net-ssh 2.9.4 → 2.10.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e7f14fbfcfd32cc75f187e18b727926b727993ec
-  data.tar.gz: 5aba78f7570373c5cbb0b441b620ade113c356d5
+  metadata.gz: 99ac97b623723117ba47a0785cf3dc7d2e1ae594
+  data.tar.gz: 705651920fb196430521248ef4d457a955814ac6
 SHA512:
-  metadata.gz: 0f9f618270c98f579a6cb999fab3b4d1d58c38e200db68931c911cd8055a3e8cc51d1a84246de80889a5dabb1c138af5607d955766143d9a512ea5f2f6b95fc5
-  data.tar.gz: 5628810355c03a737accd6fae7225287183397edcce63b14a090caec1f3722455f6c98b76d4b4d5b11f19515ebe0f6ef3a78b37b4ef4fcd2ce4c8a868c786574
+  metadata.gz: e6a3403271ad3a629769a30b99a9e4802f918444d0c3b97ef8f2df955ae9b2aeac2eaf0c64454227c4d74ac375d3ccf0e60ee7e19518cf1e63f424dd22d3dceb
+  data.tar.gz: f84cae92e328113fa58bfd19e0e828412fe1bdce7bc0fa2cdca254b7c25562c0efcd1a9de5987de3be6180f5c64583baee4f560b748f65d37eabd0760529eadf

data/.travis.yml

@@ -1,10 +1,17 @@
 language: ruby
 rvm:
-  - "1.9.3"
-  - "2.0.0"
+  - 1.9.3
+  - 2.0.0
+  - 2.1.0
+  - 2.2.0
+  - jruby-head
+  - jruby-19mode
+  - rbx-2
 
-
-install: gem install jeweler test-unit mocha
+install: gem install test-unit mocha
 
 script: rake test
 
+matrix:
+  allow_failures:
+    - rvm: jruby-head

data/CHANGES.txt

@@ -1,10 +1,20 @@
-=== 2.9.4-rc1
+=== 2.10.0-?
 
-* Bugfix: CHANNEL_CLOSE was sent before draining ouput buffer #280 [Christopher F. Auston]
+* Fix could not parse PKey error. [Andrey Voronkov]
+* Workaround for threading issue in MRI + singleton method declaration [Matt Brictson]
+* Configuration change: we no longer append all supported algorithms, this is so you can exclude insecure algorithms. If you want to use the old behaviour specify append_all_supported_algorithms => true [voidus, mfazekas]
+* New configuration option: :non_interactive => true in case you prefer an authmethod to fail rather than prompt. [mfazekas]
+* Configuration change: password will now ask for password up to the :number_of_password_prompts times. If you want the
+2.9.1 behaviour of never asking password please set number_of_password_prompts to 0.
 
-[Note: 2.9.3 release changes went to 3.0, 2.9.4 is backport of fix form 3.0]
+=== 2.9.4-beta1
+
+* Use sysread and syswrite on Windows instead of read_nonblock and write [marc-etienne]
+* Windows/peagant: use fiddle on ruby 2.2+/windows [Charlie Savage]
+* Check if ssh key is a file [kiela]
+
+=== 2.9.3
 
-=== 2.9.2
 === 2.9.2-rc3
 
 * Remove advertised algorithms that were not working (curve25519-sha256@libssh.org) [mfazekas]
@@ -21,7 +31,7 @@
 
 * Remove advertised algorithms that were not working (ssh-rsa-cert-* *ed25519 acm*-gcm@openssh.com) [mfazekas]
 * Unkown algorithms now ignored instead of failed [mfazekas]
-* Asks for password with password auth (up to number_of_password_prompts) [mfazekas]
+* Configuration change: Asks for password with password auth (up to number_of_password_prompts) [mfazekas]
 * Removed warnings [amatsuda]
 
 === 2.9.1 / 13 May 2014

data/README.rdoc

@@ -112,7 +112,7 @@ If you don't add the public key, you'll see an error like "Couldn't verify data
 
 == RUBY 1.8 SUPPORT
 
-net-ssh supports Ruby 1.8.x up until the 2.5.1 release. Later releases will work but the test suite is no longer guaranteed to pass all tests.
+net-ssh supports Ruby 1.8.x up until the 2.5.1 release. Current version requires ruby 1.9 or later.
 
