net-ssh 5.2.0 → 7.0.1

data/lib/net/ssh/connection/term.rb

@@ -1,7 +1,6 @@
-module Net 
-  module SSH 
+module Net
+  module SSH
     module Connection
-      
       # These constants are used when requesting a pseudo-terminal (via
       # Net::SSH::Connection::Channel#request_pty). The descriptions for each are
       # taken directly from RFC 4254 ("The Secure Shell (SSH) Connection Protocol"),
@@ -10,173 +9,172 @@ module Net
         # Interrupt character; 255 if none. Similarly for the other characters.
         # Not all of these characters are supported on all systems.
         VINTR = 1
-    
+
         # The quit character (sends SIGQUIT signal on POSIX systems).
         VQUIT = 2
-    
+
         # Erase the character to left of the cursor.
         VERASE = 3
-    
+
         # Kill the current input line.
         VKILL = 4
-    
+
         # End-of-file character (sends EOF from the terminal).
         VEOF = 5
-    
+
         # End-of-line character in addition to carriage return and/or linefeed.
         VEOL = 6
-    
+
         # Additional end-of-line character.
         VEOL2 = 7
-    
+
         # Continues paused output (normally control-Q).
         VSTART = 8
-    
+
         # Pauses output (normally control-S).
         VSTOP = 9
-    
+
         # Suspends the current program.
         VSUSP = 10
-    
+
         # Another suspend character.
         VDSUSP = 11
-    
+
         # Reprints the current input line.
         VREPRINT = 12
-    
+
         # Erases a word left of cursor.
         VWERASE = 13
-    
+
         # Enter the next character typed literally, even if it is a special
         # character.
         VLNEXT = 14
-    
+
         # Character to flush output.
         VFLUSH = 15
-    
+
         # Switch to a different shell layer.
         VSWITCH = 16
-    
+
         # Prints system status line (load, command, pid, etc).
         VSTATUS = 17
-    
+
         # Toggles the flushing of terminal output.
         VDISCARD = 18
-    
+
         # The ignore parity flag. The parameter SHOULD be 0 if this flag is FALSE,
         # and 1 if it is TRUE.
         IGNPAR = 30
-    
+
         # Mark parity and framing errors.
         PARMRK = 31
-    
+
         # Enable checking of parity errors.
         INPCK = 32
-    
+
         # Strip 8th bit off characters.
         ISTRIP = 33
-    
+
         # Map NL into CR on input.
         INCLR = 34
-    
+
         # Ignore CR on input.
         IGNCR = 35
-    
+
         # Map CR to NL on input.
         ICRNL = 36
-    
+
         # Translate uppercase characters to lowercase.
         IUCLC = 37
-    
+
         # Enable output flow control.
         IXON = 38
-    
+
         # Any char will restart after stop.
         IXANY = 39
-    
+
         # Enable input flow control.
         IXOFF = 40
-    
+
         # Ring bell on input queue full.
         IMAXBEL = 41
-    
+
         # Enable signals INTR, QUIT, [D]SUSP.
         ISIG = 50
-    
+
         # Canonicalize input lines.
         ICANON = 51
-    
+
         # Enable input and output of uppercase characters by preceding their
         # lowercase equivalents with "\".
         XCASE = 52
-    
+
         # Enable echoing.
         ECHO = 53
-    
+
         # Visually erase chars.
         ECHOE = 54
-    
+
         # Kill character discards current line.
         ECHOK = 55
-    
+
         # Echo NL even if ECHO is off.
         ECHONL = 56
-    
+
         # Don't flush after interrupt.
         NOFLSH = 57
-    
+
         # Stop background jobs from output.
         TOSTOP = 58
-    
+
         # Enable extensions.
         IEXTEN = 59
-    
+
         # Echo control characters as ^(Char).
         ECHOCTL = 60
-    
+
         # Visual erase for line kill.
         ECHOKE = 61
-    
+
         # Retype pending input.
         PENDIN = 62
-    
+
         # Enable output processing.
         OPOST = 70
-    
+
         # Convert lowercase to uppercase.
         OLCUC = 71
-    
+
         # Map NL to CR-NL.
         ONLCR = 72
-    
+
         # Translate carriage return to newline (output).
         OCRNL = 73
-    
+
         # Translate newline to carriage return-newline (output).
         ONOCR = 74
-    
+
         # Newline performs a carriage return (output).
         ONLRET = 75
-    
+
         # 7 bit mode.
         CS7 = 90
-    
+
         # 8 bit mode.
         CS8 = 91
-    
+
         # Parity enable.
         PARENB = 92
-    
+
         # Odd parity, else even.
         PARODD = 93
-    
+
         # Specifies the input baud rate in bits per second.
         TTY_OP_ISPEED = 128
-    
+
         # Specifies the output baud rate in bits per second.
         TTY_OP_OSPEED = 129
       end
-
     end
   end
 end

