net-ssh 0.5.0

data/lib/net/ssh/service/process/services.rb

@@ -0,0 +1,66 @@
+#--
+# =============================================================================
+# Copyright (c) 2004, Jamis Buck (jgb3@email.byu.edu)
+# All rights reserved.
+#
+# This source file is distributed as part of the Net::SSH Secure Shell Client
+# library for Ruby. This file (and the library as a whole) may be used only as
+# allowed by either the BSD license, or the Ruby license (or, by association
+# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
+# distribution for the texts of these licenses.
+# -----------------------------------------------------------------------------
+# net-ssh website : http://net-ssh.rubyforge.org
+# project website: http://rubyforge.org/projects/net-ssh
+# =============================================================================
+#++
+
+module Net
+  module SSH
+    module Service
+      module Process
+
+        # Register all services pertaining to the management of remote
+        # processes.
+        def register_services( container )
+
+          # All process management services are registered in their own
+          # namespace.
+          container.namespace_define :process do |ns|
+
+            # The :open_manager service returns a proc object that can be used
+            # to create new OpenManager instances for a given command.
+            ns.open_manager do |c,p|
+              require 'net/ssh/service/process/open'
+              connection = c[:connection][:driver]
+              log = c[:log_for, p]
+              lambda { |cmd| OpenManager.new( connection, log, cmd ) }
+            end
+
+            # The :popen3_manager service returns a new POpen3Manager instance
+            # for managing the execution of commands with a popen3-type
+            # interface.
+            ns.popen3_manager do |c,p|
+              require 'net/ssh/service/process/popen3'
+              connection = c[:connection][:driver]
+              log = c[:log_for, p]
+              POpen3Manager.new( connection, log )
+            end
+
+            # The :driver controls access to all remote process management
+            # services.
+            ns.driver do |c,p|
+              require 'net/ssh/service/process/driver'
+              Driver.new( c[:connection][:driver],
+                          c[:log_for, p],
+                          :open => c[:open_manager],
+                          :popen3 => c[:popen3_manager] )
+            end
+
+          end
+        end
+        module_function :register_services
+
+      end
+    end
+  end
+end

data/lib/net/ssh/service/services.rb

@@ -0,0 +1,44 @@
+#--
+# =============================================================================
+# Copyright (c) 2004, Jamis Buck (jgb3@email.byu.edu)
+# All rights reserved.
+#
+# This source file is distributed as part of the Net::SSH Secure Shell Client
+# library for Ruby. This file (and the library as a whole) may be used only as
+# allowed by either the BSD license, or the Ruby license (or, by association
+# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
+# distribution for the texts of these licenses.
+# -----------------------------------------------------------------------------
+# net-ssh website : http://net-ssh.rubyforge.org
+# project website: http://rubyforge.org/projects/net-ssh
+# =============================================================================
+#++
+
+module Net
+  module SSH
+    module Service
+
+      # Register all standard SSH services.
+      def register_services( container )
+
+        # Define the hash that will be used to record the registered services.
+        # If the hash already exists, don't redefine it.
+        unless container.knows_key?( :services )
+          container.define.services { Hash.new }
+        end
+
+        # Register the services in their own namespace.
+        container.namespace_define :service do |ns|
+          ns.require "net/ssh/service/forward/services", "#{self}::Forward"
+          ns.require "net/ssh/service/process/services", "#{self}::Process"
+        end
+
+        # Add the services to the services hash.
+        container.services[ :forward ] = container.service.forward.driver
+        container.services[ :process ] = container.service.process.driver
+      end
+      module_function :register_services
+
+    end
+  end
+end

data/lib/net/ssh/session.rb

@@ -0,0 +1,242 @@
+#--
+# =============================================================================
+# Copyright (c) 2004, Jamis Buck (jgb3@email.byu.edu)
+# All rights reserved.
+#
+# This source file is distributed as part of the Net::SSH Secure Shell Client
+# library for Ruby. This file (and the library as a whole) may be used only as
+# allowed by either the BSD license, or the Ruby license (or, by association
+# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
+# distribution for the texts of these licenses.
+# -----------------------------------------------------------------------------
+# net-ssh website : http://net-ssh.rubyforge.org
+# project website: http://rubyforge.org/projects/net-ssh
+# =============================================================================
+#++
+
+require 'needle'
+require 'net/ssh/errors'
+
+module Net
+  module SSH
+
+    # Encapsulates a single session (connection) to a server via SSH.
