net-ssh 3.2.0 → 7.2.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (210) hide show
  1. checksums.yaml +5 -5
  2. checksums.yaml.gz.sig +0 -0
  3. data/.dockerignore +6 -0
  4. data/.github/FUNDING.yml +1 -0
  5. data/.github/config/rubocop_linter_action.yml +4 -0
  6. data/.github/workflows/ci-with-docker.yml +44 -0
  7. data/.github/workflows/ci.yml +93 -0
  8. data/.github/workflows/rubocop.yml +16 -0
  9. data/.gitignore +13 -0
  10. data/.rubocop.yml +22 -0
  11. data/.rubocop_todo.yml +1081 -0
  12. data/CHANGES.txt +237 -7
  13. data/DEVELOPMENT.md +23 -0
  14. data/Dockerfile +27 -0
  15. data/Dockerfile.openssl3 +17 -0
  16. data/Gemfile +13 -0
  17. data/Gemfile.noed25519 +12 -0
  18. data/Gemfile.norbnacl +12 -0
  19. data/ISSUE_TEMPLATE.md +30 -0
  20. data/Manifest +4 -5
  21. data/README.md +298 -0
  22. data/Rakefile +125 -74
  23. data/SECURITY.md +4 -0
  24. data/appveyor.yml +58 -0
  25. data/docker-compose.yml +23 -0
  26. data/lib/net/ssh/authentication/agent.rb +279 -18
  27. data/lib/net/ssh/authentication/certificate.rb +183 -0
  28. data/lib/net/ssh/authentication/constants.rb +17 -15
  29. data/lib/net/ssh/authentication/ed25519.rb +186 -0
  30. data/lib/net/ssh/authentication/ed25519_loader.rb +31 -0
  31. data/lib/net/ssh/authentication/key_manager.rb +86 -39
  32. data/lib/net/ssh/authentication/methods/abstract.rb +67 -48
  33. data/lib/net/ssh/authentication/methods/hostbased.rb +34 -37
  34. data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +13 -13
  35. data/lib/net/ssh/authentication/methods/none.rb +16 -19
  36. data/lib/net/ssh/authentication/methods/password.rb +27 -17
  37. data/lib/net/ssh/authentication/methods/publickey.rb +96 -55
  38. data/lib/net/ssh/authentication/pageant.rb +471 -367
  39. data/lib/net/ssh/authentication/pub_key_fingerprint.rb +43 -0
  40. data/lib/net/ssh/authentication/session.rb +131 -121
  41. data/lib/net/ssh/buffer.rb +399 -300
  42. data/lib/net/ssh/buffered_io.rb +154 -150
  43. data/lib/net/ssh/config.rb +308 -185
  44. data/lib/net/ssh/connection/channel.rb +635 -613
  45. data/lib/net/ssh/connection/constants.rb +29 -29
  46. data/lib/net/ssh/connection/event_loop.rb +123 -0
  47. data/lib/net/ssh/connection/keepalive.rb +55 -51
  48. data/lib/net/ssh/connection/session.rb +620 -551
  49. data/lib/net/ssh/connection/term.rb +125 -123
  50. data/lib/net/ssh/errors.rb +101 -99
  51. data/lib/net/ssh/key_factory.rb +197 -105
  52. data/lib/net/ssh/known_hosts.rb +214 -127
  53. data/lib/net/ssh/loggable.rb +50 -49
  54. data/lib/net/ssh/packet.rb +83 -79
  55. data/lib/net/ssh/prompt.rb +50 -81
  56. data/lib/net/ssh/proxy/command.rb +105 -90
  57. data/lib/net/ssh/proxy/errors.rb +12 -10
  58. data/lib/net/ssh/proxy/http.rb +82 -79
  59. data/lib/net/ssh/proxy/https.rb +50 -0
  60. data/lib/net/ssh/proxy/jump.rb +54 -0
  61. data/lib/net/ssh/proxy/socks4.rb +2 -6
  62. data/lib/net/ssh/proxy/socks5.rb +14 -17
  63. data/lib/net/ssh/service/forward.rb +370 -317
  64. data/lib/net/ssh/test/channel.rb +145 -136
  65. data/lib/net/ssh/test/extensions.rb +131 -110
  66. data/lib/net/ssh/test/kex.rb +34 -32
  67. data/lib/net/ssh/test/local_packet.rb +46 -44
  68. data/lib/net/ssh/test/packet.rb +89 -70
  69. data/lib/net/ssh/test/remote_packet.rb +32 -30
  70. data/lib/net/ssh/test/script.rb +156 -142
  71. data/lib/net/ssh/test/socket.rb +49 -48
  72. data/lib/net/ssh/test.rb +82 -77
  73. data/lib/net/ssh/transport/algorithms.rb +462 -359
  74. data/lib/net/ssh/transport/chacha20_poly1305_cipher.rb +117 -0
  75. data/lib/net/ssh/transport/chacha20_poly1305_cipher_loader.rb +17 -0
  76. data/lib/net/ssh/transport/cipher_factory.rb +122 -99
  77. data/lib/net/ssh/transport/constants.rb +32 -24
  78. data/lib/net/ssh/transport/ctr.rb +42 -22
  79. data/lib/net/ssh/transport/hmac/abstract.rb +81 -63
  80. data/lib/net/ssh/transport/hmac/md5.rb +0 -2
  81. data/lib/net/ssh/transport/hmac/md5_96.rb +0 -2
  82. data/lib/net/ssh/transport/hmac/none.rb +0 -2
  83. data/lib/net/ssh/transport/hmac/ripemd160.rb +0 -2
  84. data/lib/net/ssh/transport/hmac/sha1.rb +0 -2
  85. data/lib/net/ssh/transport/hmac/sha1_96.rb +0 -2