data/lib/net/ssh/errors.rb

@@ -1,4 +1,4 @@
-module Net 
+module Net
   module SSH
     # A general exception class, to act as the ancestor of all other Net::SSH
     # exception classes.
@@ -33,7 +33,7 @@ module Net
     # a "channel open failed" message.
     class ChannelOpenFailed < Net::SSH::Exception
       attr_reader :code, :reason
-  
+
       def initialize(code, reason)
         @code, @reason = code, reason
         super "#{reason} (#{code})"
@@ -45,43 +45,43 @@ module Net
     # the remember_host! method on the exception, and then retry.
     class HostKeyError < Net::SSH::Exception
       # the callback to use when #remember_host! is called
-      attr_writer :callback #:nodoc:
-  
+      attr_writer :callback # :nodoc:
+
       # situation-specific data describing the host (see #host, #port, etc.)
-      attr_writer :data #:nodoc:
-  
+      attr_writer :data # :nodoc:
+
       # An accessor for getting at the data that was used to look up the host
       # (see also #fingerprint, #host, #port, #ip, and #key).
       def [](key)
         @data && @data[key]
       end
-  
+
       # Returns the fingerprint of the key for the host, which either was not
       # found or did not match.
       def fingerprint
         @data && @data[:fingerprint]
       end
-  
+
       # Returns the host name for the remote host, as reported by the socket.
       def host
         @data && @data[:peer] && @data[:peer][:host]
       end
-  
+
       # Returns the port number for the remote host, as reported by the socket.
       def port
         @data && @data[:peer] && @data[:peer][:port]
       end
-  
+
       # Returns the IP address of the remote host, as reported by the socket.
       def ip
         @data && @data[:peer] && @data[:peer][:ip]
       end
-  
+
       # Returns the key itself, as reported by the remote host.
       def key
         @data && @data[:key]
       end
-  
+
       # Tell Net::SSH to record this host and key in the known hosts file, so
       # that subsequent connections will remember them.
       def remember_host!

data/lib/net/ssh/key_factory.rb

@@ -5,7 +5,6 @@ require 'net/ssh/authentication/ed25519_loader'
 
 module Net
   module SSH
-
     # A factory class for returning new Key classes. It is used for obtaining
     # OpenSSL key instances via their SSH names, and for loading both public and
     # private keys. It used used primarily by Net::SSH itself, internally, and
@@ -18,16 +17,14 @@ module Net
     class KeyFactory
       # Specifies the mapping of SSH names to OpenSSL key classes.
       MAP = {
-        "dh"  => OpenSSL::PKey::DH,
-        "rsa" => OpenSSL::PKey::RSA,
-        "dsa" => OpenSSL::PKey::DSA
+        'dh' => OpenSSL::PKey::DH,
+        'rsa' => OpenSSL::PKey::RSA,
+        'dsa' => OpenSSL::PKey::DSA,
+        'ecdsa' => OpenSSL::PKey::EC
       }
-      if defined?(OpenSSL::PKey::EC)
-        MAP["ecdsa"] = OpenSSL::PKey::EC
-        MAP["ed25519"] = Net::SSH::Authentication::ED25519::PrivKey if defined? Net::SSH::Authentication::ED25519
-      end
+      MAP["ed25519"] = Net::SSH::Authentication::ED25519::PrivKey if defined? Net::SSH::Authentication::ED25519
 
