net-ssh 3.2.0.rc2 → 7.1.0

data/lib/net/ssh/authentication/agent/socket.rb

@@ -1,178 +0,0 @@
-require 'net/ssh/transport/server_version'
-
-# Only load pageant on Windows
-if Net::SSH::Authentication::PLATFORM == :win32
-  require 'net/ssh/authentication/pageant'
-end
-
-module Net; module SSH; module Authentication
-
-  # This class implements a simple client for the ssh-agent protocol. It
-  # does not implement any specific protocol, but instead copies the
-  # behavior of the ssh-agent functions in the OpenSSH library (3.8).
-  #
-  # This means that although it behaves like a SSH1 client, it also has
-  # some SSH2 functionality (like signing data).
-  class Agent
-    include Loggable
-
-    # A simple module for extending keys, to allow comments to be specified
-    # for them.
-    module Comment
-      attr_accessor :comment
-    end
-
-    SSH2_AGENT_REQUEST_VERSION    = 1
-    SSH2_AGENT_REQUEST_IDENTITIES = 11
-    SSH2_AGENT_IDENTITIES_ANSWER  = 12
-    SSH2_AGENT_SIGN_REQUEST       = 13
-    SSH2_AGENT_SIGN_RESPONSE      = 14
-    SSH2_AGENT_FAILURE            = 30
-    SSH2_AGENT_VERSION_RESPONSE   = 103
-
-    SSH_COM_AGENT2_FAILURE        = 102
-
-    SSH_AGENT_REQUEST_RSA_IDENTITIES = 1
-    SSH_AGENT_RSA_IDENTITIES_ANSWER1 = 2
-    SSH_AGENT_RSA_IDENTITIES_ANSWER2 = 5
-    SSH_AGENT_FAILURE                = 5
-
-    # The underlying socket being used to communicate with the SSH agent.
-    attr_reader :socket
-
-    # Instantiates a new agent object, connects to a running SSH agent,
-    # negotiates the agent protocol version, and returns the agent object.
-    def self.connect(logger=nil, agent_socket_factory = nil)
-      agent = new(logger)
-      agent.connect!(agent_socket_factory)
-      agent.negotiate!
-      agent
-    end
-
-    # Creates a new Agent object, using the optional logger instance to
-    # report status.
-    def initialize(logger=nil)
-      self.logger = logger
-    end
-
-    # Connect to the agent process using the socket factory and socket name
-    # given by the attribute writers. If the agent on the other end of the
-    # socket reports that it is an SSH2-compatible agent, this will fail
-    # (it only supports the ssh-agent distributed by OpenSSH).
-    def connect!(agent_socket_factory = nil)
-      begin
-        debug { "connecting to ssh-agent" }
-        @socket = agent_socket_factory.nil? ? socket_class.open(ENV['SSH_AUTH_SOCK']) : agent_socket_factory.call
-      rescue
-        error { "could not connect to ssh-agent" }
-        raise AgentNotAvailable, $!.message
-      end
-    end
-
-    # Attempts to negotiate the SSH agent protocol version. Raises an error
-    # if the version could not be negotiated successfully.
-    def negotiate!
-      # determine what type of agent we're communicating with
-      type, body = send_and_wait(SSH2_AGENT_REQUEST_VERSION, :string, Transport::ServerVersion::PROTO_VERSION)
-
-      if type == SSH2_AGENT_VERSION_RESPONSE
-        raise AgentNotAvailable, "SSH2 agents are not yet supported"
-      elsif type == SSH2_AGENT_FAILURE
-        debug { "Unexpected response type==#{type}, this will be ignored" }
-      elsif type != SSH_AGENT_RSA_IDENTITIES_ANSWER1 && type != SSH_AGENT_RSA_IDENTITIES_ANSWER2
-        raise AgentNotAvailable, "unknown response from agent: #{type}, #{body.to_s.inspect}"
-      end
-    end
-
-    # Return an array of all identities (public keys) known to the agent.
-    # Each key returned is augmented with a +comment+ property which is set
-    # to the comment returned by the agent for that key.
-    def identities
-      type, body = send_and_wait(SSH2_AGENT_REQUEST_IDENTITIES)
-      raise AgentError, "could not get identity count" if agent_failed(type)
-      raise AgentError, "bad authentication reply: #{type}" if type != SSH2_AGENT_IDENTITIES_ANSWER
-
-      identities = []
-      body.read_long.times do
-        key_str = body.read_string
-        comment_str = body.read_string
-        begin
-          key = Buffer.new(key_str).read_key
-          key.extend(Comment)
-          key.comment = comment_str
-          identities.push key
-        rescue NotImplementedError => e
-          error { "ignoring unimplemented key:#{e.message} #{comment_str}" }
-        end
-      end
-
-      return identities
-    end
-
-    # Closes this socket. This agent reference is no longer able to
-    # query the agent.
-    def close
-      @socket.close
-    end
-
-    # Using the agent and the given public key, sign the given data. The
-    # signature is returned in SSH2 format.
-    def sign(key, data)
-      type, reply = send_and_wait(SSH2_AGENT_SIGN_REQUEST, :string, Buffer.from(:key, key), :string, data, :long, 0)
-
-      if agent_failed(type)
-        raise AgentError, "agent could not sign data with requested identity"
-      elsif type != SSH2_AGENT_SIGN_RESPONSE
-        raise AgentError, "bad authentication response #{type}"
-      end
-
-      return reply.read_string
-    end
-
-    private
-
-    # Returns the agent socket factory to use.
-    def socket_class
-      if Net::SSH::Authentication::PLATFORM == :win32
-        Pageant::Socket
-      else
-        UNIXSocket
-      end
-    end
-
-    # Send a new packet of the given type, with the associated data.
-    def send_packet(type, *args)
-      buffer = Buffer.from(*args)
-      data = [buffer.length + 1, type.to_i, buffer.to_s].pack("NCA*")
-      debug { "sending agent request #{type} len #{buffer.length}" }
-      @socket.send data, 0
-    end
-
-    # Read the next packet from the agent. This will return a two-part
-    # tuple consisting of the packet type, and the packet's body (which
-    # is returned as a Net::SSH::Buffer).
-    def read_packet
-      buffer = Net::SSH::Buffer.new(@socket.read(4))
-      buffer.append(@socket.read(buffer.read_long))
-      type = buffer.read_byte
-      debug { "received agent packet #{type} len #{buffer.length-4}" }
-      return type, buffer
-    end
-
-    # Send the given packet and return the subsequent reply from the agent.
-    # (See #send_packet and #read_packet).
-    def send_and_wait(type, *args)
-      send_packet(type, *args)
-      read_packet
-    end
-
-    # Returns +true+ if the parameter indicates a "failure" response from
-    # the agent, and +false+ otherwise.
-    def agent_failed(type)
-      type == SSH_AGENT_FAILURE ||
-        type == SSH2_AGENT_FAILURE ||
-        type == SSH_COM_AGENT2_FAILURE
-    end
-  end
-
-end; end; end

