RubyGems - net-ssh - Versions diffs - 1.1.4 → 2.0.0 - Mend

net-ssh 1.1.4 → 2.0.0

Files changed (297) hide show

data/CHANGELOG.rdoc +37 -0
data/Manifest +101 -0
data/README.rdoc +110 -0
data/Rakefile +26 -0
data/{THANKS → THANKS.rdoc} +2 -5
data/lib/net/ssh.rb +189 -57
data/lib/net/ssh/authentication/agent.rb +175 -0
data/lib/net/ssh/authentication/constants.rb +18 -0
data/lib/net/ssh/authentication/key_manager.rb +166 -0
data/lib/net/ssh/authentication/methods/abstract.rb +60 -0
data/lib/net/ssh/authentication/methods/hostbased.rb +71 -0
data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +66 -0
data/lib/net/ssh/authentication/methods/password.rb +39 -0
data/lib/net/ssh/authentication/methods/publickey.rb +92 -0
data/lib/net/ssh/authentication/pageant.rb +176 -0
data/lib/net/ssh/authentication/session.rb +116 -0
data/lib/net/ssh/buffer.rb +339 -0
data/lib/net/ssh/buffered_io.rb +149 -0
data/lib/net/ssh/config.rb +173 -0
data/lib/net/ssh/connection/channel.rb +575 -454
data/lib/net/ssh/connection/constants.rb +31 -45
data/lib/net/ssh/connection/session.rb +569 -0
data/lib/net/ssh/connection/term.rb +176 -88
data/lib/net/ssh/errors.rb +83 -61
data/lib/net/ssh/key_factory.rb +85 -0
data/lib/net/ssh/known_hosts.rb +129 -0
data/lib/net/ssh/loggable.rb +61 -0
data/lib/net/ssh/packet.rb +102 -0
data/lib/net/ssh/prompt.rb +93 -0
data/lib/net/ssh/proxy/errors.rb +8 -28
data/lib/net/ssh/proxy/http.rb +75 -107
data/lib/net/ssh/proxy/socks4.rb +35 -48
data/lib/net/ssh/proxy/socks5.rb +76 -108
data/lib/net/ssh/service/forward.rb +267 -0
data/lib/net/ssh/test.rb +89 -0
data/lib/net/ssh/test/channel.rb +129 -0
data/lib/net/ssh/test/extensions.rb +152 -0
data/lib/net/ssh/test/kex.rb +44 -0
data/lib/net/ssh/test/local_packet.rb +51 -0
data/lib/net/ssh/test/packet.rb +81 -0
data/lib/net/ssh/test/remote_packet.rb +38 -0
data/lib/net/ssh/test/script.rb +157 -0
data/lib/net/ssh/test/socket.rb +59 -0
data/lib/net/ssh/transport/algorithms.rb +384 -0
data/lib/net/ssh/transport/cipher_factory.rb +72 -0
data/lib/net/ssh/transport/constants.rb +22 -58
data/lib/net/ssh/transport/hmac.rb +31 -0
data/lib/net/ssh/transport/hmac/abstract.rb +48 -0
data/lib/net/ssh/transport/hmac/md5.rb +12 -0
data/lib/net/ssh/transport/hmac/md5_96.rb +11 -0
data/lib/net/ssh/transport/hmac/none.rb +15 -0
data/lib/net/ssh/transport/hmac/sha1.rb +13 -0
data/lib/net/ssh/transport/hmac/sha1_96.rb +11 -0
data/lib/net/ssh/transport/identity_cipher.rb +40 -0
data/lib/net/ssh/transport/kex.rb +13 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +208 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +77 -0
data/lib/net/ssh/{util → transport}/openssl.rb +22 -40
data/lib/net/ssh/transport/packet_stream.rb +230 -0
data/lib/net/ssh/transport/server_version.rb +61 -0
data/lib/net/ssh/transport/session.rb +225 -303
data/lib/net/ssh/transport/state.rb +170 -0
data/lib/net/ssh/verifiers/lenient.rb +30 -0
data/lib/net/ssh/verifiers/null.rb +12 -0
data/lib/net/ssh/verifiers/strict.rb +53 -0
data/lib/net/ssh/version.rb +57 -26
data/net-ssh.gemspec +54 -0
data/setup.rb +1585 -0
data/test/authentication/methods/common.rb +28 -0
data/test/authentication/methods/test_abstract.rb +51 -0
data/test/authentication/methods/test_hostbased.rb +108 -0
data/test/authentication/methods/test_keyboard_interactive.rb +98 -0
data/test/authentication/methods/test_password.rb +50 -0
data/test/authentication/methods/test_publickey.rb +123 -0
data/test/authentication/test_agent.rb +205 -0
