net-ssh 1.1.1 → 1.1.2

data/LICENSE

@@ -0,0 +1,7 @@
+Net::SSH is copyrighted free software by Jamis Buck <jamis@37signals.com>.
+The reader is hereby granted permission to redistribute and/or modify it
+under the terms of the BSD license, the Ruby license, or (by association
+with the Ruby license) the GPL, at the reader's option.
+
+Look in the "doc" subdirectory, and see the LICENSE-BSD, LICENSE-RUBY and
+LICENSE-GPL files for the text of these licenses.

data/NEWS

@@ -0,0 +1,146 @@
+Net:SSH
+http://rubyforge.org/projects/net-ssh
+
+[1.1.2] 18 June 2007
+  * Fixed bug #6156 (ruby -w warnings)
+
+  * Fixed bug #11532 (Hang after MSG_CHANNEL_OPEN_FAILURE)
+
+  * Fixed bug #10818 (Exception in split_data_for_packet)
+
+  * Fixed bug #6667 (wrong SOCKS 5 auth version)
+
+  * Fixed bug #11270 (error when server uses some aes ciphers)
+
+  * Fixed bug #11355 (typo in session.rb)
+
+  * Fixed bug #11250 (host key verification problems when an RSA key appears
+    in the known hosts file, but the server has both DSS and RSA keys)
+
+[1.1.1] 9 May 2007
+  * Fixed broken mkdir in host key verification.
+
+  * Fixed problems with Windows users getting "address family for hostname
+    not supported" errors.
+
+[1.1.0] 1 May 2007
+  * Added the missing rb-keygen utility
+
+  * Server key verification (enabled by default, disable with :paranoid => false)
+
+  * Add support for SSH agent forwwarding
+
+[1.0.10] 9 Sep 2006
+  * Experiment with using read instead of sysread, to try and alleviate problems
+    on Windows.
+
+  * Use printf instead of echo -n in the shell service, for compatibility with
+    more unices.
+
+  * Give a sane error message when the user name is nil and cannot be derived
+    from the environment.
+
+  * Add a #connection accessor to the session.
+
+  * Add initial support for server-originated global requests.
+
+[1.0.9] 14 Apr 2006
+  * Fix a bug when used in tandem with edge Rails, due to monkeypatching in Rails.
+
+[1.0.8] 18 Feb 2006
+  * Move connect for forwarded connections outside of thread so errors can be
+    caught
+
+[1.0.7] 27 Jan 2006
+  * Fix intermittent "corrupt mac" bug (finally!)
+
+[1.0.6] 19 Jan 2006
+  * Send NEWKEYS message first, for compatibility with wodSSHServer (which
+    won't send NEWKEYS until recieving it)
+
+  * Do not print the banner message by default on authorization (rarely useful
+    for automated processes anyway)
+
+[1.0.5] 2 Jan 2006
+  * Added connection.ping! and session.ping! for testing the connection
+
+[1.0.4] 24 Dec 2005
+  * Fixed tests broken by changes in Ruby 1.8.4.
+
+  * Fixed references to obsolete contact email address.
+
+[1.0.3] 9 Nov 2005
+  * Fixed for windows so that connections succeed even if pageant process is
+    not running.
+
+[1.0.2] 26 Jul 2005
+  * Fixed channel on_request callback signature.
+
+  * Better thread-safety in the connection driver (fixes some "Bad packet size"
+    errors in multi-threaded apps)
+
+  * Corrected various minor bugs.
+
+[1.0.1] 17 Jun 2005
+  * Added a :timeout option on the transport session
+
+  * Net::SSH works with the Putty Agent now
+
+[1.0.0] 6 Feb 2005
+  * Password can be programmatically specified for the 'keyboard-authentication'
+    method.
+  
+  * All unit tests pass on Windows now.
+
+  * Channels now respect their own local window and maximum packet sizes, and
+    report reasonable values to the server. This fixes a bug that caused
+    problems when large quantities of data were requested of the server and
+    certain server maximums were being exceeded.
+
+  * Client name is determined in a more robust manner.
+
+  * Fixed hostbased bug.
+
+  * Authentication process is now aware of the authentication methods reported
+    by the server as having a chance of succeeded, and no longer attempts
+    those methods that cannot possibly succeed.
+
+[0.9.0] 11 Jan 2005
+  * Added 'shell' and 'sync' services for interacting with users' shells,
+    including a demo script that uses these to implement a simple SSH terminal
+    client.
+
+  * The 'keyboard-interactive' authentication method is implemented correctly
+    now, which means users will receive a prompt to enter a password if one is
+    not given, and is required.
+
+  * The bug that caused the agent to always be used--even if it was
+    unavailable--has been fixed.
+
+  * The user manual now includes links to previous/next chapters, and uses
+    syntax highlighting for the code blocks. Various other style tweaks in the
+    manual.
+
+  * Window sizes and maximum packet sizes are now honored, which should take
+    care of various bugs and make Net::SSH play nicer with older SSH servers.
+
+  * Non-blocking reads are now supported via the
+    Transport::Session#reader_ready? method. The Connection::Driver#process
+    method has been modified to make better use of this.
+
+  * Moved to subversion, from CVS. Repository is now at
+    http://www.jamisbuck.org/svn/net-ssh
+
+[0.6.0] 2 Dec 2004
+  * Added pageant support (thanks to Guillaume Mar�ais)
+
+  * Added support for external services (like SFTP).
+
+  * Use USERNAME environment variable if USER is not set (like on Windows)
+
+[0.5.0] 23 Nov 2004
+  * Refactored to use Needle.
+
+  * Moved SFTP support into its own library.
+
+  * Moved command-line utilities into their own library.