data/lib/net/ssh/ruby_compat.rb

@@ -1,46 +0,0 @@
-require 'thread'
-
-class String
-  if RUBY_VERSION < "1.9"
-    def getbyte(index)
-      self[index]
-    end
-    def setbyte(index, c)
-      self[index] = c
-    end
-  end
-end
-
-module Net; module SSH
-  
-  # This class contains miscellaneous patches and workarounds
-  # for different ruby implementations.
-  class Compat
-    
-    # A workaround for an IO#select threading bug in certain versions of MRI 1.8.
-    # See: http://net-ssh.lighthouseapp.com/projects/36253/tickets/1-ioselect-threading-bug-in-ruby-18
-    # The root issue is documented here: http://redmine.ruby-lang.org/issues/show/1993
-    if RUBY_VERSION >= '1.9' || RUBY_PLATFORM == 'java'
-      def self.io_select(*params)
-        IO.select(*params)
-      end
-    else
-      SELECT_MUTEX = Mutex.new
-      def self.io_select(*params)
-        # It should be safe to wrap calls in a mutex when the timeout is 0
-        # (that is, the call is not supposed to block).
-        # We leave blocking calls unprotected to avoid causing deadlocks.
-        # This should still catch the main case for Capistrano users.
-        if params[3] == 0
-          SELECT_MUTEX.synchronize do
-            IO.select(*params)
-          end
-        else
-          IO.select(*params)
-        end
-      end
-    end
-    
-  end
-  
-end; end