  86. data/lib/net/ssh/transport/hmac/sha2_256.rb +7 -11
  87. data/lib/net/ssh/transport/hmac/sha2_256_96.rb +4 -8
  88. data/lib/net/ssh/transport/hmac/sha2_256_etm.rb +12 -0
  89. data/lib/net/ssh/transport/hmac/sha2_512.rb +6 -9
  90. data/lib/net/ssh/transport/hmac/sha2_512_96.rb +4 -8
  91. data/lib/net/ssh/transport/hmac/sha2_512_etm.rb +12 -0
  92. data/lib/net/ssh/transport/hmac.rb +14 -12
  93. data/lib/net/ssh/transport/identity_cipher.rb +54 -44
  94. data/lib/net/ssh/transport/kex/abstract.rb +130 -0
  95. data/lib/net/ssh/transport/kex/abstract5656.rb +72 -0
  96. data/lib/net/ssh/transport/kex/curve25519_sha256.rb +39 -0
  97. data/lib/net/ssh/transport/kex/curve25519_sha256_loader.rb +30 -0
  98. data/lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb +33 -40
  99. data/lib/net/ssh/transport/kex/diffie_hellman_group14_sha256.rb +11 -0
  100. data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +119 -213
  101. data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +53 -61
  102. data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb +5 -9
  103. data/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb +36 -90
  104. data/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb +18 -10
  105. data/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb +18 -10
  106. data/lib/net/ssh/transport/kex.rb +15 -12
  107. data/lib/net/ssh/transport/key_expander.rb +24 -20
  108. data/lib/net/ssh/transport/openssl.rb +161 -124
  109. data/lib/net/ssh/transport/openssl_cipher_extensions.rb +8 -0
  110. data/lib/net/ssh/transport/packet_stream.rb +246 -185
  111. data/lib/net/ssh/transport/server_version.rb +55 -56
  112. data/lib/net/ssh/transport/session.rb +306 -255
  113. data/lib/net/ssh/transport/state.rb +178 -176
  114. data/lib/net/ssh/verifiers/accept_new.rb +33 -0
  115. data/lib/net/ssh/verifiers/accept_new_or_local_tunnel.rb +33 -0
  116. data/lib/net/ssh/verifiers/always.rb +58 -0
  117. data/lib/net/ssh/verifiers/never.rb +19 -0
  118. data/lib/net/ssh/version.rb +55 -53
  119. data/lib/net/ssh.rb +111 -47
  120. data/net-ssh-public_cert.pem +18 -18
  121. data/net-ssh.gemspec +38 -205
  122. data/support/ssh_tunnel_bug.rb +5 -5
  123. data.tar.gz.sig +0 -0
  124. metadata +173 -118
  125. metadata.gz.sig +0 -0
  126. data/.travis.yml +0 -18
  127. data/README.rdoc +0 -182
  128. data/lib/net/ssh/authentication/agent/java_pageant.rb +0 -85
  129. data/lib/net/ssh/authentication/agent/socket.rb +0 -178
  130. data/lib/net/ssh/ruby_compat.rb +0 -46
  131. data/lib/net/ssh/verifiers/lenient.rb +0 -30
  132. data/lib/net/ssh/verifiers/null.rb +0 -12
  133. data/lib/net/ssh/verifiers/secure.rb +0 -52
  134. data/lib/net/ssh/verifiers/strict.rb +0 -24
  135. data/setup.rb +0 -1585
  136. data/support/arcfour_check.rb +0 -20
  137. data/test/README.txt +0 -18
  138. data/test/authentication/methods/common.rb +0 -28
  139. data/test/authentication/methods/test_abstract.rb +0 -51
  140. data/test/authentication/methods/test_hostbased.rb +0 -114
  141. data/test/authentication/methods/test_keyboard_interactive.rb +0 -121
  142. data/test/authentication/methods/test_none.rb +0 -41
  143. data/test/authentication/methods/test_password.rb +0 -95
  144. data/test/authentication/methods/test_publickey.rb +0 -148
  145. data/test/authentication/test_agent.rb +0 -232
  146. data/test/authentication/test_key_manager.rb +0 -240
  147. data/test/authentication/test_session.rb +0 -107
  148. data/test/common.rb +0 -125
  149. data/test/configs/auth_off +0 -5
  150. data/test/configs/auth_on +0 -4
  151. data/test/configs/empty +0 -0
  152. data/test/configs/eqsign +0 -3
  153. data/test/configs/exact_match +0 -8
  154. data/test/configs/host_plus +0 -10
  155. data/test/configs/multihost +0 -4
  156. data/test/configs/negative_match +0 -6
  157. data/test/configs/nohost +0 -19
  158. data/test/configs/numeric_host +0 -4
  159. data/test/configs/proxy_remote_user +0 -2
  160. data/test/configs/send_env +0 -2
  161. data/test/configs/substitutes +0 -8
  162. data/test/configs/wild_cards +0 -14
  163. data/test/connection/test_channel.rb +0 -487
