net-ssh 3.2.0 → 7.2.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- checksums.yaml.gz.sig +0 -0
- data/.dockerignore +6 -0
- data/.github/FUNDING.yml +1 -0
- data/.github/config/rubocop_linter_action.yml +4 -0
- data/.github/workflows/ci-with-docker.yml +44 -0
- data/.github/workflows/ci.yml +93 -0
- data/.github/workflows/rubocop.yml +16 -0
- data/.gitignore +13 -0
- data/.rubocop.yml +22 -0
- data/.rubocop_todo.yml +1081 -0
- data/CHANGES.txt +237 -7
- data/DEVELOPMENT.md +23 -0
- data/Dockerfile +27 -0
- data/Dockerfile.openssl3 +17 -0
- data/Gemfile +13 -0
- data/Gemfile.noed25519 +12 -0
- data/Gemfile.norbnacl +12 -0
- data/ISSUE_TEMPLATE.md +30 -0
- data/Manifest +4 -5
- data/README.md +298 -0
- data/Rakefile +125 -74
- data/SECURITY.md +4 -0
- data/appveyor.yml +58 -0
- data/docker-compose.yml +23 -0
- data/lib/net/ssh/authentication/agent.rb +279 -18
- data/lib/net/ssh/authentication/certificate.rb +183 -0
- data/lib/net/ssh/authentication/constants.rb +17 -15
- data/lib/net/ssh/authentication/ed25519.rb +186 -0
- data/lib/net/ssh/authentication/ed25519_loader.rb +31 -0
- data/lib/net/ssh/authentication/key_manager.rb +86 -39
- data/lib/net/ssh/authentication/methods/abstract.rb +67 -48
- data/lib/net/ssh/authentication/methods/hostbased.rb +34 -37
- data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +13 -13
- data/lib/net/ssh/authentication/methods/none.rb +16 -19
- data/lib/net/ssh/authentication/methods/password.rb +27 -17
- data/lib/net/ssh/authentication/methods/publickey.rb +96 -55
- data/lib/net/ssh/authentication/pageant.rb +471 -367
- data/lib/net/ssh/authentication/pub_key_fingerprint.rb +43 -0
- data/lib/net/ssh/authentication/session.rb +131 -121
- data/lib/net/ssh/buffer.rb +399 -300
- data/lib/net/ssh/buffered_io.rb +154 -150
- data/lib/net/ssh/config.rb +308 -185
- data/lib/net/ssh/connection/channel.rb +635 -613
- data/lib/net/ssh/connection/constants.rb +29 -29
- data/lib/net/ssh/connection/event_loop.rb +123 -0
- data/lib/net/ssh/connection/keepalive.rb +55 -51
- data/lib/net/ssh/connection/session.rb +620 -551
- data/lib/net/ssh/connection/term.rb +125 -123
- data/lib/net/ssh/errors.rb +101 -99
- data/lib/net/ssh/key_factory.rb +197 -105
- data/lib/net/ssh/known_hosts.rb +214 -127
- data/lib/net/ssh/loggable.rb +50 -49
- data/lib/net/ssh/packet.rb +83 -79
- data/lib/net/ssh/prompt.rb +50 -81
- data/lib/net/ssh/proxy/command.rb +105 -90
- data/lib/net/ssh/proxy/errors.rb +12 -10
- data/lib/net/ssh/proxy/http.rb +82 -79
- data/lib/net/ssh/proxy/https.rb +50 -0
- data/lib/net/ssh/proxy/jump.rb +54 -0
- data/lib/net/ssh/proxy/socks4.rb +2 -6
- data/lib/net/ssh/proxy/socks5.rb +14 -17
- data/lib/net/ssh/service/forward.rb +370 -317
- data/lib/net/ssh/test/channel.rb +145 -136
- data/lib/net/ssh/test/extensions.rb +131 -110
- data/lib/net/ssh/test/kex.rb +34 -32
- data/lib/net/ssh/test/local_packet.rb +46 -44
- data/lib/net/ssh/test/packet.rb +89 -70
- data/lib/net/ssh/test/remote_packet.rb +32 -30
- data/lib/net/ssh/test/script.rb +156 -142
- data/lib/net/ssh/test/socket.rb +49 -48
- data/lib/net/ssh/test.rb +82 -77
- data/lib/net/ssh/transport/algorithms.rb +462 -359
- data/lib/net/ssh/transport/chacha20_poly1305_cipher.rb +117 -0
- data/lib/net/ssh/transport/chacha20_poly1305_cipher_loader.rb +17 -0
- data/lib/net/ssh/transport/cipher_factory.rb +122 -99
- data/lib/net/ssh/transport/constants.rb +32 -24
- data/lib/net/ssh/transport/ctr.rb +42 -22
- data/lib/net/ssh/transport/hmac/abstract.rb +81 -63
- data/lib/net/ssh/transport/hmac/md5.rb +0 -2
- data/lib/net/ssh/transport/hmac/md5_96.rb +0 -2
- data/lib/net/ssh/transport/hmac/none.rb +0 -2
- data/lib/net/ssh/transport/hmac/ripemd160.rb +0 -2
- data/lib/net/ssh/transport/hmac/sha1.rb +0 -2
- data/lib/net/ssh/transport/hmac/sha1_96.rb +0 -2
- data/lib/net/ssh/transport/hmac/sha2_256.rb +7 -11
- data/lib/net/ssh/transport/hmac/sha2_256_96.rb +4 -8
- data/lib/net/ssh/transport/hmac/sha2_256_etm.rb +12 -0
- data/lib/net/ssh/transport/hmac/sha2_512.rb +6 -9
- data/lib/net/ssh/transport/hmac/sha2_512_96.rb +4 -8
- data/lib/net/ssh/transport/hmac/sha2_512_etm.rb +12 -0
- data/lib/net/ssh/transport/hmac.rb +14 -12
- data/lib/net/ssh/transport/identity_cipher.rb +54 -44
- data/lib/net/ssh/transport/kex/abstract.rb +130 -0
- data/lib/net/ssh/transport/kex/abstract5656.rb +72 -0
- data/lib/net/ssh/transport/kex/curve25519_sha256.rb +39 -0