data/test/authentication/test_key_manager.rb +100 -0
data/test/authentication/test_session.rb +93 -0
data/test/common.rb +106 -0
data/test/configs/exact_match +8 -0
data/test/configs/wild_cards +14 -0
data/test/connection/test_channel.rb +452 -0
data/test/connection/test_session.rb +483 -0
data/test/test_all.rb +6 -0
data/test/test_buffer.rb +336 -0
data/test/test_buffered_io.rb +63 -0
data/test/test_config.rb +78 -0
data/test/test_key_factory.rb +67 -0
data/test/transport/hmac/test_md5.rb +34 -0
data/test/transport/hmac/test_md5_96.rb +25 -0
data/test/transport/hmac/test_none.rb +34 -0
data/test/transport/hmac/test_sha1.rb +34 -0
data/test/transport/hmac/test_sha1_96.rb +25 -0
data/test/transport/kex/test_diffie_hellman_group1_sha1.rb +146 -0
data/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +92 -0
data/test/transport/test_algorithms.rb +302 -0
data/test/transport/test_cipher_factory.rb +163 -0
data/test/transport/test_hmac.rb +34 -0
data/test/transport/test_identity_cipher.rb +40 -0
data/test/transport/test_packet_stream.rb +433 -0
data/test/transport/test_server_version.rb +55 -0
data/test/transport/test_session.rb +312 -0
data/test/transport/test_state.rb +173 -0
metadata +102 -253
data/ChangeLog +0 -560
data/LICENSE +0 -7
data/NEWS +0 -152
data/README +0 -14
data/bin/rb-keygen +0 -210
data/doc/LICENSE-BSD +0 -27
data/doc/LICENSE-GPL +0 -280
data/doc/LICENSE-RUBY +0 -56
data/doc/manual-html/chapter-1.html +0 -388
data/doc/manual-html/chapter-2.html +0 -552
data/doc/manual-html/chapter-3.html +0 -470
data/doc/manual-html/chapter-4.html +0 -413
data/doc/manual-html/chapter-5.html +0 -525
data/doc/manual-html/chapter-6.html +0 -456
data/doc/manual-html/chapter-7.html +0 -343
data/doc/manual-html/index.html +0 -235
data/doc/manual-html/stylesheets/manual.css +0 -270
data/doc/manual-html/stylesheets/ruby.css +0 -17
data/doc/manual/chapter.erb +0 -38
data/doc/manual/example.erb +0 -18
data/doc/manual/index.erb +0 -29
data/doc/manual/manual.rb +0 -311
data/doc/manual/manual.yml +0 -73
data/doc/manual/page.erb +0 -87
data/doc/manual/parts/0000.txt +0 -5
data/doc/manual/parts/0001.txt +0 -3
data/doc/manual/parts/0002.txt +0 -40
data/doc/manual/parts/0003.txt +0 -6
data/doc/manual/parts/0004.txt +0 -7
data/doc/manual/parts/0005.txt +0 -1
data/doc/manual/parts/0006.txt +0 -49
data/doc/manual/parts/0007.txt +0 -67
data/doc/manual/parts/0008.txt +0 -43
data/doc/manual/parts/0009.txt +0 -14
data/doc/manual/parts/0010.txt +0 -7
data/doc/manual/parts/0011.txt +0 -14
data/doc/manual/parts/0012.txt +0 -3
data/doc/manual/parts/0013.txt +0 -20
data/doc/manual/parts/0014.txt +0 -32
data/doc/manual/parts/0015.txt +0 -14
data/doc/manual/parts/0016.txt +0 -28
data/doc/manual/parts/0017.txt +0 -50
data/doc/manual/parts/0018.txt +0 -35
data/doc/manual/parts/0019.txt +0 -7
data/doc/manual/parts/0020.txt +0 -72
data/doc/manual/parts/0021.txt +0 -50
data/doc/manual/parts/0022.txt +0 -42
data/doc/manual/parts/0023.txt +0 -51
data/doc/manual/parts/0024.txt +0 -18
data/doc/manual/parts/0025.txt +0 -18
data/doc/manual/parts/0026.txt +0 -15
data/doc/manual/parts/0027.txt +0 -37
data/doc/manual/parts/0028.txt +0 -16
data/doc/manual/parts/0029.txt +0 -1
data/doc/manual/parts/0030.txt +0 -52
data/doc/manual/parts/0031.txt +0 -25
data/doc/manual/stylesheets/manual.css +0 -270
data/doc/manual/stylesheets/ruby.css +0 -17
data/doc/manual/tutorial.erb +0 -30
data/examples/auth-forward.rb +0 -41
data/examples/channel-demo.rb +0 -81
data/examples/port-forward.rb +0 -51
data/examples/process-demo.rb +0 -91
