net-ssh 2.9.1 → 2.9.2.beta

data/lib/net/ssh/transport/algorithms.rb

@@ -42,14 +42,12 @@ module Net; module SSH; module Transport
                          camellia192-ctr@openssh.org
                          camellia256-ctr@openssh.org
                          cast128-ctr blowfish-ctr 3des-ctr
-                         aes256-gcm@openssh.com aes128-gcm@openssh.com
                         ),
+
       :hmac        => %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96
                          hmac-ripemd160 hmac-ripemd160@openssh.com
                          hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96
-                         hmac-sha2-512-96 none
-                         hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com
-                         umac-128-etm@openssh.com),
+                         hmac-sha2-512-96 none),
 
       :compression => %w(none zlib@openssh.com zlib),
       :language    => %w() 
@@ -57,9 +55,7 @@ module Net; module SSH; module Transport
     if defined?(OpenSSL::PKey::EC)
       ALGORITHMS[:host_key] += %w(ecdsa-sha2-nistp256
                                   ecdsa-sha2-nistp384
-                                  ecdsa-sha2-nistp521
-                                  ssh-ed25519-cert-v01@openssh.com
-                                  ssh-ed25519)
+                                  ecdsa-sha2-nistp521)
       ALGORITHMS[:kex] += %w(ecdh-sha2-nistp256
                              ecdh-sha2-nistp384
                              ecdh-sha2-nistp521
@@ -221,8 +217,13 @@ module Net; module SSH; module Transport
           # apply the preferred algorithm order, if any
           if options[algorithm]
             algorithms[algorithm] = Array(options[algorithm]).compact.uniq
-            invalid = algorithms[algorithm].detect { |name| !ALGORITHMS[algorithm].include?(name) }
-            raise NotImplementedError, "unsupported #{algorithm} algorithm: `#{invalid}'" if invalid
+            unsupported = []
+            algorithms[algorithm].select! do |name|
+              supported = ALGORITHMS[algorithm].include?(name)
+              unsupported << name unless supported
+              supported
+            end
+            lwarn { "unsupported #{algorithm} algorithm: `#{unsupported}'" } unless unsupported.empty?
 
             # make sure all of our supported algorithms are tacked onto the
             # end, so that if the user tries to give a list of which none are

data/lib/net/ssh/transport/cipher_factory.rb

@@ -41,9 +41,6 @@ module Net; module SSH; module Transport
       "camellia192-ctr@openssh.org" => "camellia-192-ecb",
       "camellia256-ctr@openssh.org" => "camellia-256-ecb",
 
-      "aes256-gcm@openssh.com"      => "aes-256-gcm",
-      "aes128-gcm@openssh.com"      => "aes-128-gcm",
-
       "none"                        => "none",
     }
 

data/lib/net/ssh/transport/packet_stream.rb

@@ -14,6 +14,8 @@ module Net; module SSH; module Transport
   # per the SSH2 protocol. It also adds an abstraction for polling packets,
   # to allow for both blocking and non-blocking reads.
   module PacketStream
+    PROXY_COMMAND_HOST_IP = '<no hostip for proxy command>'.freeze
+
     include BufferedIo
 
     def self.extended(object)
@@ -64,7 +66,7 @@ module Net; module SSH; module Transport
           addr = getpeername
           Socket.getnameinfo(addr, Socket::NI_NUMERICHOST | Socket::NI_NUMERICSERV).first
         else
-          "<no hostip for proxy command>"
+          PROXY_COMMAND_HOST_IP
         end
     end
     

data/lib/net/ssh/transport/session.rb

@@ -93,11 +93,16 @@ module Net; module SSH; module Transport
       @host_as_string ||= begin
         string = "#{host}"
         string = "[#{string}]:#{port}" if port != DEFAULT_PORT
-        if socket.peer_ip != host
-          string2 = socket.peer_ip
+
+        peer_ip = socket.peer_ip
+
+        if peer_ip != Net::SSH::Transport::PacketStream::PROXY_COMMAND_HOST_IP &&
+           peer_ip != host
+          string2 = peer_ip
           string2 = "[#{string2}]:#{port}" if port != DEFAULT_PORT
           string << "," << string2
         end
+
         string
       end
     end