- data/lib/net/ssh/transport/kex/curve25519_sha256_loader.rb +30 -0
- data/lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb +33 -40
- data/lib/net/ssh/transport/kex/diffie_hellman_group14_sha256.rb +11 -0
- data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +119 -213
- data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +53 -61
- data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb +5 -9
- data/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb +36 -90
- data/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb +18 -10
- data/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb +18 -10
- data/lib/net/ssh/transport/kex.rb +15 -12
- data/lib/net/ssh/transport/key_expander.rb +24 -20
- data/lib/net/ssh/transport/openssl.rb +161 -124
- data/lib/net/ssh/transport/openssl_cipher_extensions.rb +8 -0
- data/lib/net/ssh/transport/packet_stream.rb +246 -185
- data/lib/net/ssh/transport/server_version.rb +55 -56
- data/lib/net/ssh/transport/session.rb +306 -255
- data/lib/net/ssh/transport/state.rb +178 -176
- data/lib/net/ssh/verifiers/accept_new.rb +33 -0
- data/lib/net/ssh/verifiers/accept_new_or_local_tunnel.rb +33 -0
- data/lib/net/ssh/verifiers/always.rb +58 -0
- data/lib/net/ssh/verifiers/never.rb +19 -0
- data/lib/net/ssh/version.rb +55 -53
- data/lib/net/ssh.rb +111 -47
- data/net-ssh-public_cert.pem +18 -18
- data/net-ssh.gemspec +38 -205
- data/support/ssh_tunnel_bug.rb +5 -5
- data.tar.gz.sig +0 -0
- metadata +173 -118
- metadata.gz.sig +0 -0
- data/.travis.yml +0 -18
- data/README.rdoc +0 -182
- data/lib/net/ssh/authentication/agent/java_pageant.rb +0 -85
- data/lib/net/ssh/authentication/agent/socket.rb +0 -178
- data/lib/net/ssh/ruby_compat.rb +0 -46
- data/lib/net/ssh/verifiers/lenient.rb +0 -30
- data/lib/net/ssh/verifiers/null.rb +0 -12
- data/lib/net/ssh/verifiers/secure.rb +0 -52
- data/lib/net/ssh/verifiers/strict.rb +0 -24
- data/setup.rb +0 -1585
- data/support/arcfour_check.rb +0 -20
- data/test/README.txt +0 -18
- data/test/authentication/methods/common.rb +0 -28
- data/test/authentication/methods/test_abstract.rb +0 -51
- data/test/authentication/methods/test_hostbased.rb +0 -114
- data/test/authentication/methods/test_keyboard_interactive.rb +0 -121
- data/test/authentication/methods/test_none.rb +0 -41
- data/test/authentication/methods/test_password.rb +0 -95
- data/test/authentication/methods/test_publickey.rb +0 -148
- data/test/authentication/test_agent.rb +0 -232
- data/test/authentication/test_key_manager.rb +0 -240
- data/test/authentication/test_session.rb +0 -107
- data/test/common.rb +0 -125
- data/test/configs/auth_off +0 -5
- data/test/configs/auth_on +0 -4
- data/test/configs/empty +0 -0
- data/test/configs/eqsign +0 -3
- data/test/configs/exact_match +0 -8
- data/test/configs/host_plus +0 -10
- data/test/configs/multihost +0 -4
- data/test/configs/negative_match +0 -6
- data/test/configs/nohost +0 -19
- data/test/configs/numeric_host +0 -4
- data/test/configs/proxy_remote_user +0 -2
- data/test/configs/send_env +0 -2
- data/test/configs/substitutes +0 -8
- data/test/configs/wild_cards +0 -14
- data/test/connection/test_channel.rb +0 -487
- data/test/connection/test_session.rb +0 -564
- data/test/integration/README.txt +0 -17
- data/test/integration/Vagrantfile +0 -12
- data/test/integration/common.rb +0 -63
- data/test/integration/playbook.yml +0 -56
- data/test/integration/test_forward.rb +0 -637
- data/test/integration/test_id_rsa_keys.rb +0 -96
- data/test/integration/test_proxy.rb +0 -93
- data/test/known_hosts/github +0 -1
- data/test/known_hosts/github_hash +0 -1
- data/test/manual/test_pageant.rb +0 -37
- data/test/start/test_connection.rb +0 -53
- data/test/start/test_options.rb +0 -57
- data/test/start/test_transport.rb +0 -28
- data/test/start/test_user_nil.rb +0 -27
- data/test/test_all.rb +0 -12
- data/test/test_buffer.rb +0 -433
- data/test/test_buffered_io.rb +0 -63
- data/test/test_config.rb +0 -268
- data/test/test_key_factory.rb +0 -191
- data/test/test_known_hosts.rb +0 -66
- data/test/transport/hmac/test_md5.rb +0 -41
- data/test/transport/hmac/test_md5_96.rb +0 -27
- data/test/transport/hmac/test_none.rb +0 -34
- data/test/transport/hmac/test_ripemd160.rb +0 -36
- data/test/transport/hmac/test_sha1.rb +0 -36
- data/test/transport/hmac/test_sha1_96.rb +0 -27
- data/test/transport/hmac/test_sha2_256.rb +0 -37
