net-ssh 2.9.2 → 4.0.0

data/lib/net/ssh/authentication/pageant.rb

@@ -1,10 +1,22 @@
-require 'dl/import'
-
 if RUBY_VERSION < "1.9"
+  require 'dl/import'
   require 'dl/struct'
-else
+elsif RUBY_VERSION < "2.1"
+  require 'dl/import'
   require 'dl/types'
   require 'dl'
+else
+  require 'fiddle'
+  require 'fiddle/types'
+  require 'fiddle/import'
+
+  # For now map DL to Fiddler versus updating all the code below
+  module DL
+    CPtr ||= Fiddle::Pointer
+    if RUBY_PLATFORM != "java"
+      RUBY_FREE ||= Fiddle::RUBY_FREE
+    end
+  end
 end
 
 require 'net/ssh/errors'
@@ -26,7 +38,7 @@ module Net; module SSH; module Authentication
 
     # The definition of the Windows methods and data structures used in
     # communicating with the pageant process.
-    module Win
+    module Win # rubocop:disable Metrics/ModuleLength
       # Compatibility on initialization
       if RUBY_VERSION < "1.9"
         extend DL::Importable
@@ -36,14 +48,24 @@ module Net; module SSH; module Authentication
         dlload 'advapi32'
 
         SIZEOF_DWORD = DL.sizeof('L')
-      else
+      elsif RUBY_VERSION < "2.1"
         extend DL::Importer
         dlload 'user32','kernel32', 'advapi32'
         include DL::Win32Types
 
         SIZEOF_DWORD = DL::SIZEOF_LONG
+      else
+        extend Fiddle::Importer
+        dlload 'user32','kernel32', 'advapi32'
+        include Fiddle::Win32Types
+        SIZEOF_DWORD = Fiddle::SIZEOF_LONG
       end
 
+      if RUBY_ENGINE=="jruby"
+        typealias("HANDLE", "void *")         # From winnt.h
+        typealias("PHANDLE", "void *")         # From winnt.h
+        typealias("ULONG_PTR", "unsigned long*")
+      end
       typealias("LPCTSTR", "char *")         # From winnt.h
       typealias("LPVOID", "void *")          # From winnt.h
       typealias("LPCVOID", "const void *")   # From windef.h
@@ -62,18 +84,24 @@ module Net; module SSH; module Authentication
 
       SMTO_NORMAL = 0   # From winuser.h
 
+      SUFFIX = if RUBY_ENGINE == "jruby"
+                 "A"
+               else
+                 ""
+               end
+
       # args: lpClassName, lpWindowName
-      extern 'HWND FindWindow(LPCTSTR, LPCTSTR)'
+      extern "HWND FindWindow#{SUFFIX}(LPCTSTR, LPCTSTR)"
 
       # args: none
       extern 'DWORD GetCurrentThreadId()'
 
       # args: hFile, (ignored), flProtect, dwMaximumSizeHigh,
       #           dwMaximumSizeLow, lpName
-      extern 'HANDLE CreateFileMapping(HANDLE, void *, DWORD, ' +
-        'DWORD, DWORD, LPCTSTR)'
+      extern "HANDLE CreateFileMapping#{SUFFIX}(HANDLE, void *, DWORD, ' +
+        'DWORD, DWORD, LPCTSTR)"
 
-      # args: hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh, 
+      # args: hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh,
       #           dwfileOffsetLow, dwNumberOfBytesToMap
       extern 'LPVOID MapViewOfFile(HANDLE, DWORD, DWORD, DWORD, DWORD)'
 
@@ -84,9 +112,9 @@ module Net; module SSH; module Authentication
       extern 'BOOL CloseHandle(HANDLE)'
 
       # args: hWnd, Msg, wParam, lParam, fuFlags, uTimeout, lpdwResult
-      extern 'LRESULT SendMessageTimeout(HWND, UINT, WPARAM, LPARAM, ' +
-        'UINT, UINT, PDWORD_PTR)'
-      
+      extern "LRESULT SendMessageTimeout#{SUFFIX}(HWND, UINT, WPARAM, LPARAM, ' +
+        'UINT, UINT, PDWORD_PTR)"
+
       # args: none
       extern 'DWORD GetLastError()'
 