data/lib/net/ssh/version.rb

@@ -16,15 +16,15 @@ module Net; module SSH
 
     # A convenience method for instantiating a new Version instance with the
     # given +major+, +minor+, and +tiny+ components.
-    def self.[](major, minor, tiny)
-      new(major, minor, tiny)
+    def self.[](major, minor, tiny, pre = nil)
+      new(major, minor, tiny, pre)
     end
 
     attr_reader :major, :minor, :tiny
 
     # Create a new Version object with the given components.
-    def initialize(major, minor, tiny)
-      @major, @minor, @tiny = major, minor, tiny
+    def initialize(major, minor, tiny, pre = nil)
+      @major, @minor, @tiny, @pre = major, minor, tiny, pre
     end
 
     # Compare this version to the given +version+ object.
@@ -35,7 +35,7 @@ module Net; module SSH
     # Converts this version object to a string, where each of the three
     # version components are joined by the '.' character. E.g., 2.0.0.
     def to_s
-      @to_s ||= [@major, @minor, @tiny].join(".")
+      @to_s ||= [@major, @minor, @tiny, @pre].compact.join(".")
     end
 
     # Converts this version to a canonical integer that may be compared
@@ -51,10 +51,14 @@ module Net; module SSH
     MINOR = 9
 
     # The tiny component of this version of the Net::SSH library
-    TINY  = 1
+    TINY  = 2
+
+    # The prerelease component of this version of the Net::SSH library 
+    # nil allowed
+    PRE   = "beta"
 
     # The current version of the Net::SSH library as a Version instance
-    CURRENT = new(MAJOR, MINOR, TINY)
+    CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)
 
     # The current version of the Net::SSH library as a String
     STRING = CURRENT.to_s

data/net-ssh-public_cert.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDODCCAiCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBCMRAwDgYDVQQDDAduZXQt
+c3NoMRkwFwYKCZImiZPyLGQBGRYJc29sdXRpb3VzMRMwEQYKCZImiZPyLGQBGRYD
+Y29tMB4XDTE0MTIwMjE3MzkyMFoXDTE1MTIwMjE3MzkyMFowQjEQMA4GA1UEAwwH
+bmV0LXNzaDEZMBcGCgmSJomT8ixkARkWCXNvbHV0aW91czETMBEGCgmSJomT8ixk
+ARkWA2NvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0qnw4JV5JN
+MWelqu7pnW2z6GZJ7+zLFYJQNETJyF0U5zo7aCRK08OeUxnpu/TCCXK8iQVkNLfz
+9pVIhF+X8pMEIruAkYGwBt1aWfuSNeyodyMk0vpZdxBHbOTJ4qBRUc6qOtNOeOzv
+8ObYUX52P/EMMaeXTRU+e7MGkB9pb6FvPPNx5akxwIaoRvtcMsc/hJnQuP5r96w6
+t06MgKbXhWAX6gev0RVlrQqzxXst6iuvsrgZGjFqzob5wbTiX9M0+bFAB0EI7tJC
+sv5keEbtNRaU7p3ZbMm4wTHHJLOtD+BpUCSzwv4ToNj9mZtJBMYw2Eeo7z1DklEG
+mr95zbe+zNMCAwEAAaM5MDcwCQYDVR0TBAIwADAdBgNVHQ4EFgQU1bTfpzmitXwv
+LmTXi0IO5vd8NGYwCwYDVR0PBAQDAgSwMA0GCSqGSIb3DQEBBQUAA4IBAQA0Aps8
+UPINGa8XUUtrZtzrgX0/iyXNkKY1ld85g1N3WKEAVLfQI7TlGr0Qv2Ekx6RqlxbR
+Vyq08pytSnghW2otR3bIGMGQzqxAeRLb25cjEwH7YIJ32n7ZC1fpMnBZOBDmueWA
+B9EonmoO3ne7AJSgIvBbZzBPhzM4HrQGRW8LsPFsuj+dcJI43HOQwkmv2TRz0+t6
+mGZldmqLcK0abv4JepLfB9XTue3kuyA29NGBibqyvRwlKckLpvKfHZX6Jxad8xxm
+MbvRpzgROzyfw1qYi4dnIyMwTtXFFcZ0a2jpxHPkcTYFK6TzvFgDLAP0Y/u9jqUQ
+eZ7/3CdSi/isZHEw
+-----END CERTIFICATE-----