data/README

@@ -0,0 +1,14 @@
+= Net::SSH
+
+<b><em>A pure Ruby module that emulates an SSH client.</em></b>
+
+<em>Author: Jamis Buck (jamis@37signals.com)</em>
+
+Net::SSH absolutely WILL NOT work with the version of Ruby's OpenSSL module currently shipped with Ruby versions < 1.8.2 final. If you insist on trying it with a pre-1.8.2 final version, you must get a patched version of the OpenSSL module and install it (and remove the old module) before using Net::SSH.
+
+The current release of Net::SSH supports:
+
+* the execution of processes on the remote host (interactively, or non-interactively)
+* interacting with a user's shell
+* port forwarding, both from a local port to a remote port, and vice versa
+* HTTP and SOCKS proxy support (and support for creation of additional proxy types)

data/THANKS

@@ -0,0 +1,19 @@
+Net::SSH was originally written by Jamis Buck <jamis@37signals.com>. In
+addition, the following individuals are gratefully acknowledged for their
+contributions:
+
+GOTOU Yuuzou <gotoyuzo@notwork.org>
+  * help and code related to OpenSSL
+
+Guillaume Mar�ais <guillaume.marcais@free.fr>
+  * support for communicating with the the PuTTY "pageant" process
+
+Daniel Berger <djberg96@yahoo.com>
+  * help getting unit tests to pass in Windows
+
+Chris Andrews <chris@nodnol.org> and Lee Jensen <lee@outerim.com>
+  * support for ssh agent forwarding
+
+If you have contributed to Net::SSH and are not on the above list, please do
+not take offense! Jamis is notoriously forgetful. Instead, just let him know
+what your contribution was, and he'll be only too happy to add you.

data/bin/rb-keygen

@@ -200,7 +200,7 @@ class KeyGenerator
   # prints the messages to +stderr+.
   def if_chatty( *args )
     unless @options[ :quiet ]
-      $stderr.puts *args
+      $stderr.puts(*args)
     end
   end
   private :if_chatty

data/doc/manual-html/chapter-1.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.1.1</strong><br />
-            Manual Last Updated: <strong>2007-05-10 04:06 UTC</strong>
+            Net::SSH Version: <strong>1.1.2</strong><br />
+            Manual Last Updated: <strong>2007-06-18 18:12 UTC</strong>
           </div>
         </td></tr>
       </table>

data/doc/manual-html/chapter-2.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.1.1</strong><br />
-            Manual Last Updated: <strong>2007-05-10 04:06 UTC</strong>
+            Net::SSH Version: <strong>1.1.2</strong><br />
+            Manual Last Updated: <strong>2007-06-18 18:12 UTC</strong>
           </div>
         </td></tr>
       </table>

data/doc/manual-html/chapter-3.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.1.1</strong><br />
-            Manual Last Updated: <strong>2007-05-10 04:06 UTC</strong>
+            Net::SSH Version: <strong>1.1.2</strong><br />
+            Manual Last Updated: <strong>2007-06-18 18:12 UTC</strong>
           </div>
         </td></tr>
       </table>

data/doc/manual-html/chapter-4.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.1.1</strong><br />
-            Manual Last Updated: <strong>2007-05-10 04:06 UTC</strong>
+            Net::SSH Version: <strong>1.1.2</strong><br />
+            Manual Last Updated: <strong>2007-06-18 18:12 UTC</strong>
           </div>
         </td></tr>
       </table>

data/doc/manual-html/chapter-5.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.1.1</strong><br />
-            Manual Last Updated: <strong>2007-05-10 04:06 UTC</strong>
+            Net::SSH Version: <strong>1.1.2</strong><br />
+            Manual Last Updated: <strong>2007-06-18 18:12 UTC</strong>
           </div>
         </td></tr>
       </table>