 == JRUBY 1.6
 

data/Rakefile

@@ -8,6 +8,7 @@
 require "rubygems"
 require "rake"
 require "rake/clean"
+if RUBY_VERSION >= '1.9.0'
 require "rdoc/task"
 
 task :default => ["build"]
@@ -55,11 +56,6 @@ rescue LoadError
   puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
 end
 
-require 'rake/testtask'
-Rake::TestTask.new do |t|
-  t.libs = ["lib", "test"]
-end
-
 extra_files = %w[LICENSE.txt THANKS.txt CHANGES.txt ]
 RDoc::Task.new do |rdoc|
   rdoc.rdoc_dir = "rdoc"
@@ -73,3 +69,14 @@ RDoc::Task.new do |rdoc|
     rdoc.rdoc_files.include(file) if File.exists?(file)
   }
 end
+end
+
+require 'rake/testtask'
+Rake::TestTask.new do |t|
+  t.libs = ["lib", "test"]
+end
+
+Rake::TestTask.new(:'integration-test') do |t|
+  t.libs = ["lib", "test/integration"]
+  t.pattern = 'test/integration/test_*.rb'
+end

data/lib/net/ssh.rb

@@ -68,7 +68,8 @@ module Net
       :rekey_blocks_limit,:rekey_limit, :rekey_packet_limit, :timeout, :verbose,
       :global_known_hosts_file, :user_known_hosts_file, :host_key_alias,
       :host_name, :user, :properties, :passphrase, :keys_only, :max_pkt_size,
-      :max_win_size, :send_env, :use_agent, :number_of_password_prompts
+      :max_win_size, :send_env, :use_agent, :number_of_password_prompts,
+      :append_supported_algorithms, :non_interactive
     ]
 
     # The standard means of starting a new SSH connection. When used with a
@@ -173,10 +174,19 @@ module Net
     #   Defaults to %w(~/.ssh/known_hosts ~/.ssh/known_hosts2).
     # * :use_agent => Set false to disable the use of ssh-agent. Defaults to 
     #   true
+    # * :non_interactive => set to true if your app is non interactive and prefers
+    #   authentication failure vs password prompt
     # * :verbose => how verbose to be (Logger verbosity constants, Logger::DEBUG
     #   is very verbose, Logger::FATAL is all but silent). Logger::FATAL is the
     #   default. The symbols :debug, :info, :warn, :error, and :fatal are also
     #   supported and are translated to the corresponding Logger constant.
+    # * :append_all_supported_algorithms => set to +true+ to append all supported
+    #   algorithms by net-ssh. Was the default behaviour until 2.10
+    # * :number_of_password_prompts => Number of prompts for the password
+    #   authentication method defaults to 3 set to 0 to disable prompt for
+    #   password auth method
+    # * :non_interactive => non interactive applications should set it to true
+    #   to prefer failing a password/etc auth methods vs asking for password
     def self.start(host, user, options={}, &block)
       invalid_options = options.keys - VALID_OPTIONS
       if invalid_options.any?
@@ -192,6 +202,11 @@ module Net
         options[:logger].level = Logger::FATAL
       end
 