data/net-ssh.gemspec

@@ -2,15 +2,17 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
+# stub: net-ssh 2.9.2.beta ruby lib
 
 Gem::Specification.new do |s|
   s.name = "net-ssh"
-  s.version = "2.9.1"
+  s.version = "2.9.2.beta"
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
+  s.require_paths = ["lib"]
   s.authors = ["Jamis Buck", "Delano Mandelbaum"]
-  s.cert_chain = ["gem-public_cert.pem"]
-  s.date = "2014-05-13"
+  s.cert_chain = ["net-ssh-public_cert.pem"]
+  s.date = "2014-12-02"
   s.description = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2."
   s.email = "net-ssh@solutious.com"
   s.extra_rdoc_files = [
@@ -26,7 +28,6 @@ Gem::Specification.new do |s|
     "Rakefile",
     "Rudyfile",
     "THANKS.txt",
-    "gem-public_cert.pem",
     "lib/net/ssh.rb",
     "lib/net/ssh/authentication/agent.rb",
     "lib/net/ssh/authentication/agent/java_pageant.rb",
@@ -46,6 +47,7 @@ Gem::Specification.new do |s|
     "lib/net/ssh/config.rb",
     "lib/net/ssh/connection/channel.rb",
     "lib/net/ssh/connection/constants.rb",
+    "lib/net/ssh/connection/keepalive.rb",
     "lib/net/ssh/connection/session.rb",
     "lib/net/ssh/connection/term.rb",
     "lib/net/ssh/errors.rb",
@@ -106,6 +108,7 @@ Gem::Specification.new do |s|
     "lib/net/ssh/verifiers/secure.rb",
     "lib/net/ssh/verifiers/strict.rb",
     "lib/net/ssh/version.rb",
+    "net-ssh-public_cert.pem",
     "net-ssh.gemspec",
     "setup.rb",
     "support/arcfour_check.rb",
@@ -177,14 +180,13 @@ Gem::Specification.new do |s|
   ]
   s.homepage = "https://github.com/net-ssh/net-ssh"
   s.licenses = ["MIT"]
-  s.require_paths = ["lib"]
   s.rubyforge_project = "net-ssh"
-  s.rubygems_version = "1.8.23"
-  s.signing_key = "/mnt/gem/gem-private_key.pem"
+  s.rubygems_version = "2.2.2"
+  s.signing_key = "/mnt/gem/net-ssh-private_key.pem"
   s.summary = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol."
 
   if s.respond_to? :specification_version then
-    s.specification_version = 3
+    s.specification_version = 4
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
       s.add_development_dependency(%q<test-unit>, [">= 0"])

data/test/authentication/methods/test_password.rb

@@ -1,7 +1,9 @@
 require 'common'
 require 'net/ssh/authentication/methods/password'
+require 'net/ssh/authentication/session'
 require 'authentication/methods/common'
 
+
 module Authentication; module Methods
 
   class TestPassword < Test::Unit::TestCase
@@ -24,6 +26,47 @@ module Authentication; module Methods
       end
     end
 