- data/test/transport/hmac/test_sha2_256_96.rb +0 -27
- data/test/transport/hmac/test_sha2_512.rb +0 -37
- data/test/transport/hmac/test_sha2_512_96.rb +0 -27
- data/test/transport/kex/test_diffie_hellman_group14_sha1.rb +0 -13
- data/test/transport/kex/test_diffie_hellman_group1_sha1.rb +0 -150
- data/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +0 -96
- data/test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb +0 -19
- data/test/transport/kex/test_ecdh_sha2_nistp256.rb +0 -161
- data/test/transport/kex/test_ecdh_sha2_nistp384.rb +0 -38
- data/test/transport/kex/test_ecdh_sha2_nistp521.rb +0 -38
- data/test/transport/test_algorithms.rb +0 -328
- data/test/transport/test_cipher_factory.rb +0 -443
- data/test/transport/test_hmac.rb +0 -34
- data/test/transport/test_identity_cipher.rb +0 -40
- data/test/transport/test_packet_stream.rb +0 -1762
- data/test/transport/test_server_version.rb +0 -74
- data/test/transport/test_session.rb +0 -331
- data/test/transport/test_state.rb +0 -181
- data/test/verifiers/test_secure.rb +0 -40
data/support/arcfour_check.rb
DELETED
@@ -1,20 +0,0 @@
|
|
1
|
-
|
2
|
-
require 'net/ssh'
|
3
|
-
|
4
|
-
# ARCFOUR CHECK
|
5
|
-
#
|
6
|
-
# Usage:
|
7
|
-
# $ ruby support/arcfour_check.rb
|
8
|
-
#
|
9
|
-
# Expected Output:
|
10
|
-
# arcfour128: [16, 8] OpenSSL::Cipher::Cipher
|
11
|
-
# arcfour256: [32, 8] OpenSSL::Cipher::Cipher
|
12
|
-
# arcfour512: [64, 8] OpenSSL::Cipher::Cipher
|
13
|
-
|
14
|
-
[['arcfour128', 16], ['arcfour256', 32], ['arcfour512', 64]].each do |cipher|
|
15
|
-
print "#{cipher[0]}: "
|
16
|
-
a = Net::SSH::Transport::CipherFactory.get_lengths(cipher[0])
|
17
|
-
b = Net::SSH::Transport::CipherFactory.get(cipher[0], :key => ([].fill('x', 0, cipher[1]).join))
|
18
|
-
puts "#{a} #{b.class}"
|
19
|
-
end
|
20
|
-
|
data/test/README.txt
DELETED
@@ -1,18 +0,0 @@
|
|
1
|
-
RUNNING TESTS
|
2
|
-
|
3
|
-
Run the test suite from the net-ssh directory with the following command:
|
4
|
-
|
5
|
-
ruby -Ilib -Itest test/test_all.rb
|
6
|
-
|
7
|
-
Run a single test file like this:
|
8
|
-
|
9
|
-
ruby -Ilib -Itest test/transport/test_server_version.rb
|
10
|
-
|
11
|
-
EXPECTED RESULTS
|
12
|
-
|
13
|
-
https://travis-ci.org/net-ssh/net-ssh/
|
14
|
-
|
15
|
-
INTEGRATION TESTS
|
16
|
-
|
17
|
-
brew install ansible ; ansible-galaxy install rvm_io.rvm1-ruby ; vagrant up ; vagrant ssh
|
18
|
-
cd /net-ssh ; rake integration-test
|
@@ -1,28 +0,0 @@
|
|
1
|
-
module Authentication; module Methods
|
2
|
-
|
3
|
-
module Common
|
4
|
-
include Net::SSH::Authentication::Constants
|
5
|
-
|
6
|
-
private
|
7
|
-
|
8
|
-
def socket(options={})
|
9
|
-
@socket ||= stub("socket", :client_name => "me.ssh.test")
|
10
|
-
end
|
11
|
-
|
12
|
-
def transport(options={})
|
13
|
-
@transport ||= MockTransport.new(options.merge(:socket => socket))
|
14
|
-
end
|
15
|
-
|
16
|
-
def session(options={})
|
17
|
-
@session ||= begin
|
18
|
-
sess = stub("auth-session", :logger => nil, :transport => transport(options))
|
19
|
-
def sess.next_message
|
20
|
-
transport.next_message
|
21
|
-
end
|
22
|
-
sess
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
end
|
27
|
-
|
28
|
-
end; end
|
@@ -1,51 +0,0 @@
|
|
1
|
-
require 'common'
|
2
|
-
require 'authentication/methods/common'
|
3
|
-
require 'net/ssh/authentication/methods/abstract'
|
4
|
-
|
5
|
-
module Authentication; module Methods
|
6
|
-
|
7
|
-
class TestAbstract < Test::Unit::TestCase
|
8
|
-
include Common
|
9
|
-
|
10
|
-
def test_constructor_should_set_defaults
|
11
|
-
assert_nil subject.key_manager
|
12
|
-
end
|
13
|
-
|
14
|
-
def test_constructor_should_honor_options
|
15
|
-
assert_equal :manager, subject(:key_manager => :manager).key_manager
|
16
|
-
end
|
17
|
-
|
18
|
-
def test_session_id_should_query_session_id_from_key_exchange
|
19
|
-
transport.stubs(:algorithms).returns(stub("algorithms", :session_id => "abcxyz123"))
|
20
|
-
assert_equal "abcxyz123", subject.session_id
|
21
|
-
end
|
22
|
-
|
23
|
-
def test_send_message_should_delegate_to_transport
|
24
|
-
transport.expects(:send_message).with("abcxyz123")
|
25
|
-
subject.send_message("abcxyz123")
|
26
|
-
end
|
27
|
-
|
28
|
-
def test_userauth_request_should_build_well_formed_userauth_packet
|
29
|
-
packet = subject.userauth_request("jamis", "ssh-connection", "password")
|
30
|
-