+      if options[:non_interactive]
+        options[:number_of_password_prompts] = 0
+        options[:passphrase] = false
+      end
+
       if options[:verbose]
         options[:logger].level = case options[:verbose]
           when Fixnum then options[:verbose]

data/lib/net/ssh/authentication/key_manager.rb

@@ -187,15 +187,24 @@ module Net
         # Prepares identities from user key_files for loading, preserving their order and sources.
         def prepare_identities_from_files
           key_files.map do |file|
-            public_key_file = file + ".pub"
-            if File.readable?(public_key_file)
-              { :load_from => :pubkey_file, :file => file }
-            elsif File.readable?(file)
-              { :load_from => :privkey_file, :file => file }
+            if readable_file?(file)
+              identity = {}
+              public_key_file = file + ".pub"
+              if readable_file?(public_key_file)
+                identity[:load_from] = :pubkey_file
+                identity[:pubkey_file] = public_key_file
+              else
+                identity[:load_from] = :privkey_file
+              end
+              identity.merge(privkey_file: file)
             end
           end.compact
         end
 
+        def readable_file?(path)
+          File.file?(path) && File.readable?(path)
+        end
+
         # Prepared identities from user key_data, preserving their order and sources.
         def prepare_identities_from_data
           key_data.map do |data|
@@ -209,12 +218,12 @@ module Net
             begin
               case identity[:load_from]
               when :pubkey_file
-                key = KeyFactory.load_public_key(identity[:file] + ".pub")
-                { :public_key => key, :from => :file, :file => identity[:file] }
+                key = KeyFactory.load_public_key(identity[:pubkey_file])
+                { :public_key => key, :from => :file, :file => identity[:privkey_file] }
               when :privkey_file
-                private_key = KeyFactory.load_private_key(identity[:file], options[:passphrase], ask_passphrase)
+                private_key = KeyFactory.load_private_key(identity[:privkey_file], options[:passphrase], ask_passphrase)
                 key = private_key.send(:public_key)
-                { :public_key => key, :from => :file, :file => identity[:file], :key => private_key }
+                { :public_key => key, :from => :file, :file => identity[:privkey_file], :key => private_key }
               when :data
                 private_key = KeyFactory.load_data_private_key(identity[:data], options[:passphrase], ask_passphrase)
                 key = private_key.send(:public_key)
@@ -243,9 +252,9 @@ module Net
         def process_identity_loading_error(identity, e)
           case identity[:load_from]
           when :pubkey_file
-            error { "could not load public key file `#{identity[:file]}': #{e.class} (#{e.message})" }
+            error { "could not load public key file `#{identity[:pubkey_file]}': #{e.class} (#{e.message})" }
           when :privkey_file
-            error { "could not load private key file `#{identity[:file]}': #{e.class} (#{e.message})" }
+            error { "could not load private key file `#{identity[:privkey_file]}': #{e.class} (#{e.message})" }
           else
             raise e
           end

data/lib/net/ssh/authentication/methods/keyboard_interactive.rb

@@ -38,8 +38,10 @@ module Net
                 debug { "keyboard-interactive info request" }
 
                 unless password
-                  puts(name) unless name.empty?
-                  puts(instruction) unless instruction.empty?
+                  if interactive?
+                    puts(name) unless name.empty?
+                    puts(instruction) unless instruction.empty?
+                  end
                 end
 
                 _ = message.read_string # lang_tag
@@ -48,7 +50,8 @@ module Net
                 message.read_long.times do
                   text = message.read_string
                   echo = message.read_bool
-                  responses << (password || prompt(text, echo))
+                  password_to_send = password || (interactive? ? prompt(text, echo) : nil)
+                  responses << password_to_send
                 end
 
                 # if the password failed the first time around, don't try
@@ -62,8 +65,12 @@ module Net
               end
             end
           end
-        end
 
