net-ssh 4.0.0.beta3 → 4.0.0.beta4

data/lib/net/ssh/proxy/http.rb

@@ -49,8 +49,7 @@ module Net; module SSH; module Proxy
     # Return a new socket connected to the given host and port via the
     # proxy that was requested when the socket factory was instantiated.
     def open(host, port, connection_options)
-      socket = Socket.tcp(proxy_host, proxy_port, nil, nil,
-                          connect_timeout: connection_options[:timeout])
+      socket = establish_connection(connection_options[:timeout])
       socket.write "CONNECT #{host}:#{port} HTTP/1.0\r\n"
 
       if options[:user]
@@ -68,7 +67,12 @@ module Net; module SSH; module Proxy
       raise ConnectError, resp.inspect
     end
 
-    private
+    protected
+
+      def establish_connection(connect_timeout)
+        Socket.tcp(proxy_host, proxy_port, nil, nil,
+                   connect_timeout: connect_timeout)
+      end
 
       def parse_response(socket)
         version, code, reason = socket.gets.chomp.split(/ /, 3)
@@ -89,7 +93,6 @@ module Net; module SSH; module Proxy
                  :headers => headers,
                  :body => body }
       end
-
   end
 
 end; end; end

data/lib/net/ssh/proxy/https.rb

@@ -0,0 +1,49 @@
+require 'socket'
+require 'openssl'
+require 'net/ssh/proxy/errors'
+require 'net/ssh/proxy/http'
+
+module Net; module SSH; module Proxy
+
+  # A specialization of the HTTP proxy which encrypts the whole connection
+  # using OpenSSL. This has the advantage that proxy authentication
+  # information is not sent in plaintext.
+  class HTTPS < HTTP
+
+    # Create a new socket factory that tunnels via the given host and
+    # port. The +options+ parameter is a hash of additional settings that
+    # can be used to tweak this proxy connection. In addition to the options
+    # taken by Net::SSH::Proxy::HTTP it supports:
+    #
+    # * :ssl_context => the SSL configuration to use for the connection
+    def initialize(proxy_host, proxy_port=80, options={})
+      @ssl_context = options.delete(:ssl_context) ||
+                       OpenSSL::SSL::SSLContext.new
+      super(proxy_host, proxy_port, options)
+    end
+
+    protected
+
+      # Shim to make OpenSSL::SSL::SSLSocket behave like a regular TCPSocket
+      # for all intents and purposes of Net::SSH::BufferedIo
+      module SSLSocketCompatibility
+        def self.extended(object) #:nodoc:
+          object.define_singleton_method(:recv, object.method(:sysread))
+          object.sync_close = true
+        end
+
+        def send(data, _opts)
+          syswrite(data)
+        end
+      end
+
+      def establish_connection(connect_timeout)
+        plain_socket = super(connect_timeout)
+        OpenSSL::SSL::SSLSocket.new(plain_socket, @ssl_context).tap do |socket|
+          socket.extend(SSLSocketCompatibility)
+          socket.connect
+        end
+      end
+  end
+
+end; end; end

data/lib/net/ssh/test.rb

@@ -50,7 +50,7 @@ module Net; module SSH
     # If a block is given, yields the script for the test socket (#socket).
     # Otherwise, simply returns the socket's script. See Net::SSH::Test::Script.
     def story
-      yield socket.script if block_given?
+      Net::SSH::Test::Extensions::IO.with_test_extension { yield socket.script if block_given? }
       return socket.script
     end
 
@@ -81,7 +81,7 @@ module Net; module SSH
     # the block passed to this assertion.
     def assert_scripted
       raise "there is no script to be processed" if socket.script.events.empty?
-      yield
+      Net::SSH::Test::Extensions::IO.with_test_extension { yield }
       assert socket.script.events.empty?, "there should not be any remaining scripted events, but there are still #{socket.script.events.length} pending"
     end
   end

data/lib/net/ssh/test/extensions.rb

@@ -113,6 +113,22 @@ module Net; module SSH; module Test
         base.extend(ClassMethods)
       end
 