data/examples/remote-net-port-forward.rb +0 -45
data/examples/remote-port-forward.rb +0 -80
data/examples/shell-demo.rb +0 -46
data/examples/ssh-client.rb +0 -67
data/examples/sync-shell-demo.rb +0 -69
data/examples/tail-demo.rb +0 -49
data/lib/net/ssh/connection/driver.rb +0 -446
data/lib/net/ssh/connection/services.rb +0 -72
data/lib/net/ssh/host-key-verifier.rb +0 -52
data/lib/net/ssh/known-hosts.rb +0 -96
data/lib/net/ssh/lenient-host-key-verifier.rb +0 -25
data/lib/net/ssh/null-host-key-verifier.rb +0 -14
data/lib/net/ssh/service/agentforward/driver.rb +0 -78
data/lib/net/ssh/service/agentforward/services.rb +0 -41
data/lib/net/ssh/service/forward/driver.rb +0 -319
data/lib/net/ssh/service/forward/local-network-handler.rb +0 -71
data/lib/net/ssh/service/forward/remote-network-handler.rb +0 -83
data/lib/net/ssh/service/forward/services.rb +0 -76
data/lib/net/ssh/service/process/driver.rb +0 -153
data/lib/net/ssh/service/process/open.rb +0 -193
data/lib/net/ssh/service/process/popen3.rb +0 -178
data/lib/net/ssh/service/process/services.rb +0 -66
data/lib/net/ssh/service/services.rb +0 -60
data/lib/net/ssh/service/shell/driver.rb +0 -86
data/lib/net/ssh/service/shell/services.rb +0 -54
data/lib/net/ssh/service/shell/shell.rb +0 -222
data/lib/net/ssh/service/shell/sync.rb +0 -114
data/lib/net/ssh/session.rb +0 -305
data/lib/net/ssh/transport/algorithm-negotiator.rb +0 -275
data/lib/net/ssh/transport/compress/compressor.rb +0 -53
data/lib/net/ssh/transport/compress/decompressor.rb +0 -53
data/lib/net/ssh/transport/compress/none-compressor.rb +0 -39
data/lib/net/ssh/transport/compress/none-decompressor.rb +0 -39
data/lib/net/ssh/transport/compress/services.rb +0 -68
data/lib/net/ssh/transport/compress/zlib-compressor.rb +0 -60
data/lib/net/ssh/transport/compress/zlib-decompressor.rb +0 -52
data/lib/net/ssh/transport/errors.rb +0 -47
data/lib/net/ssh/transport/identity-cipher.rb +0 -61
data/lib/net/ssh/transport/kex/dh-gex.rb +0 -106
data/lib/net/ssh/transport/kex/dh.rb +0 -249
data/lib/net/ssh/transport/kex/services.rb +0 -62
data/lib/net/ssh/transport/ossl/buffer-factory.rb +0 -52
data/lib/net/ssh/transport/ossl/buffer.rb +0 -87
data/lib/net/ssh/transport/ossl/cipher-factory.rb +0 -98
data/lib/net/ssh/transport/ossl/digest-factory.rb +0 -51
data/lib/net/ssh/transport/ossl/hmac-factory.rb +0 -71
data/lib/net/ssh/transport/ossl/hmac/hmac.rb +0 -62
data/lib/net/ssh/transport/ossl/hmac/md5-96.rb +0 -44
data/lib/net/ssh/transport/ossl/hmac/md5.rb +0 -46
data/lib/net/ssh/transport/ossl/hmac/none.rb +0 -46
data/lib/net/ssh/transport/ossl/hmac/services.rb +0 -68
data/lib/net/ssh/transport/ossl/hmac/sha1-96.rb +0 -44
data/lib/net/ssh/transport/ossl/hmac/sha1.rb +0 -45
data/lib/net/ssh/transport/ossl/key-factory.rb +0 -116
data/lib/net/ssh/transport/ossl/services.rb +0 -149
data/lib/net/ssh/transport/packet-stream.rb +0 -236
data/lib/net/ssh/transport/services.rb +0 -146
data/lib/net/ssh/transport/version-negotiator.rb +0 -73
data/lib/net/ssh/userauth/agent.rb +0 -222
data/lib/net/ssh/userauth/constants.rb +0 -35
data/lib/net/ssh/userauth/driver.rb +0 -183
data/lib/net/ssh/userauth/methods/hostbased.rb +0 -119
data/lib/net/ssh/userauth/methods/keyboard-interactive.rb +0 -104
data/lib/net/ssh/userauth/methods/password.rb +0 -70
data/lib/net/ssh/userauth/methods/publickey.rb +0 -137
data/lib/net/ssh/userauth/methods/services.rb +0 -90
data/lib/net/ssh/userauth/pageant.rb +0 -197
data/lib/net/ssh/userauth/services.rb +0 -141
