net-ssh 1.1.4 → 2.0.0

data/lib/net/ssh/service/shell/sync.rb

@@ -1,114 +0,0 @@
-#--
-# =============================================================================
-# Copyright (c) 2004,2005 Jamis Buck (jamis@37signals.com)
-# All rights reserved.
-#
-# This source file is distributed as part of the Net::SSH Secure Shell Client
-# library for Ruby. This file (and the library as a whole) may be used only as
-# allowed by either the BSD license, or the Ruby license (or, by association
-# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
-# distribution for the texts of these licenses.
-# -----------------------------------------------------------------------------
-# net-ssh website : http://net-ssh.rubyforge.org
-# project website: http://rubyforge.org/projects/net-ssh
-# =============================================================================
-#++
-
-require 'stringio'
-
-module Net
-  module SSH
-    module Service
-      module Shell
-
-        # A version of Shell::Shell that acts synchronously, allowing clients
-        # to execute a command via a shell, wait for it to finish, and then
-        # inspect both the stdout and stderr from the command, as well as the
-        # exit status.
-        class SyncShell
-
-          # A struct representing the result of executing a command.
-          CommandOutput = Struct.new( :stdout, :stderr, :status )
-
-          # The unique confirmation string that is used to recognize the
-          # end of a command's execution.
-          CONFIRMATION = "2357foobarbazzabraboof7532"
-
-          # Create a new SyncShell that uses the given +shell+ factory to obtain
-          # a shell to wrap. The other parameters are used
-          def initialize( shell, log, pty_opts )
-            @log = log
-            @shell = shell.call( pty_opts )
-          end
-
-          # Delegates to Shell::Shell.open?
-          def open?
-            @shell.open?
-          end
-
-          # Attempts to invoke the given command, which must not be
-          # terminated with a newline. If +stdin+ is not nil, it will be sent
-          # to the shell immediately after sending the request to execute the
-          # command. It is expected that this will be used by the program that
-          # was just executed somehow, but this is not (cannot) be enforced.
-          def send_command( cmd, stdin=nil )
-            @log.debug "executing #{cmd.inspect}" if @log.debug?
-            send_data "#{cmd}; printf '%s %d' #{CONFIRMATION} $?\n"
-            send_data stdin if stdin
-
-            out = ""
-            err = ""
-
-            @log.debug "waiting for #{cmd.inspect}" if @log.debug?
-            loop do
-              sleep 0.01
-              out << @shell.stdout while @shell.open? && @shell.stdout?
-              err << @shell.stderr while @shell.open? && @shell.stderr?
-
-              break if !@shell.open? || out.index( CONFIRMATION + " " )
-            end
-
-            if @log.debug?
-              @log.debug "#{cmd.inspect} finished"
-              @log.debug " stdout --> #{out.inspect}"
-              @log.debug " stderr --> #{err.inspect}"
-            end
-
-            if @shell.open?
-              match = out.match( /#{CONFIRMATION} /o )
-              out = match.pre_match
-              status = match.post_match.strip.to_i
-            else
-              status = 0
-            end
-
-            CommandOutput.new( out, ( err.empty? ? nil : err ), status )
-          end
-
-          # Sends the given string directly to the shell, without waiting for
-          # any response.
-          def send_data( data )
-            @shell.send_data data
-          end
-
-          # Dends the given string directly to the shell as the given type of
-          # data, without waiting for any response.
-          def send_extended_data( type, data )
-            @shell.send_extended_data type, data
-          end
-
-          # Reinterprets missing methods as requests to execute commands. The
-          # parameters to the method are concatenated together with spaces
-          # and sent to the shell via #send_command.
-          def method_missing( sym, *args )
-            cmd = sym.to_s
-            cmd << " " << args.join( " " ) unless args.empty?
-            send_command cmd
-          end
-
-        end
-
-      end # SyncShell
-    end # Service
-  end # SSH
-end # Net

data/lib/net/ssh/session.rb

@@ -1,305 +0,0 @@
-#--
-# =============================================================================
-# Copyright (c) 2004,2005 Jamis Buck (jamis@37signals.com)
-# All rights reserved.