+    class Session
+
+      # The dependency-injection registry used by this session.
+      attr_reader :registry
+
+      # Create a new SSH session. This method polymorphically accepts a
+      # variable number of parameters, as follows:
+      #
+      # * 1 parameter: must be the hostname to connect to.
+      # * 2 parameters: must be the hostname, and either the port (as an
+      #   integer) or the username to connect as.
+      # * 3 parameters: must be the hostname, and either the port (as an
+      #   integer) and username, or the username and the password.
+      # * 4 parameters: must be the hostname, port, username, and password.
+      #
+      # Any scenario above that omits the username assumes that the USER
+      # environment variable is set to the user's name. Any scenario above that
+      # omits the password assumes that the user will log in without a password
+      # (ie, using a public key). Any scenario above that omits the port number
+      # assumes a port number of 22 (the default for SSH).
+      #
+      # Any of the above scenarios may also accept a Hash as the last
+      # parameter, specifying a list of additional options to be used to
+      # initialize the session. (See Net::SSH::Session.add_options).
+      #
+      # Alternatively, named parameters may be used, in which case the first
+      # parameter is positional and is always the host to connect to, following
+      # which you may specify any of the following named parameters (as
+      # symbols):
+      #
+      # * :port
+      # * :username
+      # * :password
+      #
+      # Any additional parameters are treated as options that configure how the
+      # connection behaves.
+      #
+      # Allowed options are:
+      #
+      # * :keys (the list of filenames identifying the user's keys)
+      # * :host_keys (the list of filenames identifying the host's keys)
+      # * :auth_methods (a list of authentication methods to use)
+      # * :crypto_backend (defaults to :ossl, and specifies the cryptography
+      #   backend to use)
+      # * :registry_options (a hash of options to use when creating the
+      #   registry)
+      # * :container (the registry to use. If not specified, a new registry
+      #   will be created)
+      # * :verbose (how verbose the logging output should be. Defaults to
+      #   :warn).
+      # * :log (the name of the file, or the IO object, to which messages will
+      #   be logged. Defaults to STDERR.)
+      #
+      # Also, any options recognized by Net::SSH::Transport::Session may be
+      # given, and will be passed through to initialize the transport session.
+      #
+      # If a block is given to this method, then it is called with the new
+      # session object. The session object is then closed when the block
+      # terminates. If a block is not given, then the session object is
+      # returned (and must be closed explicitly).
+      def initialize( *args )
+        @open = false
+        process_arguments( *args )
+
+        @registry.define do |b|
+          b.crypto_backend { @crypto_backend }
+          b.transport_host { @host }
+          b.transport_options { @options }
+
+          b.userauth_keys { @keys }
+          b.userauth_host_keys { @host_keys }
+          b.userauth_method_order { @auth_methods }
+
+          b.prompter do
+            require 'net/ssh/util/prompter'
+            Net::SSH::Util::Prompter.new
+          end
+
+          b.require 'net/ssh/transport/services', "Net::SSH::Transport"
+          b.require 'net/ssh/connection/services', "Net::SSH::Connection"
+          b.require 'net/ssh/userauth/services', "Net::SSH::UserAuth"
+
+          b.require 'net/ssh/service/services', "Net::SSH::Service"
+        end
+
+        userauth = @registry[:userauth][:driver]
+        if userauth.authenticate( "ssh-connection", @username, @password )
+          @open = true
+          @connection = @registry[:connection][:driver]
+          if block_given?
+            yield self
+            close
+          end
+        else
+          @registry[:transport][:session].close
+          raise AuthenticationFailed, @username
+        end
+      end
+
+      # Closes the session, if it is open. If it is not open, this does
+      # nothing.
+      def close
+        @registry[:transport][:session].close if @open
+        @open = false
+      end
+
+      # Returns +true+ if the session is currently open.
+      def open?
+        @open
+      end
+
+      # Opens a new communication channel over the current connection. This
+      # returns immediately. The block will be invoked when then the channel
+      # has been opened. (See Net::SSH::Connection::Driver#open_channel).
+      def open_channel( type="session", data=nil, &block )
+        sanity_check
+        channel = @connection.open_channel( type, data )
+        channel.on_confirm_open &block
+        channel
+      end
+
+      # Enters the main communication loop. This processes events occuring over
+      # the channel. If a block is given, the loop will continue for as long
+      # as the block returns +true+. Otherwise, the loop continues until there
+      # are no more open channels. (See Net::SSH::Connection::Driver#loop).