data/lib/net/ssh/userauth/userkeys.rb +0 -258
data/lib/net/ssh/util/buffer.rb +0 -274
data/lib/net/ssh/util/prompter.rb +0 -73
data/test/ALL-TESTS.rb +0 -18
data/test/connection/tc_channel.rb +0 -136
data/test/connection/tc_driver.rb +0 -287
data/test/connection/tc_integration.rb +0 -87
data/test/proxy/tc_http.rb +0 -209
data/test/proxy/tc_socks4.rb +0 -148
data/test/proxy/tc_socks5.rb +0 -214
data/test/service/agentforward/tc_driver.rb +0 -138
data/test/service/forward/tc_driver.rb +0 -289
data/test/service/forward/tc_local_network_handler.rb +0 -123
data/test/service/forward/tc_remote_network_handler.rb +0 -111
data/test/service/process/tc_driver.rb +0 -79
data/test/service/process/tc_integration.rb +0 -119
data/test/service/process/tc_open.rb +0 -179
data/test/service/process/tc_popen3.rb +0 -164
data/test/tc_integration.rb +0 -80
data/test/transport/compress/tc_none_compress.rb +0 -41
data/test/transport/compress/tc_none_decompress.rb +0 -45
data/test/transport/compress/tc_zlib_compress.rb +0 -61
data/test/transport/compress/tc_zlib_decompress.rb +0 -48
data/test/transport/kex/tc_dh.rb +0 -312
data/test/transport/kex/tc_dh_gex.rb +0 -71
data/test/transport/ossl/fixtures/dsa-encrypted +0 -15
data/test/transport/ossl/fixtures/dsa-encrypted-bad +0 -15
data/test/transport/ossl/fixtures/dsa-unencrypted +0 -12
data/test/transport/ossl/fixtures/dsa-unencrypted-bad +0 -12
data/test/transport/ossl/fixtures/dsa-unencrypted.pub +0 -1
data/test/transport/ossl/fixtures/not-a-private-key +0 -4
data/test/transport/ossl/fixtures/not-supported +0 -2
data/test/transport/ossl/fixtures/rsa-encrypted +0 -18
data/test/transport/ossl/fixtures/rsa-encrypted-bad +0 -18
data/test/transport/ossl/fixtures/rsa-unencrypted +0 -15
data/test/transport/ossl/fixtures/rsa-unencrypted-bad +0 -15
data/test/transport/ossl/fixtures/rsa-unencrypted.pub +0 -1
data/test/transport/ossl/hmac/tc_hmac.rb +0 -58
data/test/transport/ossl/hmac/tc_md5.rb +0 -50
data/test/transport/ossl/hmac/tc_md5_96.rb +0 -50
data/test/transport/ossl/hmac/tc_none.rb +0 -50
data/test/transport/ossl/hmac/tc_sha1.rb +0 -50
data/test/transport/ossl/hmac/tc_sha1_96.rb +0 -50
data/test/transport/ossl/tc_buffer.rb +0 -97
data/test/transport/ossl/tc_buffer_factory.rb +0 -67
data/test/transport/ossl/tc_cipher_factory.rb +0 -84
data/test/transport/ossl/tc_digest_factory.rb +0 -39
data/test/transport/ossl/tc_hmac_factory.rb +0 -72
data/test/transport/ossl/tc_key_factory.rb +0 -199
data/test/transport/tc_algorithm_negotiator.rb +0 -170
data/test/transport/tc_identity_cipher.rb +0 -52
data/test/transport/tc_integration.rb +0 -115
data/test/transport/tc_packet_stream.rb +0 -184
data/test/transport/tc_session.rb +0 -296
data/test/transport/tc_version_negotiator.rb +0 -86
data/test/userauth/methods/tc_hostbased.rb +0 -136
data/test/userauth/methods/tc_password.rb +0 -89
data/test/userauth/methods/tc_publickey.rb +0 -167
data/test/userauth/tc_agent.rb +0 -223
data/test/userauth/tc_driver.rb +0 -190
data/test/userauth/tc_integration.rb +0 -97
data/test/userauth/tc_userkeys.rb +0 -265
data/test/util/tc_buffer.rb +0 -217

data/lib/net/ssh/authentication/methods/keyboard_interactive.rb ADDED

@@ -0,0 +1,66 @@
+require 'net/ssh/prompt'
+require 'net/ssh/authentication/methods/abstract'
+module Net
+  module SSH
+    module Authentication
+      module Methods
+        # Implements the "keyboard-interactive" SSH authentication method.
+        class KeyboardInteractive < Abstract
+          include Prompt
+          USERAUTH_INFO_REQUEST  = 60