assert_equal "\062\0\0\0\005jamis\0\0\0\016ssh-connection\0\0\0\010password", packet.to_s
|
31
|
-
end
|
32
|
-
|
33
|
-
def test_userauth_request_should_translate_extra_booleans_onto_end
|
34
|
-
packet = subject.userauth_request("jamis", "ssh-connection", "password", true, false)
|
35
|
-
assert_equal "\062\0\0\0\005jamis\0\0\0\016ssh-connection\0\0\0\010password\1\0", packet.to_s
|
36
|
-
end
|
37
|
-
|
38
|
-
def test_userauth_request_should_translate_extra_strings_onto_end
|
39
|
-
packet = subject.userauth_request("jamis", "ssh-connection", "password", "foo", "bar")
|
40
|
-
assert_equal "\062\0\0\0\005jamis\0\0\0\016ssh-connection\0\0\0\010password\0\0\0\3foo\0\0\0\3bar", packet.to_s
|
41
|
-
end
|
42
|
-
|
43
|
-
private
|
44
|
-
|
45
|
-
def subject(options={})
|
46
|
-
@subject ||= Net::SSH::Authentication::Methods::Abstract.new(session(options), options)
|
47
|
-
end
|
48
|
-
|
49
|
-
end
|
50
|
-
|
51
|
-
end; end
|
@@ -1,114 +0,0 @@
|
|
1
|
-
require 'common'
|
2
|
-
require 'net/ssh/authentication/methods/hostbased'
|
3
|
-
require 'authentication/methods/common'
|
4
|
-
|
5
|
-
module Authentication; module Methods
|
6
|
-
|
7
|
-
class TestHostbased < Test::Unit::TestCase
|
8
|
-
include Common
|
9
|
-
|
10
|
-
def test_authenticate_should_return_false_when_no_key_manager_has_been_set
|
11
|
-
assert_equal false, subject(:key_manager => nil).authenticate("ssh-connection", "jamis")
|
12
|
-
end
|
13
|
-
|
14
|
-
def test_authenticate_should_return_false_when_key_manager_has_no_keys
|
15
|
-
assert_equal false, subject(:keys => []).authenticate("ssh-connection", "jamis")
|
16
|
-
end
|
17
|
-
|
18
|
-
def test_authenticate_should_return_false_if_no_keys_can_authenticate
|
19
|
-
ENV.stubs(:[]).with('USER').returns(nil)
|
20
|
-
key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
|
21
|
-
key_manager.expects(:sign).with(&signature_parameters(keys.last)).returns("sig-two")
|
22
|
-
|
23
|
-
transport.expect do |t, packet|
|
24
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
25
|
-
assert verify_userauth_request_packet(packet, keys.first)
|
26
|
-
assert_equal "sig-one", packet.read_string
|
27
|
-
t.return(USERAUTH_FAILURE, :string, "hostbased,password")
|
28
|
-
|
29
|
-
t.expect do |t2, packet2|
|
30
|
-
assert_equal USERAUTH_REQUEST, packet2.type
|
31
|
-
assert verify_userauth_request_packet(packet2, keys.last)
|
32
|
-
assert_equal "sig-two", packet2.read_string
|
33
|
-
t2.return(USERAUTH_FAILURE, :string, "hostbased,password")
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
assert_equal false, subject.authenticate("ssh-connection", "jamis")
|
38
|
-
end
|
39
|
-
|
40
|
-
def test_authenticate_should_return_true_if_any_key_can_authenticate
|
41
|
-
ENV.stubs(:[]).with('USER').returns(nil)
|
42
|
-
key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
|
43
|
-
|
44
|
-
transport.expect do |t, packet|
|
45
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
46
|
-
assert verify_userauth_request_packet(packet, keys.first)
|
47
|
-
assert_equal "sig-one", packet.read_string
|
48
|
-
t.return(USERAUTH_SUCCESS)
|
49
|
-
end
|
50
|
-
|
51
|
-
assert subject.authenticate("ssh-connection", "jamis")
|
52
|
-
end
|
53
|
-
|
54
|
-
private
|
55
|
-
|
56
|
-
def signature_parameters(key)
|
57
|
-
Proc.new do |given_key, data|
|
58
|
-
next false unless given_key.to_blob == key.to_blob
|
59
|
-
buffer = Net::SSH::Buffer.new(data)
|
60
|
-
buffer.read_string == "abcxyz123" && # session-id
|
61
|
-
buffer.read_byte == USERAUTH_REQUEST && # type
|
62
|
-
verify_userauth_request_packet(buffer, key)
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
def verify_userauth_request_packet(packet, key)
|
67
|
-
packet.read_string == "jamis" && # user-name
|
68
|
-
packet.read_string == "ssh-connection" && # next service
|
69
|
-
packet.read_string == "hostbased" && # auth-method
|
70
|
-
packet.read_string == key.ssh_type && # key type
|
71
|
-
packet.read_buffer.read_key.to_blob == key.to_blob && # key
|
72
|
-
packet.read_string == "me.ssh.test." && # client hostname
|
73
|
-
packet.read_string == "jamis" # client username
|
74
|
-
end
|
75
|
-
|
76
|
-
@@keys = nil
|
77
|
-
def keys
|
78
|
-
@@keys ||= [OpenSSL::PKey::RSA.new(512), OpenSSL::PKey::DSA.new(512)]
|
79
|
-
end
|
80
|
-
|
81
|
-
def key_manager(options={})
|
82
|
-
@key_manager ||= begin
|
83
|
-
manager = stub("key_manager")
|
84
|
-
