net-ssh 6.0.0.beta1 → 6.0.0.beta2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 16c438c23a0dc7ead21778dea22cff5dcb8c4ffa
4
- data.tar.gz: 19f4f5a5e082b1dbdd39aac4c1e90144e2b56540
2
+ SHA256:
3
+ metadata.gz: 5614d2fa5b1b6396aae6c99ee8dab8a7c4c9dfddfaed4ba2f2666539b56d22df
4
+ data.tar.gz: f999a5eb2e98e9e81efe4f628d02350fd33d3fd4e101f286ec36d83a538a7d60
5
5
  SHA512:
6
- metadata.gz: 593269d7a4788bb428ee0a2131d53bc87f4051b929da404eb6c8d7e560deedd35bd5ae0d6948b9463210efd2ec87d813bfcdd60ac017cee914253f5389130dbd
7
- data.tar.gz: c5548d70f356434795f87371c0be1638ec468b1b170207dec738d48af37d45ba2d9dced66c7d0b74f42f8d8bd640d1676dfc6d8b41590d89860c79be3d0578f5
6
+ metadata.gz: 389e60f10a0db01d775135b59837cd8d115777f6587d866c9afc821f239139d77f874cea4128672ef7a3d102a96c25be7dce025fda2667c89e9111f2ac6fc809
7
+ data.tar.gz: fed18846ef1d1e99407ae179b143f88338d258ed8e89bc5c18d4d31d0f15f8c75a004f0c93d25259c9f35e51cdaa581d4a066cc1f51a28e394b29d5afeda1910
checksums.yaml.gz.sig CHANGED
Binary file
data.tar.gz.sig CHANGED
Binary file
data/CHANGES.txt CHANGED
@@ -1,3 +1,7 @@
1
+ === 6.0.0 beta2
2
+
3
+ * Support :certkeys and CertificateFile configuration option [Ander Scarling, #722]
4
+
1
5
  === 6.0.0 beta1
2
6
 
3
7
  * curve25519sha256 support [Florian Wininger ,#690]
data/Manifest CHANGED
@@ -33,7 +33,6 @@ lib/net/ssh/proxy/errors.rb
33
33
  lib/net/ssh/proxy/http.rb
34
34
  lib/net/ssh/proxy/socks4.rb
35
35
  lib/net/ssh/proxy/socks5.rb
36
- lib/net/ssh/ruby_compat.rb
37
36
  lib/net/ssh/service/forward.rb
38
37
  lib/net/ssh/test.rb
39
38
  lib/net/ssh/test/channel.rb
data/lib/net/ssh.rb CHANGED
@@ -66,7 +66,7 @@ module Net
66
66
  auth_methods bind_address compression compression_level config
67
67
  encryption forward_agent hmac host_key remote_user
68
68
  keepalive keepalive_interval keepalive_maxcount kex keys key_data
69
- languages logger paranoid password port proxy
69
+ keycerts languages logger paranoid password port proxy
70
70
  rekey_blocks_limit rekey_limit rekey_packet_limit timeout verbose
71
71
  known_hosts global_known_hosts_file user_known_hosts_file host_key_alias
72
72
  host_name user properties passphrase keys_only max_pkt_size
@@ -144,6 +144,8 @@ module Net
144
144
  # * :kex => the key exchange algorithm (or algorithms) to use
145
145
  # * :keys => an array of file names of private keys to use for publickey
146
146
  # and hostbased authentication
147
+ # * :keycerts => an array of file names of key certificates to use
148
+ # with publickey authentication
147
149
  # * :key_data => an array of strings, with each element of the array being
148
150
  # a raw private key in PEM format.
149
151
  # * :keys_only => set to +true+ to use only private keys from +keys+ and
@@ -30,6 +30,9 @@ module Net
30
30
  # The list of user key data that will be examined
31
31
  attr_reader :key_data
32
32
 
33
+ # The list of user key certificate files that will be examined
34
+ attr_reader :keycert_files
35
+
33
36
  # The map of loaded identities
34
37
  attr_reader :known_identities
35
38
 
@@ -43,6 +46,7 @@ module Net
43
46
  self.logger = logger
44
47
  @key_files = []
45
48
  @key_data = []
49
+ @keycert_files = []
46
50
  @use_agent = options[:use_agent] != false
47
51
  @known_identities = {}
48
52
  @agent = nil
@@ -66,6 +70,12 @@ module Net
66
70
  self
67
71
  end
68
72
 
73
+ # Add the given keycert_file to the list of keycert files that will be used.
74
+ def add_keycert(keycert_file)
75
+ keycert_files.push(File.expand_path(keycert_file)).uniq!
76
+ self
77
+ end
78
+
69
79
  # Add the given key_file to the list of keys that will be used.
70
80
  def add_key_data(key_data_)
71
81
  key_data.push(key_data_).uniq!
@@ -108,7 +118,7 @@ module Net
108
118
  user_identities.delete(corresponding_user_identity) if corresponding_user_identity
109
119
 
