net-ssh 2.7.0 → 7.3.0

data/lib/net/ssh/prompt.rb

@@ -1,93 +1,62 @@
-module Net; module SSH
-
-  # A basic prompt module that can be mixed into other objects. If HighLine is
-  # installed, it will be used to display prompts and read input from the
-  # user. Otherwise, the termios library will be used. If neither HighLine
-  # nor termios is installed, a simple prompt that echos text in the clear
-  # will be used.
-
-  module PromptMethods
-
-    # Defines the prompt method to use if the Highline library is installed.
-    module Highline
-      # Uses Highline#ask to present a prompt and accept input. If +echo+ is
-      # +false+, the characters entered by the user will not be echoed to the
-      # screen.
-      def prompt(prompt, echo=true)
-        @highline ||= ::HighLine.new
-        @highline.ask(prompt + " ") { |q| q.echo = echo }
-      end
-    end
-
-    # Defines the prompt method to use if the Termios library is installed.
-    module Termios
-      # Displays the prompt to $stdout. If +echo+ is false, the Termios
-      # library will be used to disable keystroke echoing for the duration of
-      # this method.
-      def prompt(prompt, echo=true)
-        $stdout.print(prompt)
-        $stdout.flush
-
-        set_echo(false) unless echo
-        $stdin.gets.chomp
-      ensure
-        if !echo
-          set_echo(true)
-          $stdout.puts
-        end
+require 'io/console'
+
+module Net
+  module SSH
+    # Default prompt implementation, called for asking password from user.
+    # It will never be instantiated directly, but will instead be created for
+    # you automatically.
+    #
+    # A custom prompt objects can implement caching, or different UI. The prompt
+    # object should implemnted a start method, which should return something implementing
+    # ask and success. Net::SSH uses it like:
+    #
+    #   prompter = options[:password_prompt].start({type:'password'})
+    #   while !ok && max_retries < 3
+    #     user = prompter.ask("user: ", true)
+    #     password = prompter.ask("password: ", false)
+    #     ok = send(user, password)
+    #     prompter.sucess if ok
+    #   end
+    #
+    class Prompt
+      # factory
+      def self.default(options = {})
+        @default ||= new(options)
       end
 
-      private
+      def initialize(options = {}); end
 
-        # Enables or disables keystroke echoing using the Termios library.
-        def set_echo(enable)
-          term = ::Termios.getattr($stdin)
-
-          if enable
-            term.c_lflag |= (::Termios::ECHO | ::Termios::ICANON)
-          else
-            term.c_lflag &= ~::Termios::ECHO
+      # default prompt object implementation. More sophisticated implemenetations
+      # might implement caching.
+      class Prompter
+        def initialize(info)
+          if info[:type] == 'keyboard-interactive'
+            $stdout.puts(info[:name]) unless info[:name].empty?
+            $stdout.puts(info[:instruction]) unless info[:instruction].empty?
           end
-
-          ::Termios.setattr($stdin, ::Termios::TCSANOW, term)
         end
-    end
 
-    # Defines the prompt method to use when neither Highline nor Termios are
-    # installed.
-    module Clear
-      # Displays the prompt to $stdout and pulls the response from $stdin.
-      # Text is always echoed in the clear, regardless of the +echo+ setting.
-      # The first time a prompt is given and +echo+ is false, a warning will
-      # be written to $stderr recommending that either Highline or Termios
-      # be installed.
-      def prompt(prompt, echo=true)
-        @seen_warning ||= false
-        if !echo && !@seen_warning
-          $stderr.puts "Text will be echoed in the clear. Please install the HighLine or Termios libraries to suppress echoed text."
-          @seen_warning = true
+        # ask input from user, a prompter might ask for multiple inputs
+        # (like user and password) in a single session.
+        def ask(prompt, echo = true)
+          $stdout.print(prompt)
+          $stdout.flush
+          ret = $stdin.noecho(&:gets).chomp
+          $stdout.print("\n")
+          ret
         end
 