+          USERAUTH_INFO_RESPONSE = 61
+          # Attempt to authenticate the given user for the given service.
+          def authenticate(next_service, username, password=nil)
+            debug { "trying keyboard-interactive" }
+            send_message(userauth_request(username, next_service, "keyboard-interactive", "", ""))
+            loop do
+              message = session.next_message
+              case message.type
+              when USERAUTH_SUCCESS
+                debug { "keyboard-interactive succeeded" }
+                return true
+              when USERAUTH_FAILURE
+                debug { "keyboard-interactive failed" }
+                return false
+              when USERAUTH_INFO_REQUEST
+                name = message.read_string
+                instruction = message.read_string
+                debug { "keyboard-interactive info request" }
+                unless password
+                  puts(name) unless name.empty?
+                  puts(instruction) unless instruction.empty?
+                end
+                lang_tag = message.read_string
+                responses =[]
+                message.read_long.times do
+                  text = message.read_string
+                  echo = message.read_bool
+                  responses << (password || prompt(text, echo))
+                end
+                # if the password failed the first time around, don't try
+                # and use it on subsequent requests.
+                password = nil
+                msg = Buffer.from(:byte, USERAUTH_INFO_RESPONSE, :long, responses.length, :string, responses)
+                send_message(msg)
+              else
+                raise Net::SSH::Exception, "unexpected reply in keyboard interactive: #{message.type} (#{message.inspect})"
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/authentication/methods/password.rb ADDED

@@ -0,0 +1,39 @@
+require 'net/ssh/errors'
+require 'net/ssh/authentication/methods/abstract'
+module Net
+  module SSH
+    module Authentication
+      module Methods
+        # Implements the "password" SSH authentication method.
+        class Password < Abstract
+          # Attempt to authenticate the given user for the given service. If
+          # the password parameter is nil, this will never do anything except
+          # return false.
+          def authenticate(next_service, username, password=nil)
+            return false unless password
+            send_message(userauth_request(username, next_service, "password", false, password))
+            message = session.next_message
+            case message.type
+              when USERAUTH_SUCCESS
+                debug { "password succeeded" }
+                return true
+              when USERAUTH_FAILURE
+                debug { "password failed" }
+                return false
+              when USERAUTH_PASSWD_CHANGEREQ
+                debug { "password change request received, failing" }
+                return false
+              else
+                raise Net::SSH::Exception, "unexpected reply to USERAUTH_REQUEST: #{message.type} (#{message.inspect})"
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/authentication/methods/publickey.rb ADDED

@@ -0,0 +1,92 @@
+require 'net/ssh/buffer'
+require 'net/ssh/errors'
+require 'net/ssh/authentication/methods/abstract'
+module Net
+  module SSH
+    module Authentication
+      module Methods
+        # Implements the "publickey" SSH authentication method.