+      @extension_enabled = false
+
+      def self.with_test_extension(&block)
+        orig_value = @extension_enabled
+        @extension_enabled = true
+        begin
+          yield
+        ensure
+          @extension_enabled = orig_value
+        end
+      end
+
+      def self.extension_enabled?
+        @extension_enabled
+      end
+
       module ClassMethods
         def self.extended(obj) #:nodoc:
           class <<obj
@@ -125,6 +141,7 @@ module Net; module SSH; module Test
         # writers, and errors arrays are either nil, or contain only objects
         # that mix in Net::SSH::Test::Extensions::BufferedIo.
         def select_for_test(readers=nil, writers=nil, errors=nil, wait=nil)
+          return select_for_real(readers, writers, errors, wait) unless Net::SSH::Test::Extensions::IO.extension_enabled?
           ready_readers = Array(readers).select { |r| r.select_for_read? }
           ready_writers = Array(writers).select { |r| r.select_for_write? }
           ready_errors  = Array(errors).select  { |r| r.select_for_error? }

data/lib/net/ssh/transport/ctr.rb

@@ -12,12 +12,10 @@ module Net::SSH::Transport
         @counter_len = orig.block_size
         orig.encrypt
         orig.padding = 0
-      }
-
-      class <<orig
-        alias :_update :update
-        private :_update
-        undef :update
+        
+        singleton_class.send(:alias_method, :_update, :update)
+        singleton_class.send(:private, :_update)
+        singleton_class.send(:undef_method, :update)
 
         def iv
           @counter
@@ -73,13 +71,12 @@ module Net::SSH::Transport
           s
         end
 
-        private
-
         def xor!(s1, s2)
           s = []
           s1.unpack('Q*').zip(s2.unpack('Q*')) {|a,b| s.push(a^b) }
           s.pack('Q*')
         end
+        singleton_class.send(:private, :xor!)
 
         def increment_counter!
           c = @counter_len
@@ -89,7 +86,8 @@ module Net::SSH::Transport
             end
           end
         end
-      end
+        singleton_class.send(:private, :increment_counter!)
+      }
     end
   end
 end

data/lib/net/ssh/version.rb

@@ -53,9 +53,9 @@ module Net; module SSH
     # The tiny component of this version of the Net::SSH library
     TINY  = 0
 
-    # The prerelease component of this version of the Net::SSH library 
+    # The prerelease component of this version of the Net::SSH library
     # nil allowed
-    PRE   = "beta3"
+    PRE   = "beta4"
 
     # The current version of the Net::SSH library as a Version instance
     CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)

data/net-ssh.gemspec

@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
     "LICENSE.txt",
     "README.rdoc"
   ]
-  
+
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
@@ -31,7 +31,7 @@ Gem::Specification.new do |spec|
   unless ENV['NET_SSH_NO_RBNACL']
     spec.add_development_dependency("rbnacl-libsodium", "~> 1.0.10")
     spec.add_development_dependency("rbnacl", "~> 3.4.0")
-    spec.add_development_dependency("bcrypt_pbkdf", "~> 1.0.0.alpha1") unless RUBY_PLATFORM == "java"
+    spec.add_development_dependency("bcrypt_pbkdf", "~> 1.0.0") unless RUBY_PLATFORM == "java"
   end
 
   spec.add_development_dependency "bundler", "~> 1.11"
@@ -39,7 +39,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "minitest", "~> 5.0"
   spec.add_development_dependency "rubocop", "~> 0.39.0"
   spec.add_development_dependency "mocha", ">= 1.1.0"
-  spec.add_development_dependency("byebug") if RUBY_ENGINE == "ruby"
 