@@ -112,8 +140,8 @@ module Net; module SSH; module Authentication
       extern 'BOOL IsValidSecurityDescriptor(LPVOID)'
 
       # Constants needed for security attribute retrieval.
-      # Specifies the access mask corresponding to the desired access 
-      # rights. 
+      # Specifies the access mask corresponding to the desired access
+      # rights.
       TOKEN_QUERY = 0x8
 
       # The value of TOKEN_USER from the TOKEN_INFORMATION_CLASS enum.
@@ -138,6 +166,13 @@ module Net; module SSH; module Authentication
                                     'LPVOID Group', 'LPVOID Sacl',
                                     'LPVOID Dacl']
 
+      # The COPYDATASTRUCT is used to send WM_COPYDATA messages
+      COPYDATASTRUCT = if RUBY_ENGINE == "jruby"
+                         struct ['ULONG_PTR dwData', 'DWORD cbData', 'LPVOID lpData']
+                       else
+                         struct ['uintptr_t dwData', 'DWORD cbData', 'LPVOID lpData']
+                       end
+
       # Compatibility for security attribute retrieval.
       if RUBY_VERSION < "1.9"
         # Alias functions to > 1.9 capitalization
@@ -171,6 +206,30 @@ module Net; module SSH; module Authentication
         def self.set_ptr_data(ptr, data)
           ptr[0] = data
         end
+      elsif RUBY_ENGINE == "jruby"
+        %w(FindWindow CreateFileMapping SendMessageTimeout).each do |name|
+          alias_method name, name+"A"
+          module_function name
+        end
+        # :nodoc:
+        module LibC
+          extend FFI::Library
+          ffi_lib FFI::Library::LIBC
+          attach_function :malloc, [:size_t], :pointer
+          attach_function :free, [:pointer], :void
+        end
+
+        def self.malloc_ptr(size)
+          Fiddle::Pointer.new(LibC.malloc(size), size, LibC.method(:free))
+        end
+
+        def self.get_ptr(ptr)
+          return data.address
+        end
+
+        def self.set_ptr_data(ptr, data)
+          ptr.write_string_length(data, data.size)
+        end
       else
         def self.malloc_ptr(size)
           return DL::CPtr.malloc(size, DL::RUBY_FREE)
@@ -191,22 +250,83 @@ module Net; module SSH; module Authentication
         psd_information = malloc_ptr(Win::SECURITY_DESCRIPTOR.size)
         raise_error_if_zero(
           Win.InitializeSecurityDescriptor(psd_information,
-                                           Win::REVISION))
+                                           Win::REVISION)
+        )
         raise_error_if_zero(
-          Win.SetSecurityDescriptorOwner(psd_information, user.SID,
-                                         0))
+          Win.SetSecurityDescriptorOwner(psd_information, get_sid_ptr(user),
+                                         0)
+        )
         raise_error_if_zero(
-          Win.IsValidSecurityDescriptor(psd_information))
+          Win.IsValidSecurityDescriptor(psd_information)
+        )
 
-        nLength = Win::SECURITY_ATTRIBUTES.size
-        lpSecurityDescriptor = psd_information
-        bInheritHandle = 1
-        sa = [nLength, lpSecurityDescriptor.to_i,
-              bInheritHandle].pack("LLC")
+        sa = Win::SECURITY_ATTRIBUTES.new(to_struct_ptr(malloc_ptr(Win::SECURITY_ATTRIBUTES.size)))
+        sa.nLength = Win::SECURITY_ATTRIBUTES.size
+        sa.lpSecurityDescriptor = psd_information.to_i
+        sa.bInheritHandle = 1
 
