RubyGems - net-ssh - Versions diffs - 3.2.0 → 7.2.0.rc1 - Mend

net-ssh 3.2.0 → 7.2.0.rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (210) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data/.dockerignore +6 -0
data/.github/FUNDING.yml +1 -0
data/.github/config/rubocop_linter_action.yml +4 -0
data/.github/workflows/ci-with-docker.yml +44 -0
data/.github/workflows/ci.yml +93 -0
data/.github/workflows/rubocop.yml +16 -0
data/.gitignore +13 -0
data/.rubocop.yml +22 -0
data/.rubocop_todo.yml +1081 -0
data/CHANGES.txt +237 -7
data/DEVELOPMENT.md +23 -0
data/Dockerfile +27 -0
data/Dockerfile.openssl3 +17 -0
data/Gemfile +13 -0
data/Gemfile.noed25519 +12 -0
data/Gemfile.norbnacl +12 -0
data/ISSUE_TEMPLATE.md +30 -0
data/Manifest +4 -5
data/README.md +298 -0
data/Rakefile +125 -74
data/SECURITY.md +4 -0
data/appveyor.yml +58 -0
data/docker-compose.yml +23 -0
data/lib/net/ssh/authentication/agent.rb +279 -18
data/lib/net/ssh/authentication/certificate.rb +183 -0
data/lib/net/ssh/authentication/constants.rb +17 -15
data/lib/net/ssh/authentication/ed25519.rb +186 -0
data/lib/net/ssh/authentication/ed25519_loader.rb +31 -0
data/lib/net/ssh/authentication/key_manager.rb +86 -39
data/lib/net/ssh/authentication/methods/abstract.rb +67 -48
data/lib/net/ssh/authentication/methods/hostbased.rb +34 -37
data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +13 -13
data/lib/net/ssh/authentication/methods/none.rb +16 -19
data/lib/net/ssh/authentication/methods/password.rb +27 -17
data/lib/net/ssh/authentication/methods/publickey.rb +96 -55
data/lib/net/ssh/authentication/pageant.rb +471 -367
data/lib/net/ssh/authentication/pub_key_fingerprint.rb +43 -0
data/lib/net/ssh/authentication/session.rb +131 -121
data/lib/net/ssh/buffer.rb +399 -300
data/lib/net/ssh/buffered_io.rb +154 -150
data/lib/net/ssh/config.rb +308 -185
data/lib/net/ssh/connection/channel.rb +635 -613
data/lib/net/ssh/connection/constants.rb +29 -29
data/lib/net/ssh/connection/event_loop.rb +123 -0
data/lib/net/ssh/connection/keepalive.rb +55 -51
data/lib/net/ssh/connection/session.rb +620 -551
data/lib/net/ssh/connection/term.rb +125 -123
data/lib/net/ssh/errors.rb +101 -99
data/lib/net/ssh/key_factory.rb +197 -105
data/lib/net/ssh/known_hosts.rb +214 -127
data/lib/net/ssh/loggable.rb +50 -49
data/lib/net/ssh/packet.rb +83 -79
data/lib/net/ssh/prompt.rb +50 -81
data/lib/net/ssh/proxy/command.rb +105 -90
data/lib/net/ssh/proxy/errors.rb +12 -10
data/lib/net/ssh/proxy/http.rb +82 -79
data/lib/net/ssh/proxy/https.rb +50 -0
data/lib/net/ssh/proxy/jump.rb +54 -0
data/lib/net/ssh/proxy/socks4.rb +2 -6
data/lib/net/ssh/proxy/socks5.rb +14 -17
data/lib/net/ssh/service/forward.rb +370 -317
data/lib/net/ssh/test/channel.rb +145 -136
data/lib/net/ssh/test/extensions.rb +131 -110
data/lib/net/ssh/test/kex.rb +34 -32
data/lib/net/ssh/test/local_packet.rb +46 -44
data/lib/net/ssh/test/packet.rb +89 -70
data/lib/net/ssh/test/remote_packet.rb +32 -30
data/lib/net/ssh/test/script.rb +156 -142
data/lib/net/ssh/test/socket.rb +49 -48
data/lib/net/ssh/test.rb +82 -77
data/lib/net/ssh/transport/algorithms.rb +462 -359
data/lib/net/ssh/transport/chacha20_poly1305_cipher.rb +117 -0
data/lib/net/ssh/transport/chacha20_poly1305_cipher_loader.rb +17 -0