data/doc/manual-html/chapter-6.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.1.1</strong><br />
-            Manual Last Updated: <strong>2007-05-10 04:06 UTC</strong>
+            Net::SSH Version: <strong>1.1.2</strong><br />
+            Manual Last Updated: <strong>2007-06-18 18:12 UTC</strong>
           </div>
         </td></tr>
       </table>

data/doc/manual-html/chapter-7.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.1.1</strong><br />
-            Manual Last Updated: <strong>2007-05-10 04:06 UTC</strong>
+            Net::SSH Version: <strong>1.1.2</strong><br />
+            Manual Last Updated: <strong>2007-06-18 18:12 UTC</strong>
           </div>
         </td></tr>
       </table>

data/doc/manual-html/index.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.1.1</strong><br />
-            Manual Last Updated: <strong>2007-05-10 04:06 UTC</strong>
+            Net::SSH Version: <strong>1.1.2</strong><br />
+            Manual Last Updated: <strong>2007-06-18 18:12 UTC</strong>
           </div>
         </td></tr>
       </table>

data/lib/net/ssh/connection/channel.rb

@@ -303,10 +303,10 @@ module Net
             data = data[0,window_size]
           end
 
-          if data.length + overhead > maximum_packet_size
-            data_to_return = data[maximum_packet_size..-1] + 
-              ( data_to_return || "" )
-            data = data[0,maximum_packet_size]
+          max_size_less_overhead = maximum_packet_size - overhead
+          if data.length > max_size_less_overhead
+            data_to_return = data[max_size_less_overhead..-1] + ( data_to_return || "" )
+            data = data[0,max_size_less_overhead]
           end
 
           [ data, data_to_return ]

data/lib/net/ssh/connection/driver.rb

@@ -71,7 +71,7 @@ module Net
         # the confirmation, the +on_confirm+ callback will be invoked.
         def open_channel( type, extra_data=nil, &on_confirm )
           channel = @factories[:open].call( type, extra_data )
-          channel.on_confirm_open &on_confirm
+          channel.on_confirm_open(&on_confirm)
           @channel_map[ channel.local_id ] = channel
         end
 

data/lib/net/ssh/host-key-verifier.rb

@@ -1,20 +1,13 @@
 require 'net/ssh/errors'
+require 'net/ssh/known-hosts'
 
 module Net
   module SSH
 
     class HostKeyVerifier
       def verify(arguments)
-        # first, find any matches on hostname+port
-        matches = keys.select do |item|
-            host = item[:host] || arguments[:peer][:host]
-            ip   = item[:ip]   || arguments[:peer][:ip]
-            port = item[:port] || arguments[:peer][:port]
-
-            host == arguments[:peer][:host] &&
-            ip   == arguments[:peer][:ip]   &&
-            port == arguments[:peer][:port]
-          end
+        host = canonize(arguments[:peer])
+        matches = Net::SSH::KnownHosts.search_for(host)
 
         # we've never seen this host before, so just automatically add the key.
         # not the most secure option (since the first hit might be the one that
@@ -22,85 +15,36 @@ module Net
         # fingerprint, this is a reasonable compromise between usability and
         # security.
         if matches.empty?
-          add_key(arguments)
+          Net::SSH::KnownHosts.add(host, arguments[:key])
           return true
         end
 
         # If we found any matches, check to see that the key type and
         # blob also match.
-        found = matches.any? do |item|
-            item[:type] == arguments[:key].ssh_type &&
-            item[:key]  == arguments[:key_blob]
-          end
+        found = matches.any? do |key|
+          key.ssh_type == arguments[:key].ssh_type &&
+          key.to_blob  == arguments[:key].to_blob
+        end
 
         # If a match was found, return true. Otherwise, raise an exception
         # indicating that the key was not recognized.
-        found || process_cache_miss(arguments)
+        found || process_cache_miss(host, arguments)
       end
 
       private
 
-        def process_cache_miss(args)
-          exception = HostKeyMismatch.new("fingerprint #{args[:fingerprint]} does not match for #{args[:peer][:host]}")
+        def process_cache_miss(host, args)
+          exception = HostKeyMismatch.new("fingerprint #{args[:fingerprint]} does not match for #{host.join(',')}")
           exception.data = args
-          exception.callback = Proc.new { add_key(args) }
+          exception.callback = Proc.new { Net::SSH::KnownHosts.add(host, args[:key]) }
           raise exception
         end
 