+        class Publickey < Abstract
+          # Attempts to perform public-key authentication for the given
+          # username, trying each identity known to the key manager. If any of
+          # them succeed, returns +true+, otherwise returns +false+. This
+          # requires the presence of a key manager.
+          def authenticate(next_service, username, password=nil)
+            return false unless key_manager
+            key_manager.identities.each do |identity|
+              return true if authenticate_with(identity, next_service, username)
+            end
+            return false
+          end
+          private
+            # Builds a packet that contains the request formatted for sending
+            # a public-key request to the server.
+            def build_request(pub_key, username, next_service, has_sig)
+              blob = Net::SSH::Buffer.new
+              blob.write_key pub_key
+              userauth_request(username, next_service, "publickey", has_sig,
+                pub_key.ssh_type, blob.to_s)
+            end
+            # Builds and sends a request formatted for a public-key
+            # authentication request.
+            def send_request(pub_key, username, next_service, signature=nil)
+              msg = build_request(pub_key, username, next_service, !signature.nil?)
+              msg.write_string(signature) if signature
+              send_message(msg)
+            end
+            # Attempts to perform public-key authentication for the given
+            # username, with the given identity (public key). Returns +true+ if
+            # successful, or +false+ otherwise.
+            def authenticate_with(identity, next_service, username)
+              debug { "trying publickey (#{identity.fingerprint})" }
+              send_request(identity, username, next_service)
+              message = session.next_message
+              case message.type
+                when USERAUTH_PK_OK
+                  buffer = build_request(identity, username, next_service, true)
+                  sig_data = Net::SSH::Buffer.new
+                  sig_data.write_string(session_id)
+                  sig_data.append(buffer.to_s)
+                  sig_blob = key_manager.sign(identity, sig_data)
+                  send_request(identity, username, next_service, sig_blob.to_s)
+                  message = session.next_message
+                  case message.type
+                    when USERAUTH_SUCCESS
+                      debug { "publickey succeeded (#{identity.fingerprint})" }
+                      return true
+                    when USERAUTH_FAILURE
+                      debug { "publickey failed (#{identity.fingerprint})" }
+                      return false
+                    else
+                      raise Net::SSH::Exception,
+                        "unexpected server response to USERAUTH_REQUEST: #{message.type} (#{message.inspect})"
+                  end
+                when USERAUTH_FAILURE
+                  return false
+                else
+                  raise Net::SSH::Exception, "unexpected reply to USERAUTH_REQUEST: #{message.type} (#{message.inspect})"
+              end
+            end
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/authentication/pageant.rb ADDED

@@ -0,0 +1,176 @@
+require 'dl/import'
+require 'dl/struct'
+require 'net/ssh/errors'
+module Net; module SSH; module Authentication
+  # This module encapsulates the implementation of a socket factory that
+  # uses the PuTTY "pageant" utility to obtain information about SSH
+  # identities.
+  #
+  # This code is a slightly modified version of the original implementation
+  # by Guillaume Mar�ais (guillaume.marcais@free.fr). It is used and
+  # relicensed by permission.
+  module Pageant
+    # From Putty pageant.c
+    AGENT_MAX_MSGLEN = 8192
+    AGENT_COPYDATA_ID = 0x804e50ba
+    # The definition of the Windows methods and data structures used in
+    # communicating with the pageant process.