data/lib/net/ssh/transport/cipher_factory.rb +122 -99
data/lib/net/ssh/transport/constants.rb +32 -24
data/lib/net/ssh/transport/ctr.rb +42 -22
data/lib/net/ssh/transport/hmac/abstract.rb +81 -63
data/lib/net/ssh/transport/hmac/md5.rb +0 -2
data/lib/net/ssh/transport/hmac/md5_96.rb +0 -2
data/lib/net/ssh/transport/hmac/none.rb +0 -2
data/lib/net/ssh/transport/hmac/ripemd160.rb +0 -2
data/lib/net/ssh/transport/hmac/sha1.rb +0 -2
data/lib/net/ssh/transport/hmac/sha1_96.rb +0 -2
data/lib/net/ssh/transport/hmac/sha2_256.rb +7 -11
data/lib/net/ssh/transport/hmac/sha2_256_96.rb +4 -8
data/lib/net/ssh/transport/hmac/sha2_256_etm.rb +12 -0
data/lib/net/ssh/transport/hmac/sha2_512.rb +6 -9
data/lib/net/ssh/transport/hmac/sha2_512_96.rb +4 -8
data/lib/net/ssh/transport/hmac/sha2_512_etm.rb +12 -0
data/lib/net/ssh/transport/hmac.rb +14 -12
data/lib/net/ssh/transport/identity_cipher.rb +54 -44
data/lib/net/ssh/transport/kex/abstract.rb +130 -0
data/lib/net/ssh/transport/kex/abstract5656.rb +72 -0
data/lib/net/ssh/transport/kex/curve25519_sha256.rb +39 -0
data/lib/net/ssh/transport/kex/curve25519_sha256_loader.rb +30 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb +33 -40
data/lib/net/ssh/transport/kex/diffie_hellman_group14_sha256.rb +11 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +119 -213
data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +53 -61
data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb +5 -9
data/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb +36 -90
data/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb +18 -10
data/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb +18 -10
data/lib/net/ssh/transport/kex.rb +15 -12
data/lib/net/ssh/transport/key_expander.rb +24 -20
data/lib/net/ssh/transport/openssl.rb +161 -124
data/lib/net/ssh/transport/openssl_cipher_extensions.rb +8 -0
data/lib/net/ssh/transport/packet_stream.rb +246 -185
data/lib/net/ssh/transport/server_version.rb +55 -56
data/lib/net/ssh/transport/session.rb +306 -255
data/lib/net/ssh/transport/state.rb +178 -176
data/lib/net/ssh/verifiers/accept_new.rb +33 -0
data/lib/net/ssh/verifiers/accept_new_or_local_tunnel.rb +33 -0
data/lib/net/ssh/verifiers/always.rb +58 -0
data/lib/net/ssh/verifiers/never.rb +19 -0
data/lib/net/ssh/version.rb +55 -53
data/lib/net/ssh.rb +111 -47
data/net-ssh-public_cert.pem +18 -18
data/net-ssh.gemspec +38 -205
data/support/ssh_tunnel_bug.rb +5 -5
data.tar.gz.sig +0 -0
metadata +173 -118
metadata.gz.sig +0 -0
data/.travis.yml +0 -18
data/README.rdoc +0 -182
data/lib/net/ssh/authentication/agent/java_pageant.rb +0 -85
data/lib/net/ssh/authentication/agent/socket.rb +0 -178
data/lib/net/ssh/ruby_compat.rb +0 -46
data/lib/net/ssh/verifiers/lenient.rb +0 -30
data/lib/net/ssh/verifiers/null.rb +0 -12
data/lib/net/ssh/verifiers/secure.rb +0 -52
data/lib/net/ssh/verifiers/strict.rb +0 -24
data/setup.rb +0 -1585
data/support/arcfour_check.rb +0 -20
data/test/README.txt +0 -18
data/test/authentication/methods/common.rb +0 -28
data/test/authentication/methods/test_abstract.rb +0 -51
data/test/authentication/methods/test_hostbased.rb +0 -114
data/test/authentication/methods/test_keyboard_interactive.rb +0 -121
data/test/authentication/methods/test_none.rb +0 -41