-#
-# This source file is distributed as part of the Net::SSH Secure Shell Client
-# library for Ruby. This file (and the library as a whole) may be used only as
-# allowed by either the BSD license, or the Ruby license (or, by association
-# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
-# distribution for the texts of these licenses.
-# -----------------------------------------------------------------------------
-# net-ssh website : http://net-ssh.rubyforge.org
-# project website: http://rubyforge.org/projects/net-ssh
-# =============================================================================
-#++
-
-require 'needle'
-require 'net/ssh/errors'
-
-module Net
-  module SSH
-
-    # Encapsulates a single session (connection) to a server via SSH.
-    class Session
-
-      # The dependency-injection registry used by this session.
-      attr_reader :registry
-
-      # The name of the host that this session is connected to.
-      attr_reader :host
-
-      # The hash of options that were used to establish this session.
-      attr_reader :options
-
-      # The underlying connection
-      attr_reader :connection
-
-      # Create a new SSH session. This method polymorphically accepts a
-      # variable number of parameters, as follows:
-      #
-      # * 1 parameter: must be the hostname to connect to.
-      # * 2 parameters: must be the hostname, and either the port (as an
-      #   integer) or the username to connect as.
-      # * 3 parameters: must be the hostname, and either the port (as an
-      #   integer) and username, or the username and the password.
-      # * 4 parameters: must be the hostname, port, username, and password.
-      #
-      # Any scenario above that omits the username assumes that the USER
-      # environment variable is set to the user's name. Any scenario above that
-      # omits the password assumes that the user will log in without a password
-      # (ie, using a public key). Any scenario above that omits the port number
-      # assumes a port number of 22 (the default for SSH).
-      #
-      # Any of the above scenarios may also accept a Hash as the last
-      # parameter, specifying a list of additional options to be used to
-      # initialize the session. (See Net::SSH::Session.add_options).
-      #
-      # Alternatively, named parameters may be used, in which case the first
-      # parameter is positional and is always the host to connect to, following
-      # which you may specify any of the following named parameters (as
-      # symbols):
-      #
-      # * :port
-      # * :username
-      # * :password
-      #
-      # Any additional parameters are treated as options that configure how the
-      # connection behaves.
-      #
-      # Allowed options are:
-      #
-      # * :keys (the list of filenames identifying the user's keys)
-      # * :host_keys (the list of filenames identifying the host's keys)
-      # * :auth_methods (a list of authentication methods to use)
-      # * :crypto_backend (defaults to :ossl, and specifies the cryptography
-      #   backend to use)
-      # * :registry_options (a hash of options to use when creating the
-      #   registry)
-      # * :container (the registry to use. If not specified, a new registry
-      #   will be created)
-      # * :verbose (how verbose the logging output should be. Defaults to
-      #   :warn).
-      # * :log (the name of the file, or the IO object, to which messages will
-      #   be logged. Defaults to STDERR.)
-      # * :forward_agent (true or false, whether or not to forward requests
-      #   for the authentication agent. Defaults to false.)
-      # * :paranoid (either false, in which case server fingerprints are not
-      #   verified, true, in which case they are verified and mismatches result
-      #   in a warning and a prompt, or an object responding to :allow?, which
-      #   will be invoked and should return true or false for whether or not
-      #   to allow the connection. Defaults to true.)
-      #
-      # Also, any options recognized by Net::SSH::Transport::Session may be
-      # given, and will be passed through to initialize the transport session.
-      #
-      # If a block is given to this method, then it is called with the new
-      # session object. The session object is then closed when the block
-      # terminates. If a block is not given, then the session object is
-      # returned (and must be closed explicitly).
-      def initialize( *args )
-        @open = false
-        @agent_forwarded = false
-
-        process_arguments( *args )
-
-        @registry.define do |b|
-          b.crypto_backend { @crypto_backend }
-          b.transport_host { @host }
-          b.transport_options { @options }
-
-          b.userauth_keys { @keys }
-          b.userauth_host_keys { @host_keys }
-          b.userauth_method_order { @auth_methods }
-
-          b.host_key_verifier { @host_key_verifier }
-
-          # Register myself with the registry, so that other services may
-          # access me.