-        $stdout.print(prompt)
-        $stdout.flush
-        $stdin.gets.chomp
+        # success method will be called when the password was accepted
+        # It's a good time to save password asked to a cache.
+        def success; end
       end
-    end
-  end
 
-  # Try to load Highline and Termios in turn, selecting the corresponding
-  # PromptMethods module to use. If neither are available, choose PromptMethods::Clear.
-  Prompt = begin
-      require 'highline'
-      HighLine.track_eof = false
-      PromptMethods::Highline
-    rescue LoadError
-      begin
-        require 'termios'
-        PromptMethods::Termios
-      rescue LoadError
-        PromptMethods::Clear
+      # start password session. Multiple questions might be asked multiple times
+      # on the returned object. Info hash tries to uniquely identify the password
+      # session, so caching implementations can save passwords properly.
+      def start(info)
+        Prompter.new(info)
       end
     end
-
-end; end
+  end
+end

data/lib/net/ssh/proxy/command.rb

@@ -1,75 +1,123 @@
 require 'socket'
+require 'rubygems'
 require 'net/ssh/proxy/errors'
-require 'net/ssh/ruby_compat'
 
-module Net; module SSH; module Proxy
+module Net
+  module SSH
+    module Proxy
+      # An implementation of a command proxy. To use it, instantiate it,
+      # then pass the instantiated object via the :proxy key to
+      # Net::SSH.start:
+      #
+      #   require 'net/ssh/proxy/command'
+      #
+      #   proxy = Net::SSH::Proxy::Command.new('ssh relay nc %h %p')
+      #   Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
+      #     ...
+      #   end
+      class Command
+        # The command line template
+        attr_reader :command_line_template
 
-  # An implementation of a command proxy. To use it, instantiate it,
-  # then pass the instantiated object via the :proxy key to
-  # Net::SSH.start:
-  #
-  #   require 'net/ssh/proxy/command'
-  #
-  #   proxy = Net::SSH::Proxy::Command.new('ssh relay nc %h %p')
-  #   Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
-  #     ...
-  #   end
-  class Command
+        # The command line for the session
+        attr_reader :command_line
 
-    # The command line template
-    attr_reader :command_line_template
+        # Timeout in seconds in open, defaults to 60
+        attr_accessor :timeout
 
-    # The command line for the session
-    attr_reader :command_line
+        # Create a new socket factory that tunnels via a command executed
+        # with the user's shell, which is composed from the given command
+        # template.  In the command template, `%h' will be substituted by
+        # the host name to connect and `%p' by the port.
+        def initialize(command_line_template)
+          @command_line_template = command_line_template
+          @command_line = nil
+          @timeout = 60
+        end
 
-    # Create a new socket factory that tunnels via a command executed
-    # with the user's shell, which is composed from the given command
-    # template.  In the command template, `%h' will be substituted by
-    # the host name to connect and `%p' by the port.
-    def initialize(command_line_template)
-      @command_line_template = command_line_template
-      @command_line = nil
-    end
+        # Return a new socket connected to the given host and port via the
+        # proxy that was requested when the socket factory was instantiated.
+        def open(host, port, connection_options = nil)
+          command_line = @command_line_template.gsub(/%(.)/) {
+            case $1
+            when 'h'
+              host
+            when 'p'
+              port.to_s
+            when 'r'
+              remote_user = connection_options && connection_options[:remote_user]
+              if remote_user
+                remote_user
+              else
+                raise ArgumentError, "remote user name not available"
+              end
+            when '%'
+              '%'
+            else
+              raise ArgumentError, "unknown key: #{$1}"
+            end
+          }
+          begin
+            io = IO.popen(command_line, "r+")
+            begin
+              if result = IO.select([io], nil, [io], @timeout)
+                if result.last.any? || io.eof?
+                  raise "command failed"
+                end
+              else
+                raise "command timed out"
+              end
+            rescue StandardError
+              close_on_error(io)
+              raise
+            end
+          rescue StandardError => e
+            raise ConnectError, "#{e}: #{command_line}"
+          end
+          @command_line = command_line
+          if Gem.win_platform?
+            # read_nonblock and write_nonblock are not available on Windows
+            # pipe. Use sysread and syswrite as a replacement works.
+            def io.send(data, flag)
+              syswrite(data)
+            end
 