+          def interactive?
+            options = session.transport.options || {}
+            !options[:non_interactive]
+          end
+        end
       end
     end
   end

data/lib/net/ssh/authentication/methods/password.rb

@@ -58,7 +58,9 @@ module Net
           end
 
           def get_max_retries
-            (session.transport.options||{})[:number_of_password_prompts] || NUMBER_OF_PASSWORD_PROMPTS
+            options = session.transport.options || {}
+            result = options[:number_of_password_prompts] || NUMBER_OF_PASSWORD_PROMPTS
+            options[:non_interactive] ? 0 : result
           end
         end
 

data/lib/net/ssh/authentication/pageant.rb

@@ -1,10 +1,20 @@
-require 'dl/import'
-
 if RUBY_VERSION < "1.9"
+  require 'dl/import'
   require 'dl/struct'
-else
+elsif RUBY_VERSION < "2.2"
+  require 'dl/import'
   require 'dl/types'
   require 'dl'
+else
+  require 'fiddle'
+  require 'fiddle/types'
+  require 'fiddle/import'
+
+  # For now map DL to Fiddler versus updating all the code below
+  module DL
+    CPtr = Fiddle::Pointer
+    RUBY_FREE = Fiddle::RUBY_FREE
+  end
 end
 
 require 'net/ssh/errors'
@@ -36,12 +46,17 @@ module Net; module SSH; module Authentication
         dlload 'advapi32'
 
         SIZEOF_DWORD = DL.sizeof('L')
-      else
+      elsif RUBY_VERSION < "2.2"
         extend DL::Importer
         dlload 'user32','kernel32', 'advapi32'
         include DL::Win32Types
 
         SIZEOF_DWORD = DL::SIZEOF_LONG
+      else
+        extend Fiddle::Importer
+        dlload 'user32','kernel32', 'advapi32'
+        include Fiddle::Win32Types
+        SIZEOF_DWORD = Fiddle::SIZEOF_LONG
       end
 
       typealias("LPCTSTR", "char *")         # From winnt.h
@@ -138,6 +153,9 @@ module Net; module SSH; module Authentication
                                     'LPVOID Group', 'LPVOID Sacl',
                                     'LPVOID Dacl']
 
+      # The COPYDATASTRUCT is used to send WM_COPYDATA messages
+      COPYDATASTRUCT = struct ['uintptr_t dwData', 'DWORD cbData', 'LPVOID lpData']
+
       # Compatibility for security attribute retrieval.
       if RUBY_VERSION < "1.9"
         # Alias functions to > 1.9 capitalization
@@ -198,11 +216,10 @@ module Net; module SSH; module Authentication
         raise_error_if_zero(
           Win.IsValidSecurityDescriptor(psd_information))
 
-        nLength = Win::SECURITY_ATTRIBUTES.size
-        lpSecurityDescriptor = psd_information
-        bInheritHandle = 1
-        sa = [nLength, lpSecurityDescriptor.to_i,
-              bInheritHandle].pack("LLC")
+        sa = Win::SECURITY_ATTRIBUTES.new(malloc_ptr(Win::SECURITY_ATTRIBUTES.size))
+        sa.nLength = Win::SECURITY_ATTRIBUTES.size
+        sa.lpSecurityDescriptor = psd_information.to_i
+        sa.bInheritHandle = 1
 
         return sa
       end
@@ -350,10 +367,13 @@ module Net; module SSH; module Authentication
 
         Win.set_ptr_data(ptr, query)
 
-        cds = Win.get_ptr [AGENT_COPYDATA_ID, mapname.size + 1,
-                           Win.get_cstr(mapname)].pack("LLp")
+        # using struct to achieve proper alignment and field size on 64-bit platform
+        cds = Win::COPYDATASTRUCT.new(Win.malloc_ptr(Win::COPYDATASTRUCT.size))
+        cds.dwData = AGENT_COPYDATA_ID
+        cds.cbData = mapname.size + 1
+        cds.lpData = Win.get_cstr(mapname)
         succ = Win.SendMessageTimeout(@win, Win::WM_COPYDATA, Win::NULL,
-                                      cds, Win::SMTO_NORMAL, 5000, id)
+                                      cds.to_ptr, Win::SMTO_NORMAL, 5000, id)
 
         if succ > 0
           retlen = 4 + ptr.to_s(4).unpack("N")[0]

data/lib/net/ssh/connection/channel.rb

@@ -126,7 +126,7 @@ module Net; module SSH; module Connection
       @pending_requests = []
       @on_open_failed = @on_data = @on_extended_data = @on_process = @on_close = @on_eof = nil
       @on_request = {}
-      @closing = @eof = @sent_eof = @local_closed = @remote_closed = false
+      @closing = @eof = @sent_eof = false
     end
 
