net-ssh 2.9.0 → 2.9.1

data/.travis.yml

@@ -2,7 +2,6 @@ language: ruby
 rvm:
   - "1.9.3"
   - "2.0.0"
-  - "2.1.0"
 
 
 install: gem install jeweler test-unit mocha

data/CHANGES.txt

@@ -1,5 +1,11 @@
 
 
+=== 2.9.1 / 13 May 2014
+
+* Fix for unknown response from agent on Windows with 64-bit PuTTY [chrahunt]
+* Support negative patterns in host lookup from the SSH config file [nirvdrum]
+
+
 === 2.9.0 / 30 Apr 2014
 
 * New ciphers [chr4]

data/lib/net/ssh/authentication/pageant.rb

@@ -27,15 +27,21 @@ module Net; module SSH; module Authentication
     # The definition of the Windows methods and data structures used in
     # communicating with the pageant process.
     module Win
+      # Compatibility on initialization
       if RUBY_VERSION < "1.9"
         extend DL::Importable
 
         dlload 'user32'
         dlload 'kernel32'
+        dlload 'advapi32'
+
+        SIZEOF_DWORD = DL.sizeof('L')
       else
         extend DL::Importer
-        dlload 'user32','kernel32'
+        dlload 'user32','kernel32', 'advapi32'
         include DL::Win32Types
+
+        SIZEOF_DWORD = DL::SIZEOF_LONG
       end
 
       typealias("LPCTSTR", "char *")         # From winnt.h
@@ -45,6 +51,7 @@ module Net; module SSH; module Authentication
       typealias("WPARAM", "unsigned int *")  # From windef.h
       typealias("LPARAM", "long *")          # From windef.h
       typealias("PDWORD_PTR", "long *")      # From basetsd.h
+      typealias("USHORT", "unsigned short")  # From windef.h
 
       # From winbase.h, winnt.h
       INVALID_HANDLE_VALUE = -1
@@ -63,8 +70,8 @@ module Net; module SSH; module Authentication
 
       # args: hFile, (ignored), flProtect, dwMaximumSizeHigh,
       #           dwMaximumSizeLow, lpName
-      extern 'HANDLE CreateFileMapping(HANDLE, void *, DWORD, DWORD, ' +
-        'DWORD, LPCTSTR)'
+      extern 'HANDLE CreateFileMapping(HANDLE, void *, DWORD, ' +
+        'DWORD, DWORD, LPCTSTR)'
 