-    # Return a new socket connected to the given host and port via the
-    # proxy that was requested when the socket factory was instantiated.
-    def open(host, port)
-      command_line = @command_line_template.gsub(/%(.)/) {
-        case $1
-        when 'h'
-          host
-        when 'p'
-          port.to_s
-        when '%'
-          '%'
-        else
-          raise ArgumentError, "unknown key: #{$1}"
-        end
-      }
-      begin
-        io = IO.popen(command_line, "r+")
-        if result = Net::SSH::Compat.io_select([io], nil, [io], 60)
-          if result.last.any?
-            raise "command failed"
+            def io.recv(size)
+              sysread(size)
+            end
+          else
+            def io.send(data, flag)
+              begin
+                result = write_nonblock(data)
+              rescue IO::WaitWritable, Errno::EINTR
+                IO.select(nil, [self])
+                retry
+              end
+              result
+            end
+
+            def io.recv(size)
+              begin
+                result = read_nonblock(size)
+              rescue IO::WaitReadable, Errno::EINTR
+                timeout_in_seconds = 20
+                if IO.select([self], nil, [self], timeout_in_seconds) == nil
+                  raise "Unexpected spurious read wakeup"
+                end
+
+                retry
+              end
+              result
+            end
           end
-        else
-          raise "command timed out"
-        end
-      rescue => e
-        raise ConnectError, "#{e}: #{command_line}"
-      end
-      @command_line = command_line
-      class << io
-        def send(data, flag)
-          write_nonblock(data)
+          io
         end
 
-        def recv(size)
-          read_nonblock(size)
+        def close_on_error(io)
+          Process.kill('TERM', io.pid)
+          Thread.new { io.close }
         end
       end
-      io
     end
   end
-
-end; end; end
+end

data/lib/net/ssh/proxy/errors.rb

@@ -1,14 +1,16 @@
 require 'net/ssh/errors'
 
-module Net; module SSH; module Proxy
+module Net
+  module SSH
+    module Proxy
+      # A general exception class for all Proxy errors.
+      class Error < Net::SSH::Exception; end
 
-  # A general exception class for all Proxy errors.
-  class Error < Net::SSH::Exception; end
+      # Used for reporting proxy connection errors.
+      class ConnectError < Error; end
 
-  # Used for reporting proxy connection errors.
-  class ConnectError < Error; end
-
-  # Used when the server doesn't recognize the user's credentials.
-  class UnauthorizedError < Error; end
-
-end; end; end
+      # Used when the server doesn't recognize the user's credentials.
+      class UnauthorizedError < Error; end
+    end
+  end
+end

data/lib/net/ssh/proxy/http.rb

@@ -1,94 +1,98 @@
 require 'socket'
 require 'net/ssh/proxy/errors'
 
