # can be used to tweak this proxy connection. Specifically, the following
+        # options are supported:
+        #
+        # * :user => the user name to use when authenticating to the proxy
+        # * :password => the password to use when authenticating
+        def initialize(proxy_host, proxy_port=80, options={})
+          @proxy_host = proxy_host
+          @proxy_port = proxy_port
+          @options = options
+        end
+
+        # Return a new socket connected to the given host and port via the
+        # proxy that was requested when the socket factory was instantiated.
+        def open(host, port, connection_options)
+          socket = establish_connection(connection_options[:timeout])
+          socket.write "CONNECT #{host}:#{port} HTTP/1.1\r\n"
+          socket.write "Host: #{host}:#{port}\r\n"
+
+          if options[:user]
+            credentials = ["#{options[:user]}:#{options[:password]}"].pack("m*").gsub(/\s/, "")
+            socket.write "Proxy-Authorization: Basic #{credentials}\r\n"
+          end
+
+          socket.write "\r\n"
+
+          resp = parse_response(socket)
+
+          return socket if resp[:code] == 200
+
+          socket.close
+          raise ConnectError, resp.inspect
+        end
+
+        protected
+
+        def establish_connection(connect_timeout)
+          Socket.tcp(proxy_host, proxy_port, nil, nil,
+                     connect_timeout: connect_timeout)
+        end
+
+        def parse_response(socket)
+          version, code, reason = socket.gets.chomp.split(/ /, 3)
+          headers = {}
+
+          while (line = socket.gets) && (line.chomp! != "")
+            name, value = line.split(/:/, 2)
+            headers[name.strip] = value.strip
+          end
+
+          body = socket.read(headers["Content-Length"].to_i) if headers["Content-Length"]
+
+          return { version: version,
+                   code: code.to_i,
+                   reason: reason,
+                   headers: headers,
+                   body: body }
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/proxy/https.rb

@@ -0,0 +1,50 @@
+require 'socket'
+require 'openssl'
+require 'net/ssh/proxy/errors'
+require 'net/ssh/proxy/http'
+
+module Net
+  module SSH
+    module Proxy
+      # A specialization of the HTTP proxy which encrypts the whole connection
+      # using OpenSSL. This has the advantage that proxy authentication
+      # information is not sent in plaintext.
+      class HTTPS < HTTP
+        # Create a new socket factory that tunnels via the given host and
+        # port. The +options+ parameter is a hash of additional settings that
+        # can be used to tweak this proxy connection. In addition to the options
+        # taken by Net::SSH::Proxy::HTTP it supports:
+        #
+        # * :ssl_context => the SSL configuration to use for the connection
+        def initialize(proxy_host, proxy_port=80, options={})
+          @ssl_context = options.delete(:ssl_context) ||
+                           OpenSSL::SSL::SSLContext.new
+          super(proxy_host, proxy_port, options)
+        end
+
+        protected
+
+        # Shim to make OpenSSL::SSL::SSLSocket behave like a regular TCPSocket
+        # for all intents and purposes of Net::SSH::BufferedIo
+        module SSLSocketCompatibility
+          def self.extended(object) #:nodoc:
+            object.define_singleton_method(:recv, object.method(:sysread))
+            object.sync_close = true
+          end
+
+          def send(data, _opts)
+            syswrite(data)
+          end
+        end
+
+        def establish_connection(connect_timeout)
+          plain_socket = super(connect_timeout)
+          OpenSSL::SSL::SSLSocket.new(plain_socket, @ssl_context).tap do |socket|
+            socket.extend(SSLSocketCompatibility)
+            socket.connect
+          end
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/proxy/jump.rb

@@ -0,0 +1,54 @@
+require 'uri'
+require 'net/ssh/proxy/command'
+
+module Net
+  module SSH
+    module Proxy
+      # An implementation of a jump proxy. To use it, instantiate it,
+      # then pass the instantiated object via the :proxy key to
+      # Net::SSH.start:
+      #
+      #   require 'net/ssh/proxy/jump'
+      #
+      #   proxy = Net::SSH::Proxy::Jump.new('user@proxy')
+      #   Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
+      #     ...
