net-ssh 1.1.4 → 2.0.0

data/lib/net/ssh/userauth/agent.rb

@@ -1,222 +0,0 @@
-#--
-# =============================================================================
-# Copyright (c) 2004,2005 Jamis Buck (jamis@37signals.com)
-# All rights reserved.
-#
-# This source file is distributed as part of the Net::SSH Secure Shell Client
-# library for Ruby. This file (and the library as a whole) may be used only as
-# allowed by either the BSD license, or the Ruby license (or, by association
-# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
-# distribution for the texts of these licenses.
-# -----------------------------------------------------------------------------
-# net-ssh website : http://net-ssh.rubyforge.org
-# project website: http://rubyforge.org/projects/net-ssh
-# =============================================================================
-#++
-
-require 'net/ssh/errors'
-require 'net/ssh/transport/session'
-
-module Net
-  module SSH
-    module UserAuth
-
-      # A trivial exception class for representing agent-specific errors.
-      class AgentError < Net::SSH::Exception; end
-
-      # This class implements a simple client for the ssh-agent protocol. It
-      # does not implement any specific protocol, but instead copies the
-      # behavior of the ssh-agent functions in the OpenSSH library (3.8).
-      #
-      # This means that although it behaves like a SSH1 client, it also has
-      # some SSH2 functionality (like signing data).
-      class Agent
-        SSH2_AGENT_REQUEST_VERSION    = 1
-        SSH2_AGENT_REQUEST_IDENTITIES = 11
-        SSH2_AGENT_IDENTITIES_ANSWER  = 12
-        SSH2_AGENT_SIGN_REQUEST       = 13
-        SSH2_AGENT_SIGN_RESPONSE      = 14
-        SSH2_AGENT_FAILURE            = 30
-        SSH2_AGENT_VERSION_RESPONSE   = 103
-
-        SSH_COM_AGENT2_FAILURE        = 102
-
-        SSH_AGENT_REQUEST_RSA_IDENTITIES = 1
-        SSH_AGENT_RSA_IDENTITIES_ANSWER  = 2
-        SSH_AGENT_FAILURE                = 5
-
-        # The socket factory used to connect to the agent process. It must
-        # respond to #open, and accept a single parameter (the name of the
-        # socket to open).
-        attr_writer :socket_factory
-
-        # The name of the socket to open.
-        attr_writer :socket_name
-
-        # The version of the SSH protocol version to report.
-        attr_writer :version
-
-        # The buffer factory to use to obtain buffer instances.
-        attr_writer :buffers
-
-        # The key factory to use to obtain key instances.
-        attr_writer :keys
-
-        # Connect to the agent process using the socket factory and socket name
-        # given by the attribute writers. If the agent on the other end of the
-        # socket reports that it is an SSH2-compatible agent, this will fail
-        # (it only supports the ssh-agent distributed by OpenSSH).
-        def connect!
-          @socket = @socket_factory.open( @socket_name )
-
-          # determine what type of agent we're communicating with
-          buffer = @buffers.writer
-          buffer.write_string Net::SSH::Transport::Session.version
-          type, body = send_with_reply SSH2_AGENT_REQUEST_VERSION, buffer
-
-          if type == SSH2_AGENT_VERSION_RESPONSE
-            raise NotImplementedError, "SSH2 agents are not yet supported"
-          elsif type != SSH_AGENT_RSA_IDENTITIES_ANSWER
-            raise AgentError,
-              "unknown response from agent: #{type}, #{body.to_s.inspect}"
-          end
-        end
-
-        # Return an array of all identities (public keys) known to the agent.
-        # Each key returned is augmented with a +comment+ property which is set
-        # to the comment returned by the agent for that key.
-        def identities
-          case @version
-            when 1
-              code1 = SSH_AGENT_REQUEST_RSA_IDENTITIES
-              code2 = SSH_AGENT_RSA_IDENTITIES_ANSWER
-            when 2
-              code1 = SSH2_AGENT_REQUEST_IDENTITIES
-              code2 = SSH2_AGENT_IDENTITIES_ANSWER
