net-ssh 1.1.4 → 2.0.0

data/lib/net/ssh/known_hosts.rb

@@ -0,0 +1,129 @@
+require 'strscan'
+require 'net/ssh/buffer'
+
+module Net; module SSH
+
+  # Searches an OpenSSH-style known-host file for a given host, and returns all
+  # matching keys. This is used to implement host-key verification, as well as
+  # to determine what key a user prefers to use for a given host.
+  #
+  # This is used internally by Net::SSH, and will never need to be used directly
+  # by consumers of the library.
+  class KnownHosts
+    class <<self
+      # Searches all known host files (see KnownHosts.hostfiles) for all keys
+      # of the given host. Returns an array of keys found.
+      def search_for(host, options={})
+        search_in(hostfiles(options), host)
+      end
+
+      # Search for all known keys for the given host, in every file given in
+      # the +files+ array. Returns the list of keys.
+      def search_in(files, host)
+        files.map { |file| KnownHosts.new(file).keys_for(host) }.flatten
+      end
+
+      # Looks in the given +options+ hash for the :user_known_hosts_file and
+      # :global_known_hosts_file keys, and returns an array of all known
+      # hosts files. If the :user_known_hosts_file key is not set, the
+      # default is returned (~/.ssh/known_hosts and ~/.ssh/known_hosts2). If
+      # :global_known_hosts_file is not set, the default is used
+      # (/etc/ssh/known_hosts and /etc/ssh/known_hosts2).
+      #
+      # If you only want the user known host files, you can pass :user as
+      # the second option.
+      def hostfiles(options, which=:all)
+        files = []
+
+        if which == :all || which == :user
+          files += Array(options[:user_known_hosts_file] || %w(~/.ssh/known_hosts ~/.ssh/known_hosts2))
+        end
+
+        if which == :all || which == :global
+          files += Array(options[:global_known_hosts_file] || %w(/etc/ssh/known_hosts /etc/ssh/known_hosts2))
+        end
+
+        return files
+      end
+
+      # Looks in all user known host files (see KnownHosts.hostfiles) and tries to
+      # add an entry for the given host and key to the first file it is able
+      # to.
+      def add(host, key, options={})
+        hostfiles(options, :user).each do |file|
+          begin
+            KnownHosts.new(file).add(host, key)
+            return
+          rescue SystemCallError
+            # try the next hostfile
+          end
+        end
+      end
+    end
+
+    # The host-key file name that this KnownHosts instance will use to search
+    # for keys.
+    attr_reader :source
+
+    # Instantiate a new KnownHosts instance that will search the given known-hosts
+    # file. The path is expanded file File.expand_path.
+    def initialize(source)
+      @source = File.expand_path(source)
+    end
+
+    # Returns an array of all keys that are known to be associatd with the
+    # given host. The +host+ parameter is either the domain name or ip address
+    # of the host, or both (comma-separated). Additionally, if a non-standard
+    # port is being used, it may be specified by putting the host (or ip, or
+    # both) in square brackets, and appending the port outside the brackets
+    # after a colon. Possible formats for +host+, then, are;
+    #
+    #   "net.ssh.test"
+    #   "1.2.3.4"
+    #   "net.ssh.test,1.2.3.4"
+    #   "[net.ssh.test]:5555"
+    #   "[1,2,3,4]:5555"
+    #   "[net.ssh.test]:5555,[1.2.3.4]:5555
+    def keys_for(host)
+      keys = []
+      return keys unless File.readable?(source)
+
+      entries = host.split(/,/)
+
+      File.open(source) do |file|
+        scanner = StringScanner.new("")
+        file.each_line do |line|
+          scanner.string = line
+
+          scanner.skip(/\s*/)
+          next if scanner.match?(/$|#/)
+
+          hostlist = scanner.scan(/\S+/).split(/,/)
+          next unless entries.all? { |entry| hostlist.include?(entry) }
+
+          scanner.skip(/\s*/)
+          type = scanner.scan(/\S+/)
+
+          next unless %w(ssh-rsa ssh-dss).include?(type)
+
+          scanner.skip(/\s*/)
+          blob = scanner.rest.unpack("m*").first
+          keys << Net::SSH::Buffer.new(blob).read_key
+        end
+      end
+
+      keys
+    end
+
+    # Tries to append an entry to the current source file for the given host
+    # and key. If it is unable to (because the file is not writable, for
+    # instance), an exception will be raised.
+    def add(host, key)
+      File.open(source, "a") do |file|
+        blob = [Net::SSH::Buffer.from(:key, key).to_s].pack("m*").gsub(/\s/, "")
+        file.puts "#{host} #{key.ssh_type} #{blob}"
+      end
+    end
+
+  end
+end; end