+      def loop( &block )
+        sanity_check
+        @connection.loop &block
+      end
+
+      # Provides convenient access to services that have been registered with
+      # the session, such as "process" and "forward".
+      #
+      # Usage:
+      #
+      #   session.forward.local(...)
+      def method_missing( sym, *args, &block )
+        if args.empty? && block.nil? && @registry[:services].has_key?( sym )
+          return @registry[:services][ sym ]
+        else
+          super
+        end
+      end
+
+      # Processes the argument list, determining the meaning of each argument
+      # and allowing polymorphic argument lists. (See #initialize).
+      def process_arguments( *args )
+        @options = {}
+        @username = ENV['USER']
+
+        raise ArgumentError,
+          "you must specify the host to connect to" if args.length < 1
+
+        @host = args.shift
+
+        # support for both named arguments, and positional arguments...
+        if args.length == 1 && args[0].is_a?( Hash ) &&
+           ( args[0][:username] || args[0][:password] ||
+             args[0][:port] || args[0][:options] )
+        # then
+          @username = args[0][:username] || username
+          @password = args[0][:password]
+
+          @options.update args.shift
+        else
+          @options[ :port ] = args.shift if args.first.is_a? Numeric
+          if args.first.nil? || args.first.is_a?( String )
+            @username = args.shift || @username
+          end
+          if args.first.nil? || args.first.is_a?( String )
+            @password = args.shift
+          end
+          @options.update args.shift if args.first.is_a?( Hash )
+        end
+
+        unless args.empty?
+          raise ArgumentError, "extra parameters detected: #{args.inspect}"
+        end
+
+        @keys = @options[ :keys ]
+        @host_keys = @options[ :host_keys ]
+        @auth_methods = @options[ :auth_methods ]
+        @crypto_backend = @options.fetch( :crypto_backend, :ossl )
+
+        verbose = @options.fetch( :verbose, :warn )
+        log = @options.fetch( :log, STDERR )
+
+        @registry_options = @options.fetch( :registry_options, {} )
+
+        @registry_options[ :logs ] ||= {}
+        @registry_options[ :logs ][ :default_level ] = verbose
+
+        if log.is_a? IO
+          @registry_options[ :logs ][ :device ] ||= log
+        else
+          @registry_options[ :logs ][ :filename ] ||= log
+        end
+
+        @registry = @options[ :container ] ||
+          Needle::Registry.new( @registry_options )
+
+        [ :keys, :host_keys, :auth_methods, :username, :password,
+          :crypto_backend, :registry_options, :container, :log, :verbose
+        ].each do |i|
+          @options.delete i
+        end
+      end
+      private :process_arguments
+
+      # Make sure we're in an acceptible state.
+      def sanity_check
+        raise Net::SSH::Exception, "session not open" unless @open
+      end
+      private :sanity_check
+
+    end
+
+  end
+end

data/lib/net/ssh/transport/algorithm-negotiator.rb

@@ -0,0 +1,267 @@
+#--
+# =============================================================================
+# Copyright (c) 2004, Jamis Buck (jgb3@email.byu.edu)
+# All rights reserved.
+#
+# This source file is distributed as part of the Net::SSH Secure Shell Client
+# library for Ruby. This file (and the library as a whole) may be used only as
+# allowed by either the BSD license, or the Ruby license (or, by association
+# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
+# distribution for the texts of these licenses.
+# -----------------------------------------------------------------------------
+# net-ssh website : http://net-ssh.rubyforge.org
+# project website: http://rubyforge.org/projects/net-ssh
+# =============================================================================
+#++
+
+require 'net/ssh/errors'
+require 'net/ssh/transport/constants'
+
+module Net
+  module SSH
+    module Transport
+
+      # The AlgorithmNegotiator is used for negotiating the algorithms to be
+      # employed for a specific SSH session.
+      class AlgorithmNegotiator
+        include Constants
+
+        Algorithms = Struct.new( :server_packet,
+                                 :client_packet,
+                                 :kex,
+                                 :host_key,
+                                 :encryption_c2s,
+                                 :encryption_s2c,
+                                 :mac_c2s,
+                                 :mac_s2c,
+                                 :compression_c2s,
+                                 :compression_s2c,
+                                 :language_c2s,
+                                 :language_s2c,
+                                 :compression_level )
+
+        # Create a new AlgorithmNegotiator instance, using the given logger,
+        # set of default algorithms, and buffer factory.