       # args: hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh, 
       #           dwfileOffsetLow, dwNumberOfBytesToMap
@@ -79,9 +86,180 @@ module Net; module SSH; module Authentication
       # args: hWnd, Msg, wParam, lParam, fuFlags, uTimeout, lpdwResult
       extern 'LRESULT SendMessageTimeout(HWND, UINT, WPARAM, LPARAM, ' +
         'UINT, UINT, PDWORD_PTR)'
+      
+      # args: none
+      extern 'DWORD GetLastError()'
+
+      # args: none
+      extern 'HANDLE GetCurrentProcess()'
+
+      # args: hProcessHandle, dwDesiredAccess, (out) phNewTokenHandle
+      extern 'BOOL OpenProcessToken(HANDLE, DWORD, PHANDLE)'
+
+      # args: hTokenHandle, uTokenInformationClass,
+      #           (out) lpTokenInformation, dwTokenInformationLength
+      #           (out) pdwInfoReturnLength
+      extern 'BOOL GetTokenInformation(HANDLE, UINT, LPVOID, DWORD, ' +
+        'PDWORD)'
+
+      # args: (out) lpSecurityDescriptor, dwRevisionLevel
+      extern 'BOOL InitializeSecurityDescriptor(LPVOID, DWORD)'
+
+      # args: (out) lpSecurityDescriptor, lpOwnerSid, bOwnerDefaulted
+      extern 'BOOL SetSecurityDescriptorOwner(LPVOID, LPVOID, BOOL)'
+
+      # args: pSecurityDescriptor
+      extern 'BOOL IsValidSecurityDescriptor(LPVOID)'
+
+      # Constants needed for security attribute retrieval.
+      # Specifies the access mask corresponding to the desired access 
+      # rights. 
+      TOKEN_QUERY = 0x8
+
+      # The value of TOKEN_USER from the TOKEN_INFORMATION_CLASS enum.
+      TOKEN_USER_INFORMATION_CLASS = 1
+
+      # The initial revision level assigned to the security descriptor.
+      REVISION = 1
+
+      # Structs for security attribute functions.
+      # Holds the retrieved user access token.
+      TOKEN_USER = struct ['void * SID', 'DWORD ATTRIBUTES']
+
+      # Contains the security descriptor, this gets passed to the
+      # function that constructs the shared memory map.
+      SECURITY_ATTRIBUTES = struct ['DWORD nLength',
+                                    'LPVOID lpSecurityDescriptor',
+                                    'BOOL bInheritHandle']
+
+      # The security descriptor holds security information.
+      SECURITY_DESCRIPTOR = struct ['UCHAR Revision', 'UCHAR Sbz1',
+                                    'USHORT Control', 'LPVOID Owner',
+                                    'LPVOID Group', 'LPVOID Sacl',
+                                    'LPVOID Dacl']
+
+      # Compatibility for security attribute retrieval.
       if RUBY_VERSION < "1.9"
-        alias_method :FindWindow,:findWindow
-        module_function :FindWindow
+        # Alias functions to > 1.9 capitalization
+        %w(findWindow
+           getCurrentProcess
+           initializeSecurityDescriptor
+           setSecurityDescriptorOwner
+           isValidSecurityDescriptor
+           openProcessToken
+           getTokenInformation
+           getLastError
+           getCurrentThreadId
+           createFileMapping
+           mapViewOfFile
+           sendMessageTimeout
+           unmapViewOfFile
+           closeHandle).each do |name|
+          new_name = name[0].chr.upcase + name[1..name.length]
+          alias_method new_name, name
+          module_function new_name
+        end
+
+        def self.malloc_ptr(size)
+          return DL.malloc(size)
+        end
+
+        def self.get_ptr(data)
+          return data.to_ptr
+        end
+
+        def self.set_ptr_data(ptr, data)
+          ptr[0] = data
+        end
+      else
+        def self.malloc_ptr(size)
+          return DL::CPtr.malloc(size, DL::RUBY_FREE)
+        end
+
+        def self.get_ptr(data)
+          return DL::CPtr.to_ptr data
+        end
+
+        def self.set_ptr_data(ptr, data)
+          DL::CPtr.new(ptr)[0,data.size] = data
+        end
+      end
+
+      def self.get_security_attributes_for_user
+        user = get_current_user
+
+        psd_information = malloc_ptr(Win::SECURITY_DESCRIPTOR.size)
+        raise_error_if_zero(
+          Win.InitializeSecurityDescriptor(psd_information,
+                                           Win::REVISION))
+        raise_error_if_zero(
+          Win.SetSecurityDescriptorOwner(psd_information, user.SID,
+                                         0))
+        raise_error_if_zero(
+          Win.IsValidSecurityDescriptor(psd_information))
+
+        nLength = Win::SECURITY_ATTRIBUTES.size
+        lpSecurityDescriptor = psd_information
+        bInheritHandle = 1
+        sa = [nLength, lpSecurityDescriptor.to_i,
+              bInheritHandle].pack("LLC")
+
+        return sa
+      end
+
+      def self.get_current_user
+        token_handle = open_process_token(Win.GetCurrentProcess,
+                                          Win::TOKEN_QUERY)
+        token_user =  get_token_information(token_handle,
+                        Win::TOKEN_USER_INFORMATION_CLASS)
+        return token_user
+      end
+
+      def self.open_process_token(process_handle, desired_access)
+        ptoken_handle = malloc_ptr(Win::SIZEOF_DWORD)
+
+        raise_error_if_zero(
+          Win.OpenProcessToken(process_handle, desired_access,
+                               ptoken_handle))
+        token_handle = ptoken_handle.ptr.to_i
+
+        return token_handle
+      end
+
+      def self.get_token_information(token_handle,
+                                     token_information_class)
+        # Hold the size of the information to be returned
+        preturn_length = malloc_ptr(Win::SIZEOF_DWORD)
+
+        # Going to throw an INSUFFICIENT_BUFFER_ERROR, but that is ok
+        # here. This is retrieving the size of the information to be
+        # returned.
+        Win.GetTokenInformation(token_handle,
+                                token_information_class,
+                                Win::NULL, 0, preturn_length)
+        ptoken_information = malloc_ptr(preturn_length.ptr.to_i)
+
+        # This call is going to write the requested information to
+        # the memory location referenced by token_information.
+        raise_error_if_zero(
+          Win.GetTokenInformation(token_handle,
+                                  token_information_class,
+                                  ptoken_information,
+                                  ptoken_information.size,
+                                  preturn_length))
+
+        return TOKEN_USER.new(ptoken_information)
+      end
+
+      def self.raise_error_if_zero(result)
+        if result == 0
+          raise "Windows error: #{Win.GetLastError}"
+        end
+      end
+
+      # Get a null-terminated string given a string.
+      def self.get_cstr(str)
+        return str + "\000"
       end
     end
 