+    def test_authenticate_ask_for_password_for_second_time_when_password_is_incorrect
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert_equal "jamis", packet.read_string
+        assert_equal "ssh-connection", packet.read_string
+        assert_equal "password", packet.read_string
+        assert_equal false, packet.read_bool
+        assert_equal "the-password", packet.read_string
+        t.return(USERAUTH_FAILURE, :string, "publickey,password")
+
+        t.expect do |t2, packet2|
+          assert_equal USERAUTH_REQUEST, packet2.type
+          assert_equal "jamis", packet2.read_string
+          assert_equal "ssh-connection", packet2.read_string
+          assert_equal "password", packet2.read_string
+          assert_equal false, packet2.read_bool
+          assert_equal "the-password-2", packet2.read_string
+          t.return(USERAUTH_SUCCESS)
+        end
+      end
+
+      subject.expects(:prompt).with("jamis@'s password:", false).returns("the-password-2")
+      subject.authenticate("ssh-connection", "jamis", "the-password")
+    end
+
+    def test_authenticate_ask_for_password_if_not_given
+      transport.expect do |t,packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert_equal "bill", packet.read_string
+        assert_equal "ssh-connection", packet.read_string
+        assert_equal "password", packet.read_string
+        assert_equal false, packet.read_bool
+        assert_equal "good-password", packet.read_string
+        t.return(USERAUTH_SUCCESS)
+      end
+
+      transport.instance_eval { @host='testhost' }
+      subject.expects(:prompt).with("bill@testhost's password:", false).returns("good-password")
+      subject.authenticate("ssh-connection", "bill", nil)
+    end
+
     def test_authenticate_when_password_is_acceptible_should_return_true
       transport.expect do |t,packet|
         assert_equal USERAUTH_REQUEST, packet.type

data/test/authentication/test_agent.rb

@@ -110,6 +110,25 @@ module Authentication
       assert_equal "Okay, but not the best", result.last.comment
     end
 
+    def test_identities_should_ignore_unimplemented_ones
+      key1 = key
+      key2 = OpenSSL::PKey::DSA.new(512)
+      key2.to_blob[0..5]='badkey'
+      key3 = OpenSSL::PKey::DSA.new(512)
+
+      socket.expect do |s, type, buffer|
+        assert_equal SSH2_AGENT_REQUEST_IDENTITIES, type
+        s.return(SSH2_AGENT_IDENTITIES_ANSWER, :long, 3, :string, Net::SSH::Buffer.from(:key, key1), :string, "My favorite key", :string, Net::SSH::Buffer.from(:key, key2), :string, "bad", :string, Net::SSH::Buffer.from(:key, key3), :string, "Okay, but not the best")
+      end
+
+      result = agent.identities
+      assert_equal 2,result.size
+      assert_equal key1.to_blob, result.first.to_blob
+      assert_equal key3.to_blob, result.last.to_blob
+      assert_equal "My favorite key", result.first.comment
+      assert_equal "Okay, but not the best", result.last.comment
+    end
+
     def test_close_should_close_socket
       socket.expects(:close)
       agent.close

data/test/connection/test_session.rb

@@ -366,12 +366,29 @@ module Connection
     def test_process_should_call_enqueue_message_if_io_select_timed_out
       timeout = Net::SSH::Connection::Session::DEFAULT_IO_SELECT_TIMEOUT
       options = { :keepalive => true }
-      expected_packet = P(:byte, Net::SSH::Packet::IGNORE, :string, "keepalive")
+      expected_packet = P(:byte, Net::SSH::Packet::GLOBAL_REQUEST, :string, "keepalive@openssh.com", :bool, true)
       IO.stubs(:select).with([socket],[],nil,timeout).returns(nil)
-      transport.expects(:enqueue_message).with{ |msg| msg.content == expected_packet.content  }
+      transport.expects(:enqueue_message).with{ |msg| msg.content == expected_packet.content }
       session(options).process
     end
 