data/lib/net/ssh/loggable.rb

@@ -0,0 +1,61 @@
+module Net; module SSH
+
+  # A simple module to make logging easier to deal with. It assumes that the
+  # logger instance (if not nil) quacks like a Logger object (in Ruby's
+  # standard library). Although used primarily internally by Net::SSH, it
+  # can easily be used to add Net::SSH-like logging to your own programs.
+  #
+  #   class MyClass
+  #     include Net::SSH::Loggable
+  #   end
+  #
+  #   Net::SSH.start(...) do |ssh|
+  #     obj = MyClass.new
+  #     obj.logger = ssh.logger
+  #     ...
+  #   end
+  module Loggable
+    # The logger instance that will be used to log messages. If nil, nothing
+    # will be logged.
+    attr_accessor :logger
+
+    # Displays the result of yielding if the log level is Logger::DEBUG or
+    # greater.
+    def debug
+      logger.add(Logger::DEBUG, nil, facility) { yield } if logger
+    end
+
+    # Displays the result of yielding if the log level is Logger::INFO or
+    # greater.
+    def info
+      logger.add(Logger::INFO, nil, facility) { yield } if logger
+    end
+
+    # Displays the result of yielding if the log level is Logger::WARN or
+    # greater. (Called lwarn to avoid shadowing with Kernel#warn.)
+    def lwarn
+      logger.add(Logger::WARN, nil, facility) { yield } if logger
+    end
+
+    # Displays the result of yielding if the log level is Logger:ERROR or
+    # greater.
+    def error
+      logger.add(Logger::ERROR, nil, facility) { yield } if logger
+    end
+
+    # Displays the result of yielding if the log level is Logger::FATAL or
+    # greater.
+    def fatal
+      logger.add(Logger::FATAL, nil, facility) { yield } if logger
+    end
+
+    private
+
+      # Sets the "facility" value, used for reporting where a log message
+      # originates. It defaults to the name of class with the object_id
+      # appended.
+      def facility
+        @facility ||= self.class.name.gsub(/::/, ".").gsub(/([a-z])([A-Z])/, "\\1_\\2").downcase + "[%x]" % object_id
+      end
+  end
+end; end