  164. data/test/connection/test_session.rb +0 -564
  165. data/test/integration/README.txt +0 -17
  166. data/test/integration/Vagrantfile +0 -12
  167. data/test/integration/common.rb +0 -63
  168. data/test/integration/playbook.yml +0 -56
  169. data/test/integration/test_forward.rb +0 -637
  170. data/test/integration/test_id_rsa_keys.rb +0 -96
  171. data/test/integration/test_proxy.rb +0 -93
  172. data/test/known_hosts/github +0 -1
  173. data/test/known_hosts/github_hash +0 -1
  174. data/test/manual/test_pageant.rb +0 -37
  175. data/test/start/test_connection.rb +0 -53
  176. data/test/start/test_options.rb +0 -57
  177. data/test/start/test_transport.rb +0 -28
  178. data/test/start/test_user_nil.rb +0 -27
  179. data/test/test_all.rb +0 -12
  180. data/test/test_buffer.rb +0 -433
  181. data/test/test_buffered_io.rb +0 -63
  182. data/test/test_config.rb +0 -268
  183. data/test/test_key_factory.rb +0 -191
  184. data/test/test_known_hosts.rb +0 -66
  185. data/test/transport/hmac/test_md5.rb +0 -41
  186. data/test/transport/hmac/test_md5_96.rb +0 -27
  187. data/test/transport/hmac/test_none.rb +0 -34
  188. data/test/transport/hmac/test_ripemd160.rb +0 -36
  189. data/test/transport/hmac/test_sha1.rb +0 -36
  190. data/test/transport/hmac/test_sha1_96.rb +0 -27
  191. data/test/transport/hmac/test_sha2_256.rb +0 -37
  192. data/test/transport/hmac/test_sha2_256_96.rb +0 -27
  193. data/test/transport/hmac/test_sha2_512.rb +0 -37
  194. data/test/transport/hmac/test_sha2_512_96.rb +0 -27
  195. data/test/transport/kex/test_diffie_hellman_group14_sha1.rb +0 -13
  196. data/test/transport/kex/test_diffie_hellman_group1_sha1.rb +0 -150
  197. data/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +0 -96
  198. data/test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb +0 -19
  199. data/test/transport/kex/test_ecdh_sha2_nistp256.rb +0 -161
  200. data/test/transport/kex/test_ecdh_sha2_nistp384.rb +0 -38
  201. data/test/transport/kex/test_ecdh_sha2_nistp521.rb +0 -38
  202. data/test/transport/test_algorithms.rb +0 -328
  203. data/test/transport/test_cipher_factory.rb +0 -443
  204. data/test/transport/test_hmac.rb +0 -34
  205. data/test/transport/test_identity_cipher.rb +0 -40
  206. data/test/transport/test_packet_stream.rb +0 -1762
  207. data/test/transport/test_server_version.rb +0 -74
  208. data/test/transport/test_session.rb +0 -331
  209. data/test/transport/test_state.rb +0 -181
  210. data/test/verifiers/test_secure.rb +0 -40
@@ -1,20 +0,0 @@
1
-
2
- require 'net/ssh'
3
-
4
- # ARCFOUR CHECK
5
- #
6
- # Usage:
7
- # $ ruby support/arcfour_check.rb
8
- #
9
- # Expected Output:
10
- # arcfour128: [16, 8] OpenSSL::Cipher::Cipher
11
- # arcfour256: [32, 8] OpenSSL::Cipher::Cipher
12
- # arcfour512: [64, 8] OpenSSL::Cipher::Cipher
13
-
14
- [['arcfour128', 16], ['arcfour256', 32], ['arcfour512', 64]].each do |cipher|
15
- print "#{cipher[0]}: "
16
- a = Net::SSH::Transport::CipherFactory.get_lengths(cipher[0])
17
- b = Net::SSH::Transport::CipherFactory.get(cipher[0], :key => ([].fill('x', 0, cipher[1]).join))
18
- puts "#{a} #{b.class}"
19
- end
20
-
data/test/README.txt DELETED
@@ -1,18 +0,0 @@
1
- RUNNING TESTS
2
-
3
- Run the test suite from the net-ssh directory with the following command:
4
-
5
- ruby -Ilib -Itest test/test_all.rb
6
-
7
- Run a single test file like this:
8
-
9
- ruby -Ilib -Itest test/transport/test_server_version.rb
10
-
11
- EXPECTED RESULTS
12
-
13
- https://travis-ci.org/net-ssh/net-ssh/
14
-
15
- INTEGRATION TESTS
16
-
17
- brew install ansible ; ansible-galaxy install rvm_io.rvm1-ruby ; vagrant up ; vagrant ssh
18
- cd /net-ssh ; rake integration-test
@@ -1,28 +0,0 @@
1
- module Authentication; module Methods
2
-
3
- module Common
4
- include Net::SSH::Authentication::Constants
5
-
6
- private
7
-
8
- def socket(options={})
9
- @socket ||= stub("socket", :client_name => "me.ssh.test")
10
- end
11
-
12
- def transport(options={})
13
- @transport ||= MockTransport.new(options.merge(:socket => socket))
14
- end
15
-
16
- def session(options={})
17
- @session ||= begin
18
- sess = stub("auth-session", :logger => nil, :transport => transport(options))