manager.stubs(:each_identity).multiple_yields(*(options[:keys] || keys))
|
85
|
-
manager
|
86
|
-
end
|
87
|
-
end
|
88
|
-
|
89
|
-
def subject(options={})
|
90
|
-
options[:key_manager] = key_manager(options) unless options.key?(:key_manager)
|
91
|
-
@subject ||= Net::SSH::Authentication::Methods::Hostbased.new(session(options), options)
|
92
|
-
end
|
93
|
-
|
94
|
-
def socket(options={})
|
95
|
-
@socket ||= stub("socket", :client_name => "me.ssh.test")
|
96
|
-
end
|
97
|
-
|
98
|
-
def transport(options={})
|
99
|
-
@transport ||= MockTransport.new(options.merge(:socket => socket))
|
100
|
-
end
|
101
|
-
|
102
|
-
def session(options={})
|
103
|
-
@session ||= begin
|
104
|
-
sess = stub("auth-session", :logger => nil, :transport => transport(options))
|
105
|
-
def sess.next_message
|
106
|
-
transport.next_message
|
107
|
-
end
|
108
|
-
sess
|
109
|
-
end
|
110
|
-
end
|
111
|
-
|
112
|
-
end
|
113
|
-
|
114
|
-
end; end
|
@@ -1,121 +0,0 @@
|
|
1
|
-
require 'common'
|
2
|
-
require 'net/ssh/authentication/methods/keyboard_interactive'
|
3
|
-
require 'authentication/methods/common'
|
4
|
-
|
5
|
-
module Authentication; module Methods
|
6
|
-
|
7
|
-
class TestKeyboardInteractive < Test::Unit::TestCase
|
8
|
-
include Common
|
9
|
-
|
10
|
-
USERAUTH_INFO_REQUEST = 60
|
11
|
-
USERAUTH_INFO_RESPONSE = 61
|
12
|
-
|
13
|
-
def test_authenticate_should_raise_if_keyboard_interactive_disallowed
|
14
|
-
transport.expect do |t,packet|
|
15
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
16
|
-
assert_equal "jamis", packet.read_string
|
17
|
-
assert_equal "ssh-connection", packet.read_string
|
18
|
-
assert_equal "keyboard-interactive", packet.read_string
|
19
|
-
assert_equal "", packet.read_string # language tags
|
20
|
-
assert_equal "", packet.read_string # submethods
|
21
|
-
|
22
|
-
t.return(USERAUTH_FAILURE, :string, "password")
|
23
|
-
end
|
24
|
-
|
25
|
-
assert_raises Net::SSH::Authentication::DisallowedMethod do
|
26
|
-
subject.authenticate("ssh-connection", "jamis")
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
def test_authenticate_should_be_false_if_given_password_is_not_accepted
|
31
|
-
transport.expect do |t,packet|
|
32
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
33
|
-
t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 1, :string, "Password:", :bool, false)
|
34
|
-
t.expect do |t2,packet2|
|
35
|
-
assert_equal USERAUTH_INFO_RESPONSE, packet2.type
|
36
|
-
assert_equal 1, packet2.read_long
|
37
|
-
assert_equal "the-password", packet2.read_string
|
38
|
-
t2.return(USERAUTH_FAILURE, :string, "keyboard-interactive")
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
assert_equal false, subject.authenticate("ssh-connection", "jamis", "the-password")
|
43
|
-
end
|
44
|
-
|
45
|
-
def test_authenticate_should_be_true_if_given_password_is_accepted
|
46
|
-
transport.expect do |t,packet|
|
47
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
48
|
-
t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 1, :string, "Password:", :bool, false)
|
49
|
-
t.expect do |t2,packet2|
|
50
|
-
assert_equal USERAUTH_INFO_RESPONSE, packet2.type
|
51
|
-
t2.return(USERAUTH_SUCCESS)
|
52
|
-
end
|
53
|
-
end
|
54
|
-
|
55
|
-
assert subject.authenticate("ssh-connection", "jamis", "the-password")
|
56
|
-
end
|
57
|
-
|
58
|
-
def test_authenticate_should_duplicate_password_as_needed_to_fill_request
|
59
|
-
transport.expect do |t,packet|
|
60
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
61
|
-
t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 2, :string, "Password:", :bool, false, :string, "Again:", :bool, false)
|
62
|
-
t.expect do |t2,packet2|
|
63
|
-
assert_equal USERAUTH_INFO_RESPONSE, packet2.type
|
64
|
-
assert_equal 2, packet2.read_long
|
65
|
-
assert_equal "the-password", packet2.read_string
|
66
|
-
assert_equal "the-password", packet2.read_string
|
67
|
-
t2.return(USERAUTH_SUCCESS)
|
68
|
-
end
|
69
|
-
end
|
70
|
-
|
71
|
-
assert subject.authenticate("ssh-connection", "jamis", "the-password")
|
72
|
-
end
|
73
|
-
|
74
|
-
def test_authenticate_should_not_prompt_for_input_when_in_non_interactive_mode
|
75
|
-
|
76
|
-
def transport.options
|
77
|
-
{non_interactive: true}
|
78
|
-
end
|
79
|
-
transport.expect do |t,packet|
|
80
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
81
|
-