data/test/authentication/methods/test_password.rb +0 -95
data/test/authentication/methods/test_publickey.rb +0 -148
data/test/authentication/test_agent.rb +0 -232
data/test/authentication/test_key_manager.rb +0 -240
data/test/authentication/test_session.rb +0 -107
data/test/common.rb +0 -125
data/test/configs/auth_off +0 -5
data/test/configs/auth_on +0 -4
data/test/configs/empty +0 -0
data/test/configs/eqsign +0 -3
data/test/configs/exact_match +0 -8
data/test/configs/host_plus +0 -10
data/test/configs/multihost +0 -4
data/test/configs/negative_match +0 -6
data/test/configs/nohost +0 -19
data/test/configs/numeric_host +0 -4
data/test/configs/proxy_remote_user +0 -2
data/test/configs/send_env +0 -2
data/test/configs/substitutes +0 -8
data/test/configs/wild_cards +0 -14
data/test/connection/test_channel.rb +0 -487
data/test/connection/test_session.rb +0 -564
data/test/integration/README.txt +0 -17
data/test/integration/Vagrantfile +0 -12
data/test/integration/common.rb +0 -63
data/test/integration/playbook.yml +0 -56
data/test/integration/test_forward.rb +0 -637
data/test/integration/test_id_rsa_keys.rb +0 -96
data/test/integration/test_proxy.rb +0 -93
data/test/known_hosts/github +0 -1
data/test/known_hosts/github_hash +0 -1
data/test/manual/test_pageant.rb +0 -37
data/test/start/test_connection.rb +0 -53
data/test/start/test_options.rb +0 -57
data/test/start/test_transport.rb +0 -28
data/test/start/test_user_nil.rb +0 -27
data/test/test_all.rb +0 -12
data/test/test_buffer.rb +0 -433
data/test/test_buffered_io.rb +0 -63
data/test/test_config.rb +0 -268
data/test/test_key_factory.rb +0 -191
data/test/test_known_hosts.rb +0 -66
data/test/transport/hmac/test_md5.rb +0 -41
data/test/transport/hmac/test_md5_96.rb +0 -27
data/test/transport/hmac/test_none.rb +0 -34
data/test/transport/hmac/test_ripemd160.rb +0 -36
data/test/transport/hmac/test_sha1.rb +0 -36
data/test/transport/hmac/test_sha1_96.rb +0 -27
data/test/transport/hmac/test_sha2_256.rb +0 -37
data/test/transport/hmac/test_sha2_256_96.rb +0 -27
data/test/transport/hmac/test_sha2_512.rb +0 -37
data/test/transport/hmac/test_sha2_512_96.rb +0 -27
data/test/transport/kex/test_diffie_hellman_group14_sha1.rb +0 -13
data/test/transport/kex/test_diffie_hellman_group1_sha1.rb +0 -150
data/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +0 -96
data/test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb +0 -19
data/test/transport/kex/test_ecdh_sha2_nistp256.rb +0 -161
data/test/transport/kex/test_ecdh_sha2_nistp384.rb +0 -38
data/test/transport/kex/test_ecdh_sha2_nistp521.rb +0 -38
data/test/transport/test_algorithms.rb +0 -328
data/test/transport/test_cipher_factory.rb +0 -443
data/test/transport/test_hmac.rb +0 -34
data/test/transport/test_identity_cipher.rb +0 -40
data/test/transport/test_packet_stream.rb +0 -1762
data/test/transport/test_server_version.rb +0 -74
data/test/transport/test_session.rb +0 -331
data/test/transport/test_state.rb +0 -181
data/test/verifiers/test_secure.rb +0 -40

data/lib/net/ssh/authentication/pub_key_fingerprint.rb ADDED Viewed

@@ -0,0 +1,43 @@
+require 'openssl'
+module Net
+  module SSH
+    module Authentication
+      # Public key fingerprinting utility module - internal not part of API.
