net-ssh 3.2.0 → 7.2.0.rc1

data/lib/net/ssh/proxy/http.rb

@@ -1,95 +1,98 @@
 require 'socket'
 require 'net/ssh/proxy/errors'
 
-module Net; module SSH; module Proxy
-
-  # An implementation of an HTTP proxy. To use it, instantiate it, then
-  # pass the instantiated object via the :proxy key to Net::SSH.start:
-  #
-  #   require 'net/ssh/proxy/http'
-  #
-  #   proxy = Net::SSH::Proxy::HTTP.new('proxy.host', proxy_port)
-  #   Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
-  #     ...
-  #   end
-  #
-  # If the proxy requires authentication, you can pass :user and :password
-  # to the proxy's constructor:
-  #
-  #   proxy = Net::SSH::Proxy::HTTP.new('proxy.host', proxy_port,
-  #      :user => "user", :password => "password")
-  #
-  # Note that HTTP digest authentication is not supported; Basic only at
-  # this point.
-  class HTTP
-
-    # The hostname or IP address of the HTTP proxy.
-    attr_reader :proxy_host
-
-    # The port number of the proxy.
-    attr_reader :proxy_port
-
-    # The map of additional options that were given to the object at
-    # initialization.
-    attr_reader :options
-
-    # Create a new socket factory that tunnels via the given host and
-    # port. The +options+ parameter is a hash of additional settings that
-    # can be used to tweak this proxy connection. Specifically, the following
-    # options are supported:
-    #
-    # * :user => the user name to use when authenticating to the proxy
-    # * :password => the password to use when authenticating
-    def initialize(proxy_host, proxy_port=80, options={})
-      @proxy_host = proxy_host
-      @proxy_port = proxy_port
-      @options = options
-    end
+module Net
+  module SSH
+    module Proxy
+      # An implementation of an HTTP proxy. To use it, instantiate it, then
+      # pass the instantiated object via the :proxy key to Net::SSH.start:
+      #
+      #   require 'net/ssh/proxy/http'
+      #
+      #   proxy = Net::SSH::Proxy::HTTP.new('proxy_host', proxy_port)
+      #   Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
+      #     ...
+      #   end
+      #
+      # If the proxy requires authentication, you can pass :user and :password
+      # to the proxy's constructor:
+      #
+      #   proxy = Net::SSH::Proxy::HTTP.new('proxy_host', proxy_port,
+      #      :user => "user", :password => "password")
+      #
+      # Note that HTTP digest authentication is not supported; Basic only at
+      # this point.
+      class HTTP
+        # The hostname or IP address of the HTTP proxy.
+        attr_reader :proxy_host
+
+        # The port number of the proxy.
+        attr_reader :proxy_port
+
+        # The map of additional options that were given to the object at
+        # initialization.
+        attr_reader :options
+
+        # Create a new socket factory that tunnels via the given host and
+        # port. The +options+ parameter is a hash of additional settings that
+        # can be used to tweak this proxy connection. Specifically, the following
+        # options are supported:
+        #
+        # * :user => the user name to use when authenticating to the proxy
+        # * :password => the password to use when authenticating
+        def initialize(proxy_host, proxy_port = 80, options = {})
+          @proxy_host = proxy_host
+          @proxy_port = proxy_port
+          @options = options
+        end
 
-    # Return a new socket connected to the given host and port via the
-    # proxy that was requested when the socket factory was instantiated.
-    def open(host, port, connection_options)
-      socket = Socket.tcp(proxy_host, proxy_port, nil, nil,
-                          connect_timeout: connection_options[:timeout])
-      socket.write "CONNECT #{host}:#{port} HTTP/1.0\r\n"
+        # Return a new socket connected to the given host and port via the
+        # proxy that was requested when the socket factory was instantiated.
+        def open(host, port, connection_options)
+          socket = establish_connection(connection_options[:timeout])
+          socket.write "CONNECT #{host}:#{port} HTTP/1.1\r\n"
+          socket.write "Host: #{host}:#{port}\r\n"
 
-      if options[:user]
-        credentials = ["#{options[:user]}:#{options[:password]}"].pack("m*").gsub(/\s/, "")
-        socket.write "Proxy-Authorization: Basic #{credentials}\r\n"
-      end
+          if options[:user]
+            credentials = ["#{options[:user]}:#{options[:password]}"].pack("m*").gsub(/\s/, "")
+            socket.write "Proxy-Authorization: Basic #{credentials}\r\n"
+          end
 
-      socket.write "\r\n"
+          socket.write "\r\n"
 