t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 2, :string, "Name:", :bool, true, :string, "Password:", :bool, false)
|
82
|
-
t.expect do |t2,packet2|
|
83
|
-
assert_equal USERAUTH_INFO_RESPONSE, packet2.type
|
84
|
-
assert_equal 2, packet2.read_long
|
85
|
-
assert_equal "", packet2.read_string
|
86
|
-
assert_equal "", packet2.read_string
|
87
|
-
t2.return(USERAUTH_SUCCESS)
|
88
|
-
end
|
89
|
-
end
|
90
|
-
|
91
|
-
assert subject.authenticate("ssh-connection", "jamis", nil)
|
92
|
-
end
|
93
|
-
|
94
|
-
|
95
|
-
def test_authenticate_should_prompt_for_input_when_password_is_not_given
|
96
|
-
subject.expects(:prompt).with("Name:", true).returns("name")
|
97
|
-
subject.expects(:prompt).with("Password:", false).returns("password")
|
98
|
-
|
99
|
-
transport.expect do |t,packet|
|
100
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
101
|
-
t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 2, :string, "Name:", :bool, true, :string, "Password:", :bool, false)
|
102
|
-
t.expect do |t2,packet2|
|
103
|
-
assert_equal USERAUTH_INFO_RESPONSE, packet2.type
|
104
|
-
assert_equal 2, packet2.read_long
|
105
|
-
assert_equal "name", packet2.read_string
|
106
|
-
assert_equal "password", packet2.read_string
|
107
|
-
t2.return(USERAUTH_SUCCESS)
|
108
|
-
end
|
109
|
-
end
|
110
|
-
|
111
|
-
assert subject.authenticate("ssh-connection", "jamis", nil)
|
112
|
-
end
|
113
|
-
|
114
|
-
private
|
115
|
-
|
116
|
-
def subject(options={})
|
117
|
-
@subject ||= Net::SSH::Authentication::Methods::KeyboardInteractive.new(session(options), options)
|
118
|
-
end
|
119
|
-
end
|
120
|
-
|
121
|
-
end; end
|
@@ -1,41 +0,0 @@
|
|
1
|
-
require 'common'
|
2
|
-
require 'net/ssh/authentication/methods/none'
|
3
|
-
require 'authentication/methods/common'
|
4
|
-
|
5
|
-
module Authentication; module Methods
|
6
|
-
|
7
|
-
class TestNone < Test::Unit::TestCase
|
8
|
-
include Common
|
9
|
-
|
10
|
-
def test_authenticate_should_raise_if_none_disallowed
|
11
|
-
transport.expect do |t,packet|
|
12
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
13
|
-
assert_equal "jamis", packet.read_string
|
14
|
-
assert_equal "ssh-connection", packet.read_string
|
15
|
-
assert_equal "none", packet.read_string
|
16
|
-
|
17
|
-
t.return(USERAUTH_FAILURE, :string, "publickey")
|
18
|
-
end
|
19
|
-
|
20
|
-
assert_raises Net::SSH::Authentication::DisallowedMethod do
|
21
|
-
subject.authenticate("ssh-connection", "jamis", "pass")
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
def test_authenticate_should_return_true
|
26
|
-
transport.expect do |t,packet|
|
27
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
28
|
-
t.return(USERAUTH_SUCCESS)
|
29
|
-
end
|
30
|
-
|
31
|
-
assert subject.authenticate("ssh-connection", "", "")
|
32
|
-
end
|
33
|
-
|
34
|
-
private
|
35
|
-
|
36
|
-
def subject(options={})
|
37
|
-
@subject ||= Net::SSH::Authentication::Methods::None.new(session(options), options)
|
38
|
-
end
|
39
|
-
end
|
40
|
-
|
41
|
-
end; end
|
@@ -1,95 +0,0 @@
|
|
1
|
-
require 'common'
|
2
|
-
require 'net/ssh/authentication/methods/password'
|
3
|
-
require 'net/ssh/authentication/session'
|
4
|
-
require 'authentication/methods/common'
|
5
|
-
|
6
|
-
|
7
|
-
module Authentication; module Methods
|
8
|
-
|
9
|
-
class TestPassword < Test::Unit::TestCase
|
10
|
-
include Common
|
11
|
-
|
12
|
-
def test_authenticate_should_raise_if_password_disallowed
|
13
|
-
transport.expect do |t,packet|
|
14
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
15
|
-
assert_equal "jamis", packet.read_string
|
16
|
-
assert_equal "ssh-connection", packet.read_string
|
17
|
-
assert_equal "password", packet.read_string
|
18
|
-
assert_equal false, packet.read_bool
|
19
|
-
assert_equal "the-password", packet.read_string
|
20
|
-
|
21
|
-
t.return(USERAUTH_FAILURE, :string, "publickey")
|
22
|
-
end
|
23
|
-
|
24
|
-
assert_raises Net::SSH::Authentication::DisallowedMethod do
|
25
|
-
subject.authenticate("ssh-connection", "jamis", "the-password")
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
def test_authenticate_ask_for_password_for_second_time_when_password_is_incorrect
|
30
|
-
transport.expect do |t,packet|
|
31
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
32
|
-
assert_equal "jamis", packet.read_string
|
33
|
-
assert_equal "ssh-connection", packet.read_string
|
34
|
-
assert_equal "password", packet.read_string
|
35
|
-