         return sa
       end
 
+      if RUBY_ENGINE == "jruby"
+        def self.ptr_to_s(ptr, size)
+          ret = ptr.to_s(size)
+          ret << "\x00" while ret.size < size
+          ret
+        end
+
+        def self.ptr_to_handle(phandle)
+          phandle.ptr
+        end
+
+        def self.ptr_to_dword(ptr)
+          first = ptr.ptr.to_i
+          second = ptr_to_s(ptr,Win::SIZEOF_DWORD).unpack('L')[0]
+          raise "Error" unless first == second
+          first
+        end
+
+        def self.to_token_user(ptoken_information)
+           TOKEN_USER.new(ptoken_information.to_ptr)
+        end
+
+        def self.to_struct_ptr(ptr)
+          ptr.to_ptr
+        end
+
+        def self.get_sid(user)
+          ptr_to_s(user.to_ptr.ptr,Win::SIZEOF_DWORD).unpack('L')[0]
+        end
+
+        def self.get_sid_ptr(user)
+          user.to_ptr.ptr
+        end
+      else
+        def self.get_sid(user)
+          user.SID
+        end
+
+        def self.ptr_to_handle(phandle)
+          phandle.ptr.to_i
+        end
+
+        def self.to_struct_ptr(ptr)
+          ptr
+        end
+
+        def self.ptr_to_dword(ptr)
+          ptr.to_s(Win::SIZEOF_DWORD).unpack('L')[0]
+        end
+
+        def self.to_token_user(ptoken_information)
+          TOKEN_USER.new(ptoken_information)
+        end
+
+        def self.get_sid_ptr(user)
+          user.SID
+        end
+      end
+
       def self.get_current_user
         token_handle = open_process_token(Win.GetCurrentProcess,
                                           Win::TOKEN_QUERY)
@@ -220,9 +340,9 @@ module Net; module SSH; module Authentication
 
         raise_error_if_zero(
           Win.OpenProcessToken(process_handle, desired_access,
-                               ptoken_handle))
-        token_handle = ptoken_handle.ptr.to_i
-
+                               ptoken_handle)
+        )
+        token_handle = ptr_to_handle(ptoken_handle)
         return token_handle
       end
 
@@ -237,7 +357,7 @@ module Net; module SSH; module Authentication
         Win.GetTokenInformation(token_handle,
                                 token_information_class,
                                 Win::NULL, 0, preturn_length)
-        ptoken_information = malloc_ptr(preturn_length.ptr.to_i)
+        ptoken_information = malloc_ptr(ptr_to_dword(preturn_length))
 
         # This call is going to write the requested information to
         # the memory location referenced by token_information.
@@ -246,9 +366,10 @@ module Net; module SSH; module Authentication
                                   token_information_class,
                                   ptoken_information,
                                   ptoken_information.size,
-                                  preturn_length))
+                                  preturn_length)
+        )
 
-        return TOKEN_USER.new(ptoken_information)
+        return to_token_user(ptoken_information)
       end
 
       def self.raise_error_if_zero(result)
@@ -271,19 +392,17 @@ module Net; module SSH; module Authentication
 
       private_class_method :new
 
-      # The factory method for creating a new Socket instance. The location
-      # parameter is ignored, and is only needed for compatibility with
-      # the general Socket interface.
-      def self.open(location=nil)
+      # The factory method for creating a new Socket instance.
+      def self.open
         new
       end
 
-      # Create a new instance that communicates with the running pageant 
+      # Create a new instance that communicates with the running pageant
       # instance. If no such instance is running, this will cause an error.
       def initialize
         @win = Win.FindWindow("Pageant", "Pageant")
 
-        if @win == 0
+        if @win.to_i == 0
           raise Net::SSH::Exception,
             "pageant process not running"
         end
@@ -296,28 +415,27 @@ module Net; module SSH; module Authentication
       # the first.
       def send(data, *args)
         @input_buffer.append(data)
-        
+
         ret = data.length
-        
+
         while true
           return ret if @input_buffer.length < 4
           msg_length = @input_buffer.read_long + 4
           @input_buffer.reset!
-      
+
           return ret if @input_buffer.length < msg_length
           msg = @input_buffer.read!(msg_length)
           @output_buffer.append(send_query(msg))
         end
       end
-      
+
       # Reads +n+ bytes from the cached result of the last query. If +n+
       # is +nil+, returns all remaining data from the last query.
       def read(n = nil)
         @output_buffer.read(n)
       end
 