-        def home_directory
-          ENV['HOME'] ||
-            (ENV['HOMEPATH'] && "#{ENV['HOMEDRIVE']}#{ENV['HOMEPATH']}") ||
-            "/"
-        end
-
-        def user_key_file
-          @user_key_file ||= "#{home_directory}/.ssh/known_hosts"
-        end
-
-        def add_key(args)
-          keys << { :host => args[:peer][:host], :port => args[:peer][:port], :ip => args[:peer][:ip], :type => args[:key].ssh_type, :key => args[:key_blob] }
-
-          key_directory = File.dirname(user_key_file)
-          Dir.mkdir(key_directory, 0700) if !File.exists?(key_directory)
-
-          File.open(user_key_file, "a") do |f|
-            host = args[:peer][:host]
-            host = "[#{host}]:#{args[:peer][:port]}" if host && args[:peer][:port] != 22
-
-            ip = args[:peer][:ip]
-            ip = nil if ip == "127.0.0.1" || ip == "::1"
-
-            host = [host, ip].compact.join(",")
-            f.puts "%s %s %s" % [host, args[:key].ssh_type, [args[:key_blob]].pack("m*").gsub(/\s/, "")]
-          end
-        end
-
-        def keys
-          @keys ||= begin
-            list = []
-            list.concat(load_keys_from(user_key_file)) if File.exist?(user_key_file)
-            list
-          end
-        end
-
-        def load_keys_from(path)
-          File.readlines(path).map do |line|
-            host, type, key = line.chomp.split
-            host, address = host.split(/,/)
-
-            if address.nil? && host =~ /^\d+\.\d+\.\d+\.\d+$/
-              host, address = address, host
-            end
-
-            if host
-              host, port = host.split(/:/, 2)
-              host = host.gsub(/[\[\]]/, "")
-            end
-
-            key = key.unpack("m*").first
-            
-            { :host => host, :ip => address, :port => port, :type => type, :key => key }
-          end
+        def canonize(peer)
+          hosts = []
+          hosts << Net::SSH::KnownHosts.canonize(peer[:host], peer[:port])
+          hosts << Net::SSH::KnownHosts.canonize(peer[:ip], peer[:port])
+          hosts.compact
         end
     end
 

data/lib/net/ssh/known-hosts.rb

@@ -0,0 +1,96 @@
+require 'strscan'
+require 'net/ssh/transport/ossl/buffer'
+require 'net/ssh/util/openssl'
+
+module Net; module SSH
+  class KnownHosts
+    class <<self
+      def canonize(location, port)
+        value = location
+        value = "[#{value}]:#{port}" if port && port != 22
+        value
+      end
+
+      def search_for(host)
+        search_in(hostfile_locations, host)
+      end
+
+      def add(host, key)
+        hostfile_locations.each do |file|
+          begin
+            KnownHosts.new(file).add(host, key)
+            return
+          rescue SystemCallError
+            # try the next hostfile
+          end
+        end
+      end
+
+      def search_in(files, host)
+        files.map { |file| KnownHosts.new(file).keys_for(host) }.flatten
+      end
+
+      def hostfile_locations
+        @hostfile_locations ||= [
+          "#{home_directory}/.ssh/known_hosts",
+          "#{home_directory}/.ssh/known_hosts2",
+          "/etc/ssh/ssh_known_hosts",
+          "/etc/ssh/ssh_known_hosts2"
+        ]
+      end
+
+      def home_directory
+        ENV['HOME'] ||
+          (ENV['HOMEPATH'] && "#{ENV['HOMEDRIVE']}#{ENV['HOMEPATH']}") ||
+          "/"
+      end
+    end
+
+
+    attr_reader :source
+
+    def initialize(source)
+      @source = source
+    end
+
+    def keys_for(host)
+      keys = []
+      hosts = Array(host)
+
+      File.open(source) do |file|
+        scanner = StringScanner.new("")
+        file.each_line do |line|
+          scanner.string = line
+
+          scanner.skip(/\s*/)
+          next if scanner.match?(/$|#/)
+
+          hostlist = scanner.scan(/\S+/)
+          next if (hostlist.split(/,/) & hosts).empty?
+
+          scanner.skip(/\s*/)
+          type = scanner.scan(/\S+/)
+          scanner.skip(/\s*/)
+          blob = scanner.rest.unpack("m*").first
+          keys << Net::SSH::Transport::OSSL::Buffer.new(blob).read_key
+        end
+      end
+
+      keys
+    rescue SystemCallError
+      return []
+    end
+
+    def add(host, key)
+      dir = File.dirname(source)
+      Dir.mkdir(dir, 0700) if !File.exists?(dir)
+
+      File.open(source, "a") do |file|
+        buffer = Net::SSH::Transport::OSSL::Buffer.new
+        buffer.write_key(key)
+        blob = [buffer.to_s].pack("m*").gsub(/\s/, "")
+        file.puts "#{Array(host).join(',')} #{key.ssh_type} #{blob}"
+      end
+    end
+  end
+end; end