+        def initialize( logger, algorithms, buffers )
+          @default_algorithms = algorithms
+          @buffers = buffers
+          @logger = logger
+        end
+
+        # Adds the algorithms of the specified type from +options+ to the
+        # @algorithms hash. Also verifies that the specified algorithms are
+        # supported.
+        def prepare_preferred_algorithm( options, algorithm )
+          @algorithms[ algorithm ] = @default_algorithms[ algorithm ].dup
+          if options[algorithm]
+            algos = [ *options[algorithm] ]
+            algos.each do |algo|
+              unless @algorithms[algorithm].include?(algo)
+                raise NotImplementedError,
+                  "unsupported algorithm for #{algorithm.inspect}: #{algo}"
+              end
+            end
+            @algorithms[ algorithm ].unshift( *algos ).uniq!
+          end
+        end
+        private :prepare_preferred_algorithm
+
+        # Builds the @algorithms hash from the values specified in the
+        # +options+ hash.
+        def prepare_preferred_algorithms( options )
+          @algorithms = Hash.new
+
+          prepare_preferred_algorithm options, :host_key
+          prepare_preferred_algorithm options, :kex
+          prepare_preferred_algorithm options, :encryption
+          prepare_preferred_algorithm options, :hmac
+          prepare_preferred_algorithm options, :compression
+          prepare_preferred_algorithm options, :languages
+
+          @compression_level = options[ :compression_level ]
+        end
+        private :prepare_preferred_algorithms
+
+        # looks for the first element in list1 that is also in list2
+        def first_matching_element( list1, list2 )
+          list1 = list1.split( /,/ ) if list1.respond_to? :split
+          list2 = list2.split( /,/ ) if list2.respond_to? :split
+
+          list1.each do |item|
+            return item if list2.include? item
+          end
+
+          return nil
+        end
+        private :first_matching_element
+
+        # Negotiate the supported algorithms with the server. If a compromise
+        # cannot be reached between what the client wants and what the server
+        # can provide, this will fail.
+        def negotiate( session, options )
+          prepare_preferred_algorithms options
+
+          # first, discover what the server can do
+          type, buffer = session.wait_for_message
+          raise Net::SSH::Exception, "expected KEXINIT" unless type == KEXINIT
+
+          server_algorithm_packet = buffer.content
+
+          cookie = buffer.read( 16 )
+          kex_algorithms = buffer.read_string
+          server_host_key_algorithms = buffer.read_string
+          encryption_algorithms_client_to_server = buffer.read_string
+          encryption_algorithms_server_to_client = buffer.read_string
+          mac_algorithms_client_to_server = buffer.read_string
+          mac_algorithms_server_to_client = buffer.read_string
+          compression_algorithms_client_to_server = buffer.read_string
+          compression_algorithms_server_to_client = buffer.read_string
+          languages_client_to_server = buffer.read_string
+          languages_server_to_client = buffer.read_string
+          first_kex_packet_follows = buffer.read_bool
+          zero = buffer.read_long
+
+          # TODO: if first_kex_packet_follows, we need to try to skip the
+          # actual kexinit stuff and try to guess what the server is doing...
+          # need to read more about this scenario.
+
+          # next, tell the server what we can do
+
+          my_kex = @algorithms[ :kex ].join( "," )
+          my_server_host_key_algorithms = @algorithms[ :host_key ].join( "," )
+          my_encryption_algorithms = @algorithms[ :encryption ].join( "," )
+          my_mac_algorithms = @algorithms[ :hmac ].join( "," )
+          my_compression_algorithms = @algorithms[ :compression ].join( "," )
+          my_languages = @algorithms[ :languages ].join( "," )
+
+          msg = @buffers.writer
+          msg.write_byte KEXINIT
+          msg.write_long rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF),
+            rand(0xFFFFFFFF)
+          msg.write_string my_kex, my_server_host_key_algorithms
+          msg.write_string my_encryption_algorithms, my_encryption_algorithms
+          msg.write_string my_mac_algorithms, my_mac_algorithms
+          msg.write_string my_compression_algorithms, my_compression_algorithms
+          msg.write_string my_languages, my_languages
+          msg.write_bool false
+          msg.write_long 0
+
+          client_algorithm_packet = msg.to_s
+          session.send_message msg
+
+          # negotiate algorithms
+
+          kex_algorithm = first_matching_element( @algorithms[ :kex ],
+            kex_algorithms )
+          raise Net::SSH::Exception,
+            "could not settle on kex algorithm" unless kex_algorithm
+          @logger.debug "kex algorithm: #{kex_algorithm}" if @logger.debug?