19
- def sess.next_message
20
- transport.next_message
21
- end
22
- sess
23
- end
24
- end
25
-
26
- end
27
-
28
- end; end
@@ -1,51 +0,0 @@
1
- require 'common'
2
- require 'authentication/methods/common'
3
- require 'net/ssh/authentication/methods/abstract'
4
-
5
- module Authentication; module Methods
6
-
7
- class TestAbstract < Test::Unit::TestCase
8
- include Common
9
-
10
- def test_constructor_should_set_defaults
11
- assert_nil subject.key_manager
12
- end
13
-
14
- def test_constructor_should_honor_options
15
- assert_equal :manager, subject(:key_manager => :manager).key_manager
16
- end
17
-
18
- def test_session_id_should_query_session_id_from_key_exchange
19
- transport.stubs(:algorithms).returns(stub("algorithms", :session_id => "abcxyz123"))
20
- assert_equal "abcxyz123", subject.session_id
21
- end
22
-
23
- def test_send_message_should_delegate_to_transport
24
- transport.expects(:send_message).with("abcxyz123")
25
- subject.send_message("abcxyz123")
26
- end
27
-
28
- def test_userauth_request_should_build_well_formed_userauth_packet
29
- packet = subject.userauth_request("jamis", "ssh-connection", "password")
30
- assert_equal "\062\0\0\0\005jamis\0\0\0\016ssh-connection\0\0\0\010password", packet.to_s
31
- end
32
-
33
- def test_userauth_request_should_translate_extra_booleans_onto_end
34
- packet = subject.userauth_request("jamis", "ssh-connection", "password", true, false)
35
- assert_equal "\062\0\0\0\005jamis\0\0\0\016ssh-connection\0\0\0\010password\1\0", packet.to_s
36
- end
37
-
38
- def test_userauth_request_should_translate_extra_strings_onto_end
39
- packet = subject.userauth_request("jamis", "ssh-connection", "password", "foo", "bar")
40
- assert_equal "\062\0\0\0\005jamis\0\0\0\016ssh-connection\0\0\0\010password\0\0\0\3foo\0\0\0\3bar", packet.to_s
41
- end
42
-
43
- private
44
-
45
- def subject(options={})
46
- @subject ||= Net::SSH::Authentication::Methods::Abstract.new(session(options), options)
47
- end
48
-
49
- end
50
-
51
- end; end
@@ -1,114 +0,0 @@
1
- require 'common'
2
- require 'net/ssh/authentication/methods/hostbased'
3
- require 'authentication/methods/common'
4
-
5
- module Authentication; module Methods
6
-
7
- class TestHostbased < Test::Unit::TestCase
8
- include Common
9
-
10
- def test_authenticate_should_return_false_when_no_key_manager_has_been_set
11
- assert_equal false, subject(:key_manager => nil).authenticate("ssh-connection", "jamis")
12
- end
13
-
14
- def test_authenticate_should_return_false_when_key_manager_has_no_keys
15
- assert_equal false, subject(:keys => []).authenticate("ssh-connection", "jamis")
16
- end
17
-
18
- def test_authenticate_should_return_false_if_no_keys_can_authenticate
19
- ENV.stubs(:[]).with('USER').returns(nil)
20
- key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
21
- key_manager.expects(:sign).with(&signature_parameters(keys.last)).returns("sig-two")
22
-
23
- transport.expect do |t, packet|
24
- assert_equal USERAUTH_REQUEST, packet.type
25
- assert verify_userauth_request_packet(packet, keys.first)
26
- assert_equal "sig-one", packet.read_string
27
- t.return(USERAUTH_FAILURE, :string, "hostbased,password")
28
-
29
- t.expect do |t2, packet2|
30
- assert_equal USERAUTH_REQUEST, packet2.type
31
- assert verify_userauth_request_packet(packet2, keys.last)
32
- assert_equal "sig-two", packet2.read_string
33
- t2.return(USERAUTH_FAILURE, :string, "hostbased,password")
34
- end
35
- end
36
-
37
- assert_equal false, subject.authenticate("ssh-connection", "jamis")
38
- end
39
-
40
- def test_authenticate_should_return_true_if_any_key_can_authenticate
41
- ENV.stubs(:[]).with('USER').returns(nil)
42
- key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
43
-
44
- transport.expect do |t, packet|
45
- assert_equal USERAUTH_REQUEST, packet.type
46
- assert verify_userauth_request_packet(packet, keys.first)
47
- assert_equal "sig-one", packet.read_string
48
- t.return(USERAUTH_SUCCESS)
49
- end
50
-
51
- assert subject.authenticate("ssh-connection", "jamis")
52
- end
53
-
54
- private
55
-
56
- def signature_parameters(key)
57
- Proc.new do |given_key, data|