-            else
-              raise NotImplementedError, "SSH version #{@version}"
-          end
-
-          type, body = send_with_reply code1
-          raise AgentError,
-            "could not get identity count" if agent_failed( type )
-          raise AgentError, "bad authentication reply: #{type}" if type != code2
-
-          identities = []
-          body.read_long.times do
-            case @version
-              when 1
-                key = @keys.get( "rsa" )
-                bits = body.read_long
-                key.e = body.read_bignum
-                key.n = body.read_bignum
-              when 2
-                blob = @buffers.reader( body.read_string )
-                key = blob.read_key
-            end
-
-            unless key.respond_to?( :comment= )
-              key.instance_eval <<-EVAL
-                def comment=(cmt)
-                  @comment = cmt
-                end
-              EVAL
-            end
-
-            unless key.respond_to?( :comment )
-              key.instance_eval <<-EVAL
-                def comment
-                  @comment
-                end
-              EVAL
-            end
-
-            key.comment = body.read_string
-            identities.push key
-          end
-
-          return identities
-        end
-
-        # Closes this socket. This agent reference is no longer able to
-        # query the agent.
-        def close
-          @socket.close
-        end
-
-        # Using the agent and the given public key, sign the given data. The
-        # signature is returned in SSH2 format.
-        def sign( key, data )
-          blob = @buffers.writer
-          blob.write_key key
-
-          packet_data = @buffers.writer
-          packet_data.write_string blob.to_s
-          packet_data.write_string data.to_s
-          packet_data.write_long 0
-
-          type, reply = send_with_reply SSH2_AGENT_SIGN_REQUEST, packet_data
-          if agent_failed( type )
-            raise AgentError,
-              "agent could not sign data with requested identity"
-          elsif type != SSH2_AGENT_SIGN_RESPONSE
-            raise AgentError, "bad authentication response #{type}"
-          end
-
-          return reply.read_string
-        end
-
-        # Send a new packet of the given type, with the associated data.
-        def send_packet( type, data=nil )
-          buffer = @buffers.writer
-          buffer.write_long( ( data ? data.length : 0 ) + 1 )
-          buffer.write_byte type.to_i
-          buffer.write data.to_s if data
-          @socket.send buffer.to_s, 0
-        end
-        private :send_packet
-
-        # Read the next packet from the agent. This will return a two-part
-        # tuple consisting of the packet type, and the packet's body (which
-        # is returned as a Net::SSH::Util::ReaderBuffer).
-        def read_packet
-          length = @socket.read( 4 ).unpack( "N" ).first - 1
-          type = @socket.read( 1 ).unpack( "C" ).first
-          reader = @buffers.reader( @socket.read( length ) )
-          return type, reader
-        end
-        private :read_packet
-
-        # Send the given packet and return the subsequent reply from the agent.
-        # (See #send_packet and #read_packet).
-        def send_with_reply( type, data=nil )
-          send_packet type, data
-          read_packet
-        end
-        private :send_with_reply
-
-        # Returns +true+ if the parameter indicates a "failure" response from
-        # the agent, and +false+ otherwise.
-        def agent_failed( type )
-          type == SSH_AGENT_FAILURE ||
-          type == SSH2_AGENT_FAILURE ||
-          type == SSH_COM_AGENT2_FAILURE
-        end
-        private :agent_failed
-
-        def send_raw_packet( data )
-          @socket.send data, 0
-        end
-        
-        def read_raw_packet
-          buffer = @socket.read( 4 )
-          length = buffer.unpack( "N" ).first
-          buffer = buffer + @socket.read( length )
-          buffer
-        end
-
-      end
-
-    end
-  end
-end