-          b.session( :pipeline => [] ) { self }
-
-          b.prompter do
-            require 'net/ssh/util/prompter'
-            Net::SSH::Util::Prompter.new
-          end
-
-          b.require 'net/ssh/transport/services', "Net::SSH::Transport"
-          b.require 'net/ssh/connection/services', "Net::SSH::Connection"
-          b.require 'net/ssh/userauth/services', "Net::SSH::UserAuth"
-
-          b.require 'net/ssh/service/services', "Net::SSH::Service"
-        end
-
-        userauth = @registry[:userauth][:driver]
-        if userauth.authenticate( "ssh-connection", @username, @password )
-          @open = true
-          @connection = @registry[:connection][:driver]
-          if block_given?
-            yield self
-            close
-          end
-        else
-          @registry[:transport][:session].close
-          raise AuthenticationFailed, @username
-        end
-      end
-
-      # Closes the session, if it is open. If it is not open, this does
-      # nothing.
-      def close
-        @registry[:transport][:session].close if @open
-        @open = false
-      end
-
-      # Returns +true+ if the session is currently open.
-      def open?
-        @open
-      end
-
-      # Opens a new communication channel over the current connection. This
-      # returns immediately. The block will be invoked when then the channel
-      # has been opened. (See Net::SSH::Connection::Driver#open_channel).
-      def open_channel( type="session", data=nil, &block )
-        sanity_check
-        channel = @connection.open_channel( type, data )
-        channel.on_confirm_open(&block)
-
-        # If we have an agent, and agent-forwarding is enabled, set up
-        # the forwarding. Do this once only, after the first channel
-        # is opened.
-        if @forward_agent && @registry[:userauth].agent
-          unless @agent_forwarded
-            agentforward.request
-            @agent_forwarded = true
-          end
-        end
-
-        channel
-      end
-
-      # Enters the main communication loop. This processes events occuring over
-      # the channel. If a block is given, the loop will continue for as long
-      # as the block returns +true+. Otherwise, the loop continues until there
-      # are no more open channels. (See Net::SSH::Connection::Driver#loop).
-      def loop( &block )
-        sanity_check
-        @connection.loop(&block)
-      end
-
-      # Provides convenient access to services that have been registered with
-      # the session, such as "process" and "forward".
-      #
-      # Usage:
-      #
-      #   session.forward.local(...)
-      def method_missing( sym, *args, &block )
-        if args.empty? && block.nil? && @registry[:services].has_key?( sym )
-          return @registry[:services][ sym ]
-        else
-          super
-        end
-      end
-
-      # Processes the argument list, determining the meaning of each argument
-      # and allowing polymorphic argument lists. (See #initialize).
-      def process_arguments( *args )
-        @options = {}
-        @username = ENV['USER'] || ENV['USERNAME']
-
-        raise ArgumentError,
-          "you must specify the host to connect to" if args.length < 1
-
-        @host = args.shift
-
-        # support for both named arguments, and positional arguments...
-        if args.length == 1 && args[0].is_a?( Hash ) &&
-           ( args[0][:username] || args[0][:password] ||
-             args[0][:port] || args[0][:options] )
-        # then
-          @username = args[0][:username] || @username
-          @password = args[0][:password]
-
-          @options.update args.shift
-        else
-          @options[ :port ] = args.shift if args.first.is_a? Numeric
-          if args.first.nil? || args.first.is_a?( String )
-            @username = args.shift || @username
-          end
-          if args.first.nil? || args.first.is_a?( String )
-            @password = args.shift
-          end
-          @options.update args.shift if args.first.is_a?( Hash )
-        end
-
-        if !args.empty?
-          raise ArgumentError, "extra parameters detected: #{args.inspect}"
-        elsif @username.nil?