-      def close
-      end
+      def close; end
 
       # Packages the given query string and sends it to the pageant
       # process via the Windows messaging subsystem. The result is
@@ -341,7 +459,7 @@ module Net; module SSH; module Authentication
             "Creation of file mapping failed with error: #{Win.GetLastError}"
         end
 
-        ptr = Win.MapViewOfFile(filemap, Win::FILE_MAP_WRITE, 0, 0, 
+        ptr = Win.MapViewOfFile(filemap, Win::FILE_MAP_WRITE, 0, 0,
                                 0)
 
         if ptr.nil? || ptr.null?
@@ -350,10 +468,13 @@ module Net; module SSH; module Authentication
 
         Win.set_ptr_data(ptr, query)
 
-        cds = Win.get_ptr [AGENT_COPYDATA_ID, mapname.size + 1,
-                           Win.get_cstr(mapname)].pack("LLp")
+        # using struct to achieve proper alignment and field size on 64-bit platform
+        cds = Win::COPYDATASTRUCT.new(Win.malloc_ptr(Win::COPYDATASTRUCT.size))
+        cds.dwData = AGENT_COPYDATA_ID
+        cds.cbData = mapname.size + 1
+        cds.lpData = Win.get_cstr(mapname)
         succ = Win.SendMessageTimeout(@win, Win::WM_COPYDATA, Win::NULL,
-                                      cds, Win::SMTO_NORMAL, 5000, id)
+                                      cds.to_ptr, Win::SMTO_NORMAL, 5000, id)
 
         if succ > 0
           retlen = 4 + ptr.to_s(4).unpack("N")[0]

data/lib/net/ssh/authentication/session.rb

@@ -69,8 +69,9 @@ module Net; module SSH; module Authentication
           attempted << name
 
           debug { "trying #{name}" }
-          begin 
-            method = Methods.const_get(name.split(/\W+/).map { |p| p.capitalize }.join).new(self, :key_manager => key_manager)
+          begin
+            auth_class = Methods.const_get(name.split(/\W+/).map { |p| p.capitalize }.join)
+            method = auth_class.new(self, key_manager: key_manager, password_prompt: options[:password_prompt])
           rescue NameError
             debug{"Mechanism #{name} was requested, but isn't a known type.  Ignoring it."}
             next

data/lib/net/ssh/buffer.rb

@@ -1,6 +1,8 @@
 require 'net/ssh/ruby_compat'
 require 'net/ssh/transport/openssl'
 
+require 'net/ssh/authentication/ed25519_loader'
+
 module Net; module SSH
 
   # Net::SSH::Buffer is a flexible class for building and parsing binary
@@ -34,6 +36,7 @@ module Net; module SSH
     # * :long => write a 4-byte integer (#write_long)
     # * :byte => write a single byte (#write_byte)
     # * :string => write a 4-byte length followed by character data (#write_string)
+    # * :mstring => same as string, but caller cannot resuse the string, avoids potential duplication (#write_moved)
     # * :bool => write a single byte, interpreted as a boolean (#write_bool)
     # * :bignum => write an SSH-encoded bignum (#write_bignum)
     # * :key => write an SSH-encoded key value (#write_key)
@@ -159,7 +162,7 @@ module Net; module SSH
       index = @content.index(pattern, @position) or return nil
       length = case pattern
         when String then pattern.length
-        when Fixnum then 1
+        when Integer then 1
         when Regexp then $&.length
       end
       index && read(index+length)
@@ -182,7 +185,7 @@ module Net; module SSH
       consume!
       data
     end
-      
+
     # Return the next 8 bytes as a 64-bit integer (in network byte order).
     # Returns nil if there are less than 8 bytes remaining to be read in the
     # buffer.
@@ -245,16 +248,32 @@ module Net; module SSH
       case type
         when /^ssh-dss(-cert-v01@openssh\.com)?$/
           key = OpenSSL::PKey::DSA.new
-          key.p = read_bignum
-          key.q = read_bignum
-          key.g = read_bignum
-          key.pub_key = read_bignum
+          if key.respond_to?(:set_pqg)
+            key.set_pqg(read_bignum, read_bignum, read_bignum)
+          else
+            key.p = read_bignum
+            key.q = read_bignum
+            key.g = read_bignum
+          end
+          if key.respond_to?(:set_key)
+            key.set_key(read_bignum, nil)
+          else
+            key.pub_key = read_bignum
+          end
 
