net-ssh 5.0.2 → 7.0.1

data/lib/net/ssh/connection/term.rb

@@ -1,7 +1,6 @@
-module Net 
-  module SSH 
+module Net
+  module SSH
     module Connection
-      
       # These constants are used when requesting a pseudo-terminal (via
       # Net::SSH::Connection::Channel#request_pty). The descriptions for each are
       # taken directly from RFC 4254 ("The Secure Shell (SSH) Connection Protocol"),
@@ -10,173 +9,172 @@ module Net
         # Interrupt character; 255 if none. Similarly for the other characters.
         # Not all of these characters are supported on all systems.
         VINTR = 1
-    
+
         # The quit character (sends SIGQUIT signal on POSIX systems).
         VQUIT = 2
-    
+
         # Erase the character to left of the cursor.
         VERASE = 3
-    
+
         # Kill the current input line.
         VKILL = 4
-    
+
         # End-of-file character (sends EOF from the terminal).
         VEOF = 5
-    
+
         # End-of-line character in addition to carriage return and/or linefeed.
         VEOL = 6
-    
+
         # Additional end-of-line character.
         VEOL2 = 7
-    
+
         # Continues paused output (normally control-Q).
         VSTART = 8
-    
+
         # Pauses output (normally control-S).
         VSTOP = 9
-    
+
         # Suspends the current program.
         VSUSP = 10
-    
+
         # Another suspend character.
         VDSUSP = 11
-    
+
         # Reprints the current input line.
         VREPRINT = 12
-    
+
         # Erases a word left of cursor.
         VWERASE = 13
-    
+
         # Enter the next character typed literally, even if it is a special
         # character.
         VLNEXT = 14
-    
+
         # Character to flush output.
         VFLUSH = 15
-    
+
         # Switch to a different shell layer.
         VSWITCH = 16
-    
+
         # Prints system status line (load, command, pid, etc).
         VSTATUS = 17
-    
+
         # Toggles the flushing of terminal output.
         VDISCARD = 18
-    
+
         # The ignore parity flag. The parameter SHOULD be 0 if this flag is FALSE,
         # and 1 if it is TRUE.
         IGNPAR = 30
-    
+
         # Mark parity and framing errors.
         PARMRK = 31
-    
+
         # Enable checking of parity errors.
         INPCK = 32
-    
+
         # Strip 8th bit off characters.
         ISTRIP = 33
-    
+
         # Map NL into CR on input.
         INCLR = 34
-    
+
         # Ignore CR on input.
         IGNCR = 35
-    
+
         # Map CR to NL on input.
         ICRNL = 36
-    
+
         # Translate uppercase characters to lowercase.
         IUCLC = 37
-    
+
         # Enable output flow control.
         IXON = 38
-    
+
         # Any char will restart after stop.
         IXANY = 39
-    
+
         # Enable input flow control.
         IXOFF = 40
-    
+
         # Ring bell on input queue full.
         IMAXBEL = 41
-    
+
         # Enable signals INTR, QUIT, [D]SUSP.
         ISIG = 50
-    
+
         # Canonicalize input lines.
         ICANON = 51
-    
+
         # Enable input and output of uppercase characters by preceding their
         # lowercase equivalents with "\".
         XCASE = 52
-    
+
         # Enable echoing.
         ECHO = 53
-    
+
         # Visually erase chars.
         ECHOE = 54
-    
+
         # Kill character discards current line.
         ECHOK = 55
-    
+
         # Echo NL even if ECHO is off.
         ECHONL = 56
-    
+
         # Don't flush after interrupt.
         NOFLSH = 57
-    
+
         # Stop background jobs from output.
         TOSTOP = 58
-    
+
         # Enable extensions.
         IEXTEN = 59
-    
+
         # Echo control characters as ^(Char).
         ECHOCTL = 60
-    
+
         # Visual erase for line kill.
         ECHOKE = 61
-    
+
         # Retype pending input.
         PENDIN = 62
-    
+
         # Enable output processing.
         OPOST = 70
-    
+
         # Convert lowercase to uppercase.
         OLCUC = 71
-    
+
         # Map NL to CR-NL.
         ONLCR = 72
-    
+
         # Translate carriage return to newline (output).
         OCRNL = 73
-    
+
         # Translate newline to carriage return-newline (output).
         ONOCR = 74
-    
+
         # Newline performs a carriage return (output).
         ONLRET = 75
-    
+
         # 7 bit mode.
         CS7 = 90
-    
+
         # 8 bit mode.
         CS8 = 91
-    
+
         # Parity enable.
         PARENB = 92
-    
+
         # Odd parity, else even.
         PARODD = 93
-    
+
         # Specifies the input baud rate in bits per second.
         TTY_OP_ISPEED = 128
-    
+
         # Specifies the output baud rate in bits per second.
         TTY_OP_OSPEED = 129
       end
-
     end
   end
 end