58
- next false unless given_key.to_blob == key.to_blob
59
- buffer = Net::SSH::Buffer.new(data)
60
- buffer.read_string == "abcxyz123" && # session-id
61
- buffer.read_byte == USERAUTH_REQUEST && # type
62
- verify_userauth_request_packet(buffer, key)
63
- end
64
- end
65
-
66
- def verify_userauth_request_packet(packet, key)
67
- packet.read_string == "jamis" && # user-name
68
- packet.read_string == "ssh-connection" && # next service
69
- packet.read_string == "hostbased" && # auth-method
70
- packet.read_string == key.ssh_type && # key type
71
- packet.read_buffer.read_key.to_blob == key.to_blob && # key
72
- packet.read_string == "me.ssh.test." && # client hostname
73
- packet.read_string == "jamis" # client username
74
- end
75
-
76
- @@keys = nil
77
- def keys
78
- @@keys ||= [OpenSSL::PKey::RSA.new(512), OpenSSL::PKey::DSA.new(512)]
79
- end
80
-
81
- def key_manager(options={})
82
- @key_manager ||= begin
83
- manager = stub("key_manager")
84
- manager.stubs(:each_identity).multiple_yields(*(options[:keys] || keys))
85
- manager
86
- end
87
- end
88
-
89
- def subject(options={})
90
- options[:key_manager] = key_manager(options) unless options.key?(:key_manager)
91
- @subject ||= Net::SSH::Authentication::Methods::Hostbased.new(session(options), options)
92
- end
93
-
94
- def socket(options={})
95
- @socket ||= stub("socket", :client_name => "me.ssh.test")
96
- end
97
-
98
- def transport(options={})
99
- @transport ||= MockTransport.new(options.merge(:socket => socket))
100
- end
101
-
102
- def session(options={})
103
- @session ||= begin
104
- sess = stub("auth-session", :logger => nil, :transport => transport(options))
105
- def sess.next_message
106
- transport.next_message
107
- end
108
- sess
109
- end
110
- end
111
-
112
- end
113
-
114
- end; end
@@ -1,121 +0,0 @@
1
- require 'common'
2
- require 'net/ssh/authentication/methods/keyboard_interactive'
3
- require 'authentication/methods/common'
4
-
5
- module Authentication; module Methods
6
-
7
- class TestKeyboardInteractive < Test::Unit::TestCase
8
- include Common
9
-
10
- USERAUTH_INFO_REQUEST = 60
11
- USERAUTH_INFO_RESPONSE = 61
12
-
13
- def test_authenticate_should_raise_if_keyboard_interactive_disallowed
14
- transport.expect do |t,packet|
15
- assert_equal USERAUTH_REQUEST, packet.type
16
- assert_equal "jamis", packet.read_string
17
- assert_equal "ssh-connection", packet.read_string
18
- assert_equal "keyboard-interactive", packet.read_string
19
- assert_equal "", packet.read_string # language tags
20
- assert_equal "", packet.read_string # submethods
21
-
22
- t.return(USERAUTH_FAILURE, :string, "password")
23
- end
24
-
25
- assert_raises Net::SSH::Authentication::DisallowedMethod do
26
- subject.authenticate("ssh-connection", "jamis")
27
- end
28
- end
29
-
30
- def test_authenticate_should_be_false_if_given_password_is_not_accepted
31
- transport.expect do |t,packet|
32
- assert_equal USERAUTH_REQUEST, packet.type
33
- t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 1, :string, "Password:", :bool, false)
34
- t.expect do |t2,packet2|
35
- assert_equal USERAUTH_INFO_RESPONSE, packet2.type
36
- assert_equal 1, packet2.read_long
37
- assert_equal "the-password", packet2.read_string
38
- t2.return(USERAUTH_FAILURE, :string, "keyboard-interactive")
39
- end
40
- end
41
-
42
- assert_equal false, subject.authenticate("ssh-connection", "jamis", "the-password")
43
- end
44
-
45
- def test_authenticate_should_be_true_if_given_password_is_accepted
46
- transport.expect do |t,packet|
47
- assert_equal USERAUTH_REQUEST, packet.type
48
- t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 1, :string, "Password:", :bool, false)
49
- t.expect do |t2,packet2|
50
- assert_equal USERAUTH_INFO_RESPONSE, packet2.type
51
- t2.return(USERAUTH_SUCCESS)
52
- end
53
- end
54
-
55
- assert subject.authenticate("ssh-connection", "jamis", "the-password")
56
- end
57
-
58
- def test_authenticate_should_duplicate_password_as_needed_to_fill_request
59
- transport.expect do |t,packet|
60
- assert_equal USERAUTH_REQUEST, packet.type
61
- t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 2, :string, "Password:", :bool, false, :string, "Again:", :bool, false)