-module Net; module SSH; module Proxy
-
-  # An implementation of an HTTP proxy. To use it, instantiate it, then
-  # pass the instantiated object via the :proxy key to Net::SSH.start:
-  #
-  #   require 'net/ssh/proxy/http'
-  #
-  #   proxy = Net::SSH::Proxy::HTTP.new('proxy.host', proxy_port)
-  #   Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
-  #     ...
-  #   end
-  #
-  # If the proxy requires authentication, you can pass :user and :password
-  # to the proxy's constructor:
-  #
-  #   proxy = Net::SSH::Proxy::HTTP.new('proxy.host', proxy_port,
-  #      :user => "user", :password => "password")
-  #
-  # Note that HTTP digest authentication is not supported; Basic only at
-  # this point.
-  class HTTP
-
-    # The hostname or IP address of the HTTP proxy.
-    attr_reader :proxy_host
-
-    # The port number of the proxy.
-    attr_reader :proxy_port
-
-    # The map of additional options that were given to the object at
-    # initialization.
-    attr_reader :options
-
-    # Create a new socket factory that tunnels via the given host and
-    # port. The +options+ parameter is a hash of additional settings that
-    # can be used to tweak this proxy connection. Specifically, the following
-    # options are supported:
-    #
-    # * :user => the user name to use when authenticating to the proxy
-    # * :password => the password to use when authenticating
-    def initialize(proxy_host, proxy_port=80, options={})
-      @proxy_host = proxy_host
-      @proxy_port = proxy_port
-      @options = options
-    end
+module Net
+  module SSH
+    module Proxy
+      # An implementation of an HTTP proxy. To use it, instantiate it, then
+      # pass the instantiated object via the :proxy key to Net::SSH.start:
+      #
+      #   require 'net/ssh/proxy/http'
+      #
+      #   proxy = Net::SSH::Proxy::HTTP.new('proxy_host', proxy_port)
+      #   Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
+      #     ...
+      #   end
+      #
+      # If the proxy requires authentication, you can pass :user and :password
+      # to the proxy's constructor:
+      #
+      #   proxy = Net::SSH::Proxy::HTTP.new('proxy_host', proxy_port,
+      #      :user => "user", :password => "password")
+      #
+      # Note that HTTP digest authentication is not supported; Basic only at
+      # this point.
+      class HTTP
+        # The hostname or IP address of the HTTP proxy.
+        attr_reader :proxy_host
+
+        # The port number of the proxy.
+        attr_reader :proxy_port
+
+        # The map of additional options that were given to the object at
+        # initialization.
+        attr_reader :options
+
+        # Create a new socket factory that tunnels via the given host and
+        # port. The +options+ parameter is a hash of additional settings that
+        # can be used to tweak this proxy connection. Specifically, the following
+        # options are supported:
+        #
+        # * :user => the user name to use when authenticating to the proxy
+        # * :password => the password to use when authenticating
+        def initialize(proxy_host, proxy_port = 80, options = {})
+          @proxy_host = proxy_host
+          @proxy_port = proxy_port
+          @options = options
+        end
 
-    # Return a new socket connected to the given host and port via the
-    # proxy that was requested when the socket factory was instantiated.
-    def open(host, port)
-      socket = TCPSocket.new(proxy_host, proxy_port)
-      socket.write "CONNECT #{host}:#{port} HTTP/1.0\r\n"
+        # Return a new socket connected to the given host and port via the
+        # proxy that was requested when the socket factory was instantiated.
+        def open(host, port, connection_options)
+          socket = establish_connection(connection_options[:timeout])
+          socket.write "CONNECT #{host}:#{port} HTTP/1.1\r\n"
+          socket.write "Host: #{host}:#{port}\r\n"
 
-      if options[:user]
-        credentials = ["#{options[:user]}:#{options[:password]}"].pack("m*").gsub(/\s/, "")
-        socket.write "Proxy-Authorization: Basic #{credentials}\r\n"
-      end
+          if options[:user]
+            credentials = ["#{options[:user]}:#{options[:password]}"].pack("m*").gsub(/\s/, "")
+            socket.write "Proxy-Authorization: Basic #{credentials}\r\n"
+          end
 
-      socket.write "\r\n"
+          socket.write "\r\n"
 
-      resp = parse_response(socket)
+          resp = parse_response(socket)
 
-      return socket if resp[:code] == 200
+          return socket if resp[:code] == 200
 
-      socket.close
-      raise ConnectError, resp.inspect
-    end
-
-    private
+          socket.close
+          raise ConnectError, resp.inspect
+        end
 
-      def parse_response(socket)
-        version, code, reason = socket.gets.chomp.split(/ /, 3)
-        headers = {}
+        protected
 
-        while (line = socket.gets) && (line.chomp! != "")
-          name, value = line.split(/:/, 2)
-          headers[name.strip] = value.strip
+        def establish_connection(connect_timeout)
+          Socket.tcp(proxy_host, proxy_port, nil, nil,
+                     connect_timeout: connect_timeout)
         end
 
-        if headers["Content-Length"]
-          body = socket.read(headers["Content-Length"].to_i)
-        end
+        def parse_response(socket)
+          version, code, reason = socket.gets.chomp.split(/ /, 3)
+          headers = {}
 