         when /^ssh-rsa(-cert-v01@openssh\.com)?$/
           key = OpenSSL::PKey::RSA.new
-          key.e = read_bignum
-          key.n = read_bignum
-
+          if key.respond_to?(:set_key)
+            e = read_bignum
+            n = read_bignum
+            key.set_key(n, e, nil)
+          else
+            key.e = read_bignum
+            key.n = read_bignum
+          end
+        when /^ssh-ed25519$/
+          Net::SSH::Authentication::ED25519Loader.raiseUnlessLoaded("unsupported key type `#{type}'")
+          key = Net::SSH::Authentication::ED25519::PubKey.read_keyblob(self)
         when /^ecdsa\-sha2\-(\w*)$/
           unless defined?(OpenSSL::PKey::EC)
             raise NotImplementedError, "unsupported key type `#{type}'"
@@ -281,7 +300,14 @@ module Net; module SSH
     # Writes the given data literally into the string. Does not alter the
     # read position. Returns the buffer object.
     def write(*data)
-      data.each { |datum| @content << datum }
+      data.each { |datum| @content << datum.dup.force_encoding('BINARY') }
+      self
+    end
+
+    # Optimized version of write where the caller gives up ownership of string
+    # to the method. This way we can mutate the string.
+    def write_moved(string)
+      @content << string.force_encoding('BINARY')
       self
     end
 
@@ -324,6 +350,19 @@ module Net; module SSH
       self
     end
 
+    # Writes each argument to the buffer as an SSH2-encoded string. Each
+    # string is prefixed by its length, encoded as a 4-byte long integer.
+    # Does not alter the read position. Returns the buffer object.
+    # Might alter arguments see write_moved
+    def write_mstring(*text)
+      text.each do |string|
+        s = string.to_s
+        write_long(s.bytesize)
+        write_moved(s)
+      end
+      self
+    end
+
     # Writes each argument to the buffer as a (C-style) boolean, with 1
     # meaning true, and 0 meaning false. Does not alter the read position.
     # Returns the buffer object.

data/lib/net/ssh/buffered_io.rb

@@ -66,6 +66,9 @@ module Net; module SSH
       debug { "read #{data.length} bytes" }
       input.append(data)
       return data.length
+    rescue EOFError => e
+      @input_errors << e
+      return 0
     end
 
     # Read up to +length+ bytes from the input buffer. If +length+ is nil,
@@ -143,21 +146,23 @@ module Net; module SSH
       # Module#include to add this module.
       def initialize_buffered_io
         @input = Net::SSH::Buffer.new
+        @input_errors = []
         @output = Net::SSH::Buffer.new
+        @output_errors = []
       end
   end
 