+    def test_process_should_raise_if_keepalives_not_answered
+      timeout = Net::SSH::Connection::Session::DEFAULT_IO_SELECT_TIMEOUT
+      options = { :keepalive => true, :keepalive_interval => 300, :keepalive_maxcount => 3 }
+      expected_packet = P(:byte, Net::SSH::Packet::GLOBAL_REQUEST, :string, "keepalive@openssh.com", :bool, true)
+      [1,2,3].each do |i|
+        Time.stubs(:now).returns(i*300)
+        IO.stubs(:select).with([socket],[],nil,timeout).returns(nil)
+        transport.expects(:enqueue_message).with{ |msg| msg.content == expected_packet.content  }
+        session(options).process
+      end
+
+      Time.stubs(:now).returns(4*300)
+      IO.stubs(:select).with([socket],[],nil,timeout).returns(nil)
+      transport.expects(:enqueue_message).with{ |msg| msg.content == expected_packet.content }
+      assert_raises(Net::SSH::Timeout) { session(options).process }
+    end
+
     def test_process_should_not_call_enqueue_message_unless_io_select_timed_out
       timeout = Net::SSH::Connection::Session::DEFAULT_IO_SELECT_TIMEOUT
       options = { :keepalive => true }

data/test/manual/test_forward.rb

@@ -3,15 +3,15 @@
 # Tests for the following patch:
 #
 #   http://github.com/net-ssh/net-ssh/tree/portfwfix
-# 
+#
 # It fixes 3 issues, regarding closing forwarded ports:
-# 
+#
 # 1.) if client closes a forwarded connection, but the server is reading, net-ssh terminates with IOError socket closed.
 # 2.) if client force closes (RST) a forwarded connection, but server is reading, net-ssh terminates with
 # 3.) if server closes the sending side, the on_eof is not handled.
-# 
+#
 # More info:
-# 
+#
 # http://net-ssh.lighthouseapp.com/projects/36253/tickets/7
 
 require 'common'
@@ -21,26 +21,26 @@ require 'timeout'
 require 'tempfile'
 