+      # This is included in pubkey classes and called from there. All RSA, DSA, and ECC keys
+      # are supported.
+      #
+      #     require 'net/ssh'
+      #     my_pubkey_text = File.read('/path/to/id_ed25519.pub')
+      #        #=> "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDB2NBh4GJPPUN1kXPMu8b633Xcv55WoKC3OkBjFAbzJ alice@example.com"
+      #     my_pubkey = Net::SSH::KeyFactory.load_data_public_key(my_pubkey_text)
+      #        #=> #<Net::SSH::Authentication::ED25519::PubKey:0x00007fc8e91819b0
+      #     my_pubkey.fingerprint
+      #        #=> "2f:7f:97:21:76:a4:0f:38:c4:fe:d8:b4:6a:39:72:30"
+      #     my_pubkey.fingerprint('SHA256')
+      #        #=> "SHA256:u6mXnY8P1b0FODGp8mckqOB33u8+jvkSCtJbD5Q9klg"
+      module PubKeyFingerprint # :nodoc:
+        # Return the key's fingerprint.  Algorithm may be either +MD5+ (default),
+        # or +SHA256+. For +SHA256+, fingerprints are in the same format
+        # returned by OpenSSH's <tt>`ssh-add -l -E SHA256`</tt>, i.e.,
+        # trailing base64 padding '=' characters are stripped and the
+        # literal string +SHA256:+ is prepended.
+        def fingerprint(algorithm = 'MD5')
+          @fingerprint ||= {}
+          @fingerprint[algorithm] ||= PubKeyFingerprint.fingerprint(to_blob, algorithm)
+        end
+        def self.fingerprint(blob, algorithm = 'MD5')
+          case algorithm.to_s.upcase
+          when 'MD5'
+            OpenSSL::Digest.hexdigest(algorithm, blob).scan(/../).join(":")
+          when 'SHA256'
+            "SHA256:#{Base64.encode64(OpenSSL::Digest.digest(algorithm, blob)).chomp.gsub(/=+\z/, '')}"
+          else
+            raise OpenSSL::Digest::DigestError, "unsupported ssh key digest #{algorithm}"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/net/ssh/authentication/session.rb CHANGED Viewed

@@ -8,148 +8,158 @@ require 'net/ssh/authentication/methods/hostbased'
 require 'net/ssh/authentication/methods/password'
 require 'net/ssh/authentication/methods/keyboard_interactive'
-module Net; module SSH; module Authentication
-  # Raised if the current authentication method is not allowed
-  class DisallowedMethod < Net::SSH::Exception
-  end
-  # Represents an authentication session. It manages the authentication of
-  # a user over an established connection (the "transport" object, see
-  # Net::SSH::Transport::Session).
-  #
-  # The use of an authentication session to manage user authentication is
-  # internal to Net::SSH (specifically Net::SSH.start). Consumers of the
-  # Net::SSH library will never need to access this class directly.
-  class Session
-    include Transport::Constants, Constants, Loggable
-    # transport layer abstraction
-    attr_reader :transport
-    # the list of authentication methods to try
-    attr_reader :auth_methods
-    # the list of authentication methods that are allowed
-    attr_reader :allowed_auth_methods
-    # a hash of options, given at construction time
-    attr_reader :options
+module Net
+  module SSH
+    module Authentication
+      # Raised if the current authentication method is not allowed
+      class DisallowedMethod < Net::SSH::Exception
+      end
-    # Instantiates a new Authentication::Session object over the given
-    # transport layer abstraction.
-    def initialize(transport, options={})
-      self.logger = transport.logger
-      @transport = transport
+      # Represents an authentication session. It manages the authentication of
+      # a user over an established connection (the "transport" object, see
+      # Net::SSH::Transport::Session).
+      #
+      # The use of an authentication session to manage user authentication is
+      # internal to Net::SSH (specifically Net::SSH.start). Consumers of the
+      # Net::SSH library will never need to access this class directly.