62
- t.expect do |t2,packet2|
63
- assert_equal USERAUTH_INFO_RESPONSE, packet2.type
64
- assert_equal 2, packet2.read_long
65
- assert_equal "the-password", packet2.read_string
66
- assert_equal "the-password", packet2.read_string
67
- t2.return(USERAUTH_SUCCESS)
68
- end
69
- end
70
-
71
- assert subject.authenticate("ssh-connection", "jamis", "the-password")
72
- end
73
-
74
- def test_authenticate_should_not_prompt_for_input_when_in_non_interactive_mode
75
-
76
- def transport.options
77
- {non_interactive: true}
78
- end
79
- transport.expect do |t,packet|
80
- assert_equal USERAUTH_REQUEST, packet.type
81
- t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 2, :string, "Name:", :bool, true, :string, "Password:", :bool, false)
82
- t.expect do |t2,packet2|
83
- assert_equal USERAUTH_INFO_RESPONSE, packet2.type
84
- assert_equal 2, packet2.read_long
85
- assert_equal "", packet2.read_string
86
- assert_equal "", packet2.read_string
87
- t2.return(USERAUTH_SUCCESS)
88
- end
89
- end
90
-
91
- assert subject.authenticate("ssh-connection", "jamis", nil)
92
- end
93
-
94
-
95
- def test_authenticate_should_prompt_for_input_when_password_is_not_given
96
- subject.expects(:prompt).with("Name:", true).returns("name")
97
- subject.expects(:prompt).with("Password:", false).returns("password")
98
-
99
- transport.expect do |t,packet|
100
- assert_equal USERAUTH_REQUEST, packet.type
101
- t.return(USERAUTH_INFO_REQUEST, :string, "", :string, "", :string, "", :long, 2, :string, "Name:", :bool, true, :string, "Password:", :bool, false)
102
- t.expect do |t2,packet2|
103
- assert_equal USERAUTH_INFO_RESPONSE, packet2.type
104
- assert_equal 2, packet2.read_long
105
- assert_equal "name", packet2.read_string
106
- assert_equal "password", packet2.read_string
107
- t2.return(USERAUTH_SUCCESS)
108
- end
109
- end
110
-
111
- assert subject.authenticate("ssh-connection", "jamis", nil)
112
- end
113
-
114
- private
115
-
116
- def subject(options={})
117
- @subject ||= Net::SSH::Authentication::Methods::KeyboardInteractive.new(session(options), options)
118
- end
119
- end
120
-
121
- end; end
@@ -1,41 +0,0 @@
1
- require 'common'
2
- require 'net/ssh/authentication/methods/none'
3
- require 'authentication/methods/common'
4
-
5
- module Authentication; module Methods
6
-
7
- class TestNone < Test::Unit::TestCase
8
- include Common
9
-
10
- def test_authenticate_should_raise_if_none_disallowed
11
- transport.expect do |t,packet|
12
- assert_equal USERAUTH_REQUEST, packet.type
13
- assert_equal "jamis", packet.read_string
14
- assert_equal "ssh-connection", packet.read_string
15
- assert_equal "none", packet.read_string
16
-
17
- t.return(USERAUTH_FAILURE, :string, "publickey")
18
- end
19
-
20
- assert_raises Net::SSH::Authentication::DisallowedMethod do
21
- subject.authenticate("ssh-connection", "jamis", "pass")
22
- end
23
- end
24
-
25
- def test_authenticate_should_return_true
26
- transport.expect do |t,packet|
27
- assert_equal USERAUTH_REQUEST, packet.type
28
- t.return(USERAUTH_SUCCESS)
29
- end
30
-
31
- assert subject.authenticate("ssh-connection", "", "")
32
- end
33
-
34
- private
35
-
36
- def subject(options={})
37
- @subject ||= Net::SSH::Authentication::Methods::None.new(session(options), options)
38
- end
39
- end
40
-
41
- end; end
@@ -1,95 +0,0 @@
1
- require 'common'
2
- require 'net/ssh/authentication/methods/password'
3
- require 'net/ssh/authentication/session'
4
- require 'authentication/methods/common'
5
-
6
-
7
- module Authentication; module Methods
8
-
9
- class TestPassword < Test::Unit::TestCase
10
- include Common
11
-
12
- def test_authenticate_should_raise_if_password_disallowed
13
- transport.expect do |t,packet|
14
- assert_equal USERAUTH_REQUEST, packet.type
15
- assert_equal "jamis", packet.read_string
16
- assert_equal "ssh-connection", packet.read_string
17
- assert_equal "password", packet.read_string
18
- assert_equal false, packet.read_bool
19
- assert_equal "the-password", packet.read_string
20
-
21
- t.return(USERAUTH_FAILURE, :string, "publickey")
22
- end
23
-
24