@@ -140,78 +318,27 @@ module Net; module SSH; module Authentication
 
       def close
       end
-      
-      def send_query(query)
-        if RUBY_VERSION < "1.9"
-          send_query_18(query)
-        else
-          send_query_19(query)
-        end
-      end
-      
-      # Packages the given query string and sends it to the pageant
-      # process via the Windows messaging subsystem. The result is
-      # cached, to be returned piece-wise when #read is called.
-      def send_query_18(query)
-        res = nil
-        filemap = 0
-        ptr = nil
-        id = DL::PtrData.malloc(DL.sizeof("L"))
-
-        mapname = "PageantRequest%08x\000" % Win.getCurrentThreadId()
-        filemap = Win.createFileMapping(Win::INVALID_HANDLE_VALUE, 
-                                        Win::NULL,
-                                        Win::PAGE_READWRITE, 0, 
-                                        AGENT_MAX_MSGLEN, mapname)
-        if filemap == 0
-          raise Net::SSH::Exception,
-            "Creation of file mapping failed"
-        end
-
-        ptr = Win.mapViewOfFile(filemap, Win::FILE_MAP_WRITE, 0, 0, 
-                                AGENT_MAX_MSGLEN)
-
-        if ptr.nil? || ptr.null?
-          raise Net::SSH::Exception, "Mapping of file failed"
-        end
-
-        ptr[0] = query
-
-        cds = [AGENT_COPYDATA_ID, mapname.size + 1, mapname].
-          pack("LLp").to_ptr
-        succ = Win.sendMessageTimeout(@win, Win::WM_COPYDATA, Win::NULL,
-                                      cds, Win::SMTO_NORMAL, 5000, id)
-
-        if succ > 0
-          retlen = 4 + ptr.to_s(4).unpack("N")[0]
-          res = ptr.to_s(retlen)
-        end        
-
-        return res
-      ensure
-        Win.unmapViewOfFile(ptr) unless ptr.nil? || ptr.null?
-        Win.closeHandle(filemap) if filemap != 0
-      end
 
       # Packages the given query string and sends it to the pageant
       # process via the Windows messaging subsystem. The result is
       # cached, to be returned piece-wise when #read is called.
-      def send_query_19(query)
+      def send_query(query)
         res = nil
         filemap = 0
         ptr = nil
-        id = DL.malloc(DL::SIZEOF_LONG)
+        id = Win.malloc_ptr(Win::SIZEOF_DWORD)
 
-        mapname = "PageantRequest%08x\000" % Win.GetCurrentThreadId()
+        mapname = "PageantRequest%08x" % Win.GetCurrentThreadId()
+        security_attributes = Win.get_ptr Win.get_security_attributes_for_user
 