+      class Session
+        include Loggable
+        include Constants
+        include Transport::Constants
-      @auth_methods = options[:auth_methods] || Net::SSH::Config.default_auth_methods
-      @options = options
+        # transport layer abstraction
+        attr_reader :transport
-      @allowed_auth_methods = @auth_methods
-    end
+        # the list of authentication methods to try
+        attr_reader :auth_methods
-    # Attempts to authenticate the given user, in preparation for the next
-    # service request. Returns true if an authentication method succeeds in
-    # authenticating the user, and false otherwise.
-    def authenticate(next_service, username, password=nil)
-      debug { "beginning authentication of `#{username}'" }
+        # the list of authentication methods that are allowed
+        attr_reader :allowed_auth_methods
-      transport.send_message(transport.service_request("ssh-userauth"))
-      expect_message(SERVICE_ACCEPT)
+        # a hash of options, given at construction time
+        attr_reader :options
-      key_manager = KeyManager.new(logger, options)
-      keys.each { |key| key_manager.add(key) } unless keys.empty?
-      key_data.each { |key2| key_manager.add_key_data(key2) } unless key_data.empty?
+        # Instantiates a new Authentication::Session object over the given
+        # transport layer abstraction.
+        def initialize(transport, options = {})
+          self.logger = transport.logger
+          @transport = transport
-      attempted = []
+          @auth_methods = options[:auth_methods] || Net::SSH::Config.default_auth_methods
+          @options = options
-      @auth_methods.each do |name|
-        begin
-          next unless @allowed_auth_methods.include?(name)
-          attempted << name
+          @allowed_auth_methods = @auth_methods
+        end
-          debug { "trying #{name}" }
-          begin
-            method = Methods.const_get(name.split(/\W+/).map { |p| p.capitalize }.join).new(self, :key_manager => key_manager)
-          rescue NameError
-            debug{"Mechanism #{name} was requested, but isn't a known type.  Ignoring it."}
-            next
+        # Attempts to authenticate the given user, in preparation for the next
+        # service request. Returns true if an authentication method succeeds in
+        # authenticating the user, and false otherwise.
+        def authenticate(next_service, username, password = nil)
+          debug { "beginning authentication of `#{username}'" }
+          transport.send_message(transport.service_request("ssh-userauth"))
+          expect_message(SERVICE_ACCEPT)
+          key_manager = KeyManager.new(logger, options)
+          keys.each { |key| key_manager.add(key) } unless keys.empty?
+          keycerts.each { |keycert| key_manager.add_keycert(keycert) } unless keycerts.empty?
+          key_data.each { |key2| key_manager.add_key_data(key2) } unless key_data.empty?
+          default_keys.each { |key| key_manager.add(key) } unless options.key?(:keys) || options.key?(:key_data)
+          attempted = []
+          @auth_methods.each do |name|
+            next unless @allowed_auth_methods.include?(name)
+            attempted << name
+            debug { "trying #{name}" }
+            begin
+              auth_class = Methods.const_get(name.split(/\W+/).map { |p| p.capitalize }.join)
+              method = auth_class.new(self,
+                                      key_manager: key_manager, password_prompt: options[:password_prompt],
+                                      pubkey_algorithms: options[:pubkey_algorithms] || nil)
+            rescue NameError
+              debug {"Mechanism #{name} was requested, but isn't a known type.  Ignoring it."}
+              next
+            end
+            return true if method.authenticate(next_service, username, password)
+          rescue Net::SSH::Authentication::DisallowedMethod
           end
-          return true if method.authenticate(next_service, username, password)
-        rescue Net::SSH::Authentication::DisallowedMethod
+          error { "all authorization methods failed (tried #{attempted.join(', ')})" }
+          return false
+        ensure
+          key_manager.finish if key_manager
         end
-      end
-      error { "all authorization methods failed (tried #{attempted.join(', ')})" }
-      return false
-    ensure
-      key_manager.finish if key_manager
-    end
-    # Blocks until a packet is received. It silently handles USERAUTH_BANNER
-    # packets, and will raise an error if any packet is received that is not
-    # valid during user authentication.