data/lib/net/ssh/userauth/constants.rb

@@ -1,35 +0,0 @@
-#--
-# =============================================================================
-# Copyright (c) 2004,2005 Jamis Buck (jamis@37signals.com)
-# All rights reserved.
-#
-# This source file is distributed as part of the Net::SSH Secure Shell Client
-# library for Ruby. This file (and the library as a whole) may be used only as
-# allowed by either the BSD license, or the Ruby license (or, by association
-# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
-# distribution for the texts of these licenses.
-# -----------------------------------------------------------------------------
-# net-ssh website : http://net-ssh.rubyforge.org
-# project website: http://rubyforge.org/projects/net-ssh
-# =============================================================================
-#++
-
-module Net
-  module SSH
-    module UserAuth
-
-      module Constants
-
-        USERAUTH_REQUEST          = 50
-        USERAUTH_FAILURE          = 51
-        USERAUTH_SUCCESS          = 52
-        USERAUTH_BANNER           = 53
-
-        USERAUTH_PASSWD_CHANGEREQ = 60
-        USERAUTH_PK_OK            = 60
-
-      end
-
-    end
-  end
-end

data/lib/net/ssh/userauth/driver.rb

@@ -1,183 +0,0 @@
-#--
-# =============================================================================
-# Copyright (c) 2004,2005 Jamis Buck (jamis@37signals.com)
-# All rights reserved.
-#
-# This source file is distributed as part of the Net::SSH Secure Shell Client
-# library for Ruby. This file (and the library as a whole) may be used only as
-# allowed by either the BSD license, or the Ruby license (or, by association
-# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
-# distribution for the texts of these licenses.
-# -----------------------------------------------------------------------------
-# net-ssh website : http://net-ssh.rubyforge.org
-# project website: http://rubyforge.org/projects/net-ssh
-# =============================================================================
-#++
-
-require 'net/ssh/errors'
-require 'net/ssh/userauth/constants'
-require 'net/ssh/transport/constants'
-require 'ostruct'
-
-module Net
-  module SSH
-    module UserAuth
-
-      # A wrapper around the transport layer that represents the functionality
-      # of user authentication.
-      class Driver
-
-        include Net::SSH::UserAuth::Constants
-        include Net::SSH::Transport::Constants
-
-        # The UserKeyManager instance used by the auth service.
-        attr_writer :key_manager
-
-        # The SSH (transport) session to use for communication.
-        attr_writer :session
-
-        # The array of auth-method names (as strings), giving the order in
-        # which each auth-method will be tried.
-        attr_reader :order
-
-        # Create a new user-auth service on top of the given session.
-        def initialize( log, buffers, methods, order )
-          @log = log
-          @buffers = buffers
-          @methods = methods
-          @on_banner = proc { |msg,lang| }
-          @order = order.dup
-          @allowed_auth_methods = nil
-        end
-
-        # Causes the set of on-disk key files to be used to be set to the
-        # given array. Any key files that were specified previously are
-        # lost.
-        def set_key_files( files )
-          @key_manager.clear!
-          files.each { |file| @key_manager << file }
-        end
-
-        # Causes the set of on-disk host key files to be used to be set to the
-        # given array. Any host key files that were specified previously are
-        # lost.
-        def set_host_key_files( files )
-          @key_manager.clear_host!
-          files.each { |file| @key_manager.add_host_key file }
-        end
-
-        # Changes the set of authentication methods to try to the given array.
-        # Methods are tried in the order in which they are listed in the
-        # array.
-        def set_auth_method_order( *methods )
-          @order = methods.flatten
-        end
-
-        # Specify the callback to use when the server sends a banner message
-        # at login time.
-        def on_banner( &block )
-          @on_banner = block
-        end
-
-        # Sends the message by delegating to the session's #send_message
-        # method. (This is a convenience method for the authentication
-        # implementations.)
-        def send_message( message )
-          @session.send_message message
-        end
-
-        # Wraps the Net::SSH::Transport::Session#wait_for_message method,
-        # doing special checking for authentication-related messages.
-        def wait_for_message
-          loop do
-            type, buffer = @session.wait_for_message
-
-            case type
-              when USERAUTH_BANNER
-                message = buffer.read_string
-                language = buffer.read_string
-
-                if @log.debug?
-                  @log.debug "got USERAUTH_BANNER (#{message}:#{language})"
-                end
-
-                @on_banner.call( message, language )
-
-              when USERAUTH_FAILURE
-                authentications = buffer.read_string
-                @allowed_auth_methods = authentications.split(/,/)
-                partial_success = buffer.read_bool
-                return OpenStruct.new( :message_type    => type,
-                                       :authentications => authentications,
-                                       :partial_success => partial_success )
-
-              when USERAUTH_SUCCESS
-                return OpenStruct.new( :message_type => type )
-
-              when SERVICE_ACCEPT
-                return OpenStruct.new( :message_type => type,
-                                       :service_name => buffer.read_string )
-              
-              # authmethod-specific codes
-              when 60..79
-                return OpenStruct.new( :message_type => type,
-                                       :buffer       => buffer )
-
-              else
-                raise Net::SSH::Exception,
-                      "unexpected message type '#{type}' (#{buffer.to_s})"
-            end
-          end
-        end
-
-        # Processes the authentication of the given username. The
-        # 'next_service' parameter should be set to the SSH service that will
-        # be requested once the authentication succeeds (usually
-        # 'ssh-connection').
-        #
-        # This will return +true+ if the user is accepted by the server, and
-        # +false+ otherwise.
-        def authenticate( next_service, username, password=nil )
-          msg = @buffers.writer
-          msg.write_byte SERVICE_REQUEST
-          msg.write_string "ssh-userauth"
-          send_message msg
-
-          message = wait_for_message
-          unless message.message_type == SERVICE_ACCEPT
-            raise Net::SSH::Exception,
-              "expected SERVICE_ACCEPT, got #{message.inspect}"
-          end
-
-          data = { :password => password,
-                   :key_manager => @key_manager }
-
-          @order.each do |auth_method|
-            # if the server has reported a list of auth methods that are
-            # allowed to continue, only consider those auth methods.
-            next if @allowed_auth_methods &&
-              !@allowed_auth_methods.include?( auth_method )
-
-            @log.debug "trying #{auth_method.inspect}" if @log.debug?
-
-            impl = @methods[ auth_method.downcase.gsub(/-/,"_").intern ]
-            if impl.nil?
-              raise NotImplementedError,
-                "`#{auth_method}' authentication is not implemented"
-            end
-
-            return true if impl.authenticate( next_service, username, data )
-          end
-
-          @log.debug "all authorization methods failed" if @log.debug?
-          return false
-
-        ensure
-          @key_manager.finish
-        end
-
-      end
-
-    end
-  end
-end