 
-  
+
   # Fixes for two issues by Miklós Fazekas:
   #
-  #   * if client closes a forwarded connection, but the server is 
+  #   * if client closes a forwarded connection, but the server is
   #     reading, net-ssh terminates with IOError socket closed.
-  #   * if client force closes (RST) a forwarded connection, but 
+  #   * if client force closes (RST) a forwarded connection, but
   #     server is reading, net-ssh terminates with [an exception]
   #
-  # See: 
-  # 
+  # See:
+  #
   #    http://net-ssh.lighthouseapp.com/projects/36253/tickets/7
   #    http://github.com/net-ssh/net-ssh/tree/portfwfix
   #
@@ -168,24 +173,24 @@ module Net; module SSH
       rescue Errno::ECONNRESET => e
         debug { "connection was reset => shallowing exception:#{e}" }
         return 0
-      rescue IOError => e                                 
-        if e.message =~ /closed/ then 
+      rescue IOError => e
+        if e.message =~ /closed/ then
           debug { "connection was reset => shallowing exception:#{e}" }
           return 0
         else
           raise
-        end 
+        end
       end
     end
-    
+
     def send_pending
       begin
-        super                                                          
+        super
       rescue Errno::ECONNRESET => e
         debug { "connection was reset => shallowing exception:#{e}" }
         return 0
       rescue IOError => e
-        if e.message =~ /closed/ then 
+        if e.message =~ /closed/ then
           debug { "connection was reset => shallowing exception:#{e}" }
           return 0
         else
@@ -194,5 +199,5 @@ module Net; module SSH
       end
     end
   end
-  
+
 end; end

data/lib/net/ssh/config.rb

@@ -59,7 +59,7 @@ module Net; module SSH
       # given +files+ (defaulting to the list of files returned by
       # #default_files), translates the resulting hash into the options
       # recognized by Net::SSH, and returns them.
-      def for(host, files=default_files)
+      def for(host, files=expandable_default_files)
         translate(files.inject({}) { |settings, file|
           load(file, host, settings)
         })
@@ -144,7 +144,7 @@ module Net; module SSH
       def translate(settings)
         auth_methods = default_auth_methods.clone
         (auth_methods << 'challenge-response').uniq!
-        ret = settings.inject({:auth_methods=>auth_methods}) do |hash, (key, value)|
+        ret = settings.inject({auth_methods: auth_methods}) do |hash, (key, value)|
           case key
           when 'bindaddress' then
             hash[:bind_address] = value
@@ -178,6 +178,15 @@ module Net; module SSH
             hash[:keys] = value
           when 'macs' then
             hash[:hmac] = value.split(/,/)
+          when 'serveralivecountmax'
+            hash[:keepalive_maxcount] = value.to_i if value
+          when 'serveraliveinterval'
+            if value && value.to_i > 0
+              hash[:keepalive] = true
+              hash[:keepalive_interval] = value.to_i
+            else
+              hash[:keepalive] = false
+            end
           when 'passwordauthentication'
             if value
               (hash[:auth_methods] << 'password').uniq!
@@ -230,14 +239,36 @@ module Net; module SSH
 
       private
 
+        def expandable_default_files
+          default_files.keep_if do |path|
+            begin
+              File.expand_path(path)
+              true
+            rescue ArgumentError
+              false
+            end
+          end
+        end
+
         # Converts an ssh_config pattern into a regex for matching against
         # host names.
         def pattern2regex(pattern)
-          pattern = "^" + pattern.to_s.gsub(/\./, "\\.").
-            gsub(/\?/, '.').
-            gsub(/([+\/])/, '\\\\\\0').
-            gsub(/\*/, '.*') + "$"
-          Regexp.new(pattern, true)
+          tail = pattern
+          prefix = ""
+          while !tail.empty? do
+            head,sep,tail = tail.partition(/[\*\?]/)
+            prefix = prefix + Regexp.quote(head)
+            case sep
+            when '*'
+              prefix += '.*'
+            when '?'
+              prefix += '.'
+            when ''
+            else
+              fail "Unpexpcted sep:#{sep}"
+            end
+          end
+          Regexp.new("^" + prefix + "$", true)
         end
 
         # Converts the given size into an integer number of bytes.
@@ -249,7 +280,7 @@ module Net; module SSH
           else size.to_i
           end
         end
-        
+
         def merge_challenge_response_with_keyboard_interactive(hash)
           if hash[:auth_methods].include?('challenge-response')
             hash[:auth_methods].delete('challenge-response')