- assert_raises Net::SSH::Authentication::DisallowedMethod do
25
- subject.authenticate("ssh-connection", "jamis", "the-password")
26
- end
27
- end
28
-
29
- def test_authenticate_ask_for_password_for_second_time_when_password_is_incorrect
30
- transport.expect do |t,packet|
31
- assert_equal USERAUTH_REQUEST, packet.type
32
- assert_equal "jamis", packet.read_string
33
- assert_equal "ssh-connection", packet.read_string
34
- assert_equal "password", packet.read_string
35
- assert_equal false, packet.read_bool
36
- assert_equal "the-password", packet.read_string
37
- t.return(USERAUTH_FAILURE, :string, "publickey,password")
38
-
39
- t.expect do |t2, packet2|
40
- assert_equal USERAUTH_REQUEST, packet2.type
41
- assert_equal "jamis", packet2.read_string
42
- assert_equal "ssh-connection", packet2.read_string
43
- assert_equal "password", packet2.read_string
44
- assert_equal false, packet2.read_bool
45
- assert_equal "the-password-2", packet2.read_string
46
- t.return(USERAUTH_SUCCESS)
47
- end
48
- end
49
-
50
- subject.expects(:prompt).with("jamis@'s password:", false).returns("the-password-2")
51
- subject.authenticate("ssh-connection", "jamis", "the-password")
52
- end
53
-
54
- def test_authenticate_ask_for_password_if_not_given
55
- transport.expect do |t,packet|
56
- assert_equal USERAUTH_REQUEST, packet.type
57
- assert_equal "bill", packet.read_string
58
- assert_equal "ssh-connection", packet.read_string
59
- assert_equal "password", packet.read_string
60
- assert_equal false, packet.read_bool
61
- assert_equal "good-password", packet.read_string
62
- t.return(USERAUTH_SUCCESS)
63
- end
64
-
65
- transport.instance_eval { @host='testhost' }
66
- subject.expects(:prompt).with("bill@testhost's password:", false).returns("good-password")
67
- subject.authenticate("ssh-connection", "bill", nil)
68
- end
69
-
70
- def test_authenticate_when_password_is_acceptible_should_return_true
71
- transport.expect do |t,packet|
72
- assert_equal USERAUTH_REQUEST, packet.type
73
- t.return(USERAUTH_SUCCESS)
74
- end
75
-
76
- assert subject.authenticate("ssh-connection", "jamis", "the-password")
77
- end
78
-
79
- def test_authenticate_should_return_false_if_password_change_request_is_received
80
- transport.expect do |t,packet|
81
- assert_equal USERAUTH_REQUEST, packet.type
82
- t.return(USERAUTH_PASSWD_CHANGEREQ, :string, "Change your password:", :string, "")
83
- end
84
-
85
- assert !subject.authenticate("ssh-connection", "jamis", "the-password")
86
- end
87
-
88
- private
89
-
90
- def subject(options={})
91
- @subject ||= Net::SSH::Authentication::Methods::Password.new(session(options), options)
92
- end
93
- end
94
-
95
- end; end
@@ -1,148 +0,0 @@
1
- require 'common'
2
- require 'net/ssh/authentication/methods/publickey'
3
- require 'authentication/methods/common'
4
-
5
- module Authentication; module Methods
6
-
7
- class TestPublickey < Test::Unit::TestCase
8
- include Common
9
-
10
- def test_authenticate_should_return_false_when_no_key_manager_has_been_set
11
- assert_equal false, subject(:key_manager => nil).authenticate("ssh-connection", "jamis")
12
- end
13
-
14
- def test_authenticate_should_return_false_when_key_manager_has_no_keys
15
- assert_equal false, subject(:keys => []).authenticate("ssh-connection", "jamis")
16
- end
17
-
18
- def test_authenticate_should_return_false_if_no_keys_can_authenticate
19
- transport.expect do |t, packet|
20
- assert_equal USERAUTH_REQUEST, packet.type
21
- assert verify_userauth_request_packet(packet, keys.first, false)
22
- t.return(USERAUTH_FAILURE, :string, "hostbased,password")
23
-
24
- t.expect do |t2, packet2|
25
- assert_equal USERAUTH_REQUEST, packet2.type
26
- assert verify_userauth_request_packet(packet2, keys.last, false)
27
- t2.return(USERAUTH_FAILURE, :string, "hostbased,password")
28
- end
29
- end
30
-
31
- assert_equal false, subject.authenticate("ssh-connection", "jamis")
32
- end
33
-
34
- def test_authenticate_should_raise_if_publickey_disallowed
35
- key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
36
-
37
- transport.expect do |t, packet|
38
- assert_equal USERAUTH_REQUEST, packet.type
39