assert_equal false, packet.read_bool
|
36
|
-
assert_equal "the-password", packet.read_string
|
37
|
-
t.return(USERAUTH_FAILURE, :string, "publickey,password")
|
38
|
-
|
39
|
-
t.expect do |t2, packet2|
|
40
|
-
assert_equal USERAUTH_REQUEST, packet2.type
|
41
|
-
assert_equal "jamis", packet2.read_string
|
42
|
-
assert_equal "ssh-connection", packet2.read_string
|
43
|
-
assert_equal "password", packet2.read_string
|
44
|
-
assert_equal false, packet2.read_bool
|
45
|
-
assert_equal "the-password-2", packet2.read_string
|
46
|
-
t.return(USERAUTH_SUCCESS)
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
subject.expects(:prompt).with("jamis@'s password:", false).returns("the-password-2")
|
51
|
-
subject.authenticate("ssh-connection", "jamis", "the-password")
|
52
|
-
end
|
53
|
-
|
54
|
-
def test_authenticate_ask_for_password_if_not_given
|
55
|
-
transport.expect do |t,packet|
|
56
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
57
|
-
assert_equal "bill", packet.read_string
|
58
|
-
assert_equal "ssh-connection", packet.read_string
|
59
|
-
assert_equal "password", packet.read_string
|
60
|
-
assert_equal false, packet.read_bool
|
61
|
-
assert_equal "good-password", packet.read_string
|
62
|
-
t.return(USERAUTH_SUCCESS)
|
63
|
-
end
|
64
|
-
|
65
|
-
transport.instance_eval { @host='testhost' }
|
66
|
-
subject.expects(:prompt).with("bill@testhost's password:", false).returns("good-password")
|
67
|
-
subject.authenticate("ssh-connection", "bill", nil)
|
68
|
-
end
|
69
|
-
|
70
|
-
def test_authenticate_when_password_is_acceptible_should_return_true
|
71
|
-
transport.expect do |t,packet|
|
72
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
73
|
-
t.return(USERAUTH_SUCCESS)
|
74
|
-
end
|
75
|
-
|
76
|
-
assert subject.authenticate("ssh-connection", "jamis", "the-password")
|
77
|
-
end
|
78
|
-
|
79
|
-
def test_authenticate_should_return_false_if_password_change_request_is_received
|
80
|
-
transport.expect do |t,packet|
|
81
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
82
|
-
t.return(USERAUTH_PASSWD_CHANGEREQ, :string, "Change your password:", :string, "")
|
83
|
-
end
|
84
|
-
|
85
|
-
assert !subject.authenticate("ssh-connection", "jamis", "the-password")
|
86
|
-
end
|
87
|
-
|
88
|
-
private
|
89
|
-
|
90
|
-
def subject(options={})
|
91
|
-
@subject ||= Net::SSH::Authentication::Methods::Password.new(session(options), options)
|
92
|
-
end
|
93
|
-
end
|
94
|
-
|
95
|
-
end; end
|
@@ -1,148 +0,0 @@
|
|
1
|
-
require 'common'
|
2
|
-
require 'net/ssh/authentication/methods/publickey'
|
3
|
-
require 'authentication/methods/common'
|
4
|
-
|
5
|
-
module Authentication; module Methods
|
6
|
-
|
7
|
-
class TestPublickey < Test::Unit::TestCase
|
8
|
-
include Common
|
9
|
-
|
10
|
-
def test_authenticate_should_return_false_when_no_key_manager_has_been_set
|
11
|
-
assert_equal false, subject(:key_manager => nil).authenticate("ssh-connection", "jamis")
|
12
|
-
end
|
13
|
-
|
14
|
-
def test_authenticate_should_return_false_when_key_manager_has_no_keys
|
15
|
-
assert_equal false, subject(:keys => []).authenticate("ssh-connection", "jamis")
|
16
|
-
end
|
17
|
-
|
18
|
-
def test_authenticate_should_return_false_if_no_keys_can_authenticate
|
19
|
-
transport.expect do |t, packet|
|
20
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
21
|
-
assert verify_userauth_request_packet(packet, keys.first, false)
|
22
|
-
t.return(USERAUTH_FAILURE, :string, "hostbased,password")
|
23
|
-
|
24
|
-
t.expect do |t2, packet2|
|
25
|
-
assert_equal USERAUTH_REQUEST, packet2.type
|
26
|
-
assert verify_userauth_request_packet(packet2, keys.last, false)
|
27
|
-
t2.return(USERAUTH_FAILURE, :string, "hostbased,password")
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
assert_equal false, subject.authenticate("ssh-connection", "jamis")
|
32
|
-
end
|
33
|
-
|
34
|
-
def test_authenticate_should_raise_if_publickey_disallowed
|
35
|
-
key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
|
36
|
-
|
37
|
-
transport.expect do |t, packet|
|
38
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
39
|
-
assert verify_userauth_request_packet(packet, keys.first, false)
|
40
|
-
t.return(USERAUTH_PK_OK, :string, keys.first.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.first))
|
41
|
-
|
42
|
-
t.expect do |t2,packet2|
|
43
|
-
assert_equal USERAUTH_REQUEST, packet2.type