+    module Win
+      extend DL::Importable
+      dlload 'user32'
+      dlload 'kernel32'
+      typealias("LPCTSTR", "char *")         # From winnt.h
+      typealias("LPVOID", "void *")          # From winnt.h
+      typealias("LPCVOID", "const void *")   # From windef.h
+      typealias("LRESULT", "long")           # From windef.h
+      typealias("WPARAM", "unsigned int *")  # From windef.h
+      typealias("LPARAM", "long *")          # From windef.h
+      typealias("PDWORD_PTR", "long *")      # From basetsd.h
+      # From winbase.h, winnt.h
+      INVALID_HANDLE_VALUE = -1
+      NULL = nil
+      PAGE_READWRITE = 0x0004
+      FILE_MAP_WRITE = 2
+      WM_COPYDATA = 74
+      SMTO_NORMAL = 0   # From winuser.h
+      # args: lpClassName, lpWindowName
+      extern 'HWND FindWindow(LPCTSTR, LPCTSTR)'
+      # args: none
+      extern 'DWORD GetCurrentThreadId()'
+      # args: hFile, (ignored), flProtect, dwMaximumSizeHigh,
+      #           dwMaximumSizeLow, lpName
+      extern 'HANDLE CreateFileMapping(HANDLE, void *, DWORD, DWORD, ' +
+                                      'DWORD, LPCTSTR)'
+      # args: hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh,
+      #           dwfileOffsetLow, dwNumberOfBytesToMap
+      extern 'LPVOID MapViewOfFile(HANDLE, DWORD, DWORD, DWORD, DWORD)'
+      # args: lpBaseAddress
+      extern 'BOOL UnmapViewOfFile(LPCVOID)'
+      # args: hObject
+      extern 'BOOL CloseHandle(HANDLE)'
+      # args: hWnd, Msg, wParam, lParam, fuFlags, uTimeout, lpdwResult
+      extern 'LRESULT SendMessageTimeout(HWND, UINT, WPARAM, LPARAM, ' +
+                                        'UINT, UINT, PDWORD_PTR)'
+    end
+    # This is the pseudo-socket implementation that mimics the interface of
+    # a socket, translating each request into a Windows messaging call to
+    # the pageant daemon. This allows pageant support to be implemented
+    # simply by replacing the socket factory used by the Agent class.
+    class Socket
+      private_class_method :new
+      # The factory method for creating a new Socket instance. The location
+      # parameter is ignored, and is only needed for compatibility with
+      # the general Socket interface.
+      def self.open(location=nil)
+        new
+      end
+      # Create a new instance that communicates with the running pageant
+      # instance. If no such instance is running, this will cause an error.
+      def initialize
+        @win = Win.findWindow("Pageant", "Pageant")
+        if @win == 0
+          raise Net::SSH::Exception,
+            "pageant process not running"
+        end
+        @res = nil
+        @pos = 0
+      end
+      # Forwards the data to #send_query, ignoring any arguments after
+      # the first. Returns 0.
+      def send(data, *args)
+        @res = send_query(data)
+        @pos = 0
+      end
+      # Packages the given query string and sends it to the pageant
+      # process via the Windows messaging subsystem. The result is
+      # cached, to be returned piece-wise when #read is called.
+      def send_query(query)
+        res = nil
+        filemap = 0
+        ptr = nil
+        id = DL::PtrData.malloc(DL.sizeof("L"))
+        mapname = "PageantRequest%08x\000" % Win.getCurrentThreadId()
+        filemap = Win.createFileMapping(Win::INVALID_HANDLE_VALUE,
+                                        Win::NULL,
+                                        Win::PAGE_READWRITE, 0,
+                                        AGENT_MAX_MSGLEN, mapname)
+        if filemap == 0
+          raise Net::SSH::Exception,
+            "Creation of file mapping failed"
+        end
+        ptr = Win.mapViewOfFile(filemap, Win::FILE_MAP_WRITE, 0, 0,
+                                AGENT_MAX_MSGLEN)
+        if ptr.nil? || ptr.null?
+          raise Net::SSH::Exception, "Mapping of file failed"
+        end
+        ptr[0] = query
+        cds = [AGENT_COPYDATA_ID, mapname.size + 1, mapname].
+          pack("LLp").to_ptr
+        succ = Win.sendMessageTimeout(@win, Win::WM_COPYDATA, Win::NULL,
+          cds, Win::SMTO_NORMAL, 5000, id)
+        if succ > 0
+          retlen = 4 + ptr.to_s(4).unpack("N")[0]
+          res = ptr.to_s(retlen)
+        end
+        return res
+      ensure
+        Win.unmapViewOfFile(ptr) unless ptr.nil? || ptr.null?
+        Win.closeHandle(filemap) if filemap != 0
+      end
+      # Conceptually close the socket. This doesn't really do anthing
+      # significant, but merely complies with the Socket interface.