data/lib/net/ssh/errors.rb

@@ -1,4 +1,4 @@
-module Net 
+module Net
   module SSH
     # A general exception class, to act as the ancestor of all other Net::SSH
     # exception classes.
@@ -33,7 +33,7 @@ module Net
     # a "channel open failed" message.
     class ChannelOpenFailed < Net::SSH::Exception
       attr_reader :code, :reason
-  
+
       def initialize(code, reason)
         @code, @reason = code, reason
         super "#{reason} (#{code})"
@@ -45,43 +45,43 @@ module Net
     # the remember_host! method on the exception, and then retry.
     class HostKeyError < Net::SSH::Exception
       # the callback to use when #remember_host! is called
-      attr_writer :callback #:nodoc:
-  
+      attr_writer :callback # :nodoc:
+
       # situation-specific data describing the host (see #host, #port, etc.)
-      attr_writer :data #:nodoc:
-  
+      attr_writer :data # :nodoc:
+
       # An accessor for getting at the data that was used to look up the host
       # (see also #fingerprint, #host, #port, #ip, and #key).
       def [](key)
         @data && @data[key]
       end
-  
+
       # Returns the fingerprint of the key for the host, which either was not
       # found or did not match.
       def fingerprint
         @data && @data[:fingerprint]
       end
-  
+
       # Returns the host name for the remote host, as reported by the socket.
       def host
         @data && @data[:peer] && @data[:peer][:host]
       end
-  
+
       # Returns the port number for the remote host, as reported by the socket.
       def port
         @data && @data[:peer] && @data[:peer][:port]
       end
-  
+
       # Returns the IP address of the remote host, as reported by the socket.
       def ip
         @data && @data[:peer] && @data[:peer][:ip]
       end
-  
+
       # Returns the key itself, as reported by the remote host.
       def key
         @data && @data[:key]
       end
-  
+
       # Tell Net::SSH to record this host and key in the known hosts file, so
       # that subsequent connections will remember them.
       def remember_host!

data/lib/net/ssh/key_factory.rb

@@ -5,7 +5,6 @@ require 'net/ssh/authentication/ed25519_loader'
 
 module Net
   module SSH
-
     # A factory class for returning new Key classes. It is used for obtaining
     # OpenSSL key instances via their SSH names, and for loading both public and
     # private keys. It used used primarily by Net::SSH itself, internally, and
@@ -18,16 +17,14 @@ module Net
     class KeyFactory
       # Specifies the mapping of SSH names to OpenSSL key classes.
       MAP = {
-        "dh"  => OpenSSL::PKey::DH,
-        "rsa" => OpenSSL::PKey::RSA,
-        "dsa" => OpenSSL::PKey::DSA
+        'dh' => OpenSSL::PKey::DH,
+        'rsa' => OpenSSL::PKey::RSA,
+        'dsa' => OpenSSL::PKey::DSA,
+        'ecdsa' => OpenSSL::PKey::EC
       }
-      if defined?(OpenSSL::PKey::EC)
-        MAP["ecdsa"] = OpenSSL::PKey::EC
-        MAP["ed25519"] = Net::SSH::Authentication::ED25519::PrivKey if defined? Net::SSH::Authentication::ED25519
-      end
+      MAP["ed25519"] = Net::SSH::Authentication::ED25519::PrivKey if defined? Net::SSH::Authentication::ED25519
 
-      class <<self
+      class << self
         # Fetch an OpenSSL key instance by its SSH name. It will be a new,
         # empty key of the given type.
         def get(name)
@@ -39,7 +36,7 @@ module Net
         # appropriately. The new key is returned. If the key itself is
         # encrypted (requiring a passphrase to use), the user will be
         # prompted to enter their password unless passphrase works.
-        def load_private_key(filename, passphrase=nil, ask_passphrase=true, prompt=Prompt.default)
+        def load_private_key(filename, passphrase = nil, ask_passphrase = true, prompt = Prompt.default)
           data = File.read(File.expand_path(filename))
           load_data_private_key(data, passphrase, ask_passphrase, filename, prompt)
         end
@@ -49,17 +46,18 @@ module Net
         # appropriately. The new key is returned. If the key itself is
         # encrypted (requiring a passphrase to use), the user will be
         # prompted to enter their password unless passphrase works.
-        def load_data_private_key(data, passphrase=nil, ask_passphrase=true, filename="", prompt=Prompt.default)
-          key_read, error_classes = classify_key(data, filename)
+        def load_data_private_key(data, passphrase = nil, ask_passphrase = true, filename = "", prompt = Prompt.default)
+          key_type = classify_key(data, filename)
 