|
44
|
-
assert verify_userauth_request_packet(packet2, keys.first, true)
|
45
|
-
assert_equal "sig-one", packet2.read_string
|
46
|
-
t2.return(USERAUTH_FAILURE, :string, "hostbased,password")
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
assert_raises Net::SSH::Authentication::DisallowedMethod do
|
51
|
-
subject.authenticate("ssh-connection", "jamis")
|
52
|
-
end
|
53
|
-
end
|
54
|
-
|
55
|
-
def test_authenticate_should_return_false_if_signature_exchange_fails
|
56
|
-
key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
|
57
|
-
key_manager.expects(:sign).with(&signature_parameters(keys.last)).returns("sig-two")
|
58
|
-
|
59
|
-
transport.expect do |t, packet|
|
60
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
61
|
-
assert verify_userauth_request_packet(packet, keys.first, false)
|
62
|
-
t.return(USERAUTH_PK_OK, :string, keys.first.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.first))
|
63
|
-
|
64
|
-
t.expect do |t2,packet2|
|
65
|
-
assert_equal USERAUTH_REQUEST, packet2.type
|
66
|
-
assert verify_userauth_request_packet(packet2, keys.first, true)
|
67
|
-
assert_equal "sig-one", packet2.read_string
|
68
|
-
t2.return(USERAUTH_FAILURE, :string, "publickey")
|
69
|
-
|
70
|
-
t2.expect do |t3, packet3|
|
71
|
-
assert_equal USERAUTH_REQUEST, packet3.type
|
72
|
-
assert verify_userauth_request_packet(packet3, keys.last, false)
|
73
|
-
t3.return(USERAUTH_PK_OK, :string, keys.last.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.last))
|
74
|
-
|
75
|
-
t3.expect do |t4,packet4|
|
76
|
-
assert_equal USERAUTH_REQUEST, packet4.type
|
77
|
-
assert verify_userauth_request_packet(packet4, keys.last, true)
|
78
|
-
assert_equal "sig-two", packet4.read_string
|
79
|
-
t4.return(USERAUTH_FAILURE, :string, "publickey")
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
83
|
-
end
|
84
|
-
|
85
|
-
assert !subject.authenticate("ssh-connection", "jamis")
|
86
|
-
end
|
87
|
-
|
88
|
-
def test_authenticate_should_return_true_if_any_key_can_authenticate
|
89
|
-
key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
|
90
|
-
|
91
|
-
transport.expect do |t, packet|
|
92
|
-
assert_equal USERAUTH_REQUEST, packet.type
|
93
|
-
assert verify_userauth_request_packet(packet, keys.first, false)
|
94
|
-
t.return(USERAUTH_PK_OK, :string, keys.first.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.first))
|
95
|
-
|
96
|
-
t.expect do |t2,packet2|
|
97
|
-
assert_equal USERAUTH_REQUEST, packet2.type
|
98
|
-
assert verify_userauth_request_packet(packet2, keys.first, true)
|
99
|
-
assert_equal "sig-one", packet2.read_string
|
100
|
-
t2.return(USERAUTH_SUCCESS)
|
101
|
-
end
|
102
|
-
end
|
103
|
-
|
104
|
-
assert subject.authenticate("ssh-connection", "jamis")
|
105
|
-
end
|
106
|
-
|
107
|
-
private
|
108
|
-
|
109
|
-
def signature_parameters(key)
|
110
|
-
Proc.new do |given_key, data|
|
111
|
-
next false unless given_key.to_blob == key.to_blob
|
112
|
-
buffer = Net::SSH::Buffer.new(data)
|
113
|
-
buffer.read_string == "abcxyz123" && # session-id
|
114
|
-
buffer.read_byte == USERAUTH_REQUEST && # type
|
115
|
-
verify_userauth_request_packet(buffer, key, true)
|
116
|
-
end
|
117
|
-
end
|
118
|
-
|
119
|
-
def verify_userauth_request_packet(packet, key, has_sig)
|
120
|
-
packet.read_string == "jamis" && # user-name
|
121
|
-
packet.read_string == "ssh-connection" && # next service
|
122
|
-
packet.read_string == "publickey" && # auth-method
|
123
|
-
packet.read_bool == has_sig && # whether a signature is appended
|
124
|
-
packet.read_string == key.ssh_type && # ssh key type
|
125
|
-
packet.read_buffer.read_key.to_blob == key.to_blob # key
|
126
|
-
end
|
127
|
-
|
128
|
-
@@keys = nil
|
129
|
-
def keys
|
130
|
-
@@keys ||= [OpenSSL::PKey::RSA.new(512), OpenSSL::PKey::DSA.new(512)]
|
131
|
-
end
|
132
|
-
|
133
|
-
def key_manager(options={})
|
134
|
-
@key_manager ||= begin
|
135
|
-
manager = stub("key_manager")
|
136
|
-
manager.stubs(:each_identity).multiple_yields(*(options[:keys] || keys))
|
137
|
-
manager
|
138
|
-
end
|
139
|
-
end
|
140
|
-
|
141
|
-
def subject(options={})
|
142
|
-
options[:key_manager] = key_manager(options) unless options.key?(:key_manager)
|
143
|
-
@subject ||= Net::SSH::Authentication::Methods::Publickey.new(session(options), options)
|
144
|
-
end
|
145
|
-
|
146
|
-
end
|
147
|
-
|
148
|
-
end; end
|