-        filemap = Win.CreateFileMapping(Win::INVALID_HANDLE_VALUE, 
-                                        Win::NULL,
-                                        Win::PAGE_READWRITE, 0, 
+        filemap = Win.CreateFileMapping(Win::INVALID_HANDLE_VALUE,
+                                        security_attributes,
+                                        Win::PAGE_READWRITE, 0,
                                         AGENT_MAX_MSGLEN, mapname)
 
         if filemap == 0 || filemap == Win::INVALID_HANDLE_VALUE
           raise Net::SSH::Exception,
-            "Creation of file mapping failed"
+            "Creation of file mapping failed with error: #{Win.GetLastError}"
         end
 
         ptr = Win.MapViewOfFile(filemap, Win::FILE_MAP_WRITE, 0, 0, 
@@ -221,17 +348,19 @@ module Net; module SSH; module Authentication
           raise Net::SSH::Exception, "Mapping of file failed"
         end
 
-        DL::CPtr.new(ptr)[0,query.size]=query
+        Win.set_ptr_data(ptr, query)
 
-        cds = DL::CPtr.to_ptr [AGENT_COPYDATA_ID, mapname.size + 1, mapname].
-          pack("LLp")
+        cds = Win.get_ptr [AGENT_COPYDATA_ID, mapname.size + 1,
+                           Win.get_cstr(mapname)].pack("LLp")
         succ = Win.SendMessageTimeout(@win, Win::WM_COPYDATA, Win::NULL,
                                       cds, Win::SMTO_NORMAL, 5000, id)
 
         if succ > 0
           retlen = 4 + ptr.to_s(4).unpack("N")[0]
           res = ptr.to_s(retlen)
-        end        
+        else
+          raise Net::SSH::Exception, "Message failed with error: #{Win.GetLastError}"
+        end
 
         return res
       ensure

data/lib/net/ssh/buffer.rb

@@ -255,7 +255,7 @@ module Net; module SSH
           key.e = read_bignum
           key.n = read_bignum
 
-        when /^ecdsa\-sha2\-(\w*)$/
+        when /^ecdsa\-sha2\-(\w*)$/, /^ssh-ed25519(-cert-v01@openssh.com)?$/
           unless defined?(OpenSSL::PKey::EC)
             raise NotImplementedError, "unsupported key type `#{type}'"
           else

data/lib/net/ssh/config.rb

@@ -103,8 +103,18 @@ module Net; module SSH
           if key == 'host'
             # Support "Host host1 host2 hostN".
             # See http://github.com/net-ssh/net-ssh/issues#issue/6
-            multi_host = value.to_s.split(/\s+/)
-            matched_host = multi_host.select { |h| host =~ pattern2regex(h) }.first
+            negative_hosts, positive_hosts = value.to_s.split(/\s+/).partition { |h| h.start_with?('!') }
+
+            # Check for negative patterns first. If the host matches, that overrules any other positive match.
+            # The host substring code is used to strip out the starting "!" so the regexp will be correct.
+            negative_match = negative_hosts.select { |h| host =~ pattern2regex(h[1..-1]) }.first
+
+            if negative_match
+              matched_host = nil
+            else
+              matched_host = positive_hosts.select { |h| host =~ pattern2regex(h) }.first
+            end
+
             seen_host = true
             settings[key] = host
           elsif !seen_host

data/lib/net/ssh/transport/cipher_factory.rb

@@ -41,6 +41,9 @@ module Net; module SSH; module Transport
       "camellia192-ctr@openssh.org" => "camellia-192-ecb",
       "camellia256-ctr@openssh.org" => "camellia-256-ecb",
 
+      "aes256-gcm@openssh.com"      => "aes-256-gcm",
+      "aes128-gcm@openssh.com"      => "aes-128-gcm",
+
       "none"                        => "none",
     }
 