-      resp = parse_response(socket)
+          resp = parse_response(socket)
 
-      return socket if resp[:code] == 200
+          return socket if resp[:code] == 200
 
-      socket.close
-      raise ConnectError, resp.inspect
-    end
-
-    private
+          socket.close
+          raise ConnectError, resp.inspect
+        end
 
-      def parse_response(socket)
-        version, code, reason = socket.gets.chomp.split(/ /, 3)
-        headers = {}
+        protected
 
-        while (line = socket.gets) && (line.chomp! != "")
-          name, value = line.split(/:/, 2)
-          headers[name.strip] = value.strip
+        def establish_connection(connect_timeout)
+          Socket.tcp(proxy_host, proxy_port, nil, nil,
+                     connect_timeout: connect_timeout)
         end
 
-        if headers["Content-Length"]
-          body = socket.read(headers["Content-Length"].to_i)
-        end
+        def parse_response(socket)
+          version, code, reason = socket.gets.chomp.split(/ /, 3)
+          headers = {}
 
-        return { :version => version,
-                 :code => code.to_i,
-                 :reason => reason,
-                 :headers => headers,
-                 :body => body }
-      end
+          while (line = socket.gets) && (line.chomp! != "")
+            name, value = line.split(/:/, 2)
+            headers[name.strip] = value.strip
+          end
 
-  end
+          body = socket.read(headers["Content-Length"].to_i) if headers["Content-Length"]
 
-end; end; end
+          return { version: version,
+                   code: code.to_i,
+                   reason: reason,
+                   headers: headers,
+                   body: body }
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/proxy/https.rb

@@ -0,0 +1,50 @@
+require 'socket'
+require 'openssl'
+require 'net/ssh/proxy/errors'
+require 'net/ssh/proxy/http'
+
+module Net
+  module SSH
+    module Proxy
+      # A specialization of the HTTP proxy which encrypts the whole connection
+      # using OpenSSL. This has the advantage that proxy authentication
+      # information is not sent in plaintext.
+      class HTTPS < HTTP
+        # Create a new socket factory that tunnels via the given host and
+        # port. The +options+ parameter is a hash of additional settings that
+        # can be used to tweak this proxy connection. In addition to the options
+        # taken by Net::SSH::Proxy::HTTP it supports:
+        #
+        # * :ssl_context => the SSL configuration to use for the connection
+        def initialize(proxy_host, proxy_port = 80, options = {})
+          @ssl_context = options.delete(:ssl_context) ||
+                           OpenSSL::SSL::SSLContext.new
+          super(proxy_host, proxy_port, options)
+        end
+
+        protected
+
+        # Shim to make OpenSSL::SSL::SSLSocket behave like a regular TCPSocket
+        # for all intents and purposes of Net::SSH::BufferedIo
+        module SSLSocketCompatibility
+          def self.extended(object) # :nodoc:
+            object.define_singleton_method(:recv, object.method(:sysread))
+            object.sync_close = true
+          end
+
+          def send(data, _opts)
+            syswrite(data)
+          end
+        end
+
+        def establish_connection(connect_timeout)
+          plain_socket = super(connect_timeout)
+          OpenSSL::SSL::SSLSocket.new(plain_socket, @ssl_context).tap do |socket|
+            socket.extend(SSLSocketCompatibility)
+            socket.connect
+          end
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/proxy/jump.rb

@@ -0,0 +1,54 @@
+require 'uri'
+require 'net/ssh/proxy/command'
+
+module Net
+  module SSH
+    module Proxy
+      # An implementation of a jump proxy. To use it, instantiate it,
+      # then pass the instantiated object via the :proxy key to
+      # Net::SSH.start:
+      #
+      #   require 'net/ssh/proxy/jump'
+      #
+      #   proxy = Net::SSH::Proxy::Jump.new('user@proxy')
+      #   Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
+      #     ...
+      #   end
+      class Jump < Command
+        # The jump proxies
+        attr_reader :jump_proxies
+
+        # Create a new socket factory that tunnels via multiple jump proxes as
+        # [user@]host[:port].
+        def initialize(jump_proxies)
+          @jump_proxies = jump_proxies
+        end
+
+        # Return a new socket connected to the given host and port via the jump
+        # proxy that was requested when the socket factory was instantiated.
+        def open(host, port, connection_options = nil)
+          build_proxy_command_equivalent(connection_options)
+          super
+        end
+
+        # We cannot build the ProxyCommand template until we know if the :config
+        # option was specified during `Net::SSH.start`.
+        def build_proxy_command_equivalent(connection_options = nil)
+          first_jump, extra_jumps = jump_proxies.split(",", 2)
+          config = connection_options && connection_options[:config]
+          uri = URI.parse("ssh://#{first_jump}")
+
+          template = "ssh".dup
+          template << " -l #{uri.user}"    if uri.user
+          template << " -p #{uri.port}"    if uri.port
+          template << " -J #{extra_jumps}" if extra_jumps
+          template << " -F #{config}" if config != true && config
+          template << " -W %h:%p "
+          template << uri.host
+
+          @command_line_template = template
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/proxy/socks4.rb