-          raise ArgumentError, "no username was given and none could be inferred from the environment"
-        end
-
-        @keys = @options[ :keys ]
-        @host_keys = @options[ :host_keys ]
-        @auth_methods = @options[ :auth_methods ]
-        @forward_agent = @options[ :forward_agent ] || false
-        @crypto_backend = @options.fetch( :crypto_backend, :ossl )
-        @host_key_verifier = host_key_verifier_from(@options.fetch(:paranoid, true))
-
-        verbose = @options.fetch( :verbose, :warn )
-        log = @options.fetch( :log, STDERR )
-
-        @registry_options = @options.fetch( :registry_options, {} )
-
-        @registry_options[ :logs ] ||= {}
-        @registry_options[ :logs ][ :default_level ] = verbose
-
-        if log.is_a? IO
-          @registry_options[ :logs ][ :device ] ||= log
-        else
-          @registry_options[ :logs ][ :filename ] ||= log
-        end
-
-        @registry = @options[ :container ] ||
-          Needle::Registry.new( @registry_options )
-
-        [ :keys, :host_keys, :auth_methods, :username, :password,
-          :crypto_backend, :registry_options, :container, :log, :verbose,
-          :forward_agent, :paranoid
-        ].each do |i|
-          @options.delete i
-        end
-
-        @options.freeze
-      end
-      private :process_arguments
-
-      def host_key_verifier_from(paranoia)
-        case paranoia
-        when true then
-          require 'net/ssh/lenient-host-key-verifier'
-          Net::SSH::LenientHostKeyVerifier.new
-        when false then
-          require 'net/ssh/null-host-key-verifier'
-          Net::SSH::NullHostKeyVerifier.new
-        when :very then
-          require 'net/ssh/host-key-verifier'
-          Net::SSH::HostKeyVerifier.new
-        else
-          if paranoia.respond_to?(:verify)
-            paranoia
-          else
-            raise ArgumentError, "argument to :paranoid is not valid: #{paranoia.inspect}"
-          end
-        end
-      end
-      private :host_key_verifier_from
-
-      # Make sure we're in an acceptible state.
-      def sanity_check
-        raise Net::SSH::Exception, "session not open" unless @open
-      end
-      private :sanity_check
-
-    end
-
-  end
-end

data/lib/net/ssh/transport/algorithm-negotiator.rb

@@ -1,275 +0,0 @@
-#--
-# =============================================================================
-# Copyright (c) 2004,2005 Jamis Buck (jamis@37signals.com)
-# All rights reserved.
-#
-# This source file is distributed as part of the Net::SSH Secure Shell Client
-# library for Ruby. This file (and the library as a whole) may be used only as
-# allowed by either the BSD license, or the Ruby license (or, by association
-# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
-# distribution for the texts of these licenses.
-# -----------------------------------------------------------------------------
-# net-ssh website : http://net-ssh.rubyforge.org
-# project website: http://rubyforge.org/projects/net-ssh
-# =============================================================================
-#++
-
-require 'net/ssh/errors'
-require 'net/ssh/transport/constants'
-require 'net/ssh/known-hosts'
-
-module Net
-  module SSH
-    module Transport
-
-      # The AlgorithmNegotiator is used for negotiating the algorithms to be
-      # employed for a specific SSH session.
-      class AlgorithmNegotiator
-        include Constants
-
-        Algorithms = Struct.new( :server_packet,
-                                 :client_packet,
-                                 :kex,
-                                 :host_key,
-                                 :encryption_c2s,
-                                 :encryption_s2c,
-                                 :mac_c2s,
-                                 :mac_s2c,
-                                 :compression_c2s,
-                                 :compression_s2c,
-                                 :language_c2s,
-                                 :language_s2c,
-                                 :compression_level )
-
-        # Create a new AlgorithmNegotiator instance, using the given logger,
-        # set of default algorithms, and buffer factory.
-        def initialize( logger, algorithms, buffers )
-          @default_algorithms = algorithms
-          @buffers = buffers
-          @logger = logger
-        end
-
-        # Adds the algorithms of the specified type from +options+ to the
-        # @algorithms hash. Also verifies that the specified algorithms are
-        # supported.
-        def prepare_preferred_algorithm( options, algorithm )
-          @algorithms[ algorithm ] = @default_algorithms[ algorithm ].dup
-          if options[algorithm]
-            algos = [ *options[algorithm] ]
-            algos.each do |algo|
-              unless @algorithms[algorithm].include?(algo)
-                raise NotImplementedError,
-                  "unsupported algorithm for #{algorithm.inspect}: #{algo}"
-              end
-            end
-            @algorithms[ algorithm ].unshift( *algos ).uniq!