data/lib/net/ssh/version.rb

@@ -51,7 +51,7 @@ module Net; module SSH
     MINOR = 9
 
     # The tiny component of this version of the Net::SSH library
-    TINY  = 0
+    TINY  = 1
 
     # The current version of the Net::SSH library as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/net-ssh.gemspec

@@ -5,12 +5,12 @@
 
 Gem::Specification.new do |s|
   s.name = "net-ssh"
-  s.version = "2.9.0"
+  s.version = "2.9.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Jamis Buck", "Delano Mandelbaum"]
   s.cert_chain = ["gem-public_cert.pem"]
-  s.date = "2014-04-30"
+  s.date = "2014-05-13"
   s.description = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2."
   s.email = "net-ssh@solutious.com"
   s.extra_rdoc_files = [
@@ -129,6 +129,7 @@ Gem::Specification.new do |s|
     "test/configs/exact_match",
     "test/configs/host_plus",
     "test/configs/multihost",
+    "test/configs/negative_match",
     "test/configs/nohost",
     "test/configs/numeric_host",
     "test/configs/send_env",
@@ -138,6 +139,7 @@ Gem::Specification.new do |s|
     "test/connection/test_session.rb",
     "test/known_hosts/github",
     "test/manual/test_forward.rb",
+    "test/manual/test_pageant.rb",
     "test/start/test_connection.rb",
     "test/start/test_options.rb",
     "test/start/test_transport.rb",

data/test/configs/negative_match

@@ -0,0 +1,6 @@
+Host test.* !test.host
+  Port 1234
+  Compression no
+
+Host test.host
+  Port 9876

data/test/manual/test_pageant.rb

@@ -0,0 +1,37 @@
+#
+# Tests for communication capability with Pageant (or KeeAgent)
+# process, to include the case where it is running in different UAC
+# context.
+#
+# To run:
+# - Ensure that Pageant is running (not as administrator).
+# - Open two command prompts, one as an administrator and one limited
+#     (normal).
+# - Within each, from the root net/ssh project directory, execute:
+#       ruby -Ilib -Itest -rrubygems test/manual/test_pageant.rb
+#
+
+require 'common'
+require 'net/ssh/authentication/agent'
+
+module Authentication
+
+  class TestPageant < Test::Unit::TestCase
+
+    def test_agent_should_be_able_to_negotiate
+      assert_nothing_raised(Net::SSH::Authentication::AgentNotAvailable) { agent.negotiate! }
+    end
+
+    private
+
+      def agent(auto=:connect)
+        @agent ||= begin
+          agent = Net::SSH::Authentication::Agent.new
+          agent.connect! if auto == :connect
+          agent
+        end
+      end
+
+  end
+
+end

data/test/test_config.rb

@@ -35,6 +35,12 @@ class TestConfig < Test::Unit::TestCase
     assert !config.key?('rekeylimit')
   end
 
+  def test_load_with_wild_card_and_negative_pattern_does_not_match
+    config = Net::SSH::Config.load(config(:negative_match), "test.host")
+    assert_equal 9876, config['port']
+    assert !config.key?('compression')
+  end
+
   def test_for_should_load_all_files_and_translate_to_net_ssh_options
     config = Net::SSH::Config.for("test.host", [config(:exact_match), config(:wild_cards)])
     assert_equal 1234, config[:port]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-ssh
 version: !ruby/object:Gem::Version
-  version: 2.9.0
+  version: 2.9.1
   prerelease: 
 platform: ruby
 authors:
@@ -38,7 +38,7 @@ cert_chain:
   bkh3ZjNJSVVQZzdsc01DUnpPa1EvRkQ4N0JJM1YzU25GTm9UQ2RHZ25HajNq
   Zlc0elJsTAppRnlhcmVGUEE4NGJ0UT09Ci0tLS0tRU5EIENFUlRJRklDQVRF
   LS0tLS0K
-date: 2014-04-30 00:00:00.000000000 Z
+date: 2014-05-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: test-unit
@@ -193,6 +193,7 @@ files:
 - test/configs/exact_match
 - test/configs/host_plus
 - test/configs/multihost
+- test/configs/negative_match
 - test/configs/nohost
 - test/configs/numeric_host
 - test/configs/send_env
@@ -202,6 +203,7 @@ files:
 - test/connection/test_session.rb
 - test/known_hosts/github
 - test/manual/test_forward.rb
+- test/manual/test_pageant.rb
 - test/start/test_connection.rb
 - test/start/test_options.rb
 - test/start/test_transport.rb