data/lib/net/ssh/packet.rb

@@ -0,0 +1,102 @@
+require 'net/ssh/buffer'
+require 'net/ssh/transport/constants'
+require 'net/ssh/authentication/constants'
+require 'net/ssh/connection/constants'
+
+module Net; module SSH
+
+  # A specialization of Buffer that knows the format of certain common
+  # packet types. It auto-parses those packet types, and allows them to
+  # be accessed via the #[] accessor.
+  #
+  #   data = some_channel_request_packet
+  #   packet = Net::SSH::Packet.new(data)
+  #
+  #   p packet.type #-> 98 (CHANNEL_REQUEST)
+  #   p packet[:request]
+  #   p packet[:want_reply]
+  #
+  # This is used exclusively internally by Net::SSH, and unless you're doing
+  # protocol-level manipulation or are extending Net::SSH in some way, you'll
+  # never need to use this class directly.
+  class Packet < Buffer
+    @@types = {}
+
+    # Register a new packet type that should be recognized and auto-parsed by
+    # Net::SSH::Packet. Note that any packet type that is not preregistered
+    # will not be autoparsed.
+    #
+    # The +pairs+ parameter must be either empty, or an array of two-element
+    # tuples, where the first element of each tuple is the name of the field,
+    # and the second is the type.
+    #
+    #   register DISCONNECT, [:reason_code, :long], [:description, :string], [:language, :string]
+    def self.register(type, *pairs)
+      @@types[type] = pairs
+    end
+
+    include Transport::Constants, Authentication::Constants, Connection::Constants
+
+    #--
+    # These are the recognized packet types. All other packet types will be
+    # accepted, but not auto-parsed, requiring the client to parse the
+    # fields using the methods provided by Net::SSH::Buffer.
+    #++
+
+    register DISCONNECT,                [:reason_code, :long], [:description, :string], [:language, :string]
+    register IGNORE,                    [:data, :string]
+    register UNIMPLEMENTED,             [:number, :long]
+    register DEBUG,                     [:always_display, :bool], [:message, :string], [:language, :string]
+    register SERVICE_ACCEPT,            [:service_name, :string]
+    register USERAUTH_BANNER,           [:message, :string], [:language, :string]
+    register USERAUTH_FAILURE,          [:authentications, :string], [:partial_success, :bool]
+    register GLOBAL_REQUEST,            [:request_type, :string], [:want_reply, :bool], [:request_data, :buffer]
+    register CHANNEL_OPEN,              [:channel_type, :string], [:remote_id, :long], [:window_size, :long], [:packet_size, :long]
+    register CHANNEL_OPEN_CONFIRMATION, [:local_id, :long], [:remote_id, :long], [:window_size, :long], [:packet_size, :long]
+    register CHANNEL_OPEN_FAILURE,      [:local_id, :long], [:reason_code, :long], [:description, :string], [:language, :string]
+    register CHANNEL_WINDOW_ADJUST,     [:local_id, :long], [:extra_bytes, :long]
+    register CHANNEL_DATA,              [:local_id, :long], [:data, :string]
+    register CHANNEL_EXTENDED_DATA,     [:local_id, :long], [:data_type, :long], [:data, :string]
+    register CHANNEL_EOF,               [:local_id, :long]
+    register CHANNEL_CLOSE,             [:local_id, :long]
+    register CHANNEL_REQUEST,           [:local_id, :long], [:request, :string], [:want_reply, :bool], [:request_data, :buffer]
+    register CHANNEL_SUCCESS,           [:local_id, :long]
+    register CHANNEL_FAILURE,           [:local_id, :long]
+
+    # The (integer) type of this packet.
+    attr_reader :type
+
+    # Create a new packet from the given payload. This will automatically
+    # parse the packet if it is one that has been previously registered with
+    # Packet.register; otherwise, the packet will need to be manually parsed
+    # using the methods provided in the Net::SSH::Buffer superclass.
+    def initialize(payload)
+      @named_elements = {}
+      super
+      @type = read_byte
+      instantiate!
+    end
+
+    # Access one of the auto-parsed fields by name. Raises an error if no
+    # element by the given name exists.
+    def [](name)
+      name = name.to_sym
+      raise ArgumentError, "no such element #{name}" unless @named_elements.key?(name)
+      @named_elements[name]
+    end
+
+    private
+
+      # Parse the packet's contents and assign the named elements, as described
+      # by the registered format for the packet.
+      def instantiate!
+        (@@types[type] || []).each do |name, datatype|
+          @named_elements[name.to_sym] = if datatype == :buffer
+            remainder_as_buffer
+          else
+            send("read_#{datatype}")
+          end
+        end
+      end
+  end
+end; end

data/lib/net/ssh/prompt.rb

@@ -0,0 +1,93 @@
+module Net; module SSH
+
+  # A basic prompt module that can be mixed into other objects. If HighLine is
+  # installed, it will be used to display prompts and read input from the
+  # user. Otherwise, the termios library will be used. If neither HighLine
+  # nor termios is installed, a simple prompt that echos text in the clear
+  # will be used.
+
+  module PromptMethods
+
+    # Defines the prompt method to use if the Highline library is installed.
+    module Highline
+      # Uses Highline#ask to present a prompt and accept input. If +echo+ is
+      # +false+, the characters entered by the user will not be echoed to the
+      # screen.
+      def prompt(prompt, echo=true)
+        @highline ||= ::HighLine.new
+        @highline.ask(prompt + " ") { |q| q.echo = echo }
+      end
+    end
+
+    # Defines the prompt method to use if the Termios library is installed.
+    module Termios
+      # Displays the prompt to $stdout. If +echo+ is false, the Termios
+      # library will be used to disable keystroke echoing for the duration of
+      # this method.
+      def prompt(prompt, echo=true)
+        $stdout.print(prompt)
+        $stdout.flush
+
+        set_echo(false) unless echo
+        $stdin.gets.chomp
+      ensure
+        if !echo
+          set_echo(true)
+          $stdout.puts
+        end
+      end
+
+      private
+
+        # Enables or disables keystroke echoing using the Termios library.
+        def set_echo(enable)
+          term = ::Termios.getattr($stdin)
+
+          if enable
+            term.c_lflag |= (::Termios::ECHO | ::Termios::ICANON)
+          else
+            term.c_lflag &= ~::Termios::ECHO
+          end
+
+          ::Termios.setattr($stdin, ::Termios::TCSANOW, term)
+        end
+    end
+
+    # Defines the prompt method to use when neither Highline nor Termios are
+    # installed.
+    module Clear
+      # Displays the prompt to $stdout and pulls the response from $stdin.
+      # Text is always echoed in the clear, regardless of the +echo+ setting.
+      # The first time a prompt is given and +echo+ is false, a warning will
+      # be written to $stderr recommending that either Highline or Termios
+      # be installed.
+      def prompt(prompt, echo=true)
+        @seen_warning ||= false
+        if !echo && !@seen_warning
+          $stderr.puts "Text will be echoed in the clear. Please install the HighLine or Termios libraries to suppress echoed text."
+          @seen_warning = true
+        end
+
+        $stdout.print(prompt)
+        $stdout.flush
+        $stdin.gets.chomp
+      end
+    end
+  end
+
+  # Try to load Highline and Termios in turn, selecting the corresponding
+  # PromptMethods module to use. If neither are available, choose PromptMethods::Clear.
+  Prompt = begin
+      require 'highline'
+      HighLine.track_eof = false
+      PromptMethods::Highline
+    rescue LoadError
+      begin
+        require 'termios'
+        PromptMethods::Termios
+      rescue LoadError
+        PromptMethods::Clear
+      end
+    end
+
+end; end