-  spec.add_dependency('jruby-pageant', '>= 1.1.1') if RUBY_PLATFORM == 'jruby'
+  spec.add_dependency('jruby-pageant', '>= 1.1.1') if RUBY_ENGINE == 'jruby'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-ssh
 version: !ruby/object:Gem::Version
-  version: 4.0.0.beta3
+  version: 4.0.0.beta4
 platform: ruby
 authors:
 - Jamis Buck
@@ -31,7 +31,7 @@ cert_chain:
   s/ZUKye79ELwFYKJOhjW5g725OL3hy+llhEleytwKRwgXFQBPTC4f5UkdxZVVWGH
   e2C9M1m/2odPZo8h
   -----END CERTIFICATE-----
-date: 2016-08-14 00:00:00.000000000 Z
+date: 2016-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rbnacl-libsodium
@@ -67,14 +67,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0.alpha1
+        version: 1.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0.alpha1
+        version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -145,20 +145,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.1.0
-- !ruby/object:Gem::Dependency
-  name: byebug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 description: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It
   allows you to write programs that invoke and interact with processes on remote servers,
   via SSH2.'
@@ -178,6 +164,7 @@ files:
 - Gemfile
 - Gemfile.norbnacl
 - Gemfile.norbnacl.lock
+- ISSUE_TEMPLATE.md
 - LICENSE.txt
 - Manifest
 - README.rdoc
@@ -186,8 +173,6 @@ files:
 - appveyor.yml
 - lib/net/ssh.rb
 - lib/net/ssh/authentication/agent.rb
-- lib/net/ssh/authentication/agent/java_pageant.rb
-- lib/net/ssh/authentication/agent/socket.rb
 - lib/net/ssh/authentication/constants.rb
 - lib/net/ssh/authentication/ed25519.rb
 - lib/net/ssh/authentication/ed25519_loader.rb
@@ -218,6 +203,7 @@ files:
 - lib/net/ssh/proxy/command.rb
 - lib/net/ssh/proxy/errors.rb
 - lib/net/ssh/proxy/http.rb
+- lib/net/ssh/proxy/https.rb
 - lib/net/ssh/proxy/socks4.rb
 - lib/net/ssh/proxy/socks5.rb
 - lib/net/ssh/ruby_compat.rb
@@ -291,8 +277,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.6
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.'
 test_files: []
+has_rdoc: 

data/lib/net/ssh/authentication/agent/java_pageant.rb

@@ -1,85 +0,0 @@
-require 'jruby_pageant'
-
-module Net; module SSH; module Authentication
-
-  # This class implements an agent for JRuby + Pageant.
-  #
-  # Written by Artūras Šlajus <arturas.slajus@gmail.com>
-  class Agent
-    include Loggable
-    include JRubyPageant
-
-    # A simple module for extending keys, to allow blobs and comments to be
-    # specified for them.
-    module Key
-      # :blob is used by OpenSSL::PKey::RSA#to_blob
-      attr_accessor :java_blob
-      attr_accessor :comment
-    end
-
-    # Instantiates a new agent object, connects to a running SSH agent,
-    # negotiates the agent protocol version, and returns the agent object.
-    def self.connect(logger=nil, agent_socket_factory)
-      agent = new(logger)
-      agent.connect!
-      agent
-    end
-
-    # Creates a new Agent object, using the optional logger instance to
-    # report status.
-    def initialize(logger=nil)
-      self.logger = logger
-    end
-
-    # Connect to the agent process using the socket factory and socket name
-    # given by the attribute writers. If the agent on the other end of the
-    # socket reports that it is an SSH2-compatible agent, this will fail
-    # (it only supports the ssh-agent distributed by OpenSSH).
-    def connect!
-      debug { "connecting to Pageant ssh-agent (via java connector)" }
-      @agent_proxy = JRubyPageant.create
-      unless @agent_proxy.is_running
-        raise AgentNotAvailable, "Pageant is not running!"
-      end
-      debug { "connection to Pageant ssh-agent (via java connector) succeeded" }
-    rescue AgentProxyException => e
-      error { "could not connect to Pageant ssh-agent (via java connector)" }
-      raise AgentNotAvailable, e.message, e.backtrace
-    end
-
-    # Return an array of all identities (public keys) known to the agent.
-    # Each key returned is augmented with a +comment+ property which is set
-    # to the comment returned by the agent for that key.
-    def identities
-      debug { "getting identities from Pageant" }
-      @agent_proxy.get_identities.map do |identity|
-        blob = identity.get_blob
-        key = Buffer.new(String.from_java_bytes(blob)).read_key
-        key.extend(Key)
-        key.java_blob = blob
-        key.comment = String.from_java_bytes(identity.get_comment)
-        key
-      end
-    rescue AgentProxyException => e
-      raise AgentError, "Cannot get identities: #{e.message}", e.backtrace
-    end
-
-    # Simulate agent close. This agent reference is no longer able to
-    # query the agent.
-    def close
-      @agent_proxy = nil
-    end
-
-    # Using the agent and the given public key, sign the given data. The
-    # signature is returned in SSH2 format.
-    def sign(key, data)
-      signed = @agent_proxy.sign(key.java_blob, data.to_java_bytes)
-      String.from_java_bytes(signed)
-    rescue AgentProxyException => e
-      raise AgentError,
-        "agent could not sign data with requested identity: #{e.message}",
-        e.backtrace
-    end
-  end
-
-end; end; end