+      #   end
+      class Jump < Command
+        # The jump proxies
+        attr_reader :jump_proxies
+
+        # Create a new socket factory that tunnels via multiple jump proxes as
+        # [user@]host[:port].
+        def initialize(jump_proxies)
+          @jump_proxies = jump_proxies
+        end
+
+        # Return a new socket connected to the given host and port via the jump
+        # proxy that was requested when the socket factory was instantiated.
+        def open(host, port, connection_options = nil)
+          build_proxy_command_equivalent(connection_options)
+          super
+        end
+
+        # We cannot build the ProxyCommand template until we know if the :config
+        # option was specified during `Net::SSH.start`.
+        def build_proxy_command_equivalent(connection_options = nil)
+          first_jump, extra_jumps = jump_proxies.split(",", 2)
+          config = connection_options && connection_options[:config]
+          uri = URI.parse("ssh://#{first_jump}")
+
+          template = "ssh".dup
+          template << " -l #{uri.user}"    if uri.user
+          template << " -p #{uri.port}"    if uri.port
+          template << " -J #{extra_jumps}" if extra_jumps
+          template << " -F #{config}" if config != true && config
+          template << " -W %h:%p "
+          template << uri.host
+
+          @command_line_template = template
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/proxy/socks4.rb

@@ -0,0 +1,67 @@
+require 'socket'
+require 'resolv'
+require 'ipaddr'
+require 'net/ssh/proxy/errors'
+
+module Net
+  module SSH
+    module Proxy
+      # An implementation of a SOCKS4 proxy. To use it, instantiate it, then
+      # pass the instantiated object via the :proxy key to Net::SSH.start:
+      #
+      #   require 'net/ssh/proxy/socks4'
+      #
+      #   proxy = Net::SSH::Proxy::SOCKS4.new('proxy.host', proxy_port, :user => 'user')
+      #   Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
+      #     ...
+      #   end
+      class SOCKS4
+        # The SOCKS protocol version used by this class
+        VERSION = 4
+
+        # The packet type for connection requests
+        CONNECT = 1
+
+        # The status code for a successful connection
+        GRANTED = 90
+
+        # The proxy's host name or IP address, as given to the constructor.
+        attr_reader :proxy_host
+
+        # The proxy's port number.
+        attr_reader :proxy_port
+
+        # The additional options that were given to the proxy's constructor.
+        attr_reader :options
+
+        # Create a new proxy connection to the given proxy host and port.
+        # Optionally, a :user key may be given to identify the username
+        # with which to authenticate.
+        def initialize(proxy_host, proxy_port=1080, options={})
+          @proxy_host = proxy_host
+          @proxy_port = proxy_port
+          @options = options
+        end
+
+        # Return a new socket connected to the given host and port via the
+        # proxy that was requested when the socket factory was instantiated.
+        def open(host, port, connection_options)
+          socket = Socket.tcp(proxy_host, proxy_port, nil, nil,
+                              connect_timeout: connection_options[:timeout])
+          ip_addr = IPAddr.new(Resolv.getaddress(host))
+
+          packet = [VERSION, CONNECT, port.to_i, ip_addr.to_i, options[:user]].pack("CCnNZ*")
+          socket.send packet, 0
+
+          version, status, port, ip = socket.recv(8).unpack("CCnN")
+          if status != GRANTED
+            socket.close
+            raise ConnectError, "error connecting to proxy (#{status})"
+          end
+
+          return socket
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/proxy/socks5.rb

@@ -0,0 +1,140 @@
+require 'socket'
+require 'net/ssh/proxy/errors'
+
+module Net
+  module SSH
+    module Proxy
+      # An implementation of a SOCKS5 proxy. To use it, instantiate it, then
+      # pass the instantiated object via the :proxy key to Net::SSH.start:
+      #
+      #   require 'net/ssh/proxy/socks5'
+      #
+      #   proxy = Net::SSH::Proxy::SOCKS5.new('proxy.host', proxy_port,
+      #     :user => 'user', :password => "password")
+      #   Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
+      #     ...