-      class <<self
+      class << self
         # Fetch an OpenSSL key instance by its SSH name. It will be a new,
         # empty key of the given type.
         def get(name)
@@ -39,7 +36,7 @@ module Net
         # appropriately. The new key is returned. If the key itself is
         # encrypted (requiring a passphrase to use), the user will be
         # prompted to enter their password unless passphrase works.
-        def load_private_key(filename, passphrase=nil, ask_passphrase=true, prompt=Prompt.default)
+        def load_private_key(filename, passphrase = nil, ask_passphrase = true, prompt = Prompt.default)
           data = File.read(File.expand_path(filename))
           load_data_private_key(data, passphrase, ask_passphrase, filename, prompt)
         end
@@ -49,7 +46,7 @@ module Net
         # appropriately. The new key is returned. If the key itself is
         # encrypted (requiring a passphrase to use), the user will be
         # prompted to enter their password unless passphrase works.
-        def load_data_private_key(data, passphrase=nil, ask_passphrase=true, filename="", prompt=Prompt.default)
+        def load_data_private_key(data, passphrase = nil, ask_passphrase = true, filename = "", prompt = Prompt.default)
           key_type = classify_key(data, filename)
 
           encrypted_key = nil
@@ -89,7 +86,7 @@ module Net
         # Loads a public key. It will correctly determine whether
         # the file describes an RSA or DSA key, and will load it
         # appropriately. The new public key is returned.
-        def load_data_public_key(data, filename="")
+        def load_data_public_key(data, filename = "")
           fields = data.split(/ /)
 
           blob = nil
@@ -207,7 +204,7 @@ module Net
             return OpenSSLDSAKeyType
           elsif data.match(/-----BEGIN RSA PRIVATE KEY-----/)
             return OpenSSLRSAKeyType
-          elsif data.match(/-----BEGIN EC PRIVATE KEY-----/) && defined?(OpenSSL::PKey::EC)
+          elsif data.match(/-----BEGIN EC PRIVATE KEY-----/)
             return OpenSSLECKeyType
           elsif data.match(/-----BEGIN (.+) PRIVATE KEY-----/)
             raise OpenSSL::PKey::PKeyError, "not a supported key type '#{$1}'"

data/lib/net/ssh/known_hosts.rb

@@ -1,11 +1,69 @@
 require 'strscan'
 require 'openssl'
 require 'base64'
+require 'delegate'
 require 'net/ssh/buffer'
 require 'net/ssh/authentication/ed25519_loader'
 
 module Net
   module SSH
+    module HostKeyEntries
+      # regular public key entry
+      class PubKey < Delegator
+        def initialize(key, comment: nil) # rubocop:disable Lint/MissingSuper
+          @key = key
+          @comment = comment
+        end
+
+        def ssh_type
+          @key.ssh_type
+        end
+
+        def ssh_types
+          [ssh_type]
+        end
+
+        def to_blob
+          @key.to_blob
+        end
+
+        def __getobj__
+          Kernel.warn("Calling Net::SSH::Buffer methods on HostKeyEntries PubKey is deprecated")
+          @key
+        end
+
+        def matches_key?(server_key)
+          @key.ssh_type == server_key.ssh_type && @key.to_blob == server_key.to_blob
+        end
+      end
+
+      # @cert-authority entry
+      class CertAuthority
+        def ssh_types
+          %w[
+            ecdsa-sha2-nistp256-cert-v01@openssh.com
+            ecdsa-sha2-nistp384-cert-v01@openssh.com
+            ecdsa-sha2-nistp521-cert-v01@openssh.com
+            ssh-ed25519-cert-v01@openssh.com
+            ssh-rsa-cert-v01@openssh.com
+            ssh-rsa-cert-v00@openssh.com
+          ]
+        end
+
+        def initialize(key, comment: nil)
+          @key = key
+          @comment = comment
+        end
+
+        def matches_key?(server_key)
+          if ssh_types.include?(server_key.ssh_type)
+            server_key.signature_valid? && (server_key.signature_key.to_blob == @key.to_blob)
+          else
+            false
+          end
+        end
+      end
+    end
 