-          end
-        end
-        private :prepare_preferred_algorithm
-
-        # Builds the @algorithms hash from the values specified in the
-        # +options+ hash.
-        def prepare_preferred_algorithms( session, options )
-          @algorithms = Hash.new
-
-          if !options.key?(:host_key)
-            keys = Net::SSH::KnownHosts.search_for(Net::SSH::KnownHosts.canonize(session.host, session.port))
-            preferred_order = []
-            preferred_order << keys.first.ssh_type if keys.any?
-            options = options.merge(:host_key => preferred_order)
-          end
-
-          prepare_preferred_algorithm options, :host_key
-          prepare_preferred_algorithm options, :kex
-          prepare_preferred_algorithm options, :encryption
-          prepare_preferred_algorithm options, :hmac
-          prepare_preferred_algorithm options, :compression
-          prepare_preferred_algorithm options, :languages
-
-          @compression_level = options[ :compression_level ]
-        end
-        private :prepare_preferred_algorithms
-
-        # looks for the first element in list1 that is also in list2
-        def first_matching_element( list1, list2 )
-          list1 = list1.split( /,/ ) if String === list1
-          list2 = list2.split( /,/ ) if String === list2
-
-          list1.each do |item|
-            return item if list2.include? item
-          end
-
-          return nil
-        end
-        private :first_matching_element
-
-        # Negotiate the supported algorithms with the server. If a compromise
-        # cannot be reached between what the client wants and what the server
-        # can provide, this will fail.
-        def negotiate( session, options )
-          prepare_preferred_algorithms session, options
-
-          # first, discover what the server can do
-          type, buffer = session.wait_for_message
-          raise Net::SSH::Exception, "expected KEXINIT" unless type == KEXINIT
-
-          server_algorithm_packet = buffer.content
-
-          cookie = buffer.read( 16 )
-          kex_algorithms = buffer.read_string
-          server_host_key_algorithms = buffer.read_string
-          encryption_algorithms_client_to_server = buffer.read_string
-          encryption_algorithms_server_to_client = buffer.read_string
-          mac_algorithms_client_to_server = buffer.read_string
-          mac_algorithms_server_to_client = buffer.read_string
-          compression_algorithms_client_to_server = buffer.read_string
-          compression_algorithms_server_to_client = buffer.read_string
-          languages_client_to_server = buffer.read_string
-          languages_server_to_client = buffer.read_string
-          first_kex_packet_follows = buffer.read_bool
-          zero = buffer.read_long
-
-          # TODO: if first_kex_packet_follows, we need to try to skip the
-          # actual kexinit stuff and try to guess what the server is doing...
-          # need to read more about this scenario.
-
-          # next, tell the server what we can do
-
-          my_kex = @algorithms[ :kex ].join( "," )
-          my_server_host_key_algorithms = @algorithms[ :host_key ].join( "," )
-          my_encryption_algorithms = @algorithms[ :encryption ].join( "," )
-          my_mac_algorithms = @algorithms[ :hmac ].join( "," )
-          my_compression_algorithms = @algorithms[ :compression ].join( "," )
-          my_languages = @algorithms[ :languages ].join( "," )
-
-          msg = @buffers.writer
-          msg.write_byte KEXINIT
-          msg.write_long rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF),
-            rand(0xFFFFFFFF)
-          msg.write_string my_kex, my_server_host_key_algorithms
-          msg.write_string my_encryption_algorithms, my_encryption_algorithms
-          msg.write_string my_mac_algorithms, my_mac_algorithms
-          msg.write_string my_compression_algorithms, my_compression_algorithms
-          msg.write_string my_languages, my_languages
-          msg.write_bool false
-          msg.write_long 0
-
-          client_algorithm_packet = msg.to_s
-          session.send_message msg
-
-          # negotiate algorithms
-
-          kex_algorithm = first_matching_element( @algorithms[ :kex ],
-            kex_algorithms )
-          raise Net::SSH::Exception,
-            "could not settle on kex algorithm" unless kex_algorithm
-          @logger.debug "kex algorithm: #{kex_algorithm}" if @logger.debug?