-          encrypted_key = data.match(/ENCRYPTED/)
+          encrypted_key = nil
           tries = 0
 
           prompter = nil
           result =
             begin
-              key_read[data, passphrase || 'invalid']
-            rescue *error_classes
+              key_type.read(data, passphrase || 'invalid')
+            rescue *key_type.error_classes => e
+              encrypted_key = !!key_type.encrypted_key?(data, e) if encrypted_key.nil?
               if encrypted_key && ask_passphrase
                 tries += 1
                 if tries <= 3
@@ -88,7 +86,7 @@ module Net
         # Loads a public key. It will correctly determine whether
         # the file describes an RSA or DSA key, and will load it
         # appropriately. The new public key is returned.
-        def load_data_public_key(data, filename="")
+        def load_data_public_key(data, filename = "")
           fields = data.split(/ /)
 
           blob = nil
@@ -106,20 +104,108 @@ module Net
 
         private
 
+        # rubocop:disable Style/Documentation, Lint/DuplicateMethods
+        class KeyType
+          def self.read(key_data, passphrase)
+            raise Exception, "TODO subclasses should implement read"
+          end
+
+          def self.error_classes
+            raise Exception, "TODO subclasses should implement read"
+          end
+
+          def self.encrypted_key?(data, error)
+            raise Exception, "TODO subclasses should implement is_encrypted_key"
+          end
+        end
+
+        class OpenSSHPrivateKeyType < KeyType
+          def self.read(key_data, passphrase)
+            Net::SSH::Authentication::ED25519::OpenSSHPrivateKeyLoader.read(key_data, passphrase)
+          end
+
+          def self.error_classes
+            [Net::SSH::Authentication::ED25519::OpenSSHPrivateKeyLoader::DecryptError]
+          end
+
+          def self.encrypted_key?(key_data, decode_error)
+            decode_error.is_a?(Net::SSH::Authentication::ED25519::OpenSSHPrivateKeyLoader::DecryptError) && decode_error.encrypted_key?
+          end
+        end
+
+        class OpenSSLKeyTypeBase < KeyType
+          def self.open_ssl_class
+            raise Exception, "TODO: subclasses should implement"
+          end
+
+          def self.read(key_data, passphrase)
+            open_ssl_class.new(key_data, passphrase)
+          end
+
+          def self.encrypted_key?(key_data, error)
+            key_data.match(/ENCRYPTED/)
+          end
+        end
+
+        class OpenSSLPKeyType < OpenSSLKeyTypeBase
+          def self.read(key_data, passphrase)
+            open_ssl_class.read(key_data, passphrase)
+          end
+
+          def self.open_ssl_class
+            OpenSSL::PKey
+          end
+
+          def self.error_classes
+            [ArgumentError, OpenSSL::PKey::PKeyError]
+          end
+        end
+
+        class OpenSSLDSAKeyType < OpenSSLKeyTypeBase
+          def self.open_ssl_class
+            OpenSSL::PKey::DSA
+          end
+
+          def self.error_classes
+            [OpenSSL::PKey::DSAError]
+          end
+        end
+
+        class OpenSSLRSAKeyType < OpenSSLKeyTypeBase
+          def self.open_ssl_class
+            OpenSSL::PKey::RSA
+          end
+
+          def self.error_classes
+            [OpenSSL::PKey::RSAError]
+          end
+        end
+
+        class OpenSSLECKeyType < OpenSSLKeyTypeBase
+          def self.open_ssl_class
+            OpenSSL::PKey::EC
+          end
+
+          def self.error_classes
+            [OpenSSL::PKey::ECError]
+          end
+        end
+        # rubocop:enable Style/Documentation, Lint/DuplicateMethods
+
         # Determine whether the file describes an RSA or DSA key, and return how load it
         # appropriately.
         def classify_key(data, filename)
           if data.match(/-----BEGIN OPENSSH PRIVATE KEY-----/)
             Net::SSH::Authentication::ED25519Loader.raiseUnlessLoaded("OpenSSH keys only supported if ED25519 is available")
-            return ->(key_data, passphrase) { Net::SSH::Authentication::ED25519::PrivKey.read(key_data, passphrase) }, [ArgumentError]
+            return OpenSSHPrivateKeyType
           elsif OpenSSL::PKey.respond_to?(:read)
-            return ->(key_data, passphrase) { OpenSSL::PKey.read(key_data, passphrase) }, [ArgumentError, OpenSSL::PKey::PKeyError]
+            return OpenSSLPKeyType
           elsif data.match(/-----BEGIN DSA PRIVATE KEY-----/)
-            return ->(key_data, passphrase) { OpenSSL::PKey::DSA.new(key_data, passphrase) }, [OpenSSL::PKey::DSAError]
+            return OpenSSLDSAKeyType
           elsif data.match(/-----BEGIN RSA PRIVATE KEY-----/)
-            return ->(key_data, passphrase) { OpenSSL::PKey::RSA.new(key_data, passphrase) }, [OpenSSL::PKey::RSAError]
-          elsif data.match(/-----BEGIN EC PRIVATE KEY-----/) && defined?(OpenSSL::PKey::EC)
-            return ->(key_data, passphrase) { OpenSSL::PKey::EC.new(key_data, passphrase) }, [OpenSSL::PKey::ECError]
+            return OpenSSLRSAKeyType
+          elsif data.match(/-----BEGIN EC PRIVATE KEY-----/)
+            return OpenSSLECKeyType
           elsif data.match(/-----BEGIN (.+) PRIVATE KEY-----/)
             raise OpenSSL::PKey::PKeyError, "not a supported key type '#{$1}'"
           else