-        return { :version => version,
-                 :code => code.to_i,
-                 :reason => reason,
-                 :headers => headers,
-                 :body => body }
-      end
+          while (line = socket.gets) && (line.chomp! != "")
+            name, value = line.split(/:/, 2)
+            headers[name.strip] = value.strip
+          end
 
-  end
+          body = socket.read(headers["Content-Length"].to_i) if headers["Content-Length"]
 
-end; end; end
+          return { version: version,
+                   code: code.to_i,
+                   reason: reason,
+                   headers: headers,
+                   body: body }
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/proxy/https.rb

@@ -0,0 +1,50 @@
+require 'socket'
+require 'openssl'
+require 'net/ssh/proxy/errors'
+require 'net/ssh/proxy/http'
+
+module Net
+  module SSH
+    module Proxy
+      # A specialization of the HTTP proxy which encrypts the whole connection
+      # using OpenSSL. This has the advantage that proxy authentication
+      # information is not sent in plaintext.
+      class HTTPS < HTTP
+        # Create a new socket factory that tunnels via the given host and
+        # port. The +options+ parameter is a hash of additional settings that
+        # can be used to tweak this proxy connection. In addition to the options
+        # taken by Net::SSH::Proxy::HTTP it supports:
+        #
+        # * :ssl_context => the SSL configuration to use for the connection
+        def initialize(proxy_host, proxy_port = 80, options = {})
+          @ssl_context = options.delete(:ssl_context) ||
+                           OpenSSL::SSL::SSLContext.new
+          super(proxy_host, proxy_port, options)
+        end
+
+        protected
+
+        # Shim to make OpenSSL::SSL::SSLSocket behave like a regular TCPSocket
+        # for all intents and purposes of Net::SSH::BufferedIo
+        module SSLSocketCompatibility
+          def self.extended(object) # :nodoc:
+            object.define_singleton_method(:recv, object.method(:sysread))
+            object.sync_close = true
+          end
+
+          def send(data, _opts)
+            syswrite(data)
+          end
+        end
+
+        def establish_connection(connect_timeout)
+          plain_socket = super(connect_timeout)
+          OpenSSL::SSL::SSLSocket.new(plain_socket, @ssl_context).tap do |socket|
+            socket.extend(SSLSocketCompatibility)
+            socket.connect
+          end
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/proxy/jump.rb

@@ -0,0 +1,54 @@
+require 'uri'
+require 'net/ssh/proxy/command'
+
+module Net
+  module SSH
+    module Proxy
+      # An implementation of a jump proxy. To use it, instantiate it,
+      # then pass the instantiated object via the :proxy key to
+      # Net::SSH.start:
+      #
+      #   require 'net/ssh/proxy/jump'
+      #
+      #   proxy = Net::SSH::Proxy::Jump.new('user@proxy')
+      #   Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
+      #     ...
+      #   end
+      class Jump < Command
+        # The jump proxies
+        attr_reader :jump_proxies
+
+        # Create a new socket factory that tunnels via multiple jump proxes as
+        # [user@]host[:port].
+        def initialize(jump_proxies)
+          @jump_proxies = jump_proxies
+        end
+
+        # Return a new socket connected to the given host and port via the jump
+        # proxy that was requested when the socket factory was instantiated.
+        def open(host, port, connection_options = nil)
+          build_proxy_command_equivalent(connection_options)
+          super
+        end
+
+        # We cannot build the ProxyCommand template until we know if the :config
+        # option was specified during `Net::SSH.start`.
+        def build_proxy_command_equivalent(connection_options = nil)
+          first_jump, extra_jumps = jump_proxies.split(",", 2)
+          config = connection_options && connection_options[:config]
+          uri = URI.parse("ssh://#{first_jump}")
+
+          template = "ssh".dup
+          template << " -l #{uri.user}"    if uri.user
+          template << " -p #{uri.port}"    if uri.port
+          template << " -J #{extra_jumps}" if extra_jumps
+          template << " -F #{config}" if config != true && config
+          template << " -W %h:%p "
+          template << uri.host
+
+          @command_line_template = template
+        end
+      end
+    end
+  end
+end