 class TestForward < Test::Unit::TestCase
-  
+
   def localhost
     'localhost'
   end
-  
+
   def ssh_start_params
     [localhost ,ENV['USER'], {:keys => "~/.ssh/id_rsa", :verbose => :debug}]
   end
-  
+
   def start_server_sending_lot_of_data(exceptions)
     server = TCPServer.open(0)
     Thread.start do
       loop do
         Thread.start(server.accept) do |client|
           begin
-            10000.times do |i| 
+            10000.times do |i|
               client.puts "item#{i}"
             end
             client.close
-          rescue 
+          rescue
             exceptions << $!
             raise
           end
@@ -49,14 +49,14 @@ class TestForward < Test::Unit::TestCase
     end
     return server
   end
-  
+
   def start_server_closing_soon(exceptions=nil)
     server = TCPServer.open(0)
     Thread.start do
       loop do
         Thread.start(server.accept) do |client|
           begin
-            client.recv(1024) 
+            client.recv(1024)
             client.setsockopt(Socket::SOL_SOCKET, Socket::SO_LINGER, [1, 0].pack("ii"))
             client.close
           rescue
@@ -68,20 +68,20 @@ class TestForward < Test::Unit::TestCase
     end
     return server
   end
-  
+
   def test_local_ephemeral_port_should_work_correctly
     session = Net::SSH.start(*ssh_start_params)
-    
+
     assert_nothing_raised do
       assigned_port = session.forward.local(0, localhost, 22)
       assert_not_nil assigned_port
       assert_operator assigned_port, :>, 0
     end
   end
-  
+
   def test_remote_ephemeral_port_should_work_correctly
     session = Net::SSH.start(*ssh_start_params)
-    
+
     assert_nothing_raised do
       session.forward.remote(22, localhost, 0, localhost)
       session.loop { !(session.forward.active_remotes.length > 0) }
@@ -90,9 +90,58 @@ class TestForward < Test::Unit::TestCase
       assert_operator assigned_port, :>, 0
     end
   end
-  
+
+  def test_remote_callback_should_fire
+    session = Net::SSH.start(*ssh_start_params)
+
+    assert_nothing_raised do
+      got_port = nil
+      session.forward.remote(22, localhost, 0, localhost) do |port|
+        got_port = port
+      end
+      session.loop { !(session.forward.active_remotes.length > 0) }
+      assert_operator session.forward.active_remote_destinations.length, :==, 1
+      assert_operator session.forward.active_remote_destinations.keys.first, :==, [ 22, localhost ]
+      assert_operator session.forward.active_remote_destinations.values.first, :==, [ got_port, localhost ]
+      assert_operator session.forward.active_remotes.first, :==, [ got_port, localhost ]
+      assigned_port = session.forward.active_remotes.first[0]
+      assert_operator got_port, :==, assigned_port
+      assert_not_nil assigned_port
+      assert_operator assigned_port, :>, 0
+    end
+  end
+
+  def test_remote_callback_should_fire_on_error_and_still_throw_exception
+    session = Net::SSH.start(*ssh_start_params)
+
+    assert_nothing_raised do
+      session.forward.remote(22, localhost, 22, localhost) do |port|
+        assert_operator port, :==, :error
+      end
+    end
+    assert_raises(Net::SSH::Exception) do
+      session.loop { true }
+    end
+  end
+
+  def test_remote_callback_should_fire_on_error_but_not_throw_exception_if_asked_not_to
+    session = Net::SSH.start(*ssh_start_params)
+
+    assert_nothing_raised do
+      got_port = nil
+      session.forward.remote(22, localhost, 22, localhost) do |port|
+        assert_operator port, :==, :error
+        got_port = port
+        :no_exception
+      end
+      session.loop { !got_port }
+      assert_operator port, :==, :error
+      assert_operator session.forward.active_remotes.length, :==, 0
+    end
+  end
+
   def test_loop_should_not_abort_when_local_side_of_forward_is_closed
-    session = Net::SSH.start(*ssh_start_params) 
+    session = Net::SSH.start(*ssh_start_params)
     server_exc = Queue.new
     server = start_server_sending_lot_of_data(server_exc)
     remote_port = server.addr[1]
@@ -112,10 +161,10 @@ class TestForward < Test::Unit::TestCase
     session.loop(0.1) { client_done.empty? }
     assert_equal "Broken pipe", "#{server_exc.pop}" unless server_exc.empty?
   end
-  
+
   def test_loop_should_not_abort_when_local_side_of_forward_is_reset
     session = Net::SSH.start(*ssh_start_params)
-    server_exc = Queue.new    
+    server_exc = Queue.new
     server = start_server_sending_lot_of_data(server_exc)
     remote_port = server.addr[1]
     local_port = 0 # request ephemeral port
@@ -143,9 +192,9 @@ class TestForward < Test::Unit::TestCase
     yield UNIXServer.open(path)
     File.delete(path)
   end if defined?(UNIXServer)
-  
+
   def test_forward_local_unix_socket_to_remote_port
-    session = Net::SSH.start(*ssh_start_params) 
+    session = Net::SSH.start(*ssh_start_params)
     server_exc = Queue.new
     server = start_server_sending_lot_of_data(server_exc)
     remote_port = server.addr[1]
@@ -174,7 +223,7 @@ class TestForward < Test::Unit::TestCase
   end if defined?(UNIXSocket)
 
   def test_loop_should_not_abort_when_server_side_of_forward_is_closed
-    session = Net::SSH.start(*ssh_start_params)    
+    session = Net::SSH.start(*ssh_start_params)
     server = start_server_closing_soon
     remote_port = server.addr[1]
     local_port = 0 # request ephemeral port
@@ -183,18 +232,18 @@ class TestForward < Test::Unit::TestCase
     Thread.start do
       begin
         client = TCPSocket.new(localhost, local_port)
-        1.times do |i| 
+        1.times do |i|
           client.puts "item#{i}"
         end
         client.close
         sleep(0.1)
-      ensure                 
+      ensure
         client_done << true
       end
     end
     session.loop(0.1) { client_done.empty? }
   end
-  
+
   def start_server
     server = TCPServer.open(0)
     Thread.start do
@@ -206,9 +255,9 @@ class TestForward < Test::Unit::TestCase
     end
     return server
   end
-  
+
   def test_server_eof_should_be_handled
-    session = Net::SSH.start(*ssh_start_params)    
+    session = Net::SSH.start(*ssh_start_params)
     server = start_server do |client|
       client.write "This is a small message!"
       client.close