@@ -6,7 +6,6 @@ require 'net/ssh/proxy/errors'
 module Net
   module SSH
     module Proxy
-
       # An implementation of a SOCKS4 proxy. To use it, instantiate it, then
       # pass the instantiated object via the :proxy key to Net::SSH.start:
       #
@@ -17,7 +16,6 @@ module Net
       #     ...
       #   end
       class SOCKS4
-
         # The SOCKS protocol version used by this class
         VERSION = 4
 
@@ -39,7 +37,7 @@ module Net
         # Create a new proxy connection to the given proxy host and port.
         # Optionally, a :user key may be given to identify the username
         # with which to authenticate.
-        def initialize(proxy_host, proxy_port=1080, options={})
+        def initialize(proxy_host, proxy_port = 1080, options = {})
           @proxy_host = proxy_host
           @proxy_port = proxy_port
           @options = options
@@ -51,7 +49,7 @@ module Net
           socket = Socket.tcp(proxy_host, proxy_port, nil, nil,
                               connect_timeout: connection_options[:timeout])
           ip_addr = IPAddr.new(Resolv.getaddress(host))
-          
+
           packet = [VERSION, CONNECT, port.to_i, ip_addr.to_i, options[:user]].pack("CCnNZ*")
           socket.send packet, 0
 
@@ -63,9 +61,7 @@ module Net
 
           return socket
         end
-
       end
-
     end
   end
 end

data/lib/net/ssh/proxy/socks5.rb

@@ -1,11 +1,9 @@
 require 'socket'
-require 'net/ssh/ruby_compat'
 require 'net/ssh/proxy/errors'
 
 module Net
   module SSH
     module Proxy
-
       # An implementation of a SOCKS5 proxy. To use it, instantiate it, then
       # pass the instantiated object via the :proxy key to Net::SSH.start:
       #
@@ -54,7 +52,7 @@ module Net
         # Create a new proxy connection to the given proxy host and port.
         # Optionally, :user and :password options may be given to
         # identify the username and password with which to authenticate.
-        def initialize(proxy_host, proxy_port=1080, options={})
+        def initialize(proxy_host, proxy_port = 1080, options = {})
           @proxy_host = proxy_host
           @proxy_port = proxy_port
           @options = options
@@ -95,13 +93,13 @@ module Net
 
           packet << [port].pack("n")
           socket.send packet, 0
-          
+
           version, reply, = socket.recv(2).unpack("C*")
           socket.recv(1)
           address_type = socket.recv(1).getbyte(0)
           case address_type
           when 1
-            socket.recv(4)  # get four bytes for IPv4 address
+            socket.recv(4) # get four bytes for IPv4 address
           when 3
             len = socket.recv(1).getbyte(0)
             hostname = socket.recv(len)
@@ -112,7 +110,7 @@ module Net
             raise ConnectError, "Illegal response type"
           end
           portnum = socket.recv(2)
-          
+
           unless reply == SUCCESS
             socket.close
             raise ConnectError, "#{reply}"
@@ -123,21 +121,20 @@ module Net
 
         private
 
-          # Simple username/password negotiation with the SOCKS5 server.
-          def negotiate_password(socket)
-            packet = [0x01, options[:user].length, options[:user],
-              options[:password].length, options[:password]].pack("CCA*CA*")
-            socket.send packet, 0
+        # Simple username/password negotiation with the SOCKS5 server.
+        def negotiate_password(socket)
+          packet = [0x01, options[:user].length, options[:user],
+                    options[:password].length, options[:password]].pack("CCA*CA*")
+          socket.send packet, 0
 
-            version, status = socket.recv(2).unpack("CC")
+          version, status = socket.recv(2).unpack("CC")
 
-            if status != SUCCESS
-              socket.close
-              raise UnauthorizedError, "could not authorize user"
-            end
+          if status != SUCCESS
+            socket.close
+            raise UnauthorizedError, "could not authorize user"
           end
+        end
       end
-
     end
   end
 end