data/lib/net/ssh/verifiers/lenient.rb

@@ -1,30 +0,0 @@
-require 'net/ssh/verifiers/strict'
-
-module Net; module SSH; module Verifiers
-
-  # Basically the same as the Strict verifier, but does not try to actually
-  # verify a connection if the server is the localhost and the port is a
-  # nonstandard port number. Those two conditions will typically mean the
-  # connection is being tunnelled through a forwarded port, so the known-hosts
-  # file will not be helpful (in general).
-  class Lenient < Strict
-    # Tries to determine if the connection is being tunnelled, and if so,
-    # returns true. Otherwise, performs the standard strict verification.
-    def verify(arguments)
-      return true if tunnelled?(arguments)
-      super
-    end
-
-    private
-
-      # A connection is potentially being tunnelled if the port is not 22,
-      # and the ip refers to the localhost.
-      def tunnelled?(args)
-        return false if args[:session].port == Net::SSH::Transport::Session::DEFAULT_PORT
-        
-        ip = args[:session].peer[:ip]
-        return ip == "127.0.0.1" || ip == "::1"
-      end
-  end
-
-end; end; end

data/lib/net/ssh/verifiers/null.rb

@@ -1,12 +0,0 @@
-module Net; module SSH; module Verifiers
-
-  # The Null host key verifier simply allows every key it sees, without
-  # bothering to verify. This is simple, but is not particularly secure.
-  class Null
-    # Returns true.
-    def verify(arguments)
-      true
-    end
-  end
-
-end; end; end

data/lib/net/ssh/verifiers/secure.rb

@@ -1,52 +0,0 @@
-require 'net/ssh/errors'
-require 'net/ssh/known_hosts'
-
-module Net; module SSH; module Verifiers
-
-  # Does a strict host verification, looking the server up in the known
-  # host files to see if a key has already been seen for this server. If this
-  # server does not appear in any host file, an exception will be raised
-  # (HostKeyUnknown). This is in contrast to the "Strict" class, which will
-  # silently add the key to your known_hosts file. If the server does appear at
-  # least once, but the key given does not match any known for the server, an
-  # exception will be raised (HostKeyMismatch).
-  # Otherwise, this returns true.
-  class Secure
-    def verify(arguments)
-      host_keys = arguments[:session].host_keys
-
-      # We've never seen this host before, so raise an exception.
-      if host_keys.empty?
-        process_cache_miss(host_keys, arguments, HostKeyUnknown, "is unknown")
-      end
-
-      # If we found any matches, check to see that the key type and
-      # blob also match.
-      found = host_keys.any? do |key|
-        key.ssh_type == arguments[:key].ssh_type &&
-        key.to_blob  == arguments[:key].to_blob
-      end
-
-      # If a match was found, return true. Otherwise, raise an exception
-      # indicating that the key was not recognized.
-      unless found
-        process_cache_miss(host_keys, arguments, HostKeyMismatch, "does not match")
-      end
-
-      found
-    end
-
-    private
-
-    def process_cache_miss(host_keys, args, exc_class, message)
-      exception = exc_class.new("fingerprint #{args[:fingerprint]} " +
-                                "#{message} for #{host_keys.host.inspect}")
-      exception.data = args
-      exception.callback = Proc.new do
-        host_keys.add_host_key(args[:key])
-      end
-      raise exception
-    end
-  end
-
-end; end; end

data/lib/net/ssh/verifiers/strict.rb

@@ -1,24 +0,0 @@
-require 'net/ssh/errors'
-require 'net/ssh/known_hosts'
-require 'net/ssh/verifiers/secure'
-
-module Net; module SSH; module Verifiers
-
-  # Does a strict host verification, looking the server up in the known
-  # host files to see if a key has already been seen for this server. If this
-  # server does not appear in any host file, this will silently add the
-  # server. If the server does appear at least once, but the key given does
-  # not match any known for the server, an exception will be raised (HostKeyMismatch).
-  # Otherwise, this returns true.
-  class Strict < Secure
-    def verify(arguments)
-      begin
-        super
-      rescue HostKeyUnknown => err
-        err.remember_host!
-        return true
-      end
-    end
-  end
-
-end; end; end