data/lib/net/ssh/authentication/agent/socket.rb

@@ -1,178 +0,0 @@
-require 'net/ssh/transport/server_version'
-
-# Only load pageant on Windows
-if Net::SSH::Authentication::PLATFORM == :win32
-  require 'net/ssh/authentication/pageant'
-end
-
-module Net; module SSH; module Authentication
-
-  # This class implements a simple client for the ssh-agent protocol. It
-  # does not implement any specific protocol, but instead copies the
-  # behavior of the ssh-agent functions in the OpenSSH library (3.8).
-  #
-  # This means that although it behaves like a SSH1 client, it also has
-  # some SSH2 functionality (like signing data).
-  class Agent
-    include Loggable
-
-    # A simple module for extending keys, to allow comments to be specified
-    # for them.
-    module Comment
-      attr_accessor :comment
-    end
-
-    SSH2_AGENT_REQUEST_VERSION    = 1
-    SSH2_AGENT_REQUEST_IDENTITIES = 11
-    SSH2_AGENT_IDENTITIES_ANSWER  = 12
-    SSH2_AGENT_SIGN_REQUEST       = 13
-    SSH2_AGENT_SIGN_RESPONSE      = 14
-    SSH2_AGENT_FAILURE            = 30
-    SSH2_AGENT_VERSION_RESPONSE   = 103
-
-    SSH_COM_AGENT2_FAILURE        = 102
-
-    SSH_AGENT_REQUEST_RSA_IDENTITIES = 1
-    SSH_AGENT_RSA_IDENTITIES_ANSWER1 = 2
-    SSH_AGENT_RSA_IDENTITIES_ANSWER2 = 5
-    SSH_AGENT_FAILURE                = 5
-
-    # The underlying socket being used to communicate with the SSH agent.
-    attr_reader :socket
-
-    # Instantiates a new agent object, connects to a running SSH agent,
-    # negotiates the agent protocol version, and returns the agent object.
-    def self.connect(logger=nil, agent_socket_factory = nil)
-      agent = new(logger)
-      agent.connect!(agent_socket_factory)
-      agent.negotiate!
-      agent
-    end
-
-    # Creates a new Agent object, using the optional logger instance to
-    # report status.
-    def initialize(logger=nil)
-      self.logger = logger
-    end
-
-    # Connect to the agent process using the socket factory and socket name
-    # given by the attribute writers. If the agent on the other end of the
-    # socket reports that it is an SSH2-compatible agent, this will fail
-    # (it only supports the ssh-agent distributed by OpenSSH).
-    def connect!(agent_socket_factory = nil)
-      begin
-        debug { "connecting to ssh-agent" }
-        @socket = agent_socket_factory.nil? ? socket_class.open(ENV['SSH_AUTH_SOCK']) : agent_socket_factory.call
-      rescue
-        error { "could not connect to ssh-agent" }
-        raise AgentNotAvailable, $!.message
-      end
-    end
-
-    # Attempts to negotiate the SSH agent protocol version. Raises an error
-    # if the version could not be negotiated successfully.
-    def negotiate!
-      # determine what type of agent we're communicating with
-      type, body = send_and_wait(SSH2_AGENT_REQUEST_VERSION, :string, Transport::ServerVersion::PROTO_VERSION)
-
-      if type == SSH2_AGENT_VERSION_RESPONSE
-        raise AgentNotAvailable, "SSH2 agents are not yet supported"
-      elsif type == SSH2_AGENT_FAILURE
-        debug { "Unexpected response type==#{type}, this will be ignored" }
-      elsif type != SSH_AGENT_RSA_IDENTITIES_ANSWER1 && type != SSH_AGENT_RSA_IDENTITIES_ANSWER2