110
120
  if !options[:keys_only] || corresponding_user_identity
111
- known_identities[key] = { from: :agent }
121
+ known_identities[key] = { from: :agent, identity: key }
112
122
  yield key
113
123
  end
114
124
  end
@@ -122,6 +132,21 @@ module Net
122
132
  yield key
123
133
  end
124
134
 
135
+ known_identity_blobs = known_identities.keys.map(&:to_blob)
136
+ keycert_files.each do |keycert_file|
137
+ keycert = KeyFactory.load_public_key(keycert_file)
138
+ next if known_identity_blobs.include?(keycert.to_blob)
139
+
140
+ (_, corresponding_identity) = known_identities.detect { |public_key, _|
141
+ public_key.to_pem == keycert.to_pem
142
+ }
143
+
144
+ if corresponding_identity
145
+ known_identities[keycert] = corresponding_identity
146
+ yield keycert
147
+ end
148
+ end
149
+
125
150
  self
126
151
  end
127
152
 
@@ -152,7 +177,7 @@ module Net
152
177
 
153
178
  if info[:from] == :agent
154
179
  raise KeyManagerError, "the agent is no longer available" unless agent
155
- return agent.sign(identity, data.to_s)
180
+ return agent.sign(info[:identity], data.to_s)
156
181
  end
157
182
 
158
183
  raise KeyManagerError, "[BUG] can't determine identity origin (#{info.inspect})"
@@ -63,6 +63,7 @@ module Net
63
63
 
64
64
  key_manager = KeyManager.new(logger, options)
65
65
  keys.each { |key| key_manager.add(key) } unless keys.empty?
66
+ keycerts.each { |keycert| key_manager.add_keycert(keycert) } unless keycerts.empty?
66
67
  key_data.each { |key2| key_manager.add_key_data(key2) } unless key_data.empty?
67
68
  default_keys.each { |key| key_manager.add(key) } unless options.key?(:keys) || options.key?(:key_data)
68
69
 
@@ -146,6 +147,12 @@ module Net
146
147
  Array(options[:keys])
147
148
  end
148
149
 
150
+ # Returns an array of paths to the keycert files that should be used when
151
+ # attempting any key-based authentication mechanism.
152
+ def keycerts
153
+ Array(options[:keycerts])
154
+ end
155
+
149
156
  # Returns an array of the key data that should be used when
150
157
  # attempting any key-based authentication mechanism.
151
158
  def key_data
@@ -1,4 +1,3 @@
1
- require 'net/ssh/ruby_compat'
2
1
  require 'net/ssh/transport/openssl'
3
2
 
4
3
  require 'net/ssh/authentication/certificate'
@@ -1,6 +1,5 @@
1
1
  require 'net/ssh/buffer'
2
2
  require 'net/ssh/loggable'
3
- require 'net/ssh/ruby_compat'
4
3
 
5
4
  module Net
6
5
  module SSH
@@ -11,6 +11,7 @@ module Net
11
11
  #
12
12
  # * ChallengeResponseAuthentication => maps to the :auth_methods option challenge-response (then coleasced into keyboard-interactive)
13
13
  # * KbdInteractiveAuthentication => maps to the :auth_methods keyboard-interactive
14
+ # * CertificateFile => maps to the :keycerts option
14
15
  # * Ciphers => maps to the :encryption option
15
16
  # * Compression => :compression
16
17
  # * CompressionLevel => :compression_level
@@ -129,7 +130,7 @@ module Net
129
130
  block_seen = true
130
131
  elsif !block_seen
131
132
  case key
132
- when 'identityfile'
133
+ when 'identityfile', 'certificatefile'
133
134
  (globals[key] ||= []) << value
134
135
  when 'include'
135
136
  included_file_paths(base_dir, value).each do |file_path|
@@ -140,7 +141,7 @@ module Net
140
141
  end
141
142
  elsif block_matched
142
143
  case key
143
- when 'identityfile'
144
+ when 'identityfile', 'certificatefile'
144
145
  (settings[key] ||= []) << value
145
146
  when 'include'
146
147
  included_file_paths(base_dir, value).each do |file_path|
@@ -161,7 +162,7 @@ module Net
161
162
 
162
163
  globals.merge(settings) do |key, oldval, newval|
163
164
  case key
164
- when 'identityfile'
165
+ when 'identityfile', 'certificatefile'
165
166
  oldval + newval
166
167
  else
167
168
  newval
@@ -196,25 +197,26 @@ module Net
196
197
 