+      def close
+        @res = nil
+        @pos = 0
+      end
+      # Reads +n+ bytes from the cached result of the last query. If +n+
+      # is +nil+, returns all remaining data from the last query.
+      def read(n = nil)
+        return nil unless @res
+        if n.nil?
+          start, @pos = @pos, @res.size
+          return @res[start..-1]
+        else
+          start, @pos = @pos, @pos + n
+          return @res[start, n]
+        end
+      end
+    end
+  end
+end; end; end

data/lib/net/ssh/authentication/session.rb ADDED

@@ -0,0 +1,116 @@
+require 'net/ssh/loggable'
+require 'net/ssh/transport/constants'
+require 'net/ssh/authentication/constants'
+require 'net/ssh/authentication/key_manager'
+require 'net/ssh/authentication/methods/publickey'
+require 'net/ssh/authentication/methods/hostbased'
+require 'net/ssh/authentication/methods/password'
+require 'net/ssh/authentication/methods/keyboard_interactive'
+module Net; module SSH; module Authentication
+  # Represents an authentication session. It manages the authentication of
+  # a user over an established connection (the "transport" object, see
+  # Net::SSH::Transport::Session).
+  #
+  # The use of an authentication session to manage user authentication is
+  # internal to Net::SSH (specifically Net::SSH.start). Consumers of the
+  # Net::SSH library will never need to access this class directly.
+  class Session
+    include Transport::Constants, Constants, Loggable
+    # transport layer abstraction
+    attr_reader :transport
+    # the list of authentication methods to try
+    attr_reader :auth_methods
+    # the list of authentication methods that are allowed
+    attr_reader :allowed_auth_methods
+    # a hash of options, given at construction time
+    attr_reader :options
+    # Instantiates a new Authentication::Session object over the given
+    # transport layer abstraction.
+    def initialize(transport, options={})
+      self.logger = transport.logger
+      @transport = transport
+      @auth_methods = options[:auth_methods] || %w(publickey hostbased password keyboard-interactive)
+      @options = options
+      @allowed_auth_methods = @auth_methods
+    end
+    # Attempts to authenticate the given user, in preparation for the next
+    # service request. Returns true if an authentication method succeeds in
+    # authenticating the user, and false otherwise.
+    def authenticate(next_service, username, password=nil)
+      debug { "beginning authentication of `#{username}'" }
+      transport.send_message(transport.service_request("ssh-userauth"))
+      message = expect_message(SERVICE_ACCEPT)
+      key_manager = KeyManager.new(logger, options)
+      Array(options[:keys]).each { |key| key_manager.add(key) }
+      attempted = []
+      @auth_methods.each do |name|
+        next unless @allowed_auth_methods.include?(name)
+        attempted << name
+        debug { "trying #{name}" }
+        method = Methods.const_get(name.split(/\W+/).map { |p| p.capitalize }.join).new(self, :key_manager => key_manager)
+        return true if method.authenticate(next_service, username, password)
+      end
+      error { "all authorization methods failed (tried #{attempted.join(', ')})" }
+      return false
+    ensure
+      key_manager.finish if key_manager
+    end
+    # Blocks until a packet is received. It silently handles USERAUTH_BANNER
+    # packets, and will raise an error if any packet is received that is not
+    # valid during user authentication.
+    def next_message
+      loop do
+        packet = transport.next_message
+        case packet.type
+        when USERAUTH_BANNER
+          info { packet[:message] }
+          # TODO add a hook for people to retrieve the banner when it is sent
+        when USERAUTH_FAILURE
+          @allowed_auth_methods = packet[:authentications].split(/,/)
+          debug { "allowed methods: #{packet[:authentications]}" }
+          return packet
+        when USERAUTH_METHOD_RANGE, SERVICE_ACCEPT
+          return packet
+        when USERAUTH_SUCCESS
+          transport.hint :authenticated
+          return packet
+        else
+          raise Net::SSH::Exception, "unexpected message #{packet.type} (#{packet})"
+        end
+      end
+    end
+    # Blocks until a packet is received, and returns it if it is of the given
+    # type. If it is not, an exception is raised.
+    def expect_message(type)
+      message = next_message
+      unless message.type == type
+        raise Net::SSH::Exception, "expected #{type}, got #{message.type} (#{message})"
+      end
+      message
+    end
+  end
+end; end; end