-    def next_message
-      loop do
-        packet = transport.next_message
-        case packet.type
-        when USERAUTH_BANNER
-          info { packet[:message] }
-          # TODO add a hook for people to retrieve the banner when it is sent
-        when USERAUTH_FAILURE
-          @allowed_auth_methods = packet[:authentications].split(/,/)
-          debug { "allowed methods: #{packet[:authentications]}" }
-          return packet
-        when USERAUTH_METHOD_RANGE, SERVICE_ACCEPT
-          return packet
+        # Blocks until a packet is received. It silently handles USERAUTH_BANNER
+        # packets, and will raise an error if any packet is received that is not
+        # valid during user authentication.
+        def next_message
+          loop do
+            packet = transport.next_message
+            case packet.type
+            when USERAUTH_BANNER
+              info { packet[:message] }
+            # TODO add a hook for people to retrieve the banner when it is sent
+            when USERAUTH_FAILURE
+              @allowed_auth_methods = packet[:authentications].split(/,/)
+              debug { "allowed methods: #{packet[:authentications]}" }
+              return packet
+            when USERAUTH_METHOD_RANGE, SERVICE_ACCEPT
+              return packet
+            when USERAUTH_SUCCESS
+              transport.hint :authenticated
+              return packet
+            else
+              raise Net::SSH::Exception, "unexpected message #{packet.type} (#{packet})"
+            end
+          end
+        end
-        when USERAUTH_SUCCESS
-          transport.hint :authenticated
-          return packet
+        # Blocks until a packet is received, and returns it if it is of the given
+        # type. If it is not, an exception is raised.
+        def expect_message(type)
+          message = next_message
+          raise Net::SSH::Exception, "expected #{type}, got #{message.type} (#{message})" unless message.type == type
-        else
-          raise Net::SSH::Exception, "unexpected message #{packet.type} (#{packet})"
+          message
         end
-      end
-    end
-    # Blocks until a packet is received, and returns it if it is of the given
-    # type. If it is not, an exception is raised.
-    def expect_message(type)
-      message = next_message
-      unless message.type == type
-        raise Net::SSH::Exception, "expected #{type}, got #{message.type} (#{message})"
-      end
-      message
-    end
+        private
-    private
+        # Returns an array of paths to the key files usually defined
+        # by system default.
+        def default_keys
+          %w[~/.ssh/id_ed25519 ~/.ssh/id_rsa ~/.ssh/id_dsa ~/.ssh/id_ecdsa
+             ~/.ssh2/id_ed25519 ~/.ssh2/id_rsa ~/.ssh2/id_dsa ~/.ssh2/id_ecdsa]
+        end
-      # Returns an array of paths to the key files usually defined
-      # by system default.
-      def default_keys
-        if defined?(OpenSSL::PKey::EC)
-          %w(~/.ssh/id_ed25519 ~/.ssh/id_rsa ~/.ssh/id_dsa ~/.ssh/id_ecdsa
-             ~/.ssh2/id_ed25519 ~/.ssh2/id_rsa ~/.ssh2/id_dsa ~/.ssh2/id_ecdsa)
-        else
-          %w(~/.ssh/id_dsa ~/.ssh/id_rsa ~/.ssh2/id_dsa ~/.ssh2/id_rsa)
+        # Returns an array of paths to the key files that should be used when
+        # attempting any key-based authentication mechanism.
+        def keys
+          Array(options[:keys])
         end
-      end
-      # Returns an array of paths to the key files that should be used when
-      # attempting any key-based authentication mechanism.
-      def keys
-        Array(options[:keys] || default_keys)
-      end
+        # Returns an array of paths to the keycert files that should be used when
+        # attempting any key-based authentication mechanism.
+        def keycerts
+          Array(options[:keycerts])
+        end
-      # Returns an array of the key data that should be used when
-      # attempting any key-based authentication mechanism.
-      def key_data
-        Array(options[:key_data])
+        # Returns an array of the key data that should be used when
+        # attempting any key-based authentication mechanism.
+        def key_data
+          Array(options[:key_data])
+        end
       end
+    end
   end
-end; end; end
+end