data/lib/net/ssh/userauth/methods/hostbased.rb

@@ -1,119 +0,0 @@
-#--
-# =============================================================================
-# Copyright (c) 2004,2005 Jamis Buck (jamis@37signals.com)
-# All rights reserved.
-#
-# This source file is distributed as part of the Net::SSH Secure Shell Client
-# library for Ruby. This file (and the library as a whole) may be used only as
-# allowed by either the BSD license, or the Ruby license (or, by association
-# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
-# distribution for the texts of these licenses.
-# -----------------------------------------------------------------------------
-# net-ssh website : http://net-ssh.rubyforge.org
-# project website: http://rubyforge.org/projects/net-ssh
-# =============================================================================
-#++
-
-require 'net/ssh/errors'
-require 'net/ssh/userauth/constants'
-
-module Net
-  module SSH
-    module UserAuth
-      module Methods
-
-        # Implements the host-based SSH authentication method.
-        class HostBased
-          include Net::SSH::UserAuth::Constants
-
-          # The messenger to use to send and receive messages.
-          attr_writer :messenger
-
-          # The session-id of the current SSH session.
-          attr_writer :session_id
-
-          # The hostname to report to the server.
-          attr_writer :hostname
-
-          # Create a new 
-          def initialize( buffers )
-            @buffers = buffers
-          end
-
-          # Attempts to perform host-based authorization of the user. The data
-          # hash must contain a <tt>:key_manager</tt> key or the call will
-          # fail.
-          def authenticate( next_service, username, data={} )
-            key_manager = data[:key_manager] or return false
-
-            key_manager.host_identities.each do |identity|
-              return true if authenticate_with( identity, next_service,
-                username, key_manager )
-            end
-
-            return false
-
-          ensure
-            key_manager.finish if key_manager
-          end
-
-          # Attempts to perform host-based authentication of the user, using
-          # the given host identity (key).
-          def authenticate_with( identity, next_service, username, key_manager )
-            client_username = ENV['USER'] || username
-
-            req = build_request identity, next_service, username,
-              @hostname+".", client_username
-
-            sig_data = @buffers.writer
-            sig_data.write_string @session_id
-            sig_data.write req
-
-            sig = key_manager.sign( identity, sig_data.to_s )
-
-            message = @buffers.writer
-            message.write req
-            message.write_string sig
-
-            @messenger.send_message message
-            message = @messenger.wait_for_message
-
-            case message.message_type
-              when USERAUTH_SUCCESS
-                return true
-              when USERAUTH_FAILURE
-                return false
-              else
-                raise Net::SSH::Exception,
-                  "unexpected server response to USERAUTH_REQUEST: " +
-                  message.inspect
-            end
-          end
-          private :authenticate_with
-
-          # Build the "core" hostbased request string.
-          def build_request( identity, next_service, username, hostname,
-               client_username )
-          # begin
-            buf = @buffers.writer
-            buf.write_byte USERAUTH_REQUEST
-            buf.write_string username
-            buf.write_string next_service
-            buf.write_string "hostbased"
-
-            buf.write_string identity.ssh_type
-            blob = @buffers.writer
-            blob.write_key identity
-            buf.write_string blob.to_s
-
-            buf.write_string hostname
-            buf.write_string client_username
-            return buf.to_s
-          end
-
-        end
-
-      end
-    end
-  end
-end