data/lib/net/ssh/proxy/errors.rb

@@ -1,34 +1,14 @@
-#--
-# =============================================================================
-# Copyright (c) 2004,2005 Jamis Buck (jamis@37signals.com)
-# All rights reserved.
-#
-# This source file is distributed as part of the Net::SSH Secure Shell Client
-# library for Ruby. This file (and the library as a whole) may be used only as
-# allowed by either the BSD license, or the Ruby license (or, by association
-# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
-# distribution for the texts of these licenses.
-# -----------------------------------------------------------------------------
-# net-ssh website : http://net-ssh.rubyforge.org
-# project website: http://rubyforge.org/projects/net-ssh
-# =============================================================================
-#++
-
 require 'net/ssh/errors'
 
-module Net
-  module SSH
-    module Proxy
+module Net; module SSH; module Proxy
 
-      # A general exception class for all Proxy errors.
-      class Error < Net::SSH::Exception; end
+  # A general exception class for all Proxy errors.
+  class Error < Net::SSH::Exception; end
 
-      # Used for reporting proxy connection errors.
-      class ConnectError < Error; end
+  # Used for reporting proxy connection errors.
+  class ConnectError < Error; end
 
-      # Used when the server doesn't recognize the users credentials
-      class UnauthorizedError < Error; end
+  # Used when the server doesn't recognize the user's credentials.
+  class UnauthorizedError < Error; end
 
-    end
-  end
-end
+end; end; end

data/lib/net/ssh/proxy/http.rb

@@ -1,126 +1,94 @@
-#--
-# =============================================================================
-# Copyright (c) 2004,2005 Jamis Buck (jamis@37signals.com)
-# All rights reserved.
-#
-# This source file is distributed as part of the Net::SSH Secure Shell Client
-# library for Ruby. This file (and the library as a whole) may be used only as
-# allowed by either the BSD license, or the Ruby license (or, by association
-# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
-# distribution for the texts of these licenses.
-# -----------------------------------------------------------------------------
-# net-ssh website : http://net-ssh.rubyforge.org
-# project website: http://rubyforge.org/projects/net-ssh
-# =============================================================================
-#++
-
 require 'socket'
-require 'base64'
 require 'net/ssh/proxy/errors'
 