     # Represents the result of a search in known hosts
     # see search_for
@@ -41,20 +99,17 @@ module Net
     # This is used internally by Net::SSH, and will never need to be used directly
     # by consumers of the library.
     class KnownHosts
-      if defined?(OpenSSL::PKey::EC)
-        SUPPORTED_TYPE = %w[ssh-rsa ssh-dss
-                            ecdsa-sha2-nistp256
-                            ecdsa-sha2-nistp384
-                            ecdsa-sha2-nistp521]
-      else
-        SUPPORTED_TYPE = %w[ssh-rsa ssh-dss]
-      end
+      SUPPORTED_TYPE = %w[ssh-rsa ssh-dss
+                          ecdsa-sha2-nistp256
+                          ecdsa-sha2-nistp384
+                          ecdsa-sha2-nistp521]
+
       SUPPORTED_TYPE.push('ssh-ed25519') if Net::SSH::Authentication::ED25519Loader::LOADED
 
-      class <<self
+      class << self
         # Searches all known host files (see KnownHosts.hostfiles) for all keys
         # of the given host. Returns an enumerable of keys found.
-        def search_for(host, options={})
+        def search_for(host, options = {})
           HostKeys.new(search_in(hostfiles(options), host, options), host, self, options)
         end
 
@@ -73,12 +128,14 @@ module Net
         #
         # If you only want the user known host files, you can pass :user as
         # the second option.
-        def hostfiles(options, which=:all)
+        def hostfiles(options, which = :all)
           files = []
 
           files += Array(options[:user_known_hosts_file] || %w[~/.ssh/known_hosts ~/.ssh/known_hosts2]) if which == :all || which == :user
 
-          files += Array(options[:global_known_hosts_file] || %w[/etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2]) if which == :all || which == :global
+          if which == :all || which == :global
+            files += Array(options[:global_known_hosts_file] || %w[/etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2])
+          end
 
           return files
         end
@@ -86,14 +143,12 @@ module Net
         # Looks in all user known host files (see KnownHosts.hostfiles) and tries to
         # add an entry for the given host and key to the first file it is able
         # to.
-        def add(host, key, options={})
+        def add(host, key, options = {})
           hostfiles(options, :user).each do |file|
-            begin
-              KnownHosts.new(file).add(host, key)
-              return
-            rescue SystemCallError
-              # try the next hostfile
-            end
+            KnownHosts.new(file).add(host, key)
+            return
+          rescue SystemCallError
+            # try the next hostfile
           end
         end
       end
@@ -130,28 +185,36 @@ module Net
         host_ip = entries[1]
 
         File.open(source) do |file|
-          scanner = StringScanner.new("")
           file.each_line do |line|
-            scanner.string = line
+            if line.start_with?('@')
+              marker, hosts, type, key_content, comment = line.split(' ')
+            else
+              marker = nil
+              hosts, type, key_content, comment = line.split(' ')
+            end
+
+            # Skip empty line or one that is commented
+            next if hosts.nil? || hosts.start_with?('#')
 
-            scanner.skip(/\s*/)
-            next if scanner.match?(/$|#/)
+            hostlist = hosts.split(',')
+
+            next unless SUPPORTED_TYPE.include?(type)
 
-            hostlist = scanner.scan(/\S+/).split(/,/)
             found = hostlist.any? { |pattern| match(host_name, pattern) } || known_host_hash?(hostlist, entries)
             next unless found
 
             found = hostlist.include?(host_ip) if options[:check_host_ip] && entries.size > 1 && hostlist.size > 1
             next unless found
 
-            scanner.skip(/\s*/)
-            type = scanner.scan(/\S+/)
+            blob = key_content.unpack("m*").first
+            raw_key = Net::SSH::Buffer.new(blob).read_key
 