+      #   end
+      class SOCKS5
+        # The SOCKS protocol version used by this class
+        VERSION = 5
+
+        # The SOCKS authentication type for requests without authentication
+        METHOD_NO_AUTH = 0
+
+        # The SOCKS authentication type for requests via username/password
+        METHOD_PASSWD = 2
+
+        # The SOCKS authentication type for when there are no supported
+        # authentication methods.
+        METHOD_NONE = 0xFF
+
+        # The SOCKS packet type for requesting a proxy connection.
+        CMD_CONNECT = 1
+
+        # The SOCKS address type for connections via IP address.
+        ATYP_IPV4 = 1
+
+        # The SOCKS address type for connections via domain name.
+        ATYP_DOMAIN = 3
+
+        # The SOCKS response code for a successful operation.
+        SUCCESS = 0
+
+        # The proxy's host name or IP address
+        attr_reader :proxy_host
+
+        # The proxy's port number
+        attr_reader :proxy_port
+
+        # The map of options given at initialization
+        attr_reader :options
+
+        # Create a new proxy connection to the given proxy host and port.
+        # Optionally, :user and :password options may be given to
+        # identify the username and password with which to authenticate.
+        def initialize(proxy_host, proxy_port=1080, options={})
+          @proxy_host = proxy_host
+          @proxy_port = proxy_port
+          @options = options
+        end
+
+        # Return a new socket connected to the given host and port via the
+        # proxy that was requested when the socket factory was instantiated.
+        def open(host, port, connection_options)
+          socket = Socket.tcp(proxy_host, proxy_port, nil, nil,
+                              connect_timeout: connection_options[:timeout])
+
+          methods = [METHOD_NO_AUTH]
+          methods << METHOD_PASSWD if options[:user]
+
+          packet = [VERSION, methods.size, *methods].pack("C*")
+          socket.send packet, 0
+
+          version, method = socket.recv(2).unpack("CC")
+          if version != VERSION
+            socket.close
+            raise Net::SSH::Proxy::Error, "invalid SOCKS version (#{version})"
+          end
+
+          if method == METHOD_NONE
+            socket.close
+            raise Net::SSH::Proxy::Error, "no supported authorization methods"
+          end
+
+          negotiate_password(socket) if method == METHOD_PASSWD
+
+          packet = [VERSION, CMD_CONNECT, 0].pack("C*")
+
+          if host =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/
+            packet << [ATYP_IPV4, $1.to_i, $2.to_i, $3.to_i, $4.to_i].pack("C*")
+          else
+            packet << [ATYP_DOMAIN, host.length, host].pack("CCA*")
+          end
+
+          packet << [port].pack("n")
+          socket.send packet, 0
+
+          version, reply, = socket.recv(2).unpack("C*")
+          socket.recv(1)
+          address_type = socket.recv(1).getbyte(0)
+          case address_type
+          when 1
+            socket.recv(4) # get four bytes for IPv4 address
+          when 3
+            len = socket.recv(1).getbyte(0)
+            hostname = socket.recv(len)
+          when 4
+            ipv6addr hostname = socket.recv(16)
+          else
+            socket.close
+            raise ConnectError, "Illegal response type"
+          end
+          portnum = socket.recv(2)
+
+          unless reply == SUCCESS
+            socket.close
+            raise ConnectError, "#{reply}"
+          end
+
+          return socket
+        end
+
+        private
+
+        # Simple username/password negotiation with the SOCKS5 server.
+        def negotiate_password(socket)
+          packet = [0x01, options[:user].length, options[:user],
+                    options[:password].length, options[:password]].pack("CCA*CA*")
+          socket.send packet, 0
+
+          version, status = socket.recv(2).unpack("CC")
+
+          if status != SUCCESS
+            socket.close
+            raise UnauthorizedError, "could not authorize user"
+          end
+        end
+      end
+    end
+  end
+end