-module Net
-  module SSH
-    module Proxy
-
-      # An implementation of a socket factory that returns a socket which
-      # will tunnel the connection through an HTTP proxy. It allows explicit
-      # specification of the user and password, but if none are given it
-      # will look in the HTTP_PROXY_USER/HTTP_PROXY_PASSWORD and
-      # CONNECT_USER/CONNECT_PASSWORD environment variables as well.
-      class HTTP
-
-        # Create a new socket factory that tunnels via the given host and
-        # port.
-        def initialize( proxy_host, proxy_port=80, options={} )
-          @proxy_host = proxy_host
-          @proxy_port = proxy_port
-          @options = options
-        end
-
-        # Return a new socket connected to the given host and port via the
-        # proxy that was requested when the socket factory was instantiated.
-        def open( host, port )
-          connect_string = "CONNECT #{host}:#{port} HTTP/1.0"
-
-          socket = TCPSocket.new( @proxy_host, @proxy_port )
-          socket.puts connect_string
-          socket.puts
-
-          resp = parse_response( socket )
-
-          return socket if resp[:code] == 200
-
-          socket.shutdown
-          raise ConnectError, resp.inspect unless resp[:code] == 407
-
-          user = proxy_user
-          passwd = proxy_password
-
-          raise UnauthorizedError, "no proxy user given" unless user
-
-          auth = resp[:headers]["Proxy-Authenticate"]
-          scheme, parms = auth.split( / /, 2 )
-
-          case scheme
-            when "Basic"
-              credentials =
-                Base64.encode64( "#{user}:#{passwd}" ).gsub( /\n/, "" )
-            else
-              raise NotImplementedError,
-                "authorization scheme #{scheme.inspect} is not supported"
-          end
+module Net; module SSH; module Proxy
+
+  # An implementation of an HTTP proxy. To use it, instantiate it, then
+  # pass the instantiated object via the :proxy key to Net::SSH.start:
+  #
+  #   require 'net/ssh/proxy/http'
+  #
+  #   proxy = Net::SSH::Proxy::HTTP.new('proxy.host', proxy_port)
+  #   Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
+  #     ...
+  #   end
+  #
+  # If the proxy requires authentication, you can pass :user and :password
+  # to the proxy's constructor:
+  #
+  #   proxy = Net::SSH::Proxy::HTTP.new('proxy.host', proxy_port,
+  #      :user => "user", :password => "password")
+  #
+  # Note that HTTP digest authentication is not supported; Basic only at
+  # this point.
+  class HTTP
+
+    # The hostname or IP address of the HTTP proxy.
+    attr_reader :proxy_host
+
+    # The port number of the proxy.
+    attr_reader :proxy_port
+
+    # The map of additional options that were given to the object at
+    # initialization.
+    attr_reader :options
+
+    # Create a new socket factory that tunnels via the given host and
+    # port. The +options+ parameter is a hash of additional settings that
+    # can be used to tweak this proxy connection. Specifically, the following
+    # options are supported:
+    #
+    # * :user => the user name to use when authenticating to the proxy
+    # * :password => the password to use when authenticating
+    def initialize(proxy_host, proxy_port=80, options={})
+      @proxy_host = proxy_host
+      @proxy_port = proxy_port
+      @options = options
+    end
 
-          socket = TCPSocket.new( @proxy_host, @proxy_port )
-          socket.puts connect_string
-          socket.puts "Proxy-Authorization: #{scheme} #{credentials}"
-          socket.puts
+    # Return a new socket connected to the given host and port via the
+    # proxy that was requested when the socket factory was instantiated.
+    def open(host, port)
+      socket = TCPSocket.new(proxy_host, proxy_port)
+      socket.write "CONNECT #{host}:#{port} HTTP/1.0\r\n"
 
-          resp = parse_response( socket )
+      if options[:user]
+        credentials = ["#{options[:user]}:#{options[:password]}"].pack("m*").gsub(/\s/, "")
+        socket.write "Proxy-Authorization: Basic #{credentials}\r\n"
+      end
 
-          raise ConnectError, resp.inspect if resp[:code] != 200
+      socket.write "\r\n"
 
-          return socket
-        end
+      resp = parse_response(socket)
 
-        def parse_response( socket )
-          version, code, reason = socket.gets.chomp.split( / /, 3 )
-          headers = {}
+      return socket if resp[:code] == 200
 
-          while ( line = socket.gets.chomp ) != ""
-            name, value = line.split( /:/, 2 ).map { |v| v.strip }
-            headers[ name ] = value
-          end
+      socket.close
+      raise ConnectError, resp.inspect
+    end
 
-          if headers[ "Content-Length" ]
-            body = socket.read( headers[ "Content-Length" ].to_i )
-          end
+    private
 
-          return { :version => version,
-                   :code => code.to_i,
-                   :reason => reason,
-                   :headers => headers,
-                   :body => body }
-        end
-        private :parse_response
+      def parse_response(socket)
+        version, code, reason = socket.gets.chomp.split(/ /, 3)
+        headers = {}
 
-        def proxy_user
-          return @options[ :user ] if @options[ :user ]
-          return ENV['HTTP_PROXY_USER'] if ENV['HTTP_PROXY_USER']
-          return ENV['CONNECT_USER'] if ENV['CONNECT_USER']
-          return nil
+        while (line = socket.gets.chomp) != ""
+          name, value = line.split(/:/, 2)
+          headers[name.strip] = value.strip
         end
-        private :proxy_user
 
-        def proxy_password
-          return @options[ :password ] if @options[ :password ]
-          return ENV['HTTP_PROXY_PASSWORD'] if ENV['HTTP_PROXY_PASSWORD']
-          return ENV['CONNECT_PASSWORD'] if ENV['CONNECT_PASSWORD']
-          return ""
+        if headers["Content-Length"]
+          body = socket.read(headers["Content-Length"].to_i)
         end
-        private :proxy_password
 
+        return { :version => version,
+                 :code => code.to_i,
+                 :reason => reason,
+                 :headers => headers,
+                 :body => body }
       end
 
-    end
   end
-end
+
+end; end; end