197
198
  private
198
199
 
200
+ TRANSLATE_CONFIG_KEY_RENAME_MAP = {
201
+ bindaddress: :bind_address,
202
+ compression: :compression,
203
+ compressionlevel: :compression_level,
204
+ certificatefile: :keycerts,
205
+ connecttimeout: :timeout,
206
+ forwardagent: :forward_agent,
207
+ identitiesonly: :keys_only,
208
+ identityagent: :identity_agent,
209
+ globalknownhostsfile: :global_known_hosts_file,
210
+ hostkeyalias: :host_key_alias,
211
+ identityfile: :keys,
212
+ fingerprinthash: :fingerprint_hash,
213
+ port: :port,
214
+ stricthostkeychecking: :strict_host_key_checking,
215
+ user: :user,
216
+ userknownhostsfile: :user_known_hosts_file,
217
+ checkhostip: :check_host_ip
218
+ }.freeze
199
219
  def translate_config_key(hash, key, value, settings)
200
- rename = {
201
- bindaddress: :bind_address,
202
- compression: :compression,
203
- compressionlevel: :compression_level,
204
- connecttimeout: :timeout,
205
- forwardagent: :forward_agent,
206
- identitiesonly: :keys_only,
207
- identityagent: :identity_agent,
208
- globalknownhostsfile: :global_known_hosts_file,
209
- hostkeyalias: :host_key_alias,
210
- identityfile: :keys,
211
- fingerprinthash: :fingerprint_hash,
212
- port: :port,
213
- stricthostkeychecking: :strict_host_key_checking,
214
- user: :user,
215
- userknownhostsfile: :user_known_hosts_file,
216
- checkhostip: :check_host_ip
217
- }
218
220
  case key
219
221
  when :ciphers
220
222
  hash[:encryption] = value.split(/,/)
@@ -276,8 +278,8 @@ module Net
276
278
  hash[:send_env] = multi_send_env.map { |e| Regexp.new pattern2regex(e).source, false }
277
279
  when :numberofpasswordprompts
278
280
  hash[:number_of_password_prompts] = value.to_i
279
- when *rename.keys
280
- hash[rename[key]] = value
281
+ when *TRANSLATE_CONFIG_KEY_RENAME_MAP.keys
282
+ hash[TRANSLATE_CONFIG_KEY_RENAME_MAP[key]] = value
281
283
  end
282
284
  end
283
285
 
@@ -1,5 +1,4 @@
1
1
  require 'net/ssh/loggable'
2
- require 'net/ssh/ruby_compat'
3
2
 
4
3
  module Net
5
4
  module SSH
@@ -1,5 +1,4 @@
1
1
  require 'net/ssh/loggable'
2
- require 'net/ssh/ruby_compat'
3
2
  require 'net/ssh/connection/channel'
4
3
  require 'net/ssh/connection/constants'
5
4
  require 'net/ssh/service/forward'
@@ -1,7 +1,6 @@
1
1
  require 'socket'
2
2
  require 'rubygems'
3
3
  require 'net/ssh/proxy/errors'
4
- require 'net/ssh/ruby_compat'
5
4
 
6
5
  module Net
7
6
  module SSH
@@ -1,5 +1,4 @@
1
1
  require 'socket'
2
- require 'net/ssh/ruby_compat'
3
2
  require 'net/ssh/proxy/errors'
4
3
 
5
4
  module Net
@@ -1,7 +1,6 @@
1
1
  require 'net/ssh/buffered_io'
2
2
  require 'net/ssh/errors'
3
3
  require 'net/ssh/packet'
4
- require 'net/ssh/ruby_compat'
5
4
  require 'net/ssh/transport/cipher_factory'
6
5
  require 'net/ssh/transport/hmac'
7
6
  require 'net/ssh/transport/state'
@@ -56,7 +56,7 @@ module Net
56
56
 
57
57
  # The prerelease component of this version of the Net::SSH library
58
58
  # nil allowed
59
- PRE = "beta1"
59
+ PRE = "beta2"
60
60
 
61
61
  # The current version of the Net::SSH library as a Version instance
62
62
  CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: net-ssh
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.0.0.beta1
4
+ version: 6.0.0.beta2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jamis Buck
@@ -31,7 +31,7 @@ cert_chain:
31
31
  +MqVFjDxsJA7cDfACke51RypSH1gZoPjzoW6w0sMRAzZT8hU1eGyqtNuBiSZ1UKv
32
32
  B/ztNLEP0OWhpj/NZ1fnGRvo/T0=
33
33
  -----END CERTIFICATE-----
34
- date: 2019-10-25 00:00:00.000000000 Z
34
+ date: 2020-01-19 00:00:00.000000000 Z
35
35
  dependencies:
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: bcrypt_pbkdf
@@ -208,7 +208,6 @@ files:
208
208
  - lib/net/ssh/proxy/jump.rb
209
209
  - lib/net/ssh/proxy/socks4.rb
210
210
  - lib/net/ssh/proxy/socks5.rb
211
- - lib/net/ssh/ruby_compat.rb
212
211
  - lib/net/ssh/service/forward.rb
213
212
  - lib/net/ssh/test.rb
214
213
  - lib/net/ssh/test/channel.rb
@@ -284,8 +283,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
284
283
  - !ruby/object:Gem::Version
285
284
  version: 1.3.1
286
285
  requirements: []
287
- rubyforge_project:
288
- rubygems_version: 2.6.8
286
+ rubygems_version: 3.0.3
289
287
  signing_key:
290
288
  specification_version: 4
291
289
  summary: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.'
metadata.gz.sig CHANGED
Binary file
@@ -1,13 +0,0 @@
1
- require 'thread'
2
-
3
- class String
4
- if RUBY_VERSION < "1.9"
5
- def getbyte(index)
6
- self[index]
7
- end
8
-
9
- def setbyte(index, c)
10
- self[index] = c
11
- end
12
- end
13
- end