-            next unless SUPPORTED_TYPE.include?(type)
-
-            scanner.skip(/\s*/)
-            blob = scanner.rest.unpack("m*").first
-            keys << Net::SSH::Buffer.new(blob).read_key
+            keys <<
+              if marker == "@cert-authority"
+                HostKeyEntries::CertAuthority.new(raw_key, comment: comment)
+              else
+                HostKeyEntries::PubKey.new(raw_key, comment: comment)
+              end
           end
         end
 
@@ -159,14 +222,18 @@ module Net
       end
 
       def match(host, pattern)
-        # see man 8 sshd for pattern details
-        pattern_regexp = pattern.split('*').map do |x|
-          x.split('?').map do |y|
-            Regexp.escape(y)
-          end.join('.')
-        end.join('[^.]*')
-
-        host =~ Regexp.new("\\A#{pattern_regexp}\\z")
+        if pattern.include?('*') || pattern.include?('?')
+          # see man 8 sshd for pattern details
+          pattern_regexp = pattern.split('*', -1).map do |x|
+            x.split('?', -1).map do |y|
+              Regexp.escape(y)
+            end.join('.')
+          end.join('.*')
+
+          host =~ Regexp.new("\\A#{pattern_regexp}\\z")
+        else
+          host == pattern
+        end
       end
 
       # Indicates whether one of the entries matches an hostname that has been

data/lib/net/ssh/loggable.rb

@@ -1,6 +1,5 @@
-module Net 
+module Net
   module SSH
-
     # A simple module to make logging easier to deal with. It assumes that the
     # logger instance (if not nil) quacks like a Logger object (in Ruby's
     # standard library). Although used primarily internally by Net::SSH, it
@@ -19,45 +18,45 @@ module Net
       # The logger instance that will be used to log messages. If nil, nothing
       # will be logged.
       attr_accessor :logger
-  
+
       # Displays the result of yielding if the log level is Logger::DEBUG or
       # greater.
       def debug
         logger.add(Logger::DEBUG, nil, facility) { yield } if logger && logger.debug?
       end
-  
+
       # Displays the result of yielding if the log level is Logger::INFO or
       # greater.
       def info
         logger.add(Logger::INFO, nil, facility) { yield } if logger && logger.info?
       end
-  
+
       # Displays the result of yielding if the log level is Logger::WARN or
       # greater. (Called lwarn to avoid shadowing with Kernel#warn.)
       def lwarn
         logger.add(Logger::WARN, nil, facility) { yield } if logger && logger.warn?
       end
-  
+
       # Displays the result of yielding if the log level is Logger:ERROR or
       # greater.
       def error
         logger.add(Logger::ERROR, nil, facility) { yield } if logger && logger.error?
       end
-  
+
       # Displays the result of yielding if the log level is Logger::FATAL or
       # greater.
       def fatal
         logger.add(Logger::FATAL, nil, facility) { yield } if logger && logger.fatal?
       end
-  
+
       private
-  
+
       # Sets the "facility" value, used for reporting where a log message
       # originates. It defaults to the name of class with the object_id
       # appended.
       def facility
-        @facility ||= self.class.name.gsub(/::/, ".").gsub(/([a-z])([A-Z])/, "\\1_\\2").downcase + "[%x]" % object_id
+        @facility ||= self.class.to_s.gsub(/::/, ".").gsub(/([a-z])([A-Z])/, "\\1_\\2").downcase + "[%x]" % object_id
       end
     end
   end
-end
+end

data/lib/net/ssh/packet.rb

@@ -5,7 +5,6 @@ require 'net/ssh/connection/constants'
 
 module Net
   module SSH
-
     # A specialization of Buffer that knows the format of certain common
     # packet types. It auto-parses those packet types, and allows them to
     # be accessed via the #[] accessor.
@@ -85,6 +84,7 @@ module Net
       def [](name)
         name = name.to_sym
         raise ArgumentError, "no such element #{name}" unless @named_elements.key?(name)
+
         @named_elements[name]
       end