-        raise AgentNotAvailable, "unknown response from agent: #{type}, #{body.to_s.inspect}"
-      end
-    end
-
-    # Return an array of all identities (public keys) known to the agent.
-    # Each key returned is augmented with a +comment+ property which is set
-    # to the comment returned by the agent for that key.
-    def identities
-      type, body = send_and_wait(SSH2_AGENT_REQUEST_IDENTITIES)
-      raise AgentError, "could not get identity count" if agent_failed(type)
-      raise AgentError, "bad authentication reply: #{type}" if type != SSH2_AGENT_IDENTITIES_ANSWER
-
-      identities = []
-      body.read_long.times do
-        key_str = body.read_string
-        comment_str = body.read_string
-        begin
-          key = Buffer.new(key_str).read_key
-          key.extend(Comment)
-          key.comment = comment_str
-          identities.push key
-        rescue NotImplementedError => e
-          error { "ignoring unimplemented key:#{e.message} #{comment_str}" }
-        end
-      end
-
-      return identities
-    end
-
-    # Closes this socket. This agent reference is no longer able to
-    # query the agent.
-    def close
-      @socket.close
-    end
-
-    # Using the agent and the given public key, sign the given data. The
-    # signature is returned in SSH2 format.
-    def sign(key, data)
-      type, reply = send_and_wait(SSH2_AGENT_SIGN_REQUEST, :string, Buffer.from(:key, key), :string, data, :long, 0)
-
-      if agent_failed(type)
-        raise AgentError, "agent could not sign data with requested identity"
-      elsif type != SSH2_AGENT_SIGN_RESPONSE
-        raise AgentError, "bad authentication response #{type}"
-      end
-
-      return reply.read_string
-    end
-
-    private
-
-    # Returns the agent socket factory to use.
-    def socket_class
-      if Net::SSH::Authentication::PLATFORM == :win32
-        Pageant::Socket
-      else
-        UNIXSocket
-      end
-    end
-
-    # Send a new packet of the given type, with the associated data.
-    def send_packet(type, *args)
-      buffer = Buffer.from(*args)
-      data = [buffer.length + 1, type.to_i, buffer.to_s].pack("NCA*")
-      debug { "sending agent request #{type} len #{buffer.length}" }
-      @socket.send data, 0
-    end
-
-    # Read the next packet from the agent. This will return a two-part
-    # tuple consisting of the packet type, and the packet's body (which
-    # is returned as a Net::SSH::Buffer).
-    def read_packet
-      buffer = Net::SSH::Buffer.new(@socket.read(4))
-      buffer.append(@socket.read(buffer.read_long))
-      type = buffer.read_byte
-      debug { "received agent packet #{type} len #{buffer.length-4}" }
-      return type, buffer
-    end
-
-    # Send the given packet and return the subsequent reply from the agent.
-    # (See #send_packet and #read_packet).
-    def send_and_wait(type, *args)
-      send_packet(type, *args)
-      read_packet
-    end
-
-    # Returns +true+ if the parameter indicates a "failure" response from
-    # the agent, and +false+ otherwise.
-    def agent_failed(type)
-      type == SSH_AGENT_FAILURE ||
-        type == SSH2_AGENT_FAILURE ||
-        type == SSH_COM_AGENT2_FAILURE
-    end
-  end
-
-end; end; end