+
+          host_key_algorithm = first_matching_element(
+            @algorithms[ :host_key ], server_host_key_algorithms )
+          raise Net::SSH::Exception,
+            "could not settle on host key algorithm" unless host_key_algorithm
+          if @logger.debug?
+            @logger.debug "host key algorithm: #{host_key_algorithm}"
+          end
+
+          encryption_algorithm_c2s = first_matching_element(
+            @algorithms[ :encryption ], encryption_algorithms_client_to_server )
+          unless encryption_algorithm_c2s
+            raise Net::SSH::Exception,
+              "could not settle on client-to-server encryption algorithm"
+          end
+          if @logger.debug?
+            @logger.debug "encryption algorithm (client-to-server): " +
+              encryption_algorithm_c2s
+          end
+
+          encryption_algorithm_s2c = first_matching_element(
+            @algorithms[ :encryption ], encryption_algorithms_server_to_client )
+          unless encryption_algorithm_s2c
+            raise Net::SSH::Exception,
+              "could not settle on server-to-client encryption algorithm"
+          end
+          if @logger.debug?
+            @logger.debug "encryption algorithm (server-to-client): " +
+              encryption_algorithm_s2c
+          end
+
+          mac_algorithm_c2s = first_matching_element(
+            @algorithms[ :hmac ], mac_algorithms_client_to_server )
+          unless mac_algorithm_c2s
+            raise Net::SSH::Exception,
+              "could not settle on client-to-server HMAC algorithm"
+          end
+          if @logger.debug?
+            @logger.debug "hmac algorithm (client-to-server): " +
+              mac_algorithm_c2s
+          end
+
+          mac_algorithm_s2c = first_matching_element( @algorithms[ :hmac ],
+            mac_algorithms_server_to_client )
+          unless mac_algorithm_s2c
+            raise Net::SSH::Exception,
+              "could not settle on server-to-client HMAC algorithm"
+          end
+          if @logger.debug?
+            @logger.debug "hmac algorithm (server-to-client): " +
+              mac_algorithm_s2c
+          end
+
+          compression_algorithm_c2s = first_matching_element(
+            @algorithms[ :compression ],
+            compression_algorithms_client_to_server )
+          unless compression_algorithm_c2s
+            raise Net::SSH::Exception,
+              "could not settle on client-to-server compression algorithm"
+          end
+          if @logger.debug?
+            @logger.debug "compression algorithm (client-to-server): " +
+              compression_algorithm_c2s
+          end
+
+          compression_algorithm_s2c = first_matching_element(
+            @algorithms[ :compression ],
+            compression_algorithms_server_to_client )
+          unless compression_algorithm_s2c
+            raise Net::SSH::Exception,
+              "could not settle on server-to-client compression algorithm"
+          end
+          if @logger.debug?
+            @logger.debug "compression algorithm (server-to-client): " +
+              compression_algorithm_s2c
+          end
+
+          language_c2s = first_matching_element( @algorithms[ :languages ],
+            languages_client_to_server ) || ""
+          if @logger.debug?
+            @logger.debug "language (client-to-server): #{language_c2s}"
+          end
+
+          language_s2c = first_matching_element( @algorithms[ :languages ],
+            languages_server_to_client ) || ""
+          if @logger.debug?
+            @logger.debug "language (server-to-client): #{language_s2c}"
+          end
+
+          return Algorithms.new( server_algorithm_packet,
+                                 client_algorithm_packet,
+                                 kex_algorithm,
+                                 host_key_algorithm,
+                                 encryption_algorithm_c2s,
+                                 encryption_algorithm_s2c,
+                                 mac_algorithm_c2s,
+                                 mac_algorithm_s2c,
+                                 compression_algorithm_c2s,
+                                 compression_algorithm_s2c,
+                                 language_c2s,
+                                 language_s2c,
+                                 @compression_level )
+        end
+
+      end
+
+    end
+  end
+end