     # A shortcut for accessing properties of the channel (see #properties).
@@ -269,28 +269,14 @@ module Net; module SSH; module Connection
       connection.loop { active? }
     end
 
-    # True if close() has been called; NOTE: if the channel has data waiting to
-    # be sent then the channel will close after all the data is sent. See
-    # closed?() to determine if we have actually sent CHANNEL_CLOSE to server.
-    # This may be true for awhile before closed? returns true if we are still
-    # sending buffered output to server.
+    # Returns true if the channel is currently closing, but not actually
+    # closed. A channel is closing when, for instance, #close has been
+    # invoked, but the server has not yet responded with a CHANNEL_CLOSE
+    # packet of its own.
     def closing?
       @closing
     end
 
-    # True if we have sent CHANNEL_CLOSE to the remote server.
-    def local_closed?
-      @local_closed
-    end
-
-    def remote_closed?
-      @remote_closed
-    end
-
-    def remote_closed!
-      @remote_closed = true
-    end
-
     # Requests that the channel be closed. If the channel is already closing,
     # this does nothing, nor does it do anything if the channel has not yet
     # been confirmed open (see #do_open_confirmation). Otherwise, it sends a
@@ -299,6 +285,7 @@ module Net; module SSH; module Connection
       return if @closing
       if remote_id
         @closing = true
+        connection.send_message(Buffer.from(:byte, CHANNEL_CLOSE, :long, remote_id))
       end
     end
 
@@ -324,16 +311,10 @@ module Net; module SSH; module Connection
       @on_process.call(self) if @on_process
       enqueue_pending_output
 
-      if @eof and not @sent_eof and output.empty? and remote_id and not @local_closed
+      if @eof and not @sent_eof and output.empty? and remote_id
         connection.send_message(Buffer.from(:byte, CHANNEL_EOF, :long, remote_id))
         @sent_eof = true
       end
-
-      if @closing and not @local_closed and output.empty? and remote_id
-        connection.send_message(Buffer.from(:byte, CHANNEL_CLOSE, :long, remote_id))
-        @local_closed = true
-        connection.cleanup_channel(self)
-      end
     end
 
     # Registers a callback to be invoked when data packets are received by the

data/lib/net/ssh/connection/session.rb

@@ -220,7 +220,7 @@ module Net; module SSH; module Connection
     def preprocess
       return false if block_given? && !yield(self)
       dispatch_incoming_packets
-      channels.each { |id, channel| channel.process unless channel.local_closed? }
+      channels.each { |id, channel| channel.process unless channel.closing? }
       return false if block_given? && !yield(self)
       return true
     end
@@ -453,14 +453,6 @@ module Net; module SSH; module Connection
       old
     end
 
-    def cleanup_channel(channel)
-        if channel.local_closed? and channel.remote_closed?
-          info { "#{host} delete channel #{channel.local_id} which closed locally and remotely" }
-          channels.delete(channel.local_id)
-      end
-    end
-
-
     private
 
       # Read all pending packets from the connection and dispatch them as
@@ -589,10 +581,9 @@ module Net; module SSH; module Connection
         info { "channel_close: #{packet[:local_id]}" }
 
         channel = channels[packet[:local_id]]
-        channel.remote_closed!
         channel.close
 
-        cleanup_channel(channel)
+        channels.delete(packet[:local_id])
         channel.do_close
       end