-
-          host_key_algorithm = first_matching_element(
-            @algorithms[ :host_key ], server_host_key_algorithms )
-          raise Net::SSH::Exception,
-            "could not settle on host key algorithm" unless host_key_algorithm
-          if @logger.debug?
-            @logger.debug "host key algorithm: #{host_key_algorithm}"
-          end
-
-          encryption_algorithm_c2s = first_matching_element(
-            @algorithms[ :encryption ], encryption_algorithms_client_to_server )
-          unless encryption_algorithm_c2s
-            raise Net::SSH::Exception,
-              "could not settle on client-to-server encryption algorithm"
-          end
-          if @logger.debug?
-            @logger.debug "encryption algorithm (client-to-server): " +
-              encryption_algorithm_c2s
-          end
-
-          encryption_algorithm_s2c = first_matching_element(
-            @algorithms[ :encryption ], encryption_algorithms_server_to_client )
-          unless encryption_algorithm_s2c
-            raise Net::SSH::Exception,
-              "could not settle on server-to-client encryption algorithm"
-          end
-          if @logger.debug?
-            @logger.debug "encryption algorithm (server-to-client): " +
-              encryption_algorithm_s2c
-          end
-
-          mac_algorithm_c2s = first_matching_element(
-            @algorithms[ :hmac ], mac_algorithms_client_to_server )
-          unless mac_algorithm_c2s
-            raise Net::SSH::Exception,
-              "could not settle on client-to-server HMAC algorithm"
-          end
-          if @logger.debug?
-            @logger.debug "hmac algorithm (client-to-server): " +
-              mac_algorithm_c2s
-          end
-
-          mac_algorithm_s2c = first_matching_element( @algorithms[ :hmac ],
-            mac_algorithms_server_to_client )
-          unless mac_algorithm_s2c
-            raise Net::SSH::Exception,
-              "could not settle on server-to-client HMAC algorithm"
-          end
-          if @logger.debug?
-            @logger.debug "hmac algorithm (server-to-client): " +
-              mac_algorithm_s2c
-          end
-
-          compression_algorithm_c2s = first_matching_element(
-            @algorithms[ :compression ],
-            compression_algorithms_client_to_server )
-          unless compression_algorithm_c2s
-            raise Net::SSH::Exception,
-              "could not settle on client-to-server compression algorithm"
-          end
-          if @logger.debug?
-            @logger.debug "compression algorithm (client-to-server): " +
-              compression_algorithm_c2s
-          end
-
-          compression_algorithm_s2c = first_matching_element(
-            @algorithms[ :compression ],
-            compression_algorithms_server_to_client )
-          unless compression_algorithm_s2c
-            raise Net::SSH::Exception,
-              "could not settle on server-to-client compression algorithm"
-          end
-          if @logger.debug?
-            @logger.debug "compression algorithm (server-to-client): " +
-              compression_algorithm_s2c
-          end
-
-          language_c2s = first_matching_element( @algorithms[ :languages ],
-            languages_client_to_server ) || ""
-          if @logger.debug?
-            @logger.debug "language (client-to-server): #{language_c2s}"
-          end
-
-          language_s2c = first_matching_element( @algorithms[ :languages ],
-            languages_server_to_client ) || ""
-          if @logger.debug?
-            @logger.debug "language (server-to-client): #{language_s2c}"
-          end
-
-          return Algorithms.new( server_algorithm_packet,
-                                 client_algorithm_packet,
-                                 kex_algorithm,
-                                 host_key_algorithm,
-                                 encryption_algorithm_c2s,
-                                 encryption_algorithm_s2c,
-                                 mac_algorithm_c2s,
-                                 mac_algorithm_s2c,
-                                 compression_algorithm_c2s,
-                                 compression_algorithm_s2c,
-                                 language_c2s,
-                                 language_s2c,
-                                 @compression_level )
-        end
-
-      end
-
-    end
-  end
-end