- assert verify_userauth_request_packet(packet, keys.first, false)
40
- t.return(USERAUTH_PK_OK, :string, keys.first.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.first))
41
-
42
- t.expect do |t2,packet2|
43
- assert_equal USERAUTH_REQUEST, packet2.type
44
- assert verify_userauth_request_packet(packet2, keys.first, true)
45
- assert_equal "sig-one", packet2.read_string
46
- t2.return(USERAUTH_FAILURE, :string, "hostbased,password")
47
- end
48
- end
49
-
50
- assert_raises Net::SSH::Authentication::DisallowedMethod do
51
- subject.authenticate("ssh-connection", "jamis")
52
- end
53
- end
54
-
55
- def test_authenticate_should_return_false_if_signature_exchange_fails
56
- key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
57
- key_manager.expects(:sign).with(&signature_parameters(keys.last)).returns("sig-two")
58
-
59
- transport.expect do |t, packet|
60
- assert_equal USERAUTH_REQUEST, packet.type
61
- assert verify_userauth_request_packet(packet, keys.first, false)
62
- t.return(USERAUTH_PK_OK, :string, keys.first.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.first))
63
-
64
- t.expect do |t2,packet2|
65
- assert_equal USERAUTH_REQUEST, packet2.type
66
- assert verify_userauth_request_packet(packet2, keys.first, true)
67
- assert_equal "sig-one", packet2.read_string
68
- t2.return(USERAUTH_FAILURE, :string, "publickey")
69
-
70
- t2.expect do |t3, packet3|
71
- assert_equal USERAUTH_REQUEST, packet3.type
72
- assert verify_userauth_request_packet(packet3, keys.last, false)
73
- t3.return(USERAUTH_PK_OK, :string, keys.last.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.last))
74
-
75
- t3.expect do |t4,packet4|
76
- assert_equal USERAUTH_REQUEST, packet4.type
77
- assert verify_userauth_request_packet(packet4, keys.last, true)
78
- assert_equal "sig-two", packet4.read_string
79
- t4.return(USERAUTH_FAILURE, :string, "publickey")
80
- end
81
- end
82
- end
83
- end
84
-
85
- assert !subject.authenticate("ssh-connection", "jamis")
86
- end
87
-
88
- def test_authenticate_should_return_true_if_any_key_can_authenticate
89
- key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
90
-
91
- transport.expect do |t, packet|
92
- assert_equal USERAUTH_REQUEST, packet.type
93
- assert verify_userauth_request_packet(packet, keys.first, false)
94
- t.return(USERAUTH_PK_OK, :string, keys.first.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.first))
95
-
96
- t.expect do |t2,packet2|
97
- assert_equal USERAUTH_REQUEST, packet2.type
98
- assert verify_userauth_request_packet(packet2, keys.first, true)
99
- assert_equal "sig-one", packet2.read_string
100
- t2.return(USERAUTH_SUCCESS)
101
- end
102
- end
103
-
104
- assert subject.authenticate("ssh-connection", "jamis")
105
- end
106
-
107
- private
108
-
109
- def signature_parameters(key)
110
- Proc.new do |given_key, data|
111
- next false unless given_key.to_blob == key.to_blob
112
- buffer = Net::SSH::Buffer.new(data)
113
- buffer.read_string == "abcxyz123" && # session-id
114
- buffer.read_byte == USERAUTH_REQUEST && # type
115
- verify_userauth_request_packet(buffer, key, true)
116
- end
117
- end
118
-
119
- def verify_userauth_request_packet(packet, key, has_sig)
120
- packet.read_string == "jamis" && # user-name
121
- packet.read_string == "ssh-connection" && # next service
122
- packet.read_string == "publickey" && # auth-method
123
- packet.read_bool == has_sig && # whether a signature is appended
124
- packet.read_string == key.ssh_type && # ssh key type
125
- packet.read_buffer.read_key.to_blob == key.to_blob # key
126
- end
127
-
128
- @@keys = nil
129
- def keys
130
- @@keys ||= [OpenSSL::PKey::RSA.new(512), OpenSSL::PKey::DSA.new(512)]
131
- end
132
-
133
- def key_manager(options={})
134
- @key_manager ||= begin
135
- manager = stub("key_manager")
136
- manager.stubs(:each_identity).multiple_yields(*(options[:keys] || keys))
137
- manager
138
- end
139
- end
140
-
141
- def subject(options={})
142
- options[:key_manager] = key_manager(options) unless options.key?(:key_manager)
143
- @subject ||= Net::SSH::Authentication::Methods::Publickey.new(session(options), options)
144
- end